Simplify migration / be more explicit about what new rdn to inject

2024-09-03 20:06:10 +02:00 · 2021-04-01 19:37:39 +02:00 · 2021-04-01 19:37:39 +02:00 · 83d03dc074
commit 83d03dc074
parent ce946cc0b0
2 changed files with 9 additions and 13 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -451,7 +451,6 @@
    "migration_0018_failed_to_reset_legacy_rules": "Failed to reset legacy iptables rules: {error}",
    "migration_0019_add_new_attributes_in_ldap": "Add new attributes for permissions in LDAP database",
    "migration_0019_slapd_config_will_be_overwritten": "It looks like you manually edited the slapd configuration. For this critical migration, YunoHost needs to force the update of the slapd configuration. The original files will be backuped in {conf_backup_folder}.",
-    "migration_0020_ssh_sftp_permissions": "SSH/SFTP permissions",
    "migrations_already_ran": "Those migrations are already done: {ids}",
    "migrations_cant_reach_migration_file": "Could not access migrations files at the path '%s'",
    "migrations_dependencies_not_satisfied": "Run these migrations: '{dependencies_id}', before migration {id}.",
--- a/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py
+++ b/src/yunohost/data_migrations/0020_ssh_sftp_permissions.py
@ -19,25 +19,19 @@ class MyMigration(Migration):
        Add new permissions around SSH/SFTP features
    """

+    dependencies = ["extend_permissions_features"]
+
    @ldap_migration
    def run(self, *args):
-        logger.info(m18n.n("migration_0020_ssh_sftp_permissions"))

        from yunohost.utils.ldap import _get_ldap_interface
        ldap = _get_ldap_interface()

-        add_perm_to_users = False
-
        # Add SSH and SFTP permissions
        ldap_map = read_yaml('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml')
-        for rdn, attr_dict in ldap_map['depends_children'].items():
-            try:
-                ldap.search(rdn + ",dc=yunohost,dc=org")
-            # ldap search will raise an exception if no corresponding object is found >.> ...
-            except Exception:
-                if rdn == "cn=ssh.main,ou=permission":
-                    add_perm_to_users = True
-                ldap.add(rdn, attr_dict)
+
+        ldap.add("cn=ssh.main,ou=permission", ldap_map['depends_children']["cn=ssh.main,ou=permission"])
+        ldap.add("cn=sftp.main,ou=permission", ldap_map['depends_children']["cn=sftp.main,ou=permission"])

        # Add a bash terminal to each users
        users = ldap.search('ou=users,dc=yunohost,dc=org', filter="(loginShell=*)", attrs=["dn", "uid", "loginShell"])
@ -45,9 +39,12 @@ class MyMigration(Migration):
            if user['loginShell'][0] == '/bin/false':
                dn=user['dn'][0].replace(',dc=yunohost,dc=org', '')
                ldap.update(dn, {'loginShell': ['/bin/bash']})
-            elif add_perm_to_users:
+            else:
                user_permission_update("ssh.main", add=user["uid"][0], sync_perm=False)

+        permission_sync_to_user()
+
+
        # Somehow this is needed otherwise the PAM thing doesn't forget about the
        # old loginShell value ?
        subprocess.call(['nscd', '-i', 'passwd'])