Simplify permission_clear, now named permission_reset

data/actionsmap/yunohost.yml

@@ -314,19 +314,13 @@ user:
                             extra:
                                 pattern: *pattern_username
 
-                ## user_permission_clear()
-                clear:
-                    action_help: Reset access rights for the app
+                ## user_permission_reset()
+                reset:
+                    action_help: Reset allowed groups to the default (all_users) for a given permission
                     api: DELETE /users/permissions/<app>
                     arguments:
-                        app:
-                            help: Application to manage the permission
-                            nargs: "+"
-                        -p:
-                            full: --permission
-                            help: Name of permission (main by default)
-                            nargs: "*"
-                            metavar: PERMISSION
+                        permission:
+                            help: Permission to be resetted (e.g. mail.main or wordpress.editors)
 
         ssh:
             subcategory_help: Manage ssh access

locales/en.json

@@ -429,7 +429,6 @@
     "pattern_positive_number": "Must be a positive number",
     "pattern_username": "Must be lower-case alphanumeric and underscore characters only",
     "pattern_password_app": "Sorry, passwords should not contain the following characters: {forbidden_chars}",
-    "permission_already_clear": "Permission '{permission:s}' already clear for app {app:s}",
     "permission_already_exist": "Permission '{permission:s}' for app {app:s} already exist",
     "permission_created": "Permission '{permission:s}' for app {app:s} created",
     "permission_creation_failed": "Permission creation failed",

src/yunohost/permission.py

@@ -152,11 +152,13 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
         new_permission = user_permission_list(full=True)["permissions"][permission]
 
         # Trigger app callbacks
-        app = permission.split(".")[0]
-        if add:
-            hook_callback('post_app_addaccess', args=[app, new_permission["corresponding_users"]])
-        if remove:
-            hook_callback('post_app_removeaccess', args=[app, new_permission["corresponding_users"]])
+        # FIXME : this is not how this hook works... gotta compute the list of user actually added / removed
+
+        #app = permission.split(".")[0]
+        #if add:
+        #    hook_callback('post_app_addaccess', args=[app, new_permission["corresponding_users"]])
+        #if remove:
+        #    hook_callback('post_app_removeaccess', args=[app, new_permission["corresponding_users"]])
 
         return new_permission
 
@@ -164,63 +166,40 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
         raise YunohostError('permission_update_failed')
 
 
-def user_permission_clear(operation_logger, app=[], permission=None, sync_perm=True):
+def user_permission_reset(operation_logger, permission, sync_perm=True):
     """
-    Reset the permission for a specific application
+    Reset a given permission to just 'all_users'
 
     Keyword argument:
-        app        -- an application OR sftp, xmpp (metronome), mail
-        permission -- name of the permission ("main" by default)
-        username   -- Username to get informations (all by default)
-        group      -- Groupname to get informations (all by default)
-
+        permission -- The name of the permission to be reseted
     """
     from yunohost.hook import hook_callback
     from yunohost.utils.ldap import _get_ldap_interface
     ldap = _get_ldap_interface()
 
-    if permission:
-        if not isinstance(permission, list):
-            permission = [permission]
-    else:
-        permission = ["main"]
+    # Fetch existing permission
+
+    existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
+    if existing_permission is None:
+        raise YunohostError('permission_not_found', permission=permission)
+
+    # Update permission with default (all_users)
 
     default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']}
+    if ldap.update('cn=%s,ou=permission' % permission, default_permission):
+        logger.debug(m18n.n('permission_updated', permission=permission))
+    else:
+        raise YunohostError('permission_update_failed')
 
-    # Populate permission informations
-    permission_attrs = [
-        'cn',
-        'groupPermission',
-    ]
-    result = ldap.search('ou=permission,dc=yunohost,dc=org',
-                         '(objectclass=permissionYnh)', permission_attrs)
-    result = {p['cn'][0]: p for p in result}
+    if sync_perm:
+        permission_sync_to_user()
 
-    for a in app:
-        for per in permission:
-            permission_name = per + '.' + a
-            if permission_name not in result:
-                raise YunohostError('permission_not_found', permission=per, app=a)
-            if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']:
-                logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
-                continue
-            if ldap.update('cn=%s,ou=permission' % permission_name, default_permission):
-                logger.debug(m18n.n('permission_updated', permission=per, app=a))
-            else:
-                raise YunohostError('permission_update_failed')
+    new_permission = user_permission_list(full=True)["permissions"][permission]
 
-    permission_sync_to_user()
+    # FIXME : trigger app callbacks
+    # app = permission.split(".")[0]
 
-    for a in app:
-        permission_name = 'main.' + a
-        result = ldap.search('ou=permission,dc=yunohost,dc=org',
-                             filter='cn=' + permission_name, attrs=['inheritPermission'])
-        if result:
-            allowed_users = result[0]['inheritPermission']
-            new_user_list = ','.join(allowed_users)
-            hook_callback('post_app_removeaccess', args=[app, new_user_list])
-
-    return user_permission_list(app, permission)
+    return new_permission
 
 #
 #

src/yunohost/user.py

@@ -727,9 +727,9 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
 
 
 @is_unit_operation([('app', 'user')])
-def user_permission_clear(operation_logger, app, permission=None, sync_perm=True):
+def user_permission_reset(operation_logger, permission, sync_perm=True):
     import yunohost.permission
-    return yunohost.permission.user_permission_clear(operation_logger, app, permission,
+    return yunohost.permission.user_permission_reset(operation_logger, permission,
                                                      sync_perm=sync_perm)