From e047b67b1dfa3c2021061898940e395282888594 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 29 Oct 2020 23:16:27 +0100 Subject: [PATCH] Move legacy permission setting migration to legacy.py --- locales/en.json | 2 +- src/yunohost/backup.py | 5 +- .../0019_extends_permissions_features_1.py | 65 ++----------------- src/yunohost/utils/legacy.py | 63 +++++++++++++++++- 4 files changed, 68 insertions(+), 67 deletions(-) diff --git a/locales/en.json b/locales/en.json index d3d97e08a..511f4bfe6 100644 --- a/locales/en.json +++ b/locales/en.json @@ -415,6 +415,7 @@ "mail_unavailable": "This e-mail address is reserved and shall be automatically allocated to the very first user", "main_domain_change_failed": "Unable to change the main domain", "main_domain_changed": "The main domain has been changed", + "migrating_legacy_permission_settings": "Migrating legacy permission settings...", "migration_description_0015_migrate_to_buster": "Upgrade the system to Debian Buster and YunoHost 4.x", "migration_description_0016_php70_to_php73_pools": "Migrate php7.0-fpm 'pool' conf files to php7.3", "migration_description_0017_postgresql_9p6_to_11": "Migrate databases from PostgreSQL 9.6 to 11", @@ -446,7 +447,6 @@ "migration_0018_failed_to_migrate_iptables_rules": "Failed to migrate legacy iptables rules to nftables: {error}", "migration_0018_failed_to_reset_legacy_rules": "Failed to reset legacy iptables rules: {error}", "migration_0019_add_new_attributes_in_ldap": "Add new attributes for permissions in LDAP database", - "migration_0019_migrate_old_app_settings": "Migrate old apps settings 'skipped_uris', 'unprotected_uris', 'protected_uris' in permissions system.", "migration_0019_backup_before_migration": "Creating a backup of LDAP database and apps settings prior to the actual migration.", "migration_0019_can_not_backup_before_migration": "The backup of the system could not be completed before the migration failed. Error: {error:s}", "migration_0019_migration_failed_trying_to_rollback": "Could not migrate... trying to roll back the system.", diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index f6f5530d7..1d5996430 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1364,9 +1364,8 @@ class RestoreManager(): "protected_regex" ] if any(app_setting(app_instance_name, setting) is not None for setting in legacy_permission_settings): - from yunohost.tools import _get_migration_by_name - extends_permissions_features_1 = _get_migration_by_name("extends_permissions_features_1") - extends_permissions_features_1.migrate_skipped_unprotected_protected_uris(app=app_instance_name) + from yunohost.utils.legacy import migrate_legacy_permission_settings + migrate_legacy_permission_settings(app=app_instance_name) # Prepare env. var. to pass to script env_dict = self._get_env_var(app_instance_name) diff --git a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py index c6b1b740f..6eba67f26 100644 --- a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py +++ b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py @@ -6,9 +6,9 @@ from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger from yunohost.tools import Migration -from yunohost.app import app_setting, _installed_apps, _get_app_settings, _set_app_settings -from yunohost.permission import user_permission_list, permission_create, permission_sync_to_user -from yunohost.utils.legacy import legacy_permission_label +from yunohost.app import app_setting, _installed_apps +from yunohost.permission import user_permission_list +from yunohost.utils.legacy import migrate_legacy_permission_settings logger = getActionLogger('yunohost.migration') @@ -91,63 +91,6 @@ class MyMigration(Migration): 'isProtected': ["TRUE"] }) - def migrate_skipped_unprotected_protected_uris(self, app=None): - - logger.info(m18n.n("migration_0019_migrate_old_app_settings")) - apps = _installed_apps() - - if app: - if app not in apps: - logger.error("Can't migrate permission for app %s because it ain't installed..." % app) - apps = [] - else: - apps = [app] - - for app in apps: - - settings = _get_app_settings(app) or {} - - def _setting(name): - s = settings.get(name) - return s.split(',') if s else [] - - skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/'] - skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')] - unprotected_urls = [uri for uri in _setting('unprotected_uris') if uri != '/'] - unprotected_urls += ['re:' + regex for regex in _setting('unprotected_regex')] - protected_urls = [uri for uri in _setting('protected_uris') if uri != '/'] - protected_urls += ['re:' + regex for regex in _setting('protected_regex')] - - if skipped_urls != []: - permission_create(app + ".legacy_skipped_uris", additional_urls=skipped_urls, - auth_header=False, label=legacy_permission_label(app, "skipped"), - show_tile=False, allowed='visitors', protected=True, sync_perm=False) - if unprotected_urls != []: - permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls, - auth_header=True, label=legacy_permission_label(app, "unprotected"), - show_tile=False, allowed='visitors', protected=True, sync_perm=False) - if protected_urls != []: - permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, - auth_header=True, label=legacy_permission_label(app, "protected"), - show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], - protected=True, sync_perm=False) - - legacy_permission_settings = [ - "skipped_uris", - "unprotected_uris", - "protected_uris", - "skipped_regex", - "unprotected_regex", - "protected_regex" - ] - for key in legacy_permission_settings: - if key in settings: - del settings[key] - - _set_app_settings(app, settings) - - permission_sync_to_user() - def run(self): # FIXME : what do we really want to do here ... @@ -173,7 +116,7 @@ class MyMigration(Migration): self.add_new_ldap_attributes() # Migrate old settings - self.migrate_skipped_unprotected_protected_uris() + migrate_legacy_permission_settings() except Exception as e: logger.warn(m18n.n("migration_0019_migration_failed_trying_to_rollback")) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index 84cde0ccf..7c5d60264 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -4,8 +4,8 @@ from moulinette.utils.log import getActionLogger from moulinette.utils.filesystem import read_yaml from yunohost.user import user_list, user_group_create, user_group_update -from yunohost.app import app_setting, _installed_apps -from yunohost.permission import permission_create, user_permission_update, permission_sync_to_user +from yunohost.app import app_setting, _installed_apps, _get_app_settings, _set_app_settings +from yunohost.permission import permission_create, user_permission_list, user_permission_update, permission_sync_to_user logger = getActionLogger('yunohost.legacy') @@ -145,3 +145,62 @@ LEGACY_PERMISSION_LABEL = { def legacy_permission_label(app, permission_type): return LEGACY_PERMISSION_LABEL.get((app, permission_type), "Legacy %s urls" % permission_type) + + +def migrate_legacy_permission_settings(app=None): + + logger.info(m18n.n("migrating_legacy_permission_settings")) + apps = _installed_apps() + + if app: + if app not in apps: + logger.error("Can't migrate permission for app %s because it ain't installed..." % app) + apps = [] + else: + apps = [app] + + for app in apps: + + settings = _get_app_settings(app) or {} + + def _setting(name): + s = settings.get(name) + return s.split(',') if s else [] + + skipped_urls = [uri for uri in _setting('skipped_uris') if uri != '/'] + skipped_urls += ['re:' + regex for regex in _setting('skipped_regex')] + unprotected_urls = [uri for uri in _setting('unprotected_uris') if uri != '/'] + unprotected_urls += ['re:' + regex for regex in _setting('unprotected_regex')] + protected_urls = [uri for uri in _setting('protected_uris') if uri != '/'] + protected_urls += ['re:' + regex for regex in _setting('protected_regex')] + + if skipped_urls != []: + permission_create(app + ".legacy_skipped_uris", additional_urls=skipped_urls, + auth_header=False, label=legacy_permission_label(app, "skipped"), + show_tile=False, allowed='visitors', protected=True, sync_perm=False) + if unprotected_urls != []: + permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls, + auth_header=True, label=legacy_permission_label(app, "unprotected"), + show_tile=False, allowed='visitors', protected=True, sync_perm=False) + if protected_urls != []: + permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, + auth_header=True, label=legacy_permission_label(app, "protected"), + show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], + protected=True, sync_perm=False) + + legacy_permission_settings = [ + "skipped_uris", + "unprotected_uris", + "protected_uris", + "skipped_regex", + "unprotected_regex", + "protected_regex" + ] + for key in legacy_permission_settings: + if key in settings: + del settings[key] + + _set_app_settings(app, settings) + + permission_sync_to_user() +