From e40698ef2062346638a4492924a4dacf32f081f2 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 12 Sep 2019 02:25:52 +0200
Subject: [PATCH] Propagate changes on migration

---
 locales/en.json                               |  2 +-
 .../0011_setup_group_permission.py            | 20 ++++++++-----------
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/locales/en.json b/locales/en.json
index e69e06201..c370f821e 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -195,7 +195,6 @@
     "dyndns_registration_failed": "Unable to register DynDNS domain: {error:s}",
     "dyndns_domain_not_provided": "Dyndns provider {provider:s} cannot provide domain {domain:s}.",
     "dyndns_unavailable": "Domain {domain:s} is not available.",
-    "error_when_removing_sftpuser_group": "Error when trying remove sftpusers group",
     "executing_command": "Executing command '{command:s}'…",
     "executing_script": "Executing script '{script:s}'…",
     "extracting": "Extracting…",
@@ -355,6 +354,7 @@
     "migration_0011_can_not_backup_before_migration": "The backup of the system before the migration failed. Migration failed. Error: {error:s}",
     "migration_0011_create_group": "Creating a group for each user...",
     "migration_0011_done": "Migration successful. You are now able to manage groups of users.",
+    "migration_0011_error_when_removing_sftpuser_group": "Error when trying remove sftpusers group",
     "migration_0011_LDAP_config_dirty": "It look like that you customized your LDAP configuration. For this migration the LDAP configuration need to be updated.\nYou need to save your actual configuration, reintialize the original configuration by the command 'yunohost tools regen-conf -f' and after retry the migration",
     "migration_0011_LDAP_update_failed": "LDAP update failed. Error: {error:s}",
     "migration_0011_migrate_permission": "Migrating permissions from apps settings to LDAP...",
diff --git a/src/yunohost/data_migrations/0011_setup_group_permission.py b/src/yunohost/data_migrations/0011_setup_group_permission.py
index d2924f0af..720e4ac36 100644
--- a/src/yunohost/data_migrations/0011_setup_group_permission.py
+++ b/src/yunohost/data_migrations/0011_setup_group_permission.py
@@ -1,17 +1,16 @@
-import yaml
 import time
 import os
 
 from moulinette import m18n
 from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
+from moulinette.utils.filesystem import read_yaml
 
 from yunohost.tools import Migration
 from yunohost.user import user_group_create, user_group_update
 from yunohost.app import app_setting, app_list
 from yunohost.regenconf import regen_conf
-from yunohost.permission import permission_create, permission_sync_to_user
-from yunohost.user import user_permission_add
+from yunohost.permission import permission_create, user_permission_update, permission_sync_to_user
 
 logger = getActionLogger('yunohost.migration')
 
@@ -19,6 +18,7 @@ logger = getActionLogger('yunohost.migration')
 # Tools used also for restoration
 ###################################################
 
+
 class MyMigration(Migration):
     """
         Update the LDAP DB to be able to store the permission
@@ -38,10 +38,9 @@ class MyMigration(Migration):
         try:
             ldap.remove('cn=sftpusers,ou=groups')
         except:
-            logger.warn(m18n.n("error_when_removing_sftpuser_group"))
+            logger.warn(m18n.n("migration_0011_error_when_removing_sftpuser_group"))
 
-        with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
-            ldap_map = yaml.load(f)
+        ldap_map = read_yaml('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml')
 
         try:
             attr_dict = ldap_map['parents']['ou=permission']
@@ -65,11 +64,9 @@ class MyMigration(Migration):
             username = user_info['uid'][0]
             ldap.update('uid=%s,ou=users' % username,
                         {'objectClass': ['mailAccount', 'inetOrgPerson', 'posixAccount', 'userPermissionYnh']})
-            user_group_create(username, gid=user_info['uidNumber'][0], sync_perm=False)
-            user_group_update(groupname=username, add=username, force=True, sync_perm=False)
+            user_group_create(username, gid=user_info['uidNumber'][0], primary_group=True, sync_perm=False)
             user_group_update(groupname='all_users', add=username, force=True, sync_perm=False)
 
-
     def migrate_app_permission(self, app=None):
         logger.info(m18n.n("migration_0011_migrate_permission"))
 
@@ -85,13 +82,12 @@ class MyMigration(Migration):
             domain = app_setting(app, 'domain')
 
             urls = [domain + path] if domain and path else None
-            permission_create(app, permission='main', urls=urls, default_allow=True, sync_perm=False)
+            permission_create(app+".main", urls=urls, sync_perm=False)
             if permission:
                 allowed_group = permission.split(',')
-                user_permission_add([app], permission='main', group=allowed_group, sync_perm=False)
+                user_permission_update(app+".main", remove="all_users", add=allowed_group, sync_perm=False)
             app_setting(app, 'allowed_users', delete=True)
 
-
     def run(self):
         # Check if the migration can be processed
         ldap_regen_conf_status = regen_conf(names=['slapd'], dry_run=True)