Minor wording/typo, semantic improvements

locales/en.json

@@ -27,7 +27,7 @@
     "app_install_failed": "Could not install {app}: {error}",
     "app_install_script_failed": "An error occurred inside the app installation script",
     "app_make_default_location_already_used": "Can't make the app '{app}' the default on the domain, '{domain}' is already in use by the other app '{other_app}'",
-    "app_label_depreciated": "This command is depreciated !! Please use the new command 'yunohost user permission update' to manage the app label.",
+    "app_label_deprecated": "This command is deprecated ! Please use the new command 'yunohost user permission update' to manage the app label.",
     "app_location_unavailable": "This URL is either unavailable, or conflicts with the already installed app(s):\n{apps:s}",
     "app_manifest_invalid": "Something is wrong with the app manifest: {error}",
     "app_manifest_install_ask_domain": "Choose the domain where this app should be installed",
@@ -131,7 +131,6 @@
     "certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use '--force' to do so.)",
     "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS records for domain '{domain:s}' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)",
     "certmanager_domain_http_not_working": "Domain {domain:s} does not seem to be accessible through HTTP. Please check the 'Web' category in the diagnosis for more info. (If you know what you are doing, use '--no-checks' to turn off those checks.)",
-    "certmanager_domain_unknown": "Unknown domain '{domain:s}'",
     "certmanager_warning_subdomain_dns_record": "Subdomain '{subdomain:s}' does not resolve to the same IP address as '{domain:s}'. Some features will not be available until you fix this and regenerate the certificate.",
     "certmanager_hit_rate_limit": "Too many certificates already issued for this exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details",
     "certmanager_no_cert_file": "Could not read the certificate file for the domain {domain:s} (file: {file:s})",
@@ -277,7 +276,7 @@
     "domain_exists": "The domain already exists",
     "domain_hostname_failed": "Could not set new hostname. This might cause an issue later (it might be fine).",
     "domain_uninstall_app_first": "Those applications are still installed on your domain: {apps}. Please uninstall them before proceeding to domain removal",
-    "domain_named_unknown": "Domain '{domain}' unknown",
+    "domain_name_unknown": "Domain '{domain}' unknown",
     "domain_unknown": "Unknown domain",
     "domains_available": "Available domains:",
     "done": "Done",
@@ -495,7 +494,7 @@
     "permission_not_found": "Permission '{permission:s}' not found",
     "permission_update_failed": "Could not update permission '{permission}': {error}",
     "permission_updated": "Permission '{permission:s}' updated",
-    "permission_protected": "Permission {permission} protected. You can't modify the visitors group to access to this permission.",
+    "permission_protected": "Permission {permission} is protected. You cannott add or remove the visitors group to/from this permission.",
     "permission_require_account": "Permission {permission} only makes sense for users having an account, and therefore cannot be enabled for visitors.",
     "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections",
     "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections",
@@ -515,7 +514,7 @@
     "regenconf_failed": "Could not regenerate the configuration for category(s): {categories}",
     "regenconf_pending_applying": "Applying pending configuration for category '{category}'...",
     "regenconf_need_to_explicitly_specify_ssh": "The ssh configuration has been manually modified, but you need to explicitly specify category 'ssh' with --force to actually apply the changes.",
-    "regex_incompatible_with_tile": "/!\\ Packagers! For the permission '{permission}' can't set the regex {regex} as main url and set 'show_tile' to 'true'",
+    "regex_incompatible_with_tile": "/!\\ Packagers! Permission '{permission}' has show_tile set to 'true' and you therefore cannot define a regex URL as the main URL",
     "regex_with_only_domain": "You can't use a regex for domain, only for path",
     "restore_already_installed_app": "An app with the ID '{app:s}' is already installed",
     "restore_already_installed_apps": "The following apps can't be restored because they are already installed: {apps}",
@@ -577,8 +576,8 @@
     "service_stop_failed": "Could not stop the service '{service:s}'\n\nRecent service logs:{logs:s}",
     "service_stopped": "Service '{service:s}' stopped",
     "service_unknown": "Unknown service '{service:s}'",
-    "show_tile_cant_be_enabled_for_url_not_defined": "The url for the permission '{permission}' is not defined. So you can't enable the settings show_tile",
+    "show_tile_cant_be_enabled_for_url_not_defined": "To enable show_tile, you must first define an URL for the permission '{permission}'",
-    "show_tile_cant_be_enabled_for_regex": "The url for the permission '{permission}' is a regex. So you can't enable the settings show_tile",
+    "show_tile_cant_be_enabled_for_regex": "You cannot enable 'show_tile' because the URL for the permission '{permission}' is a regex",
     "ssowat_conf_generated": "SSOwat configuration generated",
     "ssowat_conf_updated": "SSOwat configuration updated",
     "system_upgraded": "System upgraded",

src/yunohost/app.py

@@ -211,15 +211,16 @@ def _app_upgradable(app_infos):
         return "no"
 
 
-def app_map(app=None, raw=False, user=None, permission=None):
+def app_map(app=None, raw=False, user=None):
     """
-    List apps by domain
+    Returns a map of url <-> app id such as :
-
-    Keyword argument:
-        user -- Allowed app map for a user
-        raw -- Return complete dict
-        app -- Specific app to map
 
+    {
+       "domain.tld/foo": "foo__2",
+       "domain.tld/mail: "rainloop",
+       "other.tld/": "bar",
+       "sub.other.tld/pwet": "pwet",
+    }
     """
 
     from yunohost.permission import user_permission_list
@@ -264,18 +265,17 @@ def app_map(app=None, raw=False, user=None, permission=None):
             # actually is allowed for this specific perm
             if user and user not in perm_info["corresponding_users"]:
                 continue
-            if permission == perm_name:
-                continue
 
             # The challenge with this is (beside actually implementing it)
             # to migrate all the legacy stuff like
             # protected/unprotected/skipped uris and regexes
 
             perm_label = perm_info['label']
+            perm_all_urls = [perm_info["url"]] + perm_info['additional_urls']
 
-            for url in [perm_info["url"]] + perm_info['additional_urls']:
+            for url in perm_all_urls:
                 if url is None:
-                    # Happend when 'additional_urls' is empty !!
+                    # Happens when 'additional_urls' is empty !!
                     continue
 
                 perm_domain, perm_path = url.split("/", 1)
@@ -1183,7 +1183,7 @@ def app_makedefault(operation_logger, app, domain=None):
         domain = app_domain
         operation_logger.related_to.append(('domain', domain))
     elif domain not in domain_list()['domains']:
-        raise YunohostError('domain_named_unknown', domain=domain)
+        raise YunohostError('domain_name_unknown', domain=domain)
 
     if '/' in app_map(raw=True)[domain]:
         raise YunohostError('app_make_default_location_already_used', app=app, domain=app_domain,
@@ -1474,7 +1474,7 @@ def app_change_label(app, new_label):
     installed = _is_installed(app)
     if not installed:
         raise YunohostError('app_not_installed', app=app, all_apps=_get_all_installed_apps_id())
-    logger.warning(m18n.n('app_label_depreciated'))
+    logger.warning(m18n.n('app_label_deprecated'))
     user_permission_update(app + ".main", label=new_label)
 
 

src/yunohost/certificate.py

@@ -92,7 +92,7 @@ def certificate_status(domain_list, full=False):
         for domain in domain_list:
             # Is it in Yunohost domain list?
             if domain not in yunohost_domains_list:
-                raise YunohostError('certmanager_domain_unknown', domain=domain)
+                raise YunohostError('domain_name_unknown', domain=domain)
 
     certificates = {}
 
@@ -251,7 +251,7 @@ def _certificate_install_letsencrypt(domain_list, force=False, no_checks=False,
         for domain in domain_list:
             yunohost_domains_list = yunohost.domain.domain_list()['domains']
             if domain not in yunohost_domains_list:
-                raise YunohostError('certmanager_domain_unknown', domain=domain)
+                raise YunohostError('domain_name_unknown', domain=domain)
 
             # Is it self-signed?
             status = _get_status(domain)
@@ -342,7 +342,7 @@ def certificate_renew(domain_list, force=False, no_checks=False, email=False, st
 
             # Is it in Yunohost dmomain list?
             if domain not in yunohost.domain.domain_list()['domains']:
-                raise YunohostError('certmanager_domain_unknown', domain=domain)
+                raise YunohostError('domain_name_unknown', domain=domain)
 
             status = _get_status(domain)
 

src/yunohost/domain.py

@@ -169,7 +169,7 @@ def domain_remove(operation_logger, domain, force=False):
     from yunohost.utils.ldap import _get_ldap_interface
 
     if not force and domain not in domain_list()['domains']:
-        raise YunohostError('domain_named_unknown', domain=domain)
+        raise YunohostError('domain_name_unknown', domain=domain)
 
     # Check domain is not the main domain
     if domain == _get_maindomain():
@@ -294,7 +294,7 @@ def domain_main_domain(operation_logger, new_main_domain=None):
 
     # Check domain exists
     if new_main_domain not in domain_list()['domains']:
-        raise YunohostError('domain_named_unknown', domain=new_main_domain)
+        raise YunohostError('domain_name_unknown', domain=new_main_domain)
 
     operation_logger.related_to.append(('domain', new_main_domain))
     operation_logger.start()
@@ -363,7 +363,7 @@ def _get_conflicting_apps(domain, path, ignore_app=None):
 
     # Abort if domain is unknown
     if domain not in domain_list()['domains']:
-        raise YunohostError('domain_named_unknown', domain=domain)
+        raise YunohostError('domain_name_unknown', domain=domain)
 
     # This import cannot be put on top of file because it would create a
     # recursive import...
@@ -449,9 +449,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission):
        re:/api/[A-Z]*$               -> domain.tld/app/api/[A-Z]*$
        re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$
     """
-    import re, sre_constants
 
-    # Uri with domain
     domains = domain_list()['domains']
 
     # regex without domain
@@ -464,7 +462,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission):
         else:
             try:
                 re.compile(regex)
-            except sre_constants.error:
+            except Exception:
                 raise YunohostError('invalid_regex', regex=regex)
         return url
 
@@ -476,15 +474,15 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission):
         path = '/' + url[3:].split('/', 1)[1]
 
         if domain.replace('%', '').replace('\\', '') not in domains:
-            raise YunohostError('domain_named_unknown', domain=domain)
+            raise YunohostError('domain_name_unknown', domain=domain)
 
         if '%' in path:
             logger.warning("/!\\ Packagers! You are probably using a lua regex. You should use a PCRE regex instead.")
         else:
             try:
                 re.compile(path)
-            except sre_constants.error:
+            except Exception:
-                raise YunohostError('invalid_regex', regex=path)
+                raise YunohostError('invalid_regex', regex=regex)
 
         return 're:' + domain + path
 
@@ -498,7 +496,7 @@ def _check_and_sanitize_permission_path(url, app_main_path, permission):
     else:
         domain = url.split('/')[0]
         if domain not in domains:
-            raise YunohostError('domain_named_unknown', domain=domain)
+            raise YunohostError('domain_name_unknown', domain=domain)
 
         if '/' in url:
             path = '/' + url.split('/', 1)[1].rstrip('/')

src/yunohost/permission.py

@@ -59,18 +59,20 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful
                                      'URL', 'additionalUrls', 'authHeader', 'label', 'showTile', 'isProtected'])
 
     # Parse / organize information to be outputed
-    apps_main_path = {app['id']: app_setting(app['id'], 'domain') + app_setting(app['id'], 'path') 
+    apps = [app["id"] for app in app_list()["apps"]]
-                        for app in app_list()['apps']
+    apps_main_path = {app: app_setting(app, 'domain') + app_setting(app, 'path')
-                            if app_setting(app['id'], 'domain') and app_setting(app['id'], 'path')}
+                      for app in apps
+                      if app_setting(app, 'domain') and app_setting(app, 'path')}
 
     permissions = {}
     for infos in permissions_infos:
 
         name = infos['cn'][0]
-
         if ignore_system_perms and name.split(".")[0] in SYSTEM_PERMS:
             continue
 
+        app = name.split('.')[0]
+
         permissions[name] = {}
         permissions[name]["allowed"] = [_ldap_path_extract(p, "cn") for p in infos.get('groupPermission', [])]
 
@@ -80,9 +82,9 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful
             permissions[name]["label"] = infos.get("label", [None])[0]
             permissions[name]["show_tile"] = infos.get("showTile", [False])[0] == "TRUE"
             permissions[name]["protected"] = infos.get("isProtected", [False])[0] == "TRUE"
-            if full_path and name.split(".")[0] in apps_main_path:
+            if full_path and app in apps_main_path:
-                permissions[name]["url"] = _get_full_url(infos["URL"][0], apps_main_path[name.split('.')[0]]) if "URL" in infos else None
+                permissions[name]["url"] = _get_absolute_url(infos["URL"][0], apps_main_path[app]) if "URL" in infos else None
-                permissions[name]["additional_urls"] = [_get_full_url(url, apps_main_path[name.split('.')[0]]) for url in infos.get("additionalUrls", [None]) if url]
+                permissions[name]["additional_urls"] = [_get_absolute_url(url, apps_main_path[app]) for url in infos.get("additionalUrls", [None]) if url]
             else:
                 permissions[name]["url"] = infos.get("URL", [None])[0]
                 permissions[name]["additional_urls"] = infos.get("additionalUrls", [])
@@ -256,9 +258,9 @@ def user_permission_info(permission):
 
 
 @is_unit_operation()
-def permission_create(operation_logger, permission, allowed=None, 
+def permission_create(operation_logger, permission, allowed=None,
                       url=None, additional_urls=None, auth_header=True,
-                      label=None, show_tile=False, 
+                      label=None, show_tile=False,
                       protected=False, sync_perm=True):
     """
     Create a new permission for a specific application
@@ -623,10 +625,16 @@ def _update_ldap_group_permission(permission, allowed,
     return new_permission
 
 
-def _get_full_url(url, app_main_path):
+def _get_absolute_url(url, base_path):
+    #
+    # For example transform:
+    #    (/api, domain.tld/nextcloud)     into  domain.tld/nextcloud/api
+    #    (re:/foo.*, domain.tld/app)      into  re:domain\.tld/app/foo.*
+    #    (domain.tld/bar, domain.tld/app) into  domain.tld/bar
+    #
     if url.startswith('/'):
-        return app_main_path + url.rstrip("/")
+        return base_path + url.rstrip("/")
     if url.startswith('re:/'):
-        return 're:' + app_main_path.replace('.', '\\.') + url[3:]
+        return 're:' + base_path.replace('.', '\\.') + url[3:]
     else:
         return url

src/yunohost/tests/test_permission.py

@@ -62,7 +62,7 @@ def _clear_dummy_app_settings():
             if os.path.exists(app_setting_path):
                 shutil.rmtree(app_setting_path)
 
-                
+
 def clean_user_groups_permission():
     for u in user_list()['users']:
         user_delete(u)

src/yunohost/user.py

@@ -126,7 +126,7 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor
 
     # Check that the domain exists
     if domain not in domain_list()['domains']:
-        raise YunohostError('domain_unknown', domain)
+        raise YunohostError('domain_name_unknown', domain=domain)
 
     mail = username + '@' + domain
     ldap = _get_ldap_interface()