Hardcode some permission labels for non-trivial legacy permissions

src/yunohost/app.py

@@ -1215,6 +1215,7 @@ def app_setting(app, key, value=None, delete=False):
                     permission_url(permission_name, clear_urls=True, sync_perm=False)
                     permission_url(permission_name, add_url=new_urls)
                 else:
+                    from utils.legacy import legacy_permission_label
                     # Let's create a "special" permission for the legacy settings
                     permission_create(permission=permission_name,
                                       # FIXME find a way to limit to only the user allowed to the main permission
@@ -1222,7 +1223,7 @@ def app_setting(app, key, value=None, delete=False):
                                       url=None,
                                       additional_urls=urls.split(','),
                                       auth_header=not key.startswith('skipped_'),
-                                      label="Legacy permission - %s_uris/regex for app : %s" % (key.split('_')[0], app),
+                                      label=legacy_permission_label(app, key.split('_')[0]),
                                       show_tile=False,
                                       protected=True)
 

src/yunohost/data_migrations/0019_extends_permissions_features_1.py

@@ -77,6 +77,7 @@ class MyMigration(Migration):
 
 
     def migrate_skipped_unprotected_protected_uris(self, app=None):
+        from utils.legacy import legacy_permission_label
         logger.info(m18n.n("migration_0019_migrate_old_app_settings"))
         apps = _installed_apps()
 
@@ -101,15 +102,15 @@ class MyMigration(Migration):
 
             if skipped_urls != []:
                 permission_create(app+".legacy_skipped_uris", additional_urls=skipped_urls,
-                                  auth_header=False, label='Legacy permission - skipped_urls for app : ' + app,
+                                  auth_header=False, label=legacy_permission_label(app, "skipped"),
                                   show_tile=False, allowed='visitors', protected=True, sync_perm=False)
             if unprotected_urls != []:
                 permission_create(app+".legacy_unprotected_uris", additional_urls=unprotected_urls,
-                                  auth_header=True, label='Legacy permission - unprotected_uris for app : ' + app,
+                                  auth_header=True, label=legacy_permission_label(app, "unprotected"),
                                   show_tile=False, allowed='visitors', protected=True, sync_perm=False)
             if protected_urls != []:
                 permission_create(app+".legacy_protected_uris", additional_urls=protected_urls,
-                                  auth_header=True, label='Legacy permission - protected_uris for app : ' + app,
+                                  auth_header=True, label=legacy_permission_label(app, "protected"),
                                   show_tile=False, allowed=permission_list()['permissions']['allowed'],
                                   protected=True, sync_perm=False)
 

src/yunohost/utils/legacy.py

@@ -112,3 +112,35 @@ class SetupGroupPermissions():
                 user_permission_update(app + ".main", add="visitors", sync_perm=False)
 
         permission_sync_to_user()
+
+LEGACY_PERMISSION_LABEL = {
+        ("nextcloud": "skipped"): "api ",            # .well-known
+        ("libreto": "skipped"): "pad access",        # /[^/]+
+        ("leed": "skipped"): "api",                  # /action.php, for cron task ...
+        ("mailman": "protected"): "admin",           # /admin
+        ("prettynoemiecms": "protected"): "admin",   # /admin
+        ("etherpad_mypads": "skipped"): "admin",     # /admin
+        ("baikal": "protected"): "admin",            # /admin/
+        ("couchpotato": "unprotected"): "api",       # /api
+        ("freshrss": "skipped"): "api",              # /api/,
+        ("portainer": "skipped"): "api",             # /api/webhooks/
+        ("jeedom": "unprotected"): "api",            # /core/api/jeeApi.php
+        ("bozon": "protected"): "user interface",    # /index.php
+        ("limesurvey": "protected"): "admin ",       # /index.php?r=admin,/index.php?r=plugins,/scripts
+        ("kanboard": "unprotected"): "api ",         # /jsonrpc.php
+        ("seafile": "unprotected"): "medias",        # /media
+        ("ttrss": "skipped"): "api",                 # /public.php,/api,/opml.php?op=publish
+        ("libreerp": "protected"): "admin ",         # /web/database/manager
+        ("z-push": "skipped"): "api ",               # $domain/[Aa]uto[Dd]iscover/.*
+        ("radicale": "skipped"): "?",                # $domain$path_url
+        ("jirafeau": "protected"): "user interface", # $domain$path_url/$","$domain$path_url/admin.php.*$
+        ("opensondage": "protected"): "admin",       # $domain$path_url/admin/
+        ("lstu": "protected"): "user interface",     # $domain$path_url/login$","$domain$path_url/logout$","$domain$path_url/api$","$domain$path_url/extensions$","$domain$path_url/stats$","$domain$path_url/d/.*$","$domain$path_url/a$","$domain$path_url/$
+        ("lutim": "protected"): "user interface",    # $domain$path_url/stats/?$","$domain$path_url/manifest.webapp/?$","$domain$path_url/?$","$domain$path_url/[d-m]/.*$
+        ("lufi": "protected"): "user interface",     # $domain$path_url/stats$","$domain$path_url/manifest.webapp$","$domain$path_url/$","$domain$path_url/d/.*$","$domain$path_url/m/.*$
+        ("gogs": "skipped"): "api ",                 # $excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs
+
+ }
+
+def legacy_permission_label(app, permission_type):
+    return LEGACY_PERMISSION_LABEL.get((app, permission_type), "Legacy %s urls" % permission_type)