Simplify permission_list ... it really sounds like we don't need all these options

2024-09-03 20:06:10 +02:00 · 2019-09-11 04:06:12 +02:00 · 2019-09-11 04:06:12 +02:00 · 6276485665
commit 6276485665
parent 112976f8ee
5 changed files with 23 additions and 96 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -274,33 +274,12 @@ user:
                                pattern: *pattern_username
        permission:
-            subcategory_help: Manage user permission
+            subcategory_help: Manage permissions
            actions:
                ### user_permission_list()
                list:
-                    action_help: List access to user and group
+                    action_help: List permissions and corresponding accesses
-                    api: GET /users/permissions/<app>
+                    api: GET /users/permissions/<permission>
                    arguments:
                        -a:
                            full: --app
                            help: Application to manage the permission
                            nargs: "*"
                            metavar: APP
                        -p:
                            full: --permission
                            help: Name of permission (main by default)
                            nargs: "*"
                            metavar: PERMISSION
                        -u:
                            full: --username
                            help: Username
                            nargs: "*"
                            metavar: USER
                        -g:
                            full: --group
                            help: Group name
                            nargs: "*"
                            metavar: GROUP
                ### user_permission_add()
                add:
--- a/locales/en.json
+++ b/locales/en.json
@ -438,7 +438,6 @@
    "permission_deleted": "Permission '{permission:s}' for app {app:s} deleted",
    "permission_deletion_failed": "Permission '{permission:s}' for app {app:s} deletion failed",
    "permission_not_found": "Permission '{permission:s}' not found for application {app:s}",
    "permission_name_not_valid": "Permission name '{permission:s}' not valid",
    "permission_update_failed": "Permission update failed",
    "permission_generated": "The permission database has been updated",
    "permission_updated": "Permission '{permission:s}' for app {app:s} updated",
--- a/src/yunohost/backup.py
+++ b/src/yunohost/backup.py
@ -1256,10 +1256,8 @@ class RestoreManager():
        # Restore permission for the app which is installed
        for per in old_apps_permission:
-            try:
+            # FIXME : will come here later to fix this following previous commits ...
-                permission_name, app_name = per['cn'][0].split('.')
+            permission_name, app_name = per['cn'][0].split('.')
            except:
                logger.warning(m18n.n('permission_name_not_valid', permission=per['cn'][0]))
            if _is_installed(app_name):
                if not ldap.add('cn=%s,ou=permission' % per['cn'][0], per):
                    raise YunohostError('apps_permission_restoration_failed', permission=permission_name, app=app_name)
--- a/src/yunohost/permission.py
+++ b/src/yunohost/permission.py
@ -42,79 +42,30 @@ logger = getActionLogger('yunohost.user')
 #
-def user_permission_list(app=None, permission=None, username=None, group=None):
+def user_permission_list():
    """
-    List permission for specific application
+    List permissions and corresponding accesses
    Keyword argument:
        app        -- an application OR sftp, xmpp (metronome), mail
        permission -- name of the permission ("main" by default)
        username   -- Username to get informations
        group      -- Groupname to get informations
    """
-    from yunohost.utils.ldap import _get_ldap_interface
+    from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
    # Fetch all permissions objects
    ldap = _get_ldap_interface()
-
+    permissions_infos = ldap.search('ou=permission,dc=yunohost,dc=org',
-    permission_attrs = [
+                                    '(objectclass=permissionYnh)',
-        'cn',
+                                    ['cn', 'groupPermission', 'inheritPermission', 'URL'])
        'groupPermission',
        'inheritPermission',
        'URL',
    ]
    # Normally app is alway defined but it should be possible to set it
    if app and not isinstance(app, list):
        app = [app]
    if permission and not isinstance(permission, list):
        permission = [permission]
    if not isinstance(username, list):
        username = [username]
    if not isinstance(group, list):
        group = [group]
    permissions = {}
    for infos in permissions_infos:
-    result = ldap.search('ou=permission,dc=yunohost,dc=org',
+        name = infos['cn'][0]
                         '(objectclass=permissionYnh)', permission_attrs)
-    for res in result:
+        permissions[name] = {
-        try:
+            "allowed_users": [_ldap_path_extract(p, "uid") for p in infos.get('inheritPermission', [])],
-            permission_name, app_name = res['cn'][0].split('.')
+            "allowed_groups": [_ldap_path_extract(p, "cn") for p in infos.get('groupPermission', [])],
-        except:
+            "urls": infos.get("URL", [])
-            logger.warning(m18n.n('permission_name_not_valid', permission=res['cn'][0]))
+        }
        group_name = []
        if 'groupPermission' in res:
            for g in res['groupPermission']:
                group_name.append(g.split("=")[1].split(",")[0])
        user_name = []
        if 'inheritPermission' in res:
            for u in res['inheritPermission']:
                user_name.append(u.split("=")[1].split(",")[0])
        # Don't show the result if the user defined a specific permission, user or group
        if app and app_name not in app:
            continue
        if permission and permission_name not in permission:
            continue
        if username[0] and not set(username) & set(user_name):
            continue
        if group[0] and not set(group) & set(group_name):
            continue
        if app_name not in permissions:
            permissions[app_name] = {}
        permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []}
        for g in group_name:
            permissions[app_name][permission_name]['allowed_groups'].append(g)
        for u in user_name:
            permissions[app_name][permission_name]['allowed_users'].append(u)
        if 'URL' in res:
            permissions[app_name][permission_name]['URL'] = []
            for u in res['URL']:
                permissions[app_name][permission_name]['URL'].append(u)
    return {'permissions': permissions}
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@ -453,7 +453,7 @@ def user_info(username):
        if service_status("dovecot")["status"] != "running":
            logger.warning(m18n.n('mailbox_used_space_dovecot_down'))
-        elif not user_permission_list(app="mail", permission="main", username=username)['permissions']:
+        elif username not in user_permission_list()["permissions"]["mail.main"]["allowed_users"]:
            logger.warning(m18n.n('mailbox_disabled', user=username))
        else:
            cmd = 'doveadm -f flow quota get -u %s' % user['uid'][0]
@ -719,9 +719,9 @@ def user_group_info(groupname):
 # Permission subcategory
 #
-def user_permission_list(app=None, permission=None, username=None, group=None, sync_perm=True):
+def user_permission_list():
    import yunohost.permission
-    return yunohost.permission.user_permission_list(app, permission, username, group)
+    return yunohost.permission.user_permission_list()
@is_unit_operation([('app', 'user')])