From a50e73dc0f41786938d110bbc6f9571c2f88c5fe Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 21 Dec 2022 22:26:45 +0100 Subject: [PATCH] app resources: implement permission update --- src/permission.py | 5 +++++ src/utils/resources.py | 33 ++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/src/permission.py b/src/permission.py index 801576afd..e451bb74c 100644 --- a/src/permission.py +++ b/src/permission.py @@ -479,6 +479,7 @@ def permission_url( url=None, add_url=None, remove_url=None, + set_url=None, auth_header=None, clear_urls=False, sync_perm=True, @@ -491,6 +492,7 @@ def permission_url( url -- (optional) URL for which access will be allowed/forbidden. add_url -- (optional) List of additional url to add for which access will be allowed/forbidden remove_url -- (optional) List of additional url to remove for which access will be allowed/forbidden + set_url -- (optional) List of additional url to set/replace for which access will be allowed/forbidden auth_header -- (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application clear_urls -- (optional) Clean all urls (url and additional_urls) """ @@ -556,6 +558,9 @@ def permission_url( new_additional_urls = [u for u in new_additional_urls if u not in remove_url] + if set_url: + new_additional_urls = set_url + if auth_header is None: auth_header = existing_permission["auth_header"] diff --git a/src/utils/resources.py b/src/utils/resources.py index 4e8388e61..f993f4092 100644 --- a/src/utils/resources.py +++ b/src/utils/resources.py @@ -258,7 +258,7 @@ class PermissionsResource(AppResource): ##### Provision/Update: - Delete any permissions that may exist and be related to this app yet is not declared anymore - - Loop over the declared permissions and create them if needed or update them with the new values (FIXME : update ain't implemented yet >_>) + - Loop over the declared permissions and create them if needed or update them with the new values ##### Deprovision: - Delete all permission related to this app @@ -312,7 +312,7 @@ class PermissionsResource(AppResource): from yunohost.permission import ( permission_create, - # permission_url, + permission_url, permission_delete, user_permission_list, user_permission_update, @@ -330,7 +330,8 @@ class PermissionsResource(AppResource): permission_delete(perm, force=True, sync_perm=False) for perm, infos in self.permissions.items(): - if f"{self.app}.{perm}" not in existing_perms: + perm_id = f"{self.app}.{perm}" + if perm_id not in existing_perms: # Use the 'allowed' key from the manifest, # or use the 'init_{perm}_permission' from the install questions # which is temporarily saved as a setting as an ugly hack to pass the info to this piece of code... @@ -340,7 +341,7 @@ class PermissionsResource(AppResource): or [] ) permission_create( - f"{self.app}.{perm}", + perm_id, allowed=init_allowed, # This is why the ugly hack with self.manager exists >_> label=self.manager.wanted["name"] if perm == "main" else perm, @@ -351,17 +352,19 @@ class PermissionsResource(AppResource): ) self.delete_setting(f"init_{perm}_permission") - user_permission_update( - f"{self.app}.{perm}", - show_tile=infos["show_tile"], - protected=infos["protected"], - sync_perm=False, - ) - else: - pass - # FIXME : current implementation of permission_url is hell for - # easy declarativeness of additional_urls >_> ... - # permission_url(f"{self.app}.{perm}", url=infos["url"], auth_header=infos["auth_header"], sync_perm=False) + user_permission_update( + perm_id, + show_tile=infos["show_tile"], + protected=infos["protected"], + sync_perm=False, + ) + permission_url( + perm_id, + url=infos["url"], + set_url=infos["additional_urls"], + auth_header=infos["auth_header"], + sync_perm=False, + ) permission_sync_to_user()