Fix linter and tests

locales/en.json

@@ -412,12 +412,13 @@
     "migration_description_0016_php70_to_php73_pools": "Migrate php7.0-fpm 'pool' conf files to php7.3",
     "migration_description_0017_postgresql_9p6_to_11": "Migrate databases from PostgreSQL 9.6 to 11",
     "migration_description_0018_xtable_to_nftable": "Migrate old network traffic rules to the new nftable system",
-    "migration_0011_create_group": "Creating a group for each user…",
+    "migration_description_0019_extends_permissions_features_1": "Extend/rework the app permission management system",
-    "migration_0011_LDAP_update_failed": "Could not update LDAP. Error: {error:s}",
+    "migration_0019_create_group": "Creating a group for each user…",
-    "migration_0011_migrate_permission": "Migrating permissions from apps settings to LDAP...",
+    "migration_0019_LDAP_update_failed": "Could not update LDAP. Error: {error:s}",
-    "migration_0011_update_LDAP_database": "Updating LDAP database...",
+    "migration_0019_migrate_permission": "Migrating permissions from apps settings to LDAP...",
-    "migration_0011_update_LDAP_schema": "Updating LDAP schema...",
+    "migration_0019_update_LDAP_database": "Updating LDAP database...",
-    "migration_0011_failed_to_remove_stale_object": "Could not remove stale object {dn}: {error}",
+    "migration_0019_update_LDAP_schema": "Updating LDAP schema...",
+    "migration_0019_failed_to_remove_stale_object": "Could not remove stale object {dn}: {error}",
     "migration_0015_start" : "Starting migration to Buster",
     "migration_0015_patching_sources_list": "Patching the sources.lists...",
     "migration_0015_main_upgrade": "Starting main upgrade...",

src/yunohost/app.py

@@ -282,7 +282,7 @@ def app_map(app=None, raw=False, user=None):
                 continue
 
             perm_label = perm_info['label']
-            perm_all_urls = [] + (perm_info["url"] if perm_info["url"] else []) + perm_info['additional_urls']
+            perm_all_urls = [] + ([perm_info["url"]] if perm_info["url"] else []) + perm_info['additional_urls']
 
             for url in perm_all_urls:
 
@@ -653,7 +653,7 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu
 
     from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback
     from yunohost.log import OperationLogger
-    from yunohost.permission import user_permission_list, permission_create, permission_url, permission_delete, permission_sync_to_user
+    from yunohost.permission import user_permission_list, user_permission_update, permission_create, permission_url, permission_delete, permission_sync_to_user
     from yunohost.regenconf import manually_modified_files
 
     # Fetch or extract sources
@@ -1308,7 +1308,6 @@ def app_ssowatconf():
 
     """
     from yunohost.domain import domain_list, _get_maindomain
-    from yunohost.user import user_list
     from yunohost.permission import user_permission_list
 
     main_domain = _get_maindomain()
@@ -1476,6 +1475,7 @@ def app_ssowatconf():
 
 
 def app_change_label(app, new_label):
+    from permission import user_permission_update
     installed = _is_installed(app)
     if not installed:
         raise YunohostError('app_not_installed', app=app, all_apps=_get_all_installed_apps_id())

src/yunohost/data_migrations/0019_extends_permissions_features_1.py

@@ -7,7 +7,7 @@ from moulinette.utils.log import getActionLogger
 
 from yunohost.tools import Migration
 from yunohost.app import app_setting, app_ssowatconf, _installed_apps
-from yunohost.permission import user_permission_list, SYSTEM_PERMS, permission_sync_to_user
+from yunohost.permission import user_permission_list
 
 logger = getActionLogger('yunohost.migration')
 
@@ -46,14 +46,14 @@ class MyMigration(Migration):
             if permission.split('.')[0] == 'mail':
                 ldap.update('cn=%s,ou=permission' % permission, {
                     'authHeader': ["FALSE"],
-                    'label': 'E-mail',
+                    'label': ['E-mail'],
                     'showTile': ["FALSE"],
                     'isProtected': ["TRUE"],
                 })
             elif permission.split('.')[0] == 'xmpp':
                 ldap.update('cn=%s,ou=permission' % permission, {
                     'authHeader': ["FALSE"],
-                    'label': 'XMPP',
+                    'label': ['XMPP'],
                     'showTile': ["FALSE"],
                     'isProtected': ["TRUE"],
                 })

src/yunohost/permission.py

@@ -86,9 +86,9 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful
             perm["additional_urls"] = infos.get("additionalUrls", [])
 
             if full_path:
-                app_base_path = apps_base_path[app]
+                app_base_path = apps_base_path[app] if app in apps_base_path else "" # Meh in some situation where the app is currently installed/removed, this function may be called and we still need to act as if the corresponding permission indeed exists ... dunno if that's really the right way to proceed but okay.
                 perm["url"] = _get_absolute_url(perm["url"], app_base_path)
-                perm["additional_urls"] = [_get_absolute_url(url, apps_base_path) for url in perm["additional_urls"]]
+                perm["additional_urls"] = [_get_absolute_url(url, app_base_path) for url in perm["additional_urls"]]
 
         permissions[name] = perm
 
@@ -368,7 +368,7 @@ def permission_url(operation_logger, permission,
     """
     from yunohost.app import app_setting
     from yunohost.utils.ldap import _get_ldap_interface
-    from yunohost.domain import _check_and_sanitize_permission_path, _get_conflicting_apps
+    from yunohost.domain import _check_and_sanitize_permission_path
     ldap = _get_ldap_interface()
 
     # By default, manipulate main permission