YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Naive implementation of protected/unprotected inplementation using the visitors group

Browse source
This commit is contained in:
Alexandre Aubin 2019-09-15 17:58:41 +02:00
parent 95a8dfa71c
commit 8abfd2a6e6
1 changed files with 26 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
src/yunohost/app.py
View file

@ -1345,6 +1345,7 @@ def app_ssowatconf():
main_domain = _get_maindomain() main_domain = _get_maindomain()
domains = domain_list()['domains'] domains = domain_list()['domains']
all_permissions = user_permission_list(full=True)['permissions']
skipped_urls = [] skipped_urls = []
skipped_regex = [] skipped_regex = []
@ -1378,18 +1379,32 @@ def app_ssowatconf():
skipped_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'skipped_uris')] skipped_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'skipped_uris')]
skipped_regex += _get_setting(app_settings, 'skipped_regex') skipped_regex += _get_setting(app_settings, 'skipped_regex')
# Unprotected
unprotected_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'unprotected_uris')]
unprotected_regex += _get_setting(app_settings, 'unprotected_regex')
# Protected
unprotected_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'protected_uris')]
unprotected_regex += _get_setting(app_settings, 'protected_regex')
# Redirected # Redirected
redirected_urls.update(app_settings.get('redirected_urls', {})) redirected_urls.update(app_settings.get('redirected_urls', {}))
redirected_regex.update(app_settings.get('redirected_regex', {})) redirected_regex.update(app_settings.get('redirected_regex', {}))
# Legacy permission system using (un)protected_uris and _regex managed in app settings...
unprotected_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'unprotected_uris')]
unprotected_urls += [app_root_webpath + uri.rstrip("/") for uri in _get_setting(app_settings, 'protected_uris')]
unprotected_regex += _get_setting(app_settings, 'unprotected_regex')
unprotected_regex += _get_setting(app_settings, 'protected_regex')
# New permission system
this_app_perms = {name: info for name, info in all_permissions.items if name.startswith(app + ".")}
for perm_name, perm_info in this_app_perms:
urls = [url.rstrip("/") for url in perm_info["urls"]]
if "visitors" in perm_info["allowed"]:
unprotected_urls += urls
# Legacy stuff : we remove now unprotected-urls that might have been declared as protected earlier...
protected_urls = [u for u in protected_urls if u not in urls]
else:
# TODO : small optimization to implement : we don't need to explictly add all the app roots
protected_urls += urls
# Legacy stuff : we remove now unprotected-urls that might have been declared as protected earlier...
unprotected_urls = [u for u in unprotected_urls if u not in urls]
for domain in domains: for domain in domains:
skipped_urls.extend([domain + '/yunohost/admin', domain + '/yunohost/api']) skipped_urls.extend([domain + '/yunohost/admin', domain + '/yunohost/api'])
@ -1397,8 +1412,10 @@ def app_ssowatconf():
skipped_regex.append("^[^/]*/%.well%-known/acme%-challenge/.*$") skipped_regex.append("^[^/]*/%.well%-known/acme%-challenge/.*$")
skipped_regex.append("^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$") skipped_regex.append("^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$")
permissions_per_url = {} permissions_per_url = {}
for permission_name, permission_infos in user_permission_list(full=True)['permissions'].items(): for permission_name, permission_infos in all_permissions.items():
for url in permission_infos["urls"]: for url in permission_infos["urls"]:
permissions_per_url[url] = permission_infos['corresponding_users'] permissions_per_url[url] = permission_infos['corresponding_users']