From 2b4e14cca7b27ce21a88d18de290671015149f67 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 24 Sep 2020 21:46:33 +0200 Subject: [PATCH] Hardcode some permission labels for non-trivial legacy permissions --- src/yunohost/app.py | 5 +-- .../0019_extends_permissions_features_1.py | 7 ++-- src/yunohost/utils/legacy.py | 32 +++++++++++++++++++ 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 13ff1117a..ab79b79fa 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -1215,14 +1215,15 @@ def app_setting(app, key, value=None, delete=False): permission_url(permission_name, clear_urls=True, sync_perm=False) permission_url(permission_name, add_url=new_urls) else: - # Let's create a "special" permission for the legacy settings + from utils.legacy import legacy_permission_label + # Let's create a "special" permission for the legacy settings permission_create(permission=permission_name, # FIXME find a way to limit to only the user allowed to the main permission allowed=['all_users'] if key.startswith('protected_') else ['all_users', 'visitors'], url=None, additional_urls=urls.split(','), auth_header=not key.startswith('skipped_'), - label="Legacy permission - %s_uris/regex for app : %s" % (key.split('_')[0], app), + label=legacy_permission_label(app, key.split('_')[0]), show_tile=False, protected=True) diff --git a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py index 63732800a..81aebba73 100644 --- a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py +++ b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py @@ -77,6 +77,7 @@ class MyMigration(Migration): def migrate_skipped_unprotected_protected_uris(self, app=None): + from utils.legacy import legacy_permission_label logger.info(m18n.n("migration_0019_migrate_old_app_settings")) apps = _installed_apps() @@ -101,15 +102,15 @@ class MyMigration(Migration): if skipped_urls != []: permission_create(app+".legacy_skipped_uris", additional_urls=skipped_urls, - auth_header=False, label='Legacy permission - skipped_urls for app : ' + app, + auth_header=False, label=legacy_permission_label(app, "skipped"), show_tile=False, allowed='visitors', protected=True, sync_perm=False) if unprotected_urls != []: permission_create(app+".legacy_unprotected_uris", additional_urls=unprotected_urls, - auth_header=True, label='Legacy permission - unprotected_uris for app : ' + app, + auth_header=True, label=legacy_permission_label(app, "unprotected"), show_tile=False, allowed='visitors', protected=True, sync_perm=False) if protected_urls != []: permission_create(app+".legacy_protected_uris", additional_urls=protected_urls, - auth_header=True, label='Legacy permission - protected_uris for app : ' + app, + auth_header=True, label=legacy_permission_label(app, "protected"), show_tile=False, allowed=permission_list()['permissions']['allowed'], protected=True, sync_perm=False) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index e7f584d6a..1045bf9f2 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -112,3 +112,35 @@ class SetupGroupPermissions(): user_permission_update(app + ".main", add="visitors", sync_perm=False) permission_sync_to_user() + +LEGACY_PERMISSION_LABEL = { + ("nextcloud": "skipped"): "api ", # .well-known + ("libreto": "skipped"): "pad access", # /[^/]+ + ("leed": "skipped"): "api", # /action.php, for cron task ... + ("mailman": "protected"): "admin", # /admin + ("prettynoemiecms": "protected"): "admin", # /admin + ("etherpad_mypads": "skipped"): "admin", # /admin + ("baikal": "protected"): "admin", # /admin/ + ("couchpotato": "unprotected"): "api", # /api + ("freshrss": "skipped"): "api", # /api/, + ("portainer": "skipped"): "api", # /api/webhooks/ + ("jeedom": "unprotected"): "api", # /core/api/jeeApi.php + ("bozon": "protected"): "user interface", # /index.php + ("limesurvey": "protected"): "admin ", # /index.php?r=admin,/index.php?r=plugins,/scripts + ("kanboard": "unprotected"): "api ", # /jsonrpc.php + ("seafile": "unprotected"): "medias", # /media + ("ttrss": "skipped"): "api", # /public.php,/api,/opml.php?op=publish + ("libreerp": "protected"): "admin ", # /web/database/manager + ("z-push": "skipped"): "api ", # $domain/[Aa]uto[Dd]iscover/.* + ("radicale": "skipped"): "?", # $domain$path_url + ("jirafeau": "protected"): "user interface", # $domain$path_url/$","$domain$path_url/admin.php.*$ + ("opensondage": "protected"): "admin", # $domain$path_url/admin/ + ("lstu": "protected"): "user interface", # $domain$path_url/login$","$domain$path_url/logout$","$domain$path_url/api$","$domain$path_url/extensions$","$domain$path_url/stats$","$domain$path_url/d/.*$","$domain$path_url/a$","$domain$path_url/$ + ("lutim": "protected"): "user interface", # $domain$path_url/stats/?$","$domain$path_url/manifest.webapp/?$","$domain$path_url/?$","$domain$path_url/[d-m]/.*$ + ("lufi": "protected"): "user interface", # $domain$path_url/stats$","$domain$path_url/manifest.webapp$","$domain$path_url/$","$domain$path_url/d/.*$","$domain$path_url/m/.*$ + ("gogs": "skipped"): "api ", # $excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs + + } + +def legacy_permission_label(app, permission_type): + return LEGACY_PERMISSION_LABEL.get((app, permission_type), "Legacy %s urls" % permission_type)