Move legacy permission setting migration to legacy.py

This commit is contained in:
Alexandre Aubin 2020-10-29 23:16:27 +01:00
parent 2cb6f4e2c2
commit e047b67b1d
4 changed files with 68 additions and 67 deletions

View file

@ -415,6 +415,7 @@
"mail_unavailable": "This e-mail address is reserved and shall be automatically allocated to the very first user",
"main_domain_change_failed": "Unable to change the main domain",
"main_domain_changed": "The main domain has been changed",
"migrating_legacy_permission_settings": "Migrating legacy permission settings...",
"migration_description_0015_migrate_to_buster": "Upgrade the system to Debian Buster and YunoHost 4.x",
"migration_description_0016_php70_to_php73_pools": "Migrate php7.0-fpm 'pool' conf files to php7.3",
"migration_description_0017_postgresql_9p6_to_11": "Migrate databases from PostgreSQL 9.6 to 11",
@ -446,7 +447,6 @@
"migration_0018_failed_to_migrate_iptables_rules": "Failed to migrate legacy iptables rules to nftables: {error}",
"migration_0018_failed_to_reset_legacy_rules": "Failed to reset legacy iptables rules: {error}",
"migration_0019_add_new_attributes_in_ldap": "Add new attributes for permissions in LDAP database",
"migration_0019_migrate_old_app_settings": "Migrate old apps settings 'skipped_uris', 'unprotected_uris', 'protected_uris' in permissions system.",
"migration_0019_backup_before_migration": "Creating a backup of LDAP database and apps settings prior to the actual migration.",
"migration_0019_can_not_backup_before_migration": "The backup of the system could not be completed before the migration failed. Error: {error:s}",
"migration_0019_migration_failed_trying_to_rollback": "Could not migrate... trying to roll back the system.",

View file

@ -1364,9 +1364,8 @@ class RestoreManager():
"protected_regex"
]
if any(app_setting(app_instance_name, setting) is not None for setting in legacy_permission_settings):
from yunohost.tools import _get_migration_by_name
extends_permissions_features_1 = _get_migration_by_name("extends_permissions_features_1")
extends_permissions_features_1.migrate_skipped_unprotected_protected_uris(app=app_instance_name)
from yunohost.utils.legacy import migrate_legacy_permission_settings
migrate_legacy_permission_settings(app=app_instance_name)
# Prepare env. var. to pass to script
env_dict = self._get_env_var(app_instance_name)

View file

@ -6,9 +6,9 @@ from yunohost.utils.error import YunohostError
from moulinette.utils.log import getActionLogger
from yunohost.tools import Migration
from yunohost.app import app_setting, _installed_apps, _get_app_settings, _set_app_settings
from yunohost.permission import user_permission_list, permission_create, permission_sync_to_user
from yunohost.utils.legacy import legacy_permission_label
from yunohost.app import app_setting, _installed_apps
from yunohost.permission import user_permission_list
from yunohost.utils.legacy import migrate_legacy_permission_settings
logger = getActionLogger('yunohost.migration')
@ -91,63 +91,6 @@ class MyMigration(Migration):
'isProtected': ["TRUE"]
})
def migrate_skipped_unprotected_protected_uris(self, app=None):
logger.info(m18n.n("migration_0019_migrate_old_app_settings"))
apps = _installed_apps()
if app:
if app not in apps:
logger.error("Can't migrate permission for app %s because it ain't installed..." % app)
apps = []
else:
apps = [app]
for app in apps:
settings = _get_app_settings(app) or {}
def _setting(name):
s = settings.get(name)
return s.split(',') if s else []
skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/']
skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')]
unprotected_urls = [uri for uri in _setting('unprotected_uris') if uri != '/']
unprotected_urls += ['re:' + regex for regex in _setting('unprotected_regex')]
protected_urls = [uri for uri in _setting('protected_uris') if uri != '/']
protected_urls += ['re:' + regex for regex in _setting('protected_regex')]
if skipped_urls != []:
permission_create(app + ".legacy_skipped_uris", additional_urls=skipped_urls,
auth_header=False, label=legacy_permission_label(app, "skipped"),
show_tile=False, allowed='visitors', protected=True, sync_perm=False)
if unprotected_urls != []:
permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls,
auth_header=True, label=legacy_permission_label(app, "unprotected"),
show_tile=False, allowed='visitors', protected=True, sync_perm=False)
if protected_urls != []:
permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls,
auth_header=True, label=legacy_permission_label(app, "protected"),
show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'],
protected=True, sync_perm=False)
legacy_permission_settings = [
"skipped_uris",
"unprotected_uris",
"protected_uris",
"skipped_regex",
"unprotected_regex",
"protected_regex"
]
for key in legacy_permission_settings:
if key in settings:
del settings[key]
_set_app_settings(app, settings)
permission_sync_to_user()
def run(self):
# FIXME : what do we really want to do here ...
@ -173,7 +116,7 @@ class MyMigration(Migration):
self.add_new_ldap_attributes()
# Migrate old settings
self.migrate_skipped_unprotected_protected_uris()
migrate_legacy_permission_settings()
except Exception as e:
logger.warn(m18n.n("migration_0019_migration_failed_trying_to_rollback"))

View file

@ -4,8 +4,8 @@ from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import read_yaml
from yunohost.user import user_list, user_group_create, user_group_update
from yunohost.app import app_setting, _installed_apps
from yunohost.permission import permission_create, user_permission_update, permission_sync_to_user
from yunohost.app import app_setting, _installed_apps, _get_app_settings, _set_app_settings
from yunohost.permission import permission_create, user_permission_list, user_permission_update, permission_sync_to_user
logger = getActionLogger('yunohost.legacy')
@ -145,3 +145,62 @@ LEGACY_PERMISSION_LABEL = {
def legacy_permission_label(app, permission_type):
return LEGACY_PERMISSION_LABEL.get((app, permission_type), "Legacy %s urls" % permission_type)
def migrate_legacy_permission_settings(app=None):
logger.info(m18n.n("migrating_legacy_permission_settings"))
apps = _installed_apps()
if app:
if app not in apps:
logger.error("Can't migrate permission for app %s because it ain't installed..." % app)
apps = []
else:
apps = [app]
for app in apps:
settings = _get_app_settings(app) or {}
def _setting(name):
s = settings.get(name)
return s.split(',') if s else []
skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/']
skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')]
unprotected_urls = [uri for uri in _setting('unprotected_uris') if uri != '/']
unprotected_urls += ['re:' + regex for regex in _setting('unprotected_regex')]
protected_urls = [uri for uri in _setting('protected_uris') if uri != '/']
protected_urls += ['re:' + regex for regex in _setting('protected_regex')]
if skipped_urls != []:
permission_create(app + ".legacy_skipped_uris", additional_urls=skipped_urls,
auth_header=False, label=legacy_permission_label(app, "skipped"),
show_tile=False, allowed='visitors', protected=True, sync_perm=False)
if unprotected_urls != []:
permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls,
auth_header=True, label=legacy_permission_label(app, "unprotected"),
show_tile=False, allowed='visitors', protected=True, sync_perm=False)
if protected_urls != []:
permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls,
auth_header=True, label=legacy_permission_label(app, "protected"),
show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'],
protected=True, sync_perm=False)
legacy_permission_settings = [
"skipped_uris",
"unprotected_uris",
"protected_uris",
"skipped_regex",
"unprotected_regex",
"protected_regex"
]
for key in legacy_permission_settings:
if key in settings:
del settings[key]
_set_app_settings(app, settings)
permission_sync_to_user()