YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Simplify permission_clear, now named permission_reset

Browse source
This commit is contained in:
Alexandre Aubin 2019-09-11 15:49:07 +02:00
parent e5676c4b30
commit a1d3376613
4 changed files with 34 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
data/actionsmap/yunohost.yml
View file

@ -314,19 +314,13 @@ user:
extra: extra:
pattern: *pattern_username pattern: *pattern_username
## user_permission_clear() ## user_permission_reset()
clear: reset:
action_help: Reset access rights for the app action_help: Reset allowed groups to the default (all_users) for a given permission
api: DELETE /users/permissions/<app> api: DELETE /users/permissions/<app>
arguments: arguments:
app: permission:
help: Application to manage the permission help: Permission to be resetted (e.g. mail.main or wordpress.editors)
nargs: "+"
-p:
full: --permission
help: Name of permission (main by default)
nargs: "*"
metavar: PERMISSION
ssh: ssh:
subcategory_help: Manage ssh access subcategory_help: Manage ssh access

1
locales/en.json
View file

@ -429,7 +429,6 @@
"pattern_positive_number": "Must be a positive number", "pattern_positive_number": "Must be a positive number",
"pattern_username": "Must be lower-case alphanumeric and underscore characters only", "pattern_username": "Must be lower-case alphanumeric and underscore characters only",
"pattern_password_app": "Sorry, passwords should not contain the following characters: {forbidden_chars}", "pattern_password_app": "Sorry, passwords should not contain the following characters: {forbidden_chars}",
"permission_already_clear": "Permission '{permission:s}' already clear for app {app:s}",
"permission_already_exist": "Permission '{permission:s}' for app {app:s} already exist", "permission_already_exist": "Permission '{permission:s}' for app {app:s} already exist",
"permission_created": "Permission '{permission:s}' for app {app:s} created", "permission_created": "Permission '{permission:s}' for app {app:s} created",
"permission_creation_failed": "Permission creation failed", "permission_creation_failed": "Permission creation failed",

75
src/yunohost/permission.py
View file

@ -152,11 +152,13 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
new_permission = user_permission_list(full=True)["permissions"][permission] new_permission = user_permission_list(full=True)["permissions"][permission]
# Trigger app callbacks # Trigger app callbacks
app = permission.split(".")[0] # FIXME : this is not how this hook works... gotta compute the list of user actually added / removed
if add:
hook_callback('post_app_addaccess', args=[app, new_permission["corresponding_users"]]) #app = permission.split(".")[0]
if remove: #if add:
hook_callback('post_app_removeaccess', args=[app, new_permission["corresponding_users"]]) # hook_callback('post_app_addaccess', args=[app, new_permission["corresponding_users"]])
#if remove:
# hook_callback('post_app_removeaccess', args=[app, new_permission["corresponding_users"]])
return new_permission return new_permission
@ -164,63 +166,40 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
raise YunohostError('permission_update_failed') raise YunohostError('permission_update_failed')
def user_permission_clear(operation_logger, app=[], permission=None, sync_perm=True): def user_permission_reset(operation_logger, permission, sync_perm=True):
""" """
Reset the permission for a specific application Reset a given permission to just 'all_users'
Keyword argument: Keyword argument:
app -- an application OR sftp, xmpp (metronome), mail permission -- The name of the permission to be reseted
permission -- name of the permission ("main" by default)
username -- Username to get informations (all by default)
group -- Groupname to get informations (all by default)
""" """
from yunohost.hook import hook_callback from yunohost.hook import hook_callback
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
if permission: # Fetch existing permission
if not isinstance(permission, list):
permission = [permission] existing_permission = user_permission_list(full=True)["permissions"].get(permission, None)
else: if existing_permission is None:
permission = ["main"] raise YunohostError('permission_not_found', permission=permission)
# Update permission with default (all_users)
default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']} default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']}
if ldap.update('cn=%s,ou=permission' % permission, default_permission):
logger.debug(m18n.n('permission_updated', permission=permission))
else:
raise YunohostError('permission_update_failed')
# Populate permission informations if sync_perm:
permission_attrs = [ permission_sync_to_user()
'cn',
'groupPermission',
]
result = ldap.search('ou=permission,dc=yunohost,dc=org',
'(objectclass=permissionYnh)', permission_attrs)
result = {p['cn'][0]: p for p in result}
for a in app: new_permission = user_permission_list(full=True)["permissions"][permission]
for per in permission:
permission_name = per + '.' + a
if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a)
if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']:
logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
continue
if ldap.update('cn=%s,ou=permission' % permission_name, default_permission):
logger.debug(m18n.n('permission_updated', permission=per, app=a))
else:
raise YunohostError('permission_update_failed')
permission_sync_to_user() # FIXME : trigger app callbacks
# app = permission.split(".")[0]
for a in app: return new_permission
permission_name = 'main.' + a
result = ldap.search('ou=permission,dc=yunohost,dc=org',
filter='cn=' + permission_name, attrs=['inheritPermission'])
if result:
allowed_users = result[0]['inheritPermission']
new_user_list = ','.join(allowed_users)
hook_callback('post_app_removeaccess', args=[app, new_user_list])
return user_permission_list(app, permission)
# #
# #

4
src/yunohost/user.py
View file

@ -727,9 +727,9 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
@is_unit_operation([('app', 'user')]) @is_unit_operation([('app', 'user')])
def user_permission_clear(operation_logger, app, permission=None, sync_perm=True): def user_permission_reset(operation_logger, permission, sync_perm=True):
import yunohost.permission import yunohost.permission
return yunohost.permission.user_permission_clear(operation_logger, app, permission, return yunohost.permission.user_permission_reset(operation_logger, permission,
sync_perm=sync_perm) sync_perm=sync_perm)