From df49cc83d561e473235c880049f699b97bc020e1 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 2 Apr 2021 03:55:20 +0200 Subject: [PATCH] Drop legacy stuff for backups from before the 3.7 era --- src/yunohost/backup.py | 82 +++++++++----------- src/yunohost/utils/legacy.py | 143 ----------------------------------- 2 files changed, 34 insertions(+), 191 deletions(-) diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index 3ffb3a875..b20c68412 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1282,17 +1282,8 @@ class RestoreManager: regen_conf() - # Check that at least a group exists (all_users) to know if we need to - # do the migration 0011 : setup group and permission - # - # Legacy code - if "all_users" not in user_group_list()["groups"].keys(): - from yunohost.utils.legacy import SetupGroupPermissions - - # Update LDAP schema restart slapd - logger.info(m18n.n("migration_0011_update_LDAP_schema")) - regen_conf(names=["slapd"], force=True) - SetupGroupPermissions.migrate_LDAP_db() + # TODO : here, we should have a way to go through all migrations + # and apply stuff if needed # Remove all permission for all app which is still in the LDAP for permission_name in user_permission_list(ignore_system_perms=True)[ @@ -1425,50 +1416,45 @@ class RestoreManager: restore_script = os.path.join(tmp_folder_for_app_restore, "restore") # Restore permissions - if os.path.isfile("%s/permissions.yml" % app_settings_new_path): + if not os.path.isfile("%s/permissions.yml" % app_settings_new_path): + raise YunohostError("Didnt find a permssions.yml for the app !?", raw_msg=True) - permissions = read_yaml("%s/permissions.yml" % app_settings_new_path) - existing_groups = user_group_list()["groups"] + permissions = read_yaml("%s/permissions.yml" % app_settings_new_path) + existing_groups = user_group_list()["groups"] - for permission_name, permission_infos in permissions.items(): + for permission_name, permission_infos in permissions.items(): - if "allowed" not in permission_infos: - logger.warning( - "'allowed' key corresponding to allowed groups for permission %s not found when restoring app %s … You might have to reconfigure permissions yourself." - % (permission_name, app_instance_name) - ) - should_be_allowed = ["all_users"] - else: - should_be_allowed = [ - g - for g in permission_infos["allowed"] - if g in existing_groups - ] - - perm_name = permission_name.split(".")[1] - permission_create( - permission_name, - allowed=should_be_allowed, - url=permission_infos.get("url"), - additional_urls=permission_infos.get("additional_urls"), - auth_header=permission_infos.get("auth_header"), - label=permission_infos.get("label") - if perm_name == "main" - else permission_infos.get("sublabel"), - show_tile=permission_infos.get("show_tile", True), - protected=permission_infos.get("protected", False), - sync_perm=False, + if "allowed" not in permission_infos: + logger.warning( + "'allowed' key corresponding to allowed groups for permission %s not found when restoring app %s … You might have to reconfigure permissions yourself." + % (permission_name, app_instance_name) ) + should_be_allowed = ["all_users"] + else: + should_be_allowed = [ + g + for g in permission_infos["allowed"] + if g in existing_groups + ] - permission_sync_to_user() + perm_name = permission_name.split(".")[1] + permission_create( + permission_name, + allowed=should_be_allowed, + url=permission_infos.get("url"), + additional_urls=permission_infos.get("additional_urls"), + auth_header=permission_infos.get("auth_header"), + label=permission_infos.get("label") + if perm_name == "main" + else permission_infos.get("sublabel"), + show_tile=permission_infos.get("show_tile", True), + protected=permission_infos.get("protected", False), + sync_perm=False, + ) - os.remove("%s/permissions.yml" % app_settings_new_path) - else: - # Otherwise, we need to migrate the legacy permissions of this - # app (included in its settings.yml) - from yunohost.utils.legacy import SetupGroupPermissions + permission_sync_to_user() - SetupGroupPermissions.migrate_app_permission(app=app_instance_name) + os.remove("%s/permissions.yml" % app_settings_new_path) # Migrate old settings legacy_permission_settings = [ diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index b83a69154..825cf132c 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -19,149 +19,6 @@ from yunohost.permission import ( logger = getActionLogger("yunohost.legacy") - -class SetupGroupPermissions: - @staticmethod - def remove_if_exists(target): - - from yunohost.utils.ldap import _get_ldap_interface - - ldap = _get_ldap_interface() - - try: - objects = ldap.search(target + ",dc=yunohost,dc=org") - # ldap search will raise an exception if no corresponding object is found >.> ... - except Exception: - logger.debug("%s does not exist, no need to delete it" % target) - return - - objects.reverse() - for o in objects: - for dn in o["dn"]: - dn = dn.replace(",dc=yunohost,dc=org", "") - logger.debug("Deleting old object %s ..." % dn) - try: - ldap.remove(dn) - except Exception as e: - raise YunohostError( - "migration_0011_failed_to_remove_stale_object", dn=dn, error=e - ) - - @staticmethod - def migrate_LDAP_db(): - - logger.info(m18n.n("migration_0011_update_LDAP_database")) - - from yunohost.utils.ldap import _get_ldap_interface - - ldap = _get_ldap_interface() - - ldap_map = read_yaml( - "/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml" - ) - - try: - SetupGroupPermissions.remove_if_exists("ou=permission") - SetupGroupPermissions.remove_if_exists("ou=groups") - - attr_dict = ldap_map["parents"]["ou=permission"] - ldap.add("ou=permission", attr_dict) - - attr_dict = ldap_map["parents"]["ou=groups"] - ldap.add("ou=groups", attr_dict) - - attr_dict = ldap_map["children"]["cn=all_users,ou=groups"] - ldap.add("cn=all_users,ou=groups", attr_dict) - - attr_dict = ldap_map["children"]["cn=visitors,ou=groups"] - ldap.add("cn=visitors,ou=groups", attr_dict) - - for rdn, attr_dict in ldap_map["depends_children"].items(): - ldap.add(rdn, attr_dict) - except Exception as e: - raise YunohostError("migration_0011_LDAP_update_failed", error=e) - - logger.info(m18n.n("migration_0011_create_group")) - - # Create a group for each yunohost user - user_list = ldap.search( - "ou=users,dc=yunohost,dc=org", - "(&(objectclass=person)(!(uid=root))(!(uid=nobody)))", - ["uid", "uidNumber"], - ) - for user_info in user_list: - username = user_info["uid"][0] - ldap.update( - "uid=%s,ou=users" % username, - { - "objectClass": [ - "mailAccount", - "inetOrgPerson", - "posixAccount", - "userPermissionYnh", - ] - }, - ) - user_group_create( - username, - gid=user_info["uidNumber"][0], - primary_group=True, - sync_perm=False, - ) - user_group_update( - groupname="all_users", add=username, force=True, sync_perm=False - ) - - @staticmethod - def migrate_app_permission(app=None): - logger.info(m18n.n("migration_0011_migrate_permission")) - - apps = _installed_apps() - - if app: - if app not in apps: - logger.error( - "Can't migrate permission for app %s because it ain't installed..." - % app - ) - apps = [] - else: - apps = [app] - - for app in apps: - permission = app_setting(app, "allowed_users") - path = app_setting(app, "path") - domain = app_setting(app, "domain") - - url = "/" if domain and path else None - if permission: - known_users = list(user_list()["users"].keys()) - allowed = [ - user for user in permission.split(",") if user in known_users - ] - else: - allowed = ["all_users"] - permission_create( - app + ".main", - url=url, - allowed=allowed, - show_tile=True, - protected=False, - sync_perm=False, - ) - - app_setting(app, "allowed_users", delete=True) - - # Migrate classic public app still using the legacy unprotected_uris - if ( - app_setting(app, "unprotected_uris") == "/" - or app_setting(app, "skipped_uris") == "/" - ): - user_permission_update(app + ".main", add="visitors", sync_perm=False) - - permission_sync_to_user() - - LEGACY_PERMISSION_LABEL = { ("nextcloud", "skipped"): "api", # .well-known ("libreto", "skipped"): "pad access", # /[^/]+