YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Implement permission helper

Browse source
This commit is contained in:
Josué Tille 2018-11-28 22:06:33 +01:00
parent ad628b7620
commit 4c2ae4fc77
No known key found for this signature in database
GPG key ID: D5E068C6DFA8681D
3 changed files with 81 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
data/helpers.d/setting
View file

@ -25,3 +25,73 @@ ynh_app_setting_set() {
ynh_app_setting_delete() { ynh_app_setting_delete() {
sudo yunohost app setting -d "$1" "$2" --quiet sudo yunohost app setting -d "$1" "$2" --quiet
} }
# Create a new permission for the app
#
# usage: ynh_permission_create --app "app" --permission "permission" --defaultdisallow [--url "url" ["url" ...]]
# | arg: app - the application id
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
# | arg: defaultdisallow - define if all user will be allowed by default
# | arg: url - the url for the the permission
ynh_permission_create() {
declare -Ar args_array=( [a]=app= [p]=permission= [d]=defaultdisallow [u]=url= )
local app
local permission
local defaultdisallow
local url
ynh_handle_getopts_args "$@"
if [[ -n ${defaultdisallow:-} ]]; then
defaultdisallow=",default_allow=False"
fi
if [[ -n ${url:-} ]]; then
url=",url=['${url//';'/"','"}']"
fi
yunohost tools shell -c "from yunohost.permission import permission_add; permission_add(auth, '$app', '$permission' ${defaultdisallow:-} ${url:-}, sync_perm=False)"
}
# Remove a permission for the app (note that when the app is removed all permission is automatically removed)
#
# usage: ynh_permission_remove --app "app" --permission "permission"
# | arg: app - the application id
# | arg: permission - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
ynh_permission_remove() {
declare -Ar args_array=( [a]=app= [p]=permission= )
local app
local permission
ynh_handle_getopts_args "$@"
yunohost tools shell -c "from yunohost.permission import permission_remove; permission_remove(auth, '$app', '$permission')"
}
# Add a path managed by the SSO
#
# usage: ynh_permission_add_path --app "app" --permission "permission" --url "url" ["url" ...]
# | arg: app - the application id
# | arg: permission - the name for the permission
# | arg: url - the FULL url for the the permission (ex domain.tld/apps/admin)
ynh_permission_add_path() {
declare -Ar args_array=( [a]=app= [p]=permission= [u]=url= )
local app
local permission
local url
ynh_handle_getopts_args "$@"
yunohost tools shell -c "from yunohost.permission import permission_update; permission_update(auth, '$app', '$permission', add_url=['${url//';'/"','"}'])"
}
# Remove a path managed by the SSO
#
# usage: ynh_permission_del_path --app "app" --permission "permission" --url "url" ["url" ...]
# | arg: app - the application id
# | arg: permission - the name for the permission
# | arg: url - the FULL url for the the permission (ex domain.tld/apps/admin)
ynh_permission_del_path() {
declare -Ar args_array=( [a]=app= [p]=permission= [u]=url= )
local app
local permission
local url
ynh_handle_getopts_args "$@"
yunohost tools shell -c "from yunohost.permission import permission_update; permission_update(auth, '$app', '$permission', remove_url=['${url//';'/"','"}'])"
}

9
src/yunohost/app.py
View file

@ -710,7 +710,7 @@ def app_install(operation_logger, auth, app, label=None, args=None, no_remove_on
""" """
from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback
from yunohost.log import OperationLogger from yunohost.log import OperationLogger
from yunohost.permission import permission_add, permission_update from yunohost.permission import permission_add, permission_update, permission_remove
# Fetch or extract sources # Fetch or extract sources
try: try:
@ -867,6 +867,13 @@ def app_install(operation_logger, auth, app, label=None, args=None, no_remove_on
os.path.join(extracted_app_folder, 'scripts/remove'), os.path.join(extracted_app_folder, 'scripts/remove'),
args=[app_instance_name], env=env_dict_remove args=[app_instance_name], env=env_dict_remove
) )
# Remove all permission in LDAP
result = auth.search(base='ou=permission,dc=yunohost,dc=org',
filter='(&(objectclass=permissionYnh)(cn=*.%s))' % app_instance_name, attrs=['cn'])
permission_list = [p['cn'][0] for p in result]
for l in permission_list:
permission_remove(auth, app_instance_name, l.split('.')[0], force=True)
if remove_retcode != 0: if remove_retcode != 0:
msg = m18n.n('app_not_properly_removed', msg = m18n.n('app_not_properly_removed',
app=app_instance_name) app=app_instance_name)

5
src/yunohost/permission.py
View file

@ -316,7 +316,7 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None):
@is_unit_operation(['permission','app']) @is_unit_operation(['permission','app'])
def permission_add(operation_logger, auth, app, permission, url=None): def permission_add(operation_logger, auth, app, permission, url=None, default_allow=True):
""" """
Create a new permission for a specific application Create a new permission for a specific application
@ -348,8 +348,9 @@ def permission_add(operation_logger, auth, app, permission, url=None):
'objectClass': ['top', 'permissionYnh', 'posixGroup'], 'objectClass': ['top', 'permissionYnh', 'posixGroup'],
'cn': permission_name, 'cn': permission_name,
'gidNumber': gid, 'gidNumber': gid,
'groupPermission': 'cn=all_users,ou=groups,dc=yunohost,dc=org'
} }
if default_allow:
attr_dict['groupPermission'] = 'cn=all_users,ou=groups,dc=yunohost,dc=org'
if url: if url:
attr_dict['URL'] = [] attr_dict['URL'] = []