YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Moaaar fixes

Browse source
This commit is contained in:
Alexandre Aubin 2020-09-30 23:11:41 +02:00
parent aaba3fe6aa
commit a5df52200a
2 changed files with 44 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
src/yunohost/permission.py
View file

@ -98,6 +98,9 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful
subpermissions = {k: v for k, v in permissions.items() if not k.endswith(".main")} subpermissions = {k: v for k, v in permissions.items() if not k.endswith(".main")}
for name, infos in subpermissions.items(): for name, infos in subpermissions.items():
main_perm_name = name.split(".")[0] + ".main" main_perm_name = name.split(".")[0] + ".main"
if main_perm_name not in permissions:
logger.debug("Uhoh, unknown permission %s ? (Maybe we're in the process or deleting the perm for this app...)" % main_perm_name)
continue
main_perm_label = permissions[main_perm_name]["label"] main_perm_label = permissions[main_perm_name]["label"]
infos["label"] = "%s (%s)" % (main_perm_label, infos["label"]) infos["label"] = "%s (%s)" % (main_perm_label, infos["label"])
@ -321,13 +324,14 @@ def permission_create(operation_logger, permission, allowed=None,
gid = str(random.randint(200, 99999)) gid = str(random.randint(200, 99999))
uid_guid_found = gid not in all_gid uid_guid_found = gid not in all_gid
app, subperm = permission.split(".")
attr_dict = { attr_dict = {
'objectClass': ['top', 'permissionYnh', 'posixGroup'], 'objectClass': ['top', 'permissionYnh', 'posixGroup'],
'cn': str(permission), 'cn': str(permission),
'gidNumber': gid, 'gidNumber': gid,
'authHeader': ['TRUE'], 'authHeader': ['TRUE'],
'label': [str(permission.split('.')[0].title() if permission.endswith('.main') 'label': [str(label) if label else (subperm if subperm != "main" else app.title())],
else "%s (%s)" % (permission.split('.')[0].title(), permission.split('.')[1]))],
'showTile': ['FALSE'], # Dummy value, it will be fixed when we call '_update_ldap_group_permission' 'showTile': ['FALSE'], # Dummy value, it will be fixed when we call '_update_ldap_group_permission'
'isProtected': ['FALSE'] # Dummy value, it will be fixed when we call '_update_ldap_group_permission' 'isProtected': ['FALSE'] # Dummy value, it will be fixed when we call '_update_ldap_group_permission'
} }
@ -571,40 +575,35 @@ def _update_ldap_group_permission(permission, allowed,
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
# Fetch currently allowed groups for this permission
existing_permission = user_permission_list(full=True, full_path=False)["permissions"][permission] existing_permission = user_permission_list(full=True, full_path=False)["permissions"][permission]
if allowed is None: update = {}
allowed = existing_permission['allowed']
if label is None: if allowed is not None:
label = existing_permission["label"] allowed = [allowed] if not isinstance(allowed, list) else allowed
# Guarantee uniqueness of values in allowed, which would otherwise make ldap.update angry.
allowed = set(allowed)
update['groupPermission'] = ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in allowed]
if show_tile is None: if label is not None:
show_tile = existing_permission["show_tile"] update["label"] = [str(label)]
elif show_tile is True:
if protected is not None:
update["isProtected"] = [str(protected).upper()]
if show_tile is not None:
if show_tile is True:
if not existing_permission['url']: if not existing_permission['url']:
logger.warning(m18n.n('show_tile_cant_be_enabled_for_url_not_defined', permission=permission)) logger.warning(m18n.n('show_tile_cant_be_enabled_for_url_not_defined', permission=permission))
show_tile = False show_tile = False
elif existing_permission['url'].startswith('re:'): elif existing_permission['url'].startswith('re:'):
logger.warning(m18n.n('show_tile_cant_be_enabled_for_regex', permission=permission)) logger.warning(m18n.n('show_tile_cant_be_enabled_for_regex', permission=permission))
show_tile = False show_tile = False
update["showTile"] = [str(show_tile).upper()]
if protected is None:
protected = existing_permission["protected"]
allowed = [allowed] if not isinstance(allowed, list) else allowed
# Guarantee uniqueness of values in allowed, which would otherwise make ldap.update angry.
allowed = set(allowed)
try: try:
ldap.update('cn=%s,ou=permission' % permission, ldap.update('cn=%s,ou=permission' % permission, update)
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in allowed],
'label': [str(label)] if label != "" else [],
'showTile': [str(show_tile).upper()],
'isProtected': [str(protected).upper()]
})
except Exception as e: except Exception as e:
raise YunohostError('permission_update_failed', permission=permission, error=e) raise YunohostError('permission_update_failed', permission=permission, error=e)

29
src/yunohost/tests/test_permission.py
View file

@ -292,10 +292,13 @@ def can_access_webpage(webpath, logged_as=None):
def test_permission_list(): def test_permission_list():
res = user_permission_list(full=True)['permissions'] res = user_permission_list(full=True)['permissions']
assert "wiki.main" in res
assert "blog.main" in res
assert "mail.main" in res assert "mail.main" in res
assert "xmpp.main" in res assert "xmpp.main" in res
assert "wiki.main" in res
assert "blog.main" in res
assert "blog.api" in res
assert res['wiki.main']['allowed'] == ["all_users"] assert res['wiki.main']['allowed'] == ["all_users"]
assert res['blog.main']['allowed'] == ["alice"] assert res['blog.main']['allowed'] == ["alice"]
assert res['blog.api']['allowed'] == ["visitors"] assert res['blog.api']['allowed'] == ["visitors"]
@ -385,26 +388,26 @@ def test_permission_create_with_tile_management_with_main_default_value(mocker):
assert res['site.main']['show_tile'] == True assert res['site.main']['show_tile'] == True
def test_permission_create_with_tile_management_with_not_main_default_value(mocker): def test_permission_create_with_tile_management_with_not_main_default_value(mocker):
with message(mocker, "permission_created", permission="site.api"): with message(mocker, "permission_created", permission="wiki.api"):
_permission_create_with_dummy_app("site.api", allowed=["all_users"], show_tile=True, url="/", _permission_create_with_dummy_app("wiki.api", allowed=["all_users"], show_tile=True, url="/",
domain=maindomain, path='/site') domain=maindomain, path='/site')
res = user_permission_list(full=True)['permissions'] res = user_permission_list(full=True)['permissions']
assert "site.api" in res assert "wiki.api" in res
assert res['site.api']['label'] == "Site (api)" assert res['wiki.api']['label'] == "Wiki (api)"
assert res['site.api']['show_tile'] == True assert res['wiki.api']['show_tile'] == True
def test_permission_create_with_urls_management_without_url(mocker): def test_permission_create_with_urls_management_without_url(mocker):
with message(mocker, "permission_created", permission="site.api"): with message(mocker, "permission_created", permission="wiki.api"):
_permission_create_with_dummy_app("site.api", allowed=["all_users"], _permission_create_with_dummy_app("wiki.api", allowed=["all_users"],
domain=maindomain, path='/site') domain=maindomain, path='/site')
res = user_permission_list(full=True)['permissions'] res = user_permission_list(full=True)['permissions']
assert "site.api" in res assert "wiki.api" in res
assert res['site.api']['url'] == None assert res['wiki.api']['url'] == None
assert res['site.api']['additional_urls'] == [] assert res['wiki.api']['additional_urls'] == []
assert res['site.api']['auth_header'] == True assert res['wiki.api']['auth_header'] == True
def test_permission_create_with_urls_management_simple_domain(mocker): def test_permission_create_with_urls_management_simple_domain(mocker):