Allow public apps with no sso tile

2024-09-03 20:06:10 +02:00 · 2020-03-22 20:51:32 +01:00 · 2020-03-22 20:51:32 +01:00 · b9aa5d143f
commit b9aa5d143f
parent b7a61f35cc
4 changed files with 1 additions and 36 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -415,12 +415,10 @@
    "pattern_positive_number": "Must be a positive number",
    "pattern_username": "Must be lower-case alphanumeric and underscore characters only",
    "pattern_password_app": "Sorry, passwords can not contain the following characters: {forbidden_chars}",
-    "permission_all_users_implicitly_added": "The permission was also implicitly granted to 'all_users' because it is required to allow the special group 'visitors'",
    "permission_already_allowed": "Group '{group}' already has permission '{permission}' enabled",
    "permission_already_disallowed": "Group '{group}' already has permission '{permission}' disabled'",
    "permission_already_exist": "Permission '{permission}' already exists",
    "permission_already_up_to_date": "The permission was not updated because the addition/removal requests already match the current state.",
-    "permission_cannot_remove_all_users_while_visitors_allowed": "You can't remove this permission for 'all_users' while it is still allowed for 'visitors'",
    "permission_cannot_remove_main": "Removing a main permission is not allowed",
    "permission_created": "Permission '{permission:s}' created",
    "permission_creation_failed": "Could not create permission '{permission}': {error}",
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@ -437,7 +437,7 @@ def app_map(app=None, raw=False, user=None):
                logger.warning("Uhoh, no main permission was found for app %s ... sounds like an app was only partially removed due to another bug :/" % app_id)
                continue
            main_perm = permissions[app_id + ".main"]
-            if user not in main_perm["corresponding_users"] and "visitors" not in main_perm["allowed"]:
+            if user not in main_perm["corresponding_users"]:
                continue

        domain = app_settings['domain']
--- a/src/yunohost/permission.py
+++ b/src/yunohost/permission.py
@ -146,16 +146,6 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
        if "visitors" not in new_allowed_groups or len(new_allowed_groups) >= 3:
            logger.warning(m18n.n("permission_currently_allowed_for_all_users"))

-    # If visitors are to be added, we shall make sure that "all_users" are also allowed
-    # (e.g. if visitors are allowed to visit nextcloud, you still want to allow people to log in ...)
-    if add and "visitors" in groups_to_add and "all_users" not in new_allowed_groups:
-        new_allowed_groups.append("all_users")
-        logger.warning(m18n.n("permission_all_users_implicitly_added"))
-    # If all_users are to be added, yet visitors are still to allowed, then we
-    # refuse it (c.f. previous comment...)
-    if remove and "all_users" in groups_to_remove and "visitors" in new_allowed_groups:
-        raise YunohostError('permission_cannot_remove_all_users_while_visitors_allowed')
-
    # Don't update LDAP if we update exactly the same values
    if set(new_allowed_groups) == set(current_allowed_groups):
        logger.warning(m18n.n("permission_already_up_to_date"))
@ -270,8 +260,6 @@ def permission_create(operation_logger, permission, url=None, allowed=None, sync
    if allowed is not None:
        if not isinstance(allowed, list):
            allowed = [allowed]
-        if "visitors" in allowed and "all_users" not in allowed:
-            allowed.append("all_users")

    # Validate that the groups to add actually exist
    all_existing_groups = user_group_list()['groups'].keys()
--- a/src/yunohost/tests/test_permission.py
+++ b/src/yunohost/tests/test_permission.py
@ -313,27 +313,6 @@ def test_permission_add_and_remove_group(mocker):
    assert res['wiki.main']['corresponding_users'] == ["alice"]


-def test_permission_adding_visitors_implicitly_add_all_users(mocker):
-
-    res = user_permission_list(full=True)['permissions']
-    assert res['blog.main']['allowed'] == ["alice"]
-
-    with message(mocker, "permission_updated", permission="blog.main"):
-        user_permission_update("blog.main", add="visitors")
-
-    res = user_permission_list(full=True)['permissions']
-    assert set(res['blog.main']['allowed']) == set(["alice", "visitors", "all_users"])
-
-
-def test_permission_cant_remove_all_users_if_visitors_allowed(mocker):
-
-    with message(mocker, "permission_updated", permission="blog.main"):
-        user_permission_update("blog.main", add=["visitors", "all_users"])
-
-    with raiseYunohostError(mocker, 'permission_cannot_remove_all_users_while_visitors_allowed'):
-        user_permission_update("blog.main", remove="all_users")
-
-
 def test_permission_add_group_already_allowed(mocker):
    with message(mocker, "permission_already_allowed", permission="blog.main", group="alice"):
        user_permission_update("blog.main", add="alice")