diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 8c7c1975d..1d4ab4101 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -188,7 +188,7 @@ def app_map(app=None, raw=False, user=None): apps = [] result = {} - permissions = user_permission_list(full=True)["permissions"] + permissions = user_permission_list(full=True, full_path=False)["permissions"] if app is not None: if not _is_installed(app): @@ -483,7 +483,7 @@ def app_upgrade(app=[], url=None, file=None): env_dict["YNH_APP_ID"] = app_id env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb) - env_dict["YNH_APP_LABEL"] = user_permission_list(full=True, ignore_system_perms=True)['permissions'][app_id+".main"]['label'] + env_dict["YNH_APP_LABEL"] = user_permission_list(full=True, ignore_system_perms=True, full_path=False)['permissions'][app_id+".main"]['label'] # Start register change on system related_to = [('app', app_instance_name)] @@ -1221,7 +1221,7 @@ def app_ssowatconf(): main_domain = _get_maindomain() domains = domain_list()['domains'] - all_permissions = user_permission_list(full=True)['permissions'] + all_permissions = user_permission_list(full=True, full_path=False)['permissions'] skipped_urls = [] skipped_regex = [] diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index 9a4e3b860..f8a2f54ba 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -705,7 +705,7 @@ class BackupManager(): # backup permissions logger.debug(m18n.n('backup_permission', app=app)) - permissions = user_permission_list(full=True)["permissions"] + permissions = user_permission_list(full=True, full_path=False)["permissions"] this_app_permissions = {name: infos for name, infos in permissions.items() if name.startswith(app + ".")} write_to_yaml("%s/permissions.yml" % settings_dir, this_app_permissions) @@ -1189,7 +1189,7 @@ class RestoreManager(): # Backup old permission for apps # We need to do that because in case of an app is installed we can't remove the permission for this app - old_apps_permission = user_permission_list(ignore_system_perms=True, full=True)["permissions"] + old_apps_permission = user_permission_list(ignore_system_perms=True, full=True, full_path=False)["permissions"] # Start register change on system operation_logger = OperationLogger('backup_restore_system') diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index 07f926523..b57534079 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -45,13 +45,13 @@ SYSTEM_PERMS = ["mail", "xmpp", "stfp"] # -def user_permission_list(short=False, full=False, ignore_system_perms=False): +def user_permission_list(short=False, full=False, ignore_system_perms=False, full_path=True): """ List permissions and corresponding accesses """ # Fetch relevant informations - + from yunohost.app import app_setting, app_list from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract ldap = _get_ldap_interface() permissions_infos = ldap.search('ou=permission,dc=yunohost,dc=org', @@ -60,6 +60,15 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False): 'URL', 'additionalUrls', 'authHeader', 'label', 'showTile', 'isProtected']) # Parse / organize information to be outputed + app_settings = {app['id']: app_setting(app['id'], 'domain') + app_setting(app['id'], 'path') for app in app_list()['apps']} + + def complete_url(url, name): + if url is None: + return None + if url.startswith('/'): + return app_settings[name.split('.')[0]] + url + else: + return url permissions = {} for infos in permissions_infos: @@ -74,12 +83,16 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False): if full: permissions[name]["corresponding_users"] = [_ldap_path_extract(p, "uid") for p in infos.get('inheritPermission', [])] - permissions[name]["url"] = infos.get("URL", [None])[0] - permissions[name]["additional_urls"] = infos.get("additionalUrls", [None]) permissions[name]["auth_header"] = False if infos.get("authHeader", [False])[0] == "FALSE" else True permissions[name]["label"] = infos.get("label", [None])[0] permissions[name]["show_tile"] = False if infos.get("showTile", [False])[0] == "FALSE" else True permissions[name]["protected"] = False if infos.get("isProtected", [False])[0] == "FALSE" else True + if full_path and name.split(".")[0] not in SYSTEM_PERMS: + permissions[name]["url"] = complete_url(infos.get("URL", [None])[0], name) + permissions[name]["additional_urls"] = [complete_url(url, name) for url in infos.get("additionalUrls", [None])] + else: + permissions[name]["url"] = infos.get("URL", [None])[0] + permissions[name]["additional_urls"] = infos.get("additionalUrls", [None]) if short: permissions = permissions.keys() @@ -108,7 +121,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None, if "." not in permission: permission = permission + ".main" - existing_permission = user_permission_list(full=True)["permissions"].get(permission, None) + existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) # Refuse to add "visitors" to mail, xmpp ... they require an account to make sense. if add and "visitors" in add and permission.split(".")[0] in SYSTEM_PERMS: @@ -189,7 +202,7 @@ def user_permission_reset(operation_logger, permission, sync_perm=True): # Fetch existing permission - existing_permission = user_permission_list(full=True)["permissions"].get(permission, None) + existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) if existing_permission is None: raise YunohostError('permission_not_found', permission=permission) @@ -331,7 +344,7 @@ def permission_url(operation_logger, permission, # Fetch existing permission - existing_permission = user_permission_list(full=True)["permissions"].get(permission, None) + existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) if not existing_permission: raise YunohostError('permission_not_found', permission=permission) @@ -438,7 +451,7 @@ def permission_sync_to_user(): ldap = _get_ldap_interface() groups = user_group_list(full=True)["groups"] - permissions = user_permission_list(full=True)["permissions"] + permissions = user_permission_list(full=True, full_path=False)["permissions"] for permission_name, permission_infos in permissions.items(): @@ -498,7 +511,7 @@ def _update_ldap_group_permission(permission, allowed, ldap = _get_ldap_interface() # Fetch currently allowed groups for this permission - existing_permission = user_permission_list(full=True)["permissions"][permission] + existing_permission = user_permission_list(full=True, full_path=False)["permissions"][permission] if allowed is None: allowed = existing_permission['allowed'] diff --git a/src/yunohost/tests/test_backuprestore.py b/src/yunohost/tests/test_backuprestore.py index bcba21bb6..c097e208f 100644 --- a/src/yunohost/tests/test_backuprestore.py +++ b/src/yunohost/tests/test_backuprestore.py @@ -502,7 +502,7 @@ def test_backup_and_restore_with_ynh_restore(mocker): @pytest.mark.with_permission_app_installed def test_backup_and_restore_permission_app(mocker): - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, full_path=False)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res @@ -517,7 +517,7 @@ def test_backup_and_restore_permission_app(mocker): _test_backup_and_restore_app(mocker, "permissions_app") - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, full_path=False)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res diff --git a/src/yunohost/tests/test_permission.py b/src/yunohost/tests/test_permission.py index 1a9eaee68..bf8ab61ab 100644 --- a/src/yunohost/tests/test_permission.py +++ b/src/yunohost/tests/test_permission.py @@ -442,7 +442,7 @@ def test_permission_app_install(): app_install("./tests/apps/permissions_app_ynh", args="domain=%s&path=%s&is_public=0&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, full_path=False)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res @@ -481,14 +481,14 @@ def test_permission_app_change_url(): args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True) # FIXME : should rework this test to look for differences in the generated app map / app tiles ... - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, full_path=False)['permissions'] assert res['permissions_app.main']['url'] == "/" assert res['permissions_app.admin']['url'] == "/admin" assert res['permissions_app.dev']['url'] == "/dev" app_change_url("permissions_app", maindomain, "/newchangeurl") - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, full_path=False)['permissions'] assert res['permissions_app.main']['url'] == "/" assert res['permissions_app.admin']['url'] == "/admin" assert res['permissions_app.dev']['url'] == "/dev" diff --git a/src/yunohost/user.py b/src/yunohost/user.py index ff31bbb62..739fbcb02 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -462,7 +462,7 @@ def user_info(username): if service_status("dovecot")["status"] != "running": logger.warning(m18n.n('mailbox_used_space_dovecot_down')) - elif username not in user_permission_list(full=True)["permissions"]["mail.main"]["corresponding_users"]: + elif username not in user_permission_list(full=True, full_path=False)["permissions"]["mail.main"]["corresponding_users"]: logger.warning(m18n.n('mailbox_disabled', user=username)) else: cmd = 'doveadm -f flow quota get -u %s' % user['uid'][0]