mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
Assume we target the .main permission if it's not given explicitly
This commit is contained in:
Alexandre Aubin
parent
ccc7583ec4
commit
302e755f48
2 changed files with 26 additions and 10 deletions
|
|
@ -298,7 +298,7 @@ user:
|
||||||
api: POST /users/permissions/<permission>
|
api: POST /users/permissions/<permission>
|
||||||
arguments:
|
arguments:
|
||||||
permission:
|
permission:
|
||||||
help: Permission to manage (e.g. mail.main or wordpress.editors)
|
help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)
|
||||||
-a:
|
-a:
|
||||||
full: --add
|
full: --add
|
||||||
help: Group or user names to add to this permission
|
help: Group or user names to add to this permission
|
||||||
|
|
@ -320,7 +320,7 @@ user:
|
||||||
api: DELETE /users/permissions/<app>
|
api: DELETE /users/permissions/<app>
|
||||||
arguments:
|
arguments:
|
||||||
permission:
|
permission:
|
||||||
help: Permission to be resetted (e.g. mail.main or wordpress.editors)
|
help: Permission to manage (e.g. mail or nextcloud or wordpress.editors)
|
||||||
|
|
||||||
ssh:
|
ssh:
|
||||||
subcategory_help: Manage ssh access
|
subcategory_help: Manage ssh access
|
||||||
|
|
|
||||||
|
|
@ -87,15 +87,19 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
|
||||||
Allow or Disallow a user or group to a permission for a specific application
|
Allow or Disallow a user or group to a permission for a specific application
|
||||||
|
|
||||||
Keyword argument:
|
Keyword argument:
|
||||||
permission -- Name of the permission (e.g. mail.mail or wordpress.editors)
|
permission -- Name of the permission (e.g. mail or or wordpress or wordpress.editors)
|
||||||
add -- List of groups or usernames to add to this permission
|
add -- List of groups or usernames to add to this permission
|
||||||
remove -- List of groups or usernames to remove from to this permission
|
remove -- List of groups or usernames to remove from to this permission
|
||||||
"""
|
"""
|
||||||
from yunohost.hook import hook_callback
|
from yunohost.hook import hook_callback
|
||||||
from yunohost.user import user_group_list
|
from yunohost.user import user_group_list
|
||||||
from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
|
from yunohost.utils.ldap import _get_ldap_interface
|
||||||
ldap = _get_ldap_interface()
|
ldap = _get_ldap_interface()
|
||||||
|
|
||||||
|
# By default, manipulate main permission
|
||||||
|
if "." not in permission:
|
||||||
|
permission = permission + ".main"
|
||||||
|
|
||||||
# Fetch currently allowed groups for this permission
|
# Fetch currently allowed groups for this permission
|
||||||
|
|
||||||
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
||||||
|
|
@ -146,7 +150,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
|
||||||
# Don't update LDAP if we update exactly the same values
|
# Don't update LDAP if we update exactly the same values
|
||||||
if set(new_allowed_groups) == set(current_allowed_groups):
|
if set(new_allowed_groups) == set(current_allowed_groups):
|
||||||
# FIXME : i18n
|
# FIXME : i18n
|
||||||
logger.warning("No change was applied because not relevant modification were found")
|
logger.warning("The permission was not updated all addition/removal requests already match the current state.")
|
||||||
return
|
return
|
||||||
|
|
||||||
# Commit the new allowed group list
|
# Commit the new allowed group list
|
||||||
|
|
@ -192,12 +196,16 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
|
||||||
Reset a given permission to just 'all_users'
|
Reset a given permission to just 'all_users'
|
||||||
|
|
||||||
Keyword argument:
|
Keyword argument:
|
||||||
permission -- The name of the permission to be reseted
|
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||||
"""
|
"""
|
||||||
from yunohost.hook import hook_callback
|
from yunohost.hook import hook_callback
|
||||||
from yunohost.utils.ldap import _get_ldap_interface
|
from yunohost.utils.ldap import _get_ldap_interface
|
||||||
ldap = _get_ldap_interface()
|
ldap = _get_ldap_interface()
|
||||||
|
|
||||||
|
# By default, manipulate main permission
|
||||||
|
if "." not in permission:
|
||||||
|
permission = permission + ".main"
|
||||||
|
|
||||||
# Fetch existing permission
|
# Fetch existing permission
|
||||||
|
|
||||||
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
|
||||||
|
|
@ -254,13 +262,17 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
|
||||||
Create a new permission for a specific application
|
Create a new permission for a specific application
|
||||||
|
|
||||||
Keyword argument:
|
Keyword argument:
|
||||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||||
urls -- list of urls to specify for the permission
|
urls -- list of urls to specify for the permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from yunohost.utils.ldap import _get_ldap_interface
|
from yunohost.utils.ldap import _get_ldap_interface
|
||||||
ldap = _get_ldap_interface()
|
ldap = _get_ldap_interface()
|
||||||
|
|
||||||
|
# By default, manipulate main permission
|
||||||
|
if "." not in permission:
|
||||||
|
permission = permission + ".main"
|
||||||
|
|
||||||
# Validate uniqueness of permission in LDAP
|
# Validate uniqueness of permission in LDAP
|
||||||
if ldap.get_conflict({'cn': permission},
|
if ldap.get_conflict({'cn': permission},
|
||||||
base_dn='ou=permission,dc=yunohost,dc=org'):
|
base_dn='ou=permission,dc=yunohost,dc=org'):
|
||||||
|
|
@ -308,7 +320,7 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
|
||||||
Update urls related to a permission for a specific application
|
Update urls related to a permission for a specific application
|
||||||
|
|
||||||
Keyword argument:
|
Keyword argument:
|
||||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||||
add -- List of urls to add
|
add -- List of urls to add
|
||||||
remove -- List of urls to remove
|
remove -- List of urls to remove
|
||||||
|
|
||||||
|
|
@ -362,10 +374,14 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
|
||||||
Delete a permission
|
Delete a permission
|
||||||
|
|
||||||
Keyword argument:
|
Keyword argument:
|
||||||
permission -- Name of the permission (e.g. nextcloud.main or wordpress.editors)
|
permission -- Name of the permission (e.g. mail or nextcloud or wordpress.editors)
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if permission.endswith("main") and not force:
|
# By default, manipulate main permission
|
||||||
|
if "." not in permission:
|
||||||
|
permission = permission + ".main"
|
||||||
|
|
||||||
|
if permission.endswith(".main") and not force:
|
||||||
raise YunohostError('permission_cannot_remove_main')
|
raise YunohostError('permission_cannot_remove_main')
|
||||||
|
|
||||||
from yunohost.utils.ldap import _get_ldap_interface
|
from yunohost.utils.ldap import _get_ldap_interface
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue