Add full_path args for permission_list and enable it by default

src/yunohost/app.py

@@ -188,7 +188,7 @@ def app_map(app=None, raw=False, user=None):
 
     apps = []
     result = {}
-    permissions = user_permission_list(full=True)["permissions"]
+    permissions = user_permission_list(full=True, full_path=False)["permissions"]
 
     if app is not None:
         if not _is_installed(app):
@@ -483,7 +483,7 @@ def app_upgrade(app=[], url=None, file=None):
         env_dict["YNH_APP_ID"] = app_id
         env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name
         env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
-        env_dict["YNH_APP_LABEL"] = user_permission_list(full=True, ignore_system_perms=True)['permissions'][app_id+".main"]['label']
+        env_dict["YNH_APP_LABEL"] = user_permission_list(full=True, ignore_system_perms=True, full_path=False)['permissions'][app_id+".main"]['label']
 
         # Start register change on system
         related_to = [('app', app_instance_name)]
@@ -1221,7 +1221,7 @@ def app_ssowatconf():
 
     main_domain = _get_maindomain()
     domains = domain_list()['domains']
-    all_permissions = user_permission_list(full=True)['permissions']
+    all_permissions = user_permission_list(full=True, full_path=False)['permissions']
 
     skipped_urls = []
     skipped_regex = []

src/yunohost/backup.py

@@ -705,7 +705,7 @@ class BackupManager():
 
             # backup permissions
             logger.debug(m18n.n('backup_permission', app=app))
-            permissions = user_permission_list(full=True)["permissions"]
+            permissions = user_permission_list(full=True, full_path=False)["permissions"]
             this_app_permissions = {name: infos for name, infos in permissions.items() if name.startswith(app + ".")}
             write_to_yaml("%s/permissions.yml" % settings_dir, this_app_permissions)
 
@@ -1189,7 +1189,7 @@ class RestoreManager():
 
         # Backup old permission for apps
         # We need to do that because in case of an app is installed we can't remove the permission for this app
-        old_apps_permission = user_permission_list(ignore_system_perms=True, full=True)["permissions"]
+        old_apps_permission = user_permission_list(ignore_system_perms=True, full=True, full_path=False)["permissions"]
 
         # Start register change on system
         operation_logger = OperationLogger('backup_restore_system')

src/yunohost/permission.py

@@ -45,13 +45,13 @@ SYSTEM_PERMS = ["mail", "xmpp", "stfp"]
 #
 
 
-def user_permission_list(short=False, full=False, ignore_system_perms=False):
+def user_permission_list(short=False, full=False, ignore_system_perms=False, full_path=True):
     """
     List permissions and corresponding accesses
     """
 
     # Fetch relevant informations
-
+    from yunohost.app import app_setting, app_list
     from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
     ldap = _get_ldap_interface()
     permissions_infos = ldap.search('ou=permission,dc=yunohost,dc=org',
@@ -60,6 +60,15 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False):
                                      'URL', 'additionalUrls', 'authHeader', 'label', 'showTile', 'isProtected'])
 
     # Parse / organize information to be outputed
+    app_settings = {app['id']: app_setting(app['id'], 'domain') + app_setting(app['id'], 'path') for app in app_list()['apps']}
+
+    def complete_url(url, name):
+        if url is None:
+            return None
+        if url.startswith('/'):
+            return app_settings[name.split('.')[0]] + url
+        else:
+            return url
 
     permissions = {}
     for infos in permissions_infos:
@@ -74,12 +83,16 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False):
 
         if full:
             permissions[name]["corresponding_users"] = [_ldap_path_extract(p, "uid") for p in infos.get('inheritPermission', [])]
-            permissions[name]["url"] = infos.get("URL", [None])[0]
-            permissions[name]["additional_urls"] = infos.get("additionalUrls", [None])
             permissions[name]["auth_header"] = False if infos.get("authHeader", [False])[0] == "FALSE" else True
             permissions[name]["label"] = infos.get("label", [None])[0]
             permissions[name]["show_tile"] = False if infos.get("showTile", [False])[0] == "FALSE" else True
             permissions[name]["protected"] = False if infos.get("isProtected", [False])[0] == "FALSE" else True
+            if full_path and name.split(".")[0] not in SYSTEM_PERMS:
+                permissions[name]["url"] = complete_url(infos.get("URL", [None])[0], name)
+                permissions[name]["additional_urls"] = [complete_url(url, name) for url in infos.get("additionalUrls", [None])]
+            else:
+                permissions[name]["url"] = infos.get("URL", [None])[0]
+                permissions[name]["additional_urls"] = infos.get("additionalUrls", [None])
 
     if short:
         permissions = permissions.keys()
@@ -108,7 +121,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
     if "." not in permission:
         permission = permission + ".main"
 
-    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
+    existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None)
 
     # Refuse to add "visitors" to mail, xmpp ... they require an account to make sense.
     if add and "visitors" in add and permission.split(".")[0] in SYSTEM_PERMS:
@@ -189,7 +202,7 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
 
     # Fetch existing permission
 
-    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
+    existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None)
     if existing_permission is None:
         raise YunohostError('permission_not_found', permission=permission)
 
@@ -331,7 +344,7 @@ def permission_url(operation_logger, permission,
 
     # Fetch existing permission
 
-    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
+    existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None)
     if not existing_permission:
         raise YunohostError('permission_not_found', permission=permission)
 
@@ -438,7 +451,7 @@ def permission_sync_to_user():
     ldap = _get_ldap_interface()
 
     groups = user_group_list(full=True)["groups"]
-    permissions = user_permission_list(full=True)["permissions"]
+    permissions = user_permission_list(full=True, full_path=False)["permissions"]
 
     for permission_name, permission_infos in permissions.items():
 
@@ -498,7 +511,7 @@ def _update_ldap_group_permission(permission, allowed,
     ldap = _get_ldap_interface()
 
     # Fetch currently allowed groups for this permission
-    existing_permission = user_permission_list(full=True)["permissions"][permission]
+    existing_permission = user_permission_list(full=True, full_path=False)["permissions"][permission]
 
     if allowed is None:
         allowed = existing_permission['allowed']

src/yunohost/tests/test_backuprestore.py

@@ -502,7 +502,7 @@ def test_backup_and_restore_with_ynh_restore(mocker):
 @pytest.mark.with_permission_app_installed
 def test_backup_and_restore_permission_app(mocker):
 
-    res = user_permission_list(full=True)['permissions']
+    res = user_permission_list(full=True, full_path=False)['permissions']
     assert "permissions_app.main" in res
     assert "permissions_app.admin" in res
     assert "permissions_app.dev" in res
@@ -517,7 +517,7 @@ def test_backup_and_restore_permission_app(mocker):
 
     _test_backup_and_restore_app(mocker, "permissions_app")
 
-    res = user_permission_list(full=True)['permissions']
+    res = user_permission_list(full=True, full_path=False)['permissions']
     assert "permissions_app.main" in res
     assert "permissions_app.admin" in res
     assert "permissions_app.dev" in res

src/yunohost/tests/test_permission.py

@@ -442,7 +442,7 @@ def test_permission_app_install():
     app_install("./tests/apps/permissions_app_ynh",
                 args="domain=%s&path=%s&is_public=0&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
 
-    res = user_permission_list(full=True)['permissions']
+    res = user_permission_list(full=True, full_path=False)['permissions']
     assert "permissions_app.main" in res
     assert "permissions_app.admin" in res
     assert "permissions_app.dev" in res
@@ -481,14 +481,14 @@ def test_permission_app_change_url():
                 args="domain=%s&path=%s&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
 
     # FIXME : should rework this test to look for differences in the generated app map / app tiles ...
-    res = user_permission_list(full=True)['permissions']
+    res = user_permission_list(full=True, full_path=False)['permissions']
     assert res['permissions_app.main']['url'] == "/"
     assert res['permissions_app.admin']['url'] == "/admin"
     assert res['permissions_app.dev']['url'] == "/dev"
 
     app_change_url("permissions_app", maindomain, "/newchangeurl")
 
-    res = user_permission_list(full=True)['permissions']
+    res = user_permission_list(full=True, full_path=False)['permissions']
     assert res['permissions_app.main']['url'] == "/"
     assert res['permissions_app.admin']['url'] == "/admin"
     assert res['permissions_app.dev']['url'] == "/dev"

src/yunohost/user.py

@@ -462,7 +462,7 @@ def user_info(username):
 
         if service_status("dovecot")["status"] != "running":
             logger.warning(m18n.n('mailbox_used_space_dovecot_down'))
-        elif username not in user_permission_list(full=True)["permissions"]["mail.main"]["corresponding_users"]:
+        elif username not in user_permission_list(full=True, full_path=False)["permissions"]["mail.main"]["corresponding_users"]:
             logger.warning(m18n.n('mailbox_disabled', user=username))
         else:
             cmd = 'doveadm -f flow quota get -u %s' % user['uid'][0]