From 6276485665977aae1e6407714988ca354fad5779 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 11 Sep 2019 04:06:12 +0200 Subject: [PATCH] Simplify permission_list ... it really sounds like we don't need all these options --- data/actionsmap/yunohost.yml | 27 ++---------- locales/en.json | 1 - src/yunohost/backup.py | 6 +-- src/yunohost/permission.py | 79 +++++++----------------------------- src/yunohost/user.py | 6 +-- 5 files changed, 23 insertions(+), 96 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index d4940c043..2bca684cd 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -274,33 +274,12 @@ user: pattern: *pattern_username permission: - subcategory_help: Manage user permission + subcategory_help: Manage permissions actions: ### user_permission_list() list: - action_help: List access to user and group - api: GET /users/permissions/ - arguments: - -a: - full: --app - help: Application to manage the permission - nargs: "*" - metavar: APP - -p: - full: --permission - help: Name of permission (main by default) - nargs: "*" - metavar: PERMISSION - -u: - full: --username - help: Username - nargs: "*" - metavar: USER - -g: - full: --group - help: Group name - nargs: "*" - metavar: GROUP + action_help: List permissions and corresponding accesses + api: GET /users/permissions/ ### user_permission_add() add: diff --git a/locales/en.json b/locales/en.json index d3abf4fd0..b02bf2238 100644 --- a/locales/en.json +++ b/locales/en.json @@ -438,7 +438,6 @@ "permission_deleted": "Permission '{permission:s}' for app {app:s} deleted", "permission_deletion_failed": "Permission '{permission:s}' for app {app:s} deletion failed", "permission_not_found": "Permission '{permission:s}' not found for application {app:s}", - "permission_name_not_valid": "Permission name '{permission:s}' not valid", "permission_update_failed": "Permission update failed", "permission_generated": "The permission database has been updated", "permission_updated": "Permission '{permission:s}' for app {app:s} updated", diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index f96146ea0..fdbd8c62c 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1256,10 +1256,8 @@ class RestoreManager(): # Restore permission for the app which is installed for per in old_apps_permission: - try: - permission_name, app_name = per['cn'][0].split('.') - except: - logger.warning(m18n.n('permission_name_not_valid', permission=per['cn'][0])) + # FIXME : will come here later to fix this following previous commits ... + permission_name, app_name = per['cn'][0].split('.') if _is_installed(app_name): if not ldap.add('cn=%s,ou=permission' % per['cn'][0], per): raise YunohostError('apps_permission_restoration_failed', permission=permission_name, app=app_name) diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index 0b77a3e5c..fbb43e8b3 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -42,79 +42,30 @@ logger = getActionLogger('yunohost.user') # -def user_permission_list(app=None, permission=None, username=None, group=None): +def user_permission_list(): """ - List permission for specific application - - Keyword argument: - app -- an application OR sftp, xmpp (metronome), mail - permission -- name of the permission ("main" by default) - username -- Username to get informations - group -- Groupname to get informations + List permissions and corresponding accesses """ - from yunohost.utils.ldap import _get_ldap_interface + from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract + + # Fetch all permissions objects ldap = _get_ldap_interface() - - permission_attrs = [ - 'cn', - 'groupPermission', - 'inheritPermission', - 'URL', - ] - - # Normally app is alway defined but it should be possible to set it - if app and not isinstance(app, list): - app = [app] - if permission and not isinstance(permission, list): - permission = [permission] - if not isinstance(username, list): - username = [username] - if not isinstance(group, list): - group = [group] + permissions_infos = ldap.search('ou=permission,dc=yunohost,dc=org', + '(objectclass=permissionYnh)', + ['cn', 'groupPermission', 'inheritPermission', 'URL']) permissions = {} + for infos in permissions_infos: - result = ldap.search('ou=permission,dc=yunohost,dc=org', - '(objectclass=permissionYnh)', permission_attrs) + name = infos['cn'][0] - for res in result: - try: - permission_name, app_name = res['cn'][0].split('.') - except: - logger.warning(m18n.n('permission_name_not_valid', permission=res['cn'][0])) - group_name = [] - if 'groupPermission' in res: - for g in res['groupPermission']: - group_name.append(g.split("=")[1].split(",")[0]) - user_name = [] - if 'inheritPermission' in res: - for u in res['inheritPermission']: - user_name.append(u.split("=")[1].split(",")[0]) - - # Don't show the result if the user defined a specific permission, user or group - if app and app_name not in app: - continue - if permission and permission_name not in permission: - continue - if username[0] and not set(username) & set(user_name): - continue - if group[0] and not set(group) & set(group_name): - continue - - if app_name not in permissions: - permissions[app_name] = {} - - permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []} - for g in group_name: - permissions[app_name][permission_name]['allowed_groups'].append(g) - for u in user_name: - permissions[app_name][permission_name]['allowed_users'].append(u) - if 'URL' in res: - permissions[app_name][permission_name]['URL'] = [] - for u in res['URL']: - permissions[app_name][permission_name]['URL'].append(u) + permissions[name] = { + "allowed_users": [_ldap_path_extract(p, "uid") for p in infos.get('inheritPermission', [])], + "allowed_groups": [_ldap_path_extract(p, "cn") for p in infos.get('groupPermission', [])], + "urls": infos.get("URL", []) + } return {'permissions': permissions} diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 8427cbd42..3eb329f4e 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -453,7 +453,7 @@ def user_info(username): if service_status("dovecot")["status"] != "running": logger.warning(m18n.n('mailbox_used_space_dovecot_down')) - elif not user_permission_list(app="mail", permission="main", username=username)['permissions']: + elif username not in user_permission_list()["permissions"]["mail.main"]["allowed_users"]: logger.warning(m18n.n('mailbox_disabled', user=username)) else: cmd = 'doveadm -f flow quota get -u %s' % user['uid'][0] @@ -719,9 +719,9 @@ def user_group_info(groupname): # Permission subcategory # -def user_permission_list(app=None, permission=None, username=None, group=None, sync_perm=True): +def user_permission_list(): import yunohost.permission - return yunohost.permission.user_permission_list(app, permission, username, group) + return yunohost.permission.user_permission_list() @is_unit_operation([('app', 'user')])