From 5d4f62b2220759d1428104f65b3baf53b31a858d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 22 Dec 2019 14:44:10 +0100 Subject: [PATCH] Update LDAP schema for permission protection --- data/templates/slapd/yunohost.schema | 5 ++++- src/yunohost/user.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/data/templates/slapd/yunohost.schema b/data/templates/slapd/yunohost.schema index 7da60a20c..e7398e621 100644 --- a/data/templates/slapd/yunohost.schema +++ b/data/templates/slapd/yunohost.schema @@ -15,6 +15,9 @@ attributetype ( 1.3.6.1.4.1.17953.9.1.3 NAME 'inheritPermission' attributetype ( 1.3.6.1.4.1.17953.9.1.4 NAME 'URL' DESC 'Yunohost application URL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +attributetype ( 1.3.6.1.4.1.17953.9.1.5 NAME 'isProtected' + DESC 'Yunohost application permission protection' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # OBJECTCLASS # For Applications objectclass ( 1.3.6.1.4.1.17953.9.2.1 NAME 'groupOfNamesYnh' @@ -25,7 +28,7 @@ objectclass ( 1.3.6.1.4.1.17953.9.2.2 NAME 'permissionYnh' DESC 'a Yunohost application' SUP top AUXILIARY MUST cn - MAY ( groupPermission $ inheritPermission $ URL ) ) + MAY ( groupPermission $ inheritPermission $ URL $ isProtected ) ) # For User objectclass ( 1.3.6.1.4.1.17953.9.2.3 NAME 'userPermissionYnh' DESC 'a Yunohost application' diff --git a/src/yunohost/user.py b/src/yunohost/user.py index fdcac658d..fdd990658 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -718,7 +718,7 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force= new_group_dns = ["uid=" + user + ",ou=users,dc=yunohost,dc=org" for user in new_group] - if set(new_group) != set(current_group): + if set(new_group) != set(current_group) or True: operation_logger.start() ldap = _get_ldap_interface() try: