mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
Assume we target the .main permission if it's not given explicitly
This commit is contained in:
parent
ccc7583ec4
commit
302e755f48
2 changed files with 26 additions and 10 deletions
|
@ -298,7 +298,7 @@ user:
|
|||
api: POST /users/permissions/<permission>
|
||||
arguments:
|
||||
permission:
|
||||
help: Permission to manage (e.g. mail.main or wordpress.editors)
|
||||
help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)
|
||||
-a:
|
||||
full: --add
|
||||
help: Group or user names to add to this permission
|
||||
|
@ -320,7 +320,7 @@ user:
|
|||
api: DELETE /users/permissions/<app>
|
||||
arguments:
|
||||
permission:
|
||||
help: Permission to be resetted (e.g. mail.main or wordpress.editors)
|
||||
help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)
|
||||
|
||||
ssh:
|
||||
subcategory_help: Manage ssh access
|
||||
|
|
|
@ -87,15 +87,19 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
|
|||
Allow or Disallow a user or group to a permission for a specific application
|
||||
|
||||
Keyword argument:
|
||||
permission -- Name of the permission (e.g. mail.mail or wordpress.editors)
|
||||
permission -- Name of the permission (e.g. mail or or wordpress or wordpress.editors)
|
||||
add -- List of groups or usernames to add to this permission
|
||||
remove -- List of groups or usernames to remove from to this permission
|
||||
"""
|
||||
from yunohost.hook import hook_callback
|
||||
from yunohost.user import user_group_list
|
||||
from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
|
||||
from yunohost.utils.ldap import _get_ldap_interface
|
||||
ldap = _get_ldap_interface()
|
||||
|
||||
# By default, manipulate main permission
|
||||
if "." not in permission:
|
||||
permission = permission + ".main"
|
||||
|
||||
# Fetch currently allowed groups for this permission
|
||||
|
||||
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
||||
|
@ -146,7 +150,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
|
|||
# Don't update LDAP if we update exactly the same values
|
||||
if set(new_allowed_groups) == set(current_allowed_groups):
|
||||
# FIXME : i18n
|
||||
logger.warning("No change was applied because not relevant modification were found")
|
||||
logger.warning("The permission was not updated all addition/removal requests already match the current state.")
|
||||
return
|
||||
|
||||
# Commit the new allowed group list
|
||||
|
@ -192,12 +196,16 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
|
|||
Reset a given permission to just 'all_users'
|
||||
|
||||
Keyword argument:
|
||||
permission -- The name of the permission to be reseted
|
||||
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||
"""
|
||||
from yunohost.hook import hook_callback
|
||||
from yunohost.utils.ldap import _get_ldap_interface
|
||||
ldap = _get_ldap_interface()
|
||||
|
||||
# By default, manipulate main permission
|
||||
if "." not in permission:
|
||||
permission = permission + ".main"
|
||||
|
||||
# Fetch existing permission
|
||||
|
||||
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
||||
|
@ -254,13 +262,17 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
|
|||
Create a new permission for a specific application
|
||||
|
||||
Keyword argument:
|
||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
||||
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||
urls -- list of urls to specify for the permission
|
||||
"""
|
||||
|
||||
from yunohost.utils.ldap import _get_ldap_interface
|
||||
ldap = _get_ldap_interface()
|
||||
|
||||
# By default, manipulate main permission
|
||||
if "." not in permission:
|
||||
permission = permission + ".main"
|
||||
|
||||
# Validate uniqueness of permission in LDAP
|
||||
if ldap.get_conflict({'cn': permission},
|
||||
base_dn='ou=permission,dc=yunohost,dc=org'):
|
||||
|
@ -308,7 +320,7 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
|
|||
Update urls related to a permission for a specific application
|
||||
|
||||
Keyword argument:
|
||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
||||
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||
add -- List of urls to add
|
||||
remove -- List of urls to remove
|
||||
|
||||
|
@ -362,10 +374,14 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
|
|||
Delete a permission
|
||||
|
||||
Keyword argument:
|
||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
||||
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||
"""
|
||||
|
||||
if permission.endswith("main") and not force:
|
||||
# By default, manipulate main permission
|
||||
if "." not in permission:
|
||||
permission = permission + ".main"
|
||||
|
||||
if permission.endswith(".main") and not force:
|
||||
raise YunohostError('permission_cannot_remove_main')
|
||||
|
||||
from yunohost.utils.ldap import _get_ldap_interface
|
||||
|
|
Loading…
Add table
Reference in a new issue