Assume we target the .main permission if it's not given explicitly

2024-09-03 20:06:10 +02:00 · 2019-09-13 16:50:46 +02:00 · 2019-09-13 16:50:46 +02:00 · 302e755f48
commit 302e755f48
parent ccc7583ec4
2 changed files with 26 additions and 10 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -298,7 +298,7 @@ user:
                    api: POST /users/permissions/<permission>
                    arguments:
                        permission:
-                            help: Permission to manage (e.g. mail.main or wordpress.editors)
+                            help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)
                        -a:
                            full: --add
                            help: Group or user names to add to this permission
@ -320,7 +320,7 @@ user:
                    api: DELETE /users/permissions/<app>
                    arguments:
                        permission:
-                            help: Permission to be resetted (e.g. mail.main or wordpress.editors)
+                            help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)

        ssh:
            subcategory_help: Manage ssh access
--- a/src/yunohost/permission.py
+++ b/src/yunohost/permission.py
@ -87,15 +87,19 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
    Allow or Disallow a user or group to a permission for a specific application

    Keyword argument:
-        permission     -- Name of the permission (e.g. mail.mail or wordpress.editors)
+        permission     -- Name of the permission (e.g. mail or or wordpress or wordpress.editors)
        add            -- List of groups or usernames to add to this permission
        remove         -- List of groups or usernames to remove from to this permission
    """
    from yunohost.hook import hook_callback
    from yunohost.user import user_group_list
-    from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
+    from yunohost.utils.ldap import _get_ldap_interface
    ldap = _get_ldap_interface()

+    # By default, manipulate main permission
+    if "." not in permission:
+        permission = permission + ".main"
+
    # Fetch currently allowed groups for this permission

    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
@ -146,7 +150,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
    # Don't update LDAP if we update exactly the same values
    if set(new_allowed_groups) == set(current_allowed_groups):
        # FIXME : i18n
-        logger.warning("No change was applied because not relevant modification were found")
+        logger.warning("The permission was not updated all addition/removal requests already match the current state.")
        return

    # Commit the new allowed group list
@ -192,12 +196,16 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
    Reset a given permission to just 'all_users'

    Keyword argument:
-        permission -- The name of the permission to be reseted
+        permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
    """
    from yunohost.hook import hook_callback
    from yunohost.utils.ldap import _get_ldap_interface
    ldap = _get_ldap_interface()

+    # By default, manipulate main permission
+    if "." not in permission:
+        permission = permission + ".main"
+
    # Fetch existing permission

    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
@ -254,13 +262,17 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
    Create a new permission for a specific application

    Keyword argument:
-        permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
+        permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
        urls       -- list of urls to specify for the permission
    """

    from yunohost.utils.ldap import _get_ldap_interface
    ldap = _get_ldap_interface()

+    # By default, manipulate main permission
+    if "." not in permission:
+        permission = permission + ".main"
+
    # Validate uniqueness of permission in LDAP
    if ldap.get_conflict({'cn': permission},
                         base_dn='ou=permission,dc=yunohost,dc=org'):
@ -308,7 +320,7 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
    Update urls related to a permission for a specific application

    Keyword argument:
-        permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
+        permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
        add        -- List of urls to add
        remove     -- List of urls to remove

@ -362,10 +374,14 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
    Delete a permission

    Keyword argument:
-        permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
+        permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
    """

-    if permission.endswith("main") and not force:
+    # By default, manipulate main permission
+    if "." not in permission:
+        permission = permission + ".main"
+
+    if permission.endswith(".main") and not force:
        raise YunohostError('permission_cannot_remove_main')

    from yunohost.utils.ldap import _get_ldap_interface