YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix the whole operation logger / related to thing + propagate on the legacy addaccess

Browse source
This commit is contained in:
Alexandre Aubin 2019-09-11 22:48:54 +02:00
parent 98b1c30330
commit 38c43f4b9a
5 changed files with 62 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
locales/en.json
View file

@ -259,9 +259,6 @@
"log_help_to_get_failed_log": "The operation '{desc}' has failed! To get help, please share the full log of this operation using the command 'yunohost log display {name} --share'", "log_help_to_get_failed_log": "The operation '{desc}' has failed! To get help, please share the full log of this operation using the command 'yunohost log display {name} --share'",
"log_does_exists": "There is not operation log with the name '{log}', use 'yunohost log list to see all available operation logs'", "log_does_exists": "There is not operation log with the name '{log}', use 'yunohost log list to see all available operation logs'",
"log_operation_unit_unclosed_properly": "Operation unit has not been closed properly", "log_operation_unit_unclosed_properly": "Operation unit has not been closed properly",
"log_app_addaccess": "Add access to '{}'",
"log_app_removeaccess": "Remove access to '{}'",
"log_app_clearaccess": "Remove all access to '{}'",
"log_app_fetchlist": "Add an application list", "log_app_fetchlist": "Add an application list",
"log_app_removelist": "Remove an application list", "log_app_removelist": "Remove an application list",
"log_app_change_url": "Change the url of '{}' application", "log_app_change_url": "Change the url of '{}' application",
@ -279,9 +276,9 @@
"log_dyndns_subscribe": "Subscribe to a YunoHost subdomain '{}'", "log_dyndns_subscribe": "Subscribe to a YunoHost subdomain '{}'",
"log_dyndns_update": "Update the ip associated with your YunoHost subdomain '{}'", "log_dyndns_update": "Update the ip associated with your YunoHost subdomain '{}'",
"log_letsencrypt_cert_install": "Install Let's encrypt certificate on '{}' domain", "log_letsencrypt_cert_install": "Install Let's encrypt certificate on '{}' domain",
"log_permission_add": "Add permission '{}' for app '{}'", "log_permission_create": "Create permission '{permission}'",
"log_permission_remove": "Remove permission '{}'", "log_permission_delete": "Delete permission '{permission}'",
"log_permission_update": "Update permission '{}' for app '{}'", "log_permission_urls": "Update urls related to permission '{permission}'",
"log_selfsigned_cert_install": "Install self signed certificate on '{}' domain", "log_selfsigned_cert_install": "Install self signed certificate on '{}' domain",
"log_letsencrypt_cert_renew": "Renew '{}' Let's encrypt certificate", "log_letsencrypt_cert_renew": "Renew '{}' Let's encrypt certificate",
"log_regen_conf": "Regenerate system configurations '{}'", "log_regen_conf": "Regenerate system configurations '{}'",
@ -291,8 +288,8 @@
"log_user_group_delete": "Delete '{}' group", "log_user_group_delete": "Delete '{}' group",
"log_user_group_update": "Update '{}' group", "log_user_group_update": "Update '{}' group",
"log_user_update": "Update information of '{}' user", "log_user_update": "Update information of '{}' user",
"log_user_permission_add": "Update '{}' permission", "log_user_permission_update": "Update accesses for permission '{permission}'",
"log_user_permission_remove": "Update '{}' permission", "log_user_permission_reset": "Reset permission '{permission}'",
"log_tools_maindomain": "Make '{}' as main domain", "log_tools_maindomain": "Make '{}' as main domain",
"log_tools_migrations_migrate_forward": "Migrate forward", "log_tools_migrations_migrate_forward": "Migrate forward",
"log_tools_postinstall": "Postinstall your YunoHost server", "log_tools_postinstall": "Postinstall your YunoHost server",

37
src/yunohost/app.py
View file

@ -1039,8 +1039,7 @@ def app_remove(operation_logger, app):
raise YunohostError("this_action_broke_dpkg") raise YunohostError("this_action_broke_dpkg")
@is_unit_operation(['permission','app']) def app_addaccess(apps, users=[]):
def app_addaccess(operation_logger, apps, users=[]):
""" """
Grant access right to users (everyone by default) Grant access right to users (everyone by default)
@ -1051,15 +1050,15 @@ def app_addaccess(operation_logger, apps, users=[]):
""" """
from yunohost.permission import user_permission_update from yunohost.permission import user_permission_update
permission = user_permission_update(operation_logger, app=apps, permission="main", add_username=users) output = {}
for app in apps:
permission = user_permission_update(app+".main", add=users)
output[app] = permission["corresponding_users"]
result = {p : v['main']['allowed_users'] for p, v in permission['permissions'].items()} return {'allowed_users': output}
return {'allowed_users': result}
@is_unit_operation(['permission','app']) def app_removeaccess(apps, users=[]):
def app_removeaccess(operation_logger, apps, users=[]):
""" """
Revoke access right to users (everyone by default) Revoke access right to users (everyone by default)
@ -1070,15 +1069,15 @@ def app_removeaccess(operation_logger, apps, users=[]):
""" """
from yunohost.permission import user_permission_update from yunohost.permission import user_permission_update
permission = user_permission_update(operation_logger, app=apps, permission="main", del_username=users) output = {}
for app in apps:
permission = user_permission_update(app+".main", remove=users)
output[app] = permission["corresponding_users"]
result = {p : v['main']['allowed_users'] for p, v in permission['permissions'].items()} return {'allowed_users': output}
return {'allowed_users': result}
@is_unit_operation(['permission','app']) def app_clearaccess(apps):
def app_clearaccess(operation_logger, apps):
""" """
Reset access rights for the app Reset access rights for the app
@ -1086,13 +1085,15 @@ def app_clearaccess(operation_logger, apps):
apps apps
""" """
from yunohost.permission import user_permission_clear from yunohost.permission import user_permission_reset
permission = user_permission_clear(operation_logger, app=apps, permission="main") output = {}
for app in apps:
permission = user_permission_reset(app+".main")
output[app] = permission["corresponding_users"]
result = {p : v['main']['allowed_users'] for p, v in permission['permissions'].items()} return {'allowed_users': output}
return {'allowed_users': result}
def app_debug(app): def app_debug(app):
""" """

4
src/yunohost/log.py
View file

@ -44,7 +44,7 @@ CATEGORIES = ['operation', 'history', 'package', 'system', 'access', 'service',
'app'] 'app']
METADATA_FILE_EXT = '.yml' METADATA_FILE_EXT = '.yml'
LOG_FILE_EXT = '.log' LOG_FILE_EXT = '.log'
RELATED_CATEGORIES = ['app', 'domain', 'service', 'user'] RELATED_CATEGORIES = ['app', 'domain', 'group', 'service', 'user']
logger = getActionLogger('yunohost.log') logger = getActionLogger('yunohost.log')
@ -213,7 +213,7 @@ def log_display(path, number=None, share=False):
return infos return infos
def is_unit_operation(entities=['app', 'domain', 'service', 'user'], def is_unit_operation(entities=['app', 'domain', 'group', 'service', 'user'],
exclude=['password'], operation_key=None): exclude=['password'], operation_key=None):
""" """
Configure quickly a unit operation Configure quickly a unit operation

31
src/yunohost/permission.py
View file

@ -76,6 +76,7 @@ def user_permission_list(short=False, full=False):
return {'permissions': permissions} return {'permissions': permissions}
@is_unit_operation()
def user_permission_update(operation_logger, permission, add=None, remove=None, sync_perm=True): def user_permission_update(operation_logger, permission, add=None, remove=None, sync_perm=True):
""" """
Allow or Disallow a user or group to a permission for a specific application Allow or Disallow a user or group to a permission for a specific application
@ -98,6 +99,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
current_allowed_groups = existing_permission["allowed"] current_allowed_groups = existing_permission["allowed"]
all_existing_groups = user_group_list()['groups'].keys() all_existing_groups = user_group_list()['groups'].keys()
operation_logger.related_to.append(('app', permission.split(".")[0]))
# Compute new allowed group list (and make sure what we're doing make sense) # Compute new allowed group list (and make sure what we're doing make sense)
@ -110,6 +112,8 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
raise YunohostError('group_unknown', group=group) raise YunohostError('group_unknown', group=group)
if group in current_allowed_groups: if group in current_allowed_groups:
logger.warning(m18n.n('group_already_allowed', permission=permission, group=group)) logger.warning(m18n.n('group_already_allowed', permission=permission, group=group))
else:
operation_logger.related_to.append(('group', group))
new_allowed_groups += groups_to_add new_allowed_groups += groups_to_add
@ -120,6 +124,8 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
raise YunohostError('group_unknown', group=group) raise YunohostError('group_unknown', group=group)
if group not in current_allowed_groups: if group not in current_allowed_groups:
logger.warning(m18n.n('group_already_disallowed', permission=permission, group=group)) logger.warning(m18n.n('group_already_disallowed', permission=permission, group=group))
else:
operation_logger.related_to.append(('group', group))
new_allowed_groups = [g for g in new_allowed_groups if g not in groups_to_remove] new_allowed_groups = [g for g in new_allowed_groups if g not in groups_to_remove]
@ -132,15 +138,17 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
# FIXME : write a better explanation ? # FIXME : write a better explanation ?
logger.warning("This permission is currently enabled for all users in addition to other groups. You probably want to either remove the 'all_users' permission or remove the specific groups currently allowed.") logger.warning("This permission is currently enabled for all users in addition to other groups. You probably want to either remove the 'all_users' permission or remove the specific groups currently allowed.")
# Commit the new allowed group list
operation_logger.start()
# Don't update LDAP if we update exactly the same values # Don't update LDAP if we update exactly the same values
if set(new_allowed_groups) == set(current_allowed_groups): if set(new_allowed_groups) == set(current_allowed_groups):
# FIXME : i18n # FIXME : i18n
logger.warning("No change was applied because not relevant modification were found") logger.warning("No change was applied because not relevant modification were found")
elif ldap.update('cn=%s,ou=permission' % permission, return
# Commit the new allowed group list
operation_logger.start()
if ldap.update('cn=%s,ou=permission' % permission,
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]}): {'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]}):
logger.debug(m18n.n('permission_updated', permission=permission)) logger.debug(m18n.n('permission_updated', permission=permission))
@ -172,6 +180,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
raise YunohostError('permission_update_failed') raise YunohostError('permission_update_failed')
@is_unit_operation()
def user_permission_reset(operation_logger, permission, sync_perm=True): def user_permission_reset(operation_logger, permission, sync_perm=True):
""" """
Reset a given permission to just 'all_users' Reset a given permission to just 'all_users'
@ -191,6 +200,9 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
# Update permission with default (all_users) # Update permission with default (all_users)
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start()
default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']} default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']}
if ldap.update('cn=%s,ou=permission' % permission, default_permission): if ldap.update('cn=%s,ou=permission' % permission, default_permission):
logger.debug(m18n.n('permission_updated', permission=permission)) logger.debug(m18n.n('permission_updated', permission=permission))
@ -228,7 +240,7 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
# #
@is_unit_operation(['permission', 'app']) @is_unit_operation()
def permission_create(operation_logger, permission, urls=None, sync_perm=True): def permission_create(operation_logger, permission, urls=None, sync_perm=True):
""" """
Create a new permission for a specific application Create a new permission for a specific application
@ -267,6 +279,7 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
if urls: if urls:
attr_dict['URL'] = [_normalize_url(url) for url in urls] attr_dict['URL'] = [_normalize_url(url) for url in urls]
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start() operation_logger.start()
if ldap.add('cn=%s,ou=permission' % permission, attr_dict): if ldap.add('cn=%s,ou=permission' % permission, attr_dict):
if sync_perm: if sync_perm:
@ -277,7 +290,7 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
raise YunohostError('permission_creation_failed') raise YunohostError('permission_creation_failed')
@is_unit_operation(['permission', 'app']) @is_unit_operation()
def permission_urls(operation_logger, permission, add=None, remove=None, sync_perm=True): def permission_urls(operation_logger, permission, add=None, remove=None, sync_perm=True):
""" """
Update urls related to a permission for a specific application Update urls related to a permission for a specific application
@ -316,6 +329,7 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
# Actually commit the change # Actually commit the change
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start() operation_logger.start()
if ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls}): if ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls}):
if sync_perm: if sync_perm:
@ -326,7 +340,7 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
raise YunohostError('premission_update_failed') raise YunohostError('premission_update_failed')
@is_unit_operation(['permission', 'app']) @is_unit_operation()
def permission_delete(operation_logger, permission, force=False, sync_perm=True): def permission_delete(operation_logger, permission, force=False, sync_perm=True):
""" """
Delete a permission Delete a permission
@ -349,6 +363,7 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
# Actually delete the permission # Actually delete the permission
operation_logger.related_to.append(('app', permission.split(".")[0]))
operation_logger.start() operation_logger.start()
if ldap.remove('cn=%s,ou=permission' % permission): if ldap.remove('cn=%s,ou=permission' % permission):
if sync_perm: if sync_perm:

26
src/yunohost/user.py
View file

@ -525,7 +525,7 @@ def user_group_list(short=False, full=False):
return {'groups': groups} return {'groups': groups}
@is_unit_operation([('groupname', 'user')]) @is_unit_operation([('groupname', 'group')])
def user_group_create(operation_logger, groupname, gid=None, primary_group=False, sync_perm=True): def user_group_create(operation_logger, groupname, gid=None, primary_group=False, sync_perm=True):
""" """
Create group Create group
@ -537,8 +537,6 @@ def user_group_create(operation_logger, groupname, gid=None, primary_group=False
from yunohost.permission import permission_sync_to_user from yunohost.permission import permission_sync_to_user
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
operation_logger.start()
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
# Validate uniqueness of groupname in LDAP # Validate uniqueness of groupname in LDAP
@ -574,6 +572,7 @@ def user_group_create(operation_logger, groupname, gid=None, primary_group=False
if primary_group: if primary_group:
attr_dict["member"] = ["uid=" + groupname + ",ou=users,dc=yunohost,dc=org"] attr_dict["member"] = ["uid=" + groupname + ",ou=users,dc=yunohost,dc=org"]
operation_logger.start()
if ldap.add('cn=%s,ou=groups' % groupname, attr_dict): if ldap.add('cn=%s,ou=groups' % groupname, attr_dict):
logger.success(m18n.n('group_created', group=groupname)) logger.success(m18n.n('group_created', group=groupname))
if sync_perm: if sync_perm:
@ -583,7 +582,7 @@ def user_group_create(operation_logger, groupname, gid=None, primary_group=False
raise YunohostError('group_creation_failed', group=groupname) raise YunohostError('group_creation_failed', group=groupname)
@is_unit_operation([('groupname', 'user')]) @is_unit_operation([('groupname', 'group')])
def user_group_delete(operation_logger, groupname, force=False, sync_perm=True): def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
""" """
Delete user Delete user
@ -614,7 +613,7 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
permission_sync_to_user() permission_sync_to_user()
@is_unit_operation([('groupname', 'user')]) @is_unit_operation([('groupname', 'group')])
def user_group_update(operation_logger, groupname, add=None, remove=None, force=False, sync_perm=True): def user_group_update(operation_logger, groupname, add=None, remove=None, force=False, sync_perm=True):
""" """
Update user informations Update user informations
@ -650,6 +649,8 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force=
if user in current_group: if user in current_group:
logger.warning(m18n.n('user_already_in_group', user=user, group=groupname)) logger.warning(m18n.n('user_already_in_group', user=user, group=groupname))
else:
operation_logger.related_to.append(('user', user))
new_group += users_to_add new_group += users_to_add
@ -659,6 +660,8 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force=
for user in users_to_remove: for user in users_to_remove:
if user not in current_group: if user not in current_group:
logger.warning(m18n.n('user_not_in_group', user=user, group=groupname)) logger.warning(m18n.n('user_not_in_group', user=user, group=groupname))
else:
operation_logger.related_to.append(('user', user))
# Remove users_to_remove from new_group # Remove users_to_remove from new_group
# Kinda like a new_group -= users_to_remove # Kinda like a new_group -= users_to_remove
@ -666,9 +669,8 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force=
new_group_dns = ["uid=" + user + ",ou=users,dc=yunohost,dc=org" for user in new_group] new_group_dns = ["uid=" + user + ",ou=users,dc=yunohost,dc=org" for user in new_group]
operation_logger.start()
if set(new_group) != set(current_group): if set(new_group) != set(current_group):
operation_logger.start()
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
if not ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)}): if not ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)}):
raise YunohostError('group_update_failed', group=groupname) raise YunohostError('group_update_failed', group=groupname)
@ -718,18 +720,16 @@ def user_permission_list(short=False, full=False):
return yunohost.permission.user_permission_list(short, full) return yunohost.permission.user_permission_list(short, full)
@is_unit_operation([('permission', 'user')]) def user_permission_update(permission, add=None, remove=None, sync_perm=True):
def user_permission_update(operation_logger, permission, add=None, remove=None, sync_perm=True):
import yunohost.permission import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, permission, return yunohost.permission.user_permission_update(permission,
add=add, remove=remove, add=add, remove=remove,
sync_perm=sync_perm) sync_perm=sync_perm)
@is_unit_operation([('app', 'user')]) def user_permission_reset(permission, sync_perm=True):
def user_permission_reset(operation_logger, permission, sync_perm=True):
import yunohost.permission import yunohost.permission
return yunohost.permission.user_permission_reset(operation_logger, permission, return yunohost.permission.user_permission_reset(permission,
sync_perm=sync_perm) sync_perm=sync_perm)