YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Group-permission migration - integrate all function in migration class

Browse source
This commit is contained in:
Josué Tille 2019-05-26 00:52:06 +02:00
parent 3c1c32e08b
commit bc0435b9c4
No known key found for this signature in database
GPG key ID: D5E068C6DFA8681D
1 changed files with 62 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
src/yunohost/data_migrations/0011_setup_group_permission.py
View file

@ -20,66 +20,6 @@ logger = getActionLogger('yunohost.migration')
# Tools used also for restoration # Tools used also for restoration
################################################### ###################################################
def migrate_LDAP_db(auth):
logger.info(m18n.n("migration_0011_update_LDAP_database"))
try:
auth.remove('cn=sftpusers,ou=groups')
except:
logger.warn(m18n.n("error_when_removing_sftpuser_group"))
with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
ldap_map = yaml.load(f)
try:
attr_dict = ldap_map['parents']['ou=permission']
auth.add('ou=permission', attr_dict)
attr_dict = ldap_map['children']['cn=all_users,ou=groups']
auth.add('cn=all_users,ou=groups', attr_dict)
for rdn, attr_dict in ldap_map['depends_children'].items():
auth.add(rdn, attr_dict)
except Exception as e:
raise YunohostError("migration_0011_LDAP_update_failed", error=e)
logger.info(m18n.n("migration_0011_create_group"))
# Create a group for each yunohost user
user_list = auth.search('ou=users,dc=yunohost,dc=org',
'(&(objectclass=person)(!(uid=root))(!(uid=nobody)))',
['uid', 'uidNumber'])
for user_info in user_list:
username = user_info['uid'][0]
auth.update('uid=%s,ou=users' % username,
{'objectClass': ['mailAccount', 'inetOrgPerson', 'posixAccount', 'userPermissionYnh']})
user_group_add(auth, username, gid=user_info['uidNumber'][0], sync_perm=False)
user_group_update(auth, groupname=username, add_user=username, force=True, sync_perm=False)
user_group_update(auth, groupname='all_users', add_user=username, force=True, sync_perm=False)
def migrate_app_permission(auth, app=None):
logger.info(m18n.n("migration_0011_migrate_permission"))
if app:
apps = app_list(installed=True, filter=app)['apps']
else:
apps = app_list(installed=True)['apps']
for app_info in apps:
app = app_info['id']
permission = app_setting(app, 'allowed_users')
path = app_setting(app, 'path')
domain = app_setting(app, 'domain')
urls = [domain + path] if domain and path else None
permission_add(auth, app, permission='main', urls=urls, default_allow=True, sync_perm=False)
if permission:
allowed_group = permission.split(',')
user_permission_add(auth, [app], permission='main', group=allowed_group, sync_perm=False)
app_setting(app, 'allowed_users', delete=True)
class MyMigration(Migration): class MyMigration(Migration):
""" """
Update the LDAP DB to be able to store the permission Update the LDAP DB to be able to store the permission
@ -89,6 +29,66 @@ class MyMigration(Migration):
required = True required = True
def migrate_LDAP_db(self, auth):
print("asdfadsf")
logger.info(m18n.n("migration_0011_update_LDAP_database"))
try:
auth.remove('cn=sftpusers,ou=groups')
except:
logger.warn(m18n.n("error_when_removing_sftpuser_group"))
with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
ldap_map = yaml.load(f)
try:
attr_dict = ldap_map['parents']['ou=permission']
auth.add('ou=permission', attr_dict)
attr_dict = ldap_map['children']['cn=all_users,ou=groups']
auth.add('cn=all_users,ou=groups', attr_dict)
for rdn, attr_dict in ldap_map['depends_children'].items():
auth.add(rdn, attr_dict)
except Exception as e:
raise YunohostError("migration_0011_LDAP_update_failed", error=e)
logger.info(m18n.n("migration_0011_create_group"))
# Create a group for each yunohost user
user_list = auth.search('ou=users,dc=yunohost,dc=org',
'(&(objectclass=person)(!(uid=root))(!(uid=nobody)))',
['uid', 'uidNumber'])
for user_info in user_list:
username = user_info['uid'][0]
auth.update('uid=%s,ou=users' % username,
{'objectClass': ['mailAccount', 'inetOrgPerson', 'posixAccount', 'userPermissionYnh']})
user_group_add(auth, username, gid=user_info['uidNumber'][0], sync_perm=False)
user_group_update(auth, groupname=username, add_user=username, force=True, sync_perm=False)
user_group_update(auth, groupname='all_users', add_user=username, force=True, sync_perm=False)
def migrate_app_permission(self, auth, app=None):
logger.info(m18n.n("migration_0011_migrate_permission"))
if app:
apps = app_list(installed=True, filter=app)['apps']
else:
apps = app_list(installed=True)['apps']
for app_info in apps:
app = app_info['id']
permission = app_setting(app, 'allowed_users')
path = app_setting(app, 'path')
domain = app_setting(app, 'domain')
urls = [domain + path] if domain and path else None
permission_add(auth, app, permission='main', urls=urls, default_allow=True, sync_perm=False)
if permission:
allowed_group = permission.split(',')
user_permission_add(auth, [app], permission='main', group=allowed_group, sync_perm=False)
app_setting(app, 'allowed_users', delete=True)
def migrate(self): def migrate(self):
# Check if the migration can be processed # Check if the migration can be processed
ldap_regen_conf_status = regen_conf(names=['slapd'], dry_run=True) ldap_regen_conf_status = regen_conf(names=['slapd'], dry_run=True)
@ -123,10 +123,10 @@ class MyMigration(Migration):
auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
# Update LDAP database # Update LDAP database
migrate_LDAP_db(auth) self.migrate_LDAP_db(auth)
# Migrate permission # Migrate permission
migrate_app_permission(auth) self.migrate_app_permission(auth)
permission_sync_to_user(auth) permission_sync_to_user(auth)
except Exception as e: except Exception as e: