From 33e1567c5466fb07c5170db6c9f388ec7fbd7ca4 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 8 Sep 2020 18:52:59 +0200 Subject: [PATCH] Minor wording/typo, semantic improvements --- locales/en.json | 13 +++++------ src/yunohost/app.py | 26 +++++++++++----------- src/yunohost/certificate.py | 6 ++--- src/yunohost/domain.py | 18 +++++++-------- src/yunohost/permission.py | 32 +++++++++++++++++---------- src/yunohost/tests/test_permission.py | 2 +- src/yunohost/user.py | 2 +- 7 files changed, 52 insertions(+), 47 deletions(-) diff --git a/locales/en.json b/locales/en.json index 156772024..a1817047d 100644 --- a/locales/en.json +++ b/locales/en.json @@ -27,7 +27,7 @@ "app_install_failed": "Could not install {app}: {error}", "app_install_script_failed": "An error occurred inside the app installation script", "app_make_default_location_already_used": "Can't make the app '{app}' the default on the domain, '{domain}' is already in use by the other app '{other_app}'", - "app_label_depreciated": "This command is depreciated !! Please use the new command 'yunohost user permission update' to manage the app label.", + "app_label_deprecated": "This command is deprecated ! Please use the new command 'yunohost user permission update' to manage the app label.", "app_location_unavailable": "This URL is either unavailable, or conflicts with the already installed app(s):\n{apps:s}", "app_manifest_invalid": "Something is wrong with the app manifest: {error}", "app_manifest_install_ask_domain": "Choose the domain where this app should be installed", @@ -131,7 +131,6 @@ "certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use '--force' to do so.)", "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS records for domain '{domain:s}' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)", "certmanager_domain_http_not_working": "Domain {domain:s} does not seem to be accessible through HTTP. Please check the 'Web' category in the diagnosis for more info. (If you know what you are doing, use '--no-checks' to turn off those checks.)", - "certmanager_domain_unknown": "Unknown domain '{domain:s}'", "certmanager_warning_subdomain_dns_record": "Subdomain '{subdomain:s}' does not resolve to the same IP address as '{domain:s}'. Some features will not be available until you fix this and regenerate the certificate.", "certmanager_hit_rate_limit": "Too many certificates already issued for this exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details", "certmanager_no_cert_file": "Could not read the certificate file for the domain {domain:s} (file: {file:s})", @@ -277,7 +276,7 @@ "domain_exists": "The domain already exists", "domain_hostname_failed": "Could not set new hostname. This might cause an issue later (it might be fine).", "domain_uninstall_app_first": "Those applications are still installed on your domain: {apps}. Please uninstall them before proceeding to domain removal", - "domain_named_unknown": "Domain '{domain}' unknown", + "domain_name_unknown": "Domain '{domain}' unknown", "domain_unknown": "Unknown domain", "domains_available": "Available domains:", "done": "Done", @@ -495,7 +494,7 @@ "permission_not_found": "Permission '{permission:s}' not found", "permission_update_failed": "Could not update permission '{permission}': {error}", "permission_updated": "Permission '{permission:s}' updated", - "permission_protected": "Permission {permission} protected. You can't modify the visitors group to access to this permission.", + "permission_protected": "Permission {permission} is protected. You cannott add or remove the visitors group to/from this permission.", "permission_require_account": "Permission {permission} only makes sense for users having an account, and therefore cannot be enabled for visitors.", "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections", "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections", @@ -515,7 +514,7 @@ "regenconf_failed": "Could not regenerate the configuration for category(s): {categories}", "regenconf_pending_applying": "Applying pending configuration for category '{category}'...", "regenconf_need_to_explicitly_specify_ssh": "The ssh configuration has been manually modified, but you need to explicitly specify category 'ssh' with --force to actually apply the changes.", - "regex_incompatible_with_tile": "/!\\ Packagers! For the permission '{permission}' can't set the regex {regex} as main url and set 'show_tile' to 'true'", + "regex_incompatible_with_tile": "/!\\ Packagers! Permission '{permission}' has show_tile set to 'true' and you therefore cannot define a regex URL as the main URL", "regex_with_only_domain": "You can't use a regex for domain, only for path", "restore_already_installed_app": "An app with the ID '{app:s}' is already installed", "restore_already_installed_apps": "The following apps can't be restored because they are already installed: {apps}", @@ -577,8 +576,8 @@ "service_stop_failed": "Could not stop the service '{service:s}'\n\nRecent service logs:{logs:s}", "service_stopped": "Service '{service:s}' stopped", "service_unknown": "Unknown service '{service:s}'", - "show_tile_cant_be_enabled_for_url_not_defined": "The url for the permission '{permission}' is not defined. So you can't enable the settings show_tile", - "show_tile_cant_be_enabled_for_regex": "The url for the permission '{permission}' is a regex. So you can't enable the settings show_tile", + "show_tile_cant_be_enabled_for_url_not_defined": "To enable show_tile, you must first define an URL for the permission '{permission}'", + "show_tile_cant_be_enabled_for_regex": "You cannot enable 'show_tile' because the URL for the permission '{permission}' is a regex", "ssowat_conf_generated": "SSOwat configuration generated", "ssowat_conf_updated": "SSOwat configuration updated", "system_upgraded": "System upgraded", diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 23563cba7..7877bef91 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -211,15 +211,16 @@ def _app_upgradable(app_infos): return "no" -def app_map(app=None, raw=False, user=None, permission=None): +def app_map(app=None, raw=False, user=None): """ - List apps by domain - - Keyword argument: - user -- Allowed app map for a user - raw -- Return complete dict - app -- Specific app to map + Returns a map of url <-> app id such as : + { + "domain.tld/foo": "foo__2", + "domain.tld/mail: "rainloop", + "other.tld/": "bar", + "sub.other.tld/pwet": "pwet", + } """ from yunohost.permission import user_permission_list @@ -264,18 +265,17 @@ def app_map(app=None, raw=False, user=None, permission=None): # actually is allowed for this specific perm if user and user not in perm_info["corresponding_users"]: continue - if permission == perm_name: - continue # The challenge with this is (beside actually implementing it) # to migrate all the legacy stuff like # protected/unprotected/skipped uris and regexes perm_label = perm_info['label'] + perm_all_urls = [perm_info["url"]] + perm_info['additional_urls'] - for url in [perm_info["url"]] + perm_info['additional_urls']: + for url in perm_all_urls: if url is None: - # Happend when 'additional_urls' is empty !! + # Happens when 'additional_urls' is empty !! continue perm_domain, perm_path = url.split("/", 1) @@ -1183,7 +1183,7 @@ def app_makedefault(operation_logger, app, domain=None): domain = app_domain operation_logger.related_to.append(('domain', domain)) elif domain not in domain_list()['domains']: - raise YunohostError('domain_named_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) if '/' in app_map(raw=True)[domain]: raise YunohostError('app_make_default_location_already_used', app=app, domain=app_domain, @@ -1474,7 +1474,7 @@ def app_change_label(app, new_label): installed = _is_installed(app) if not installed: raise YunohostError('app_not_installed', app=app, all_apps=_get_all_installed_apps_id()) - logger.warning(m18n.n('app_label_depreciated')) + logger.warning(m18n.n('app_label_deprecated')) user_permission_update(app + ".main", label=new_label) diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 64582c222..c9b7ec88c 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -92,7 +92,7 @@ def certificate_status(domain_list, full=False): for domain in domain_list: # Is it in Yunohost domain list? if domain not in yunohost_domains_list: - raise YunohostError('certmanager_domain_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) certificates = {} @@ -251,7 +251,7 @@ def _certificate_install_letsencrypt(domain_list, force=False, no_checks=False, for domain in domain_list: yunohost_domains_list = yunohost.domain.domain_list()['domains'] if domain not in yunohost_domains_list: - raise YunohostError('certmanager_domain_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) # Is it self-signed? status = _get_status(domain) @@ -342,7 +342,7 @@ def certificate_renew(domain_list, force=False, no_checks=False, email=False, st # Is it in Yunohost dmomain list? if domain not in yunohost.domain.domain_list()['domains']: - raise YunohostError('certmanager_domain_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) status = _get_status(domain) diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index ec35507d0..8c1c317e2 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -169,7 +169,7 @@ def domain_remove(operation_logger, domain, force=False): from yunohost.utils.ldap import _get_ldap_interface if not force and domain not in domain_list()['domains']: - raise YunohostError('domain_named_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) # Check domain is not the main domain if domain == _get_maindomain(): @@ -294,7 +294,7 @@ def domain_main_domain(operation_logger, new_main_domain=None): # Check domain exists if new_main_domain not in domain_list()['domains']: - raise YunohostError('domain_named_unknown', domain=new_main_domain) + raise YunohostError('domain_name_unknown', domain=new_main_domain) operation_logger.related_to.append(('domain', new_main_domain)) operation_logger.start() @@ -363,7 +363,7 @@ def _get_conflicting_apps(domain, path, ignore_app=None): # Abort if domain is unknown if domain not in domain_list()['domains']: - raise YunohostError('domain_named_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) # This import cannot be put on top of file because it would create a # recursive import... @@ -449,9 +449,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission): re:/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ """ - import re, sre_constants - # Uri with domain domains = domain_list()['domains'] # regex without domain @@ -464,7 +462,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission): else: try: re.compile(regex) - except sre_constants.error: + except Exception: raise YunohostError('invalid_regex', regex=regex) return url @@ -476,15 +474,15 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission): path = '/' + url[3:].split('/', 1)[1] if domain.replace('%', '').replace('\\', '') not in domains: - raise YunohostError('domain_named_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) if '%' in path: logger.warning("/!\\ Packagers! You are probably using a lua regex. You should use a PCRE regex instead.") else: try: re.compile(path) - except sre_constants.error: - raise YunohostError('invalid_regex', regex=path) + except Exception: + raise YunohostError('invalid_regex', regex=regex) return 're:' + domain + path @@ -498,7 +496,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission): else: domain = url.split('/')[0] if domain not in domains: - raise YunohostError('domain_named_unknown', domain=domain) + raise YunohostError('domain_name_unknown', domain=domain) if '/' in url: path = '/' + url.split('/', 1)[1].rstrip('/') diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index 22b404962..baab5942d 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -59,18 +59,20 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful 'URL', 'additionalUrls', 'authHeader', 'label', 'showTile', 'isProtected']) # Parse / organize information to be outputed - apps_main_path = {app['id']: app_setting(app['id'], 'domain') + app_setting(app['id'], 'path') - for app in app_list()['apps'] - if app_setting(app['id'], 'domain') and app_setting(app['id'], 'path')} + apps = [app["id"] for app in app_list()["apps"]] + apps_main_path = {app: app_setting(app, 'domain') + app_setting(app, 'path') + for app in apps + if app_setting(app, 'domain') and app_setting(app, 'path')} permissions = {} for infos in permissions_infos: name = infos['cn'][0] - if ignore_system_perms and name.split(".")[0] in SYSTEM_PERMS: continue + app = name.split('.')[0] + permissions[name] = {} permissions[name]["allowed"] = [_ldap_path_extract(p, "cn") for p in infos.get('groupPermission', [])] @@ -80,9 +82,9 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful permissions[name]["label"] = infos.get("label", [None])[0] permissions[name]["show_tile"] = infos.get("showTile", [False])[0] == "TRUE" permissions[name]["protected"] = infos.get("isProtected", [False])[0] == "TRUE" - if full_path and name.split(".")[0] in apps_main_path: - permissions[name]["url"] = _get_full_url(infos["URL"][0], apps_main_path[name.split('.')[0]]) if "URL" in infos else None - permissions[name]["additional_urls"] = [_get_full_url(url, apps_main_path[name.split('.')[0]]) for url in infos.get("additionalUrls", [None]) if url] + if full_path and app in apps_main_path: + permissions[name]["url"] = _get_absolute_url(infos["URL"][0], apps_main_path[app]) if "URL" in infos else None + permissions[name]["additional_urls"] = [_get_absolute_url(url, apps_main_path[app]) for url in infos.get("additionalUrls", [None]) if url] else: permissions[name]["url"] = infos.get("URL", [None])[0] permissions[name]["additional_urls"] = infos.get("additionalUrls", []) @@ -256,9 +258,9 @@ def user_permission_info(permission): @is_unit_operation() -def permission_create(operation_logger, permission, allowed=None, +def permission_create(operation_logger, permission, allowed=None, url=None, additional_urls=None, auth_header=True, - label=None, show_tile=False, + label=None, show_tile=False, protected=False, sync_perm=True): """ Create a new permission for a specific application @@ -623,10 +625,16 @@ def _update_ldap_group_permission(permission, allowed, return new_permission -def _get_full_url(url, app_main_path): +def _get_absolute_url(url, base_path): + # + # For example transform: + # (/api, domain.tld/nextcloud) into domain.tld/nextcloud/api + # (re:/foo.*, domain.tld/app) into re:domain\.tld/app/foo.* + # (domain.tld/bar, domain.tld/app) into domain.tld/bar + # if url.startswith('/'): - return app_main_path + url.rstrip("/") + return base_path + url.rstrip("/") if url.startswith('re:/'): - return 're:' + app_main_path.replace('.', '\\.') + url[3:] + return 're:' + base_path.replace('.', '\\.') + url[3:] else: return url diff --git a/src/yunohost/tests/test_permission.py b/src/yunohost/tests/test_permission.py index 78f62e15f..259ac7cec 100644 --- a/src/yunohost/tests/test_permission.py +++ b/src/yunohost/tests/test_permission.py @@ -62,7 +62,7 @@ def _clear_dummy_app_settings(): if os.path.exists(app_setting_path): shutil.rmtree(app_setting_path) - + def clean_user_groups_permission(): for u in user_list()['users']: user_delete(u) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 877c66c99..12a8df7ef 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -126,7 +126,7 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor # Check that the domain exists if domain not in domain_list()['domains']: - raise YunohostError('domain_unknown', domain) + raise YunohostError('domain_name_unknown', domain=domain) mail = username + '@' + domain ldap = _get_ldap_interface()