diff --git a/src/yunohost/app.py b/src/yunohost/app.py index d0644b488..c727e7488 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -177,7 +177,7 @@ def app_info(app, full=False): ret['supports_backup_restore'] = (os.path.exists(os.path.join(APPS_SETTING_PATH, app, "scripts", "backup")) and os.path.exists(os.path.join(APPS_SETTING_PATH, app, "scripts", "restore"))) ret['supports_multi_instance'] = is_true(local_manifest.get("multi_instance", False)) - permissions = user_permission_list(full=True, full_path=True)["permissions"] + permissions = user_permission_list(full=True, absolute_urls=True)["permissions"] ret['permissions'] = {p: i for p, i in permissions.items() if p.startswith(app + ".") and (i["url"] or i['additional_urls'])} return ret @@ -249,7 +249,7 @@ def app_map(app=None, raw=False, user=None): else: apps = os.listdir(APPS_SETTING_PATH) - permissions = user_permission_list(full=True, full_path=True)["permissions"] + permissions = user_permission_list(full=True, absolute_urls=True)["permissions"] for app_id in apps: app_settings = _get_app_settings(app_id) if not app_settings: @@ -640,7 +640,7 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback from yunohost.log import OperationLogger - from yunohost.permission import user_permission_list, user_permission_update, permission_create, permission_url, permission_delete, permission_sync_to_user + from yunohost.permission import user_permission_list, user_permission_info, user_permission_update, permission_create, permission_url, permission_delete, permission_sync_to_user from yunohost.regenconf import manually_modified_files # Fetch or extract sources @@ -926,7 +926,7 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu app_settings = _get_app_settings(app_instance_name) domain = app_settings.get('domain', None) path = app_settings.get('path', None) - if domain and path and user_permission_list(full=True, full_path=False)['permissions'][app_instance_name + '.main']['url'] is None: + if domain and path and user_permission_info(app_instance_name + '.main')['url'] is None: permission_url(app_instance_name + ".main", url='/', sync_perm=False) user_permission_update(app_instance_name + ".main", show_tile=True, sync_perm=False) @@ -1199,7 +1199,7 @@ def app_setting(app, key, value=None, delete=False): logger.warning("/!\\ Packagers! This app is still using the skipped/protected/unprotected_uris/regex settings which are now obsolete and deprecated... Instead, you should use the new helpers 'ynh_permission_{create,urls,update,delete}' and the 'visitors' group to initialize the public/private access. Check out the documentation at the bottom of yunohost.org/groups_and_permissions to learn how to use the new permission mechanism.") from permission import user_permission_list, user_permission_update, permission_create, permission_delete, permission_url - permissions = user_permission_list(full=True, full_path=False)['permissions'] + permissions = user_permission_list(full=True)['permissions'] permission_name = "%s.legacy_%s_uris" % (app, key.split('_')[0]) permission = permissions.get(permission_name) @@ -1331,7 +1331,7 @@ def app_ssowatconf(): main_domain = _get_maindomain() domains = domain_list()['domains'] - all_permissions = user_permission_list(full=True, ignore_system_perms=True, full_path=True)['permissions'] + all_permissions = user_permission_list(full=True, ignore_system_perms=True, absolute_urls=True)['permissions'] permissions = { 'core_skipped': { diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index 839c882cd..f8e38fbbe 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -697,7 +697,7 @@ class BackupManager(): # backup permissions logger.debug(m18n.n('backup_permission', app=app)) - permissions = user_permission_list(full=True, full_path=False)["permissions"] + permissions = user_permission_list(full=True)["permissions"] this_app_permissions = {name: infos for name, infos in permissions.items() if name.startswith(app + ".")} write_to_yaml("%s/permissions.yml" % settings_dir, this_app_permissions) @@ -1158,7 +1158,7 @@ class RestoreManager(): # Backup old permission for apps # We need to do that because in case of an app is installed we can't remove the permission for this app - old_apps_permission = user_permission_list(ignore_system_perms=True, full=True, full_path=False)["permissions"] + old_apps_permission = user_permission_list(ignore_system_perms=True, full=True)["permissions"] # Start register change on system operation_logger = OperationLogger('backup_restore_system') diff --git a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py index 8ec014da0..da929574f 100644 --- a/src/yunohost/data_migrations/0019_extends_permissions_features_1.py +++ b/src/yunohost/data_migrations/0019_extends_permissions_features_1.py @@ -37,7 +37,7 @@ class MyMigration(Migration): logger.info(m18n.n("migration_0019_add_new_attributes_in_ldap")) ldap = _get_ldap_interface() - permission_list = user_permission_list(short=True, full_path=False)["permissions"] + permission_list = user_permission_list(short=True)["permissions"] labels = {} for app in _installed_apps(): diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index a833ab2d9..1e76c6bd9 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -45,7 +45,7 @@ SYSTEM_PERMS = ["mail", "xmpp", "sftp", "ssh"] # -def user_permission_list(short=False, full=False, ignore_system_perms=False, full_path=True): +def user_permission_list(short=False, full=False, ignore_system_perms=False, absolute_urls=False): """ List permissions and corresponding accesses """ @@ -86,7 +86,7 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, ful perm["url"] = infos.get("URL", [None])[0] perm["additional_urls"] = infos.get("additionalUrls", []) - if full_path: + if absolute_urls: app_base_path = apps_base_path[app] if app in apps_base_path else "" # Meh in some situation where the app is currently installed/removed, this function may be called and we still need to act as if the corresponding permission indeed exists ... dunno if that's really the right way to proceed but okay. perm["url"] = _get_absolute_url(perm["url"], app_base_path) perm["additional_urls"] = [_get_absolute_url(url, app_base_path) for url in perm["additional_urls"]] @@ -132,7 +132,7 @@ def user_permission_update(operation_logger, permission, add=None, remove=None, if "." not in permission: permission = permission + ".main" - existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) + existing_permission = user_permission_info(permission) # Refuse to add "visitors" to mail, xmpp ... they require an account to make sense. if add and "visitors" in add and permission.split(".")[0] in SYSTEM_PERMS: @@ -145,9 +145,6 @@ def user_permission_update(operation_logger, permission, add=None, remove=None, # Fetch currently allowed groups for this permission - if existing_permission is None: - raise YunohostError('permission_not_found', permission=permission) - current_allowed_groups = existing_permission["allowed"] operation_logger.related_to.append(('app', permission.split(".")[0])) @@ -223,9 +220,7 @@ def user_permission_reset(operation_logger, permission, sync_perm=True): # Fetch existing permission - existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) - if existing_permission is None: - raise YunohostError('permission_not_found', permission=permission) + existing_permission = user_permission_info(permission) if existing_permission["allowed"] == ["all_users"]: logger.warning(m18n.n("permission_already_up_to_date")) @@ -400,9 +395,7 @@ def permission_url(operation_logger, permission, # Fetch existing permission - existing_permission = user_permission_list(full=True, full_path=False)["permissions"].get(permission, None) - if not existing_permission: - raise YunohostError('permission_not_found', permission=permission) + existing_permission = user_permission_info(permission) show_tile = existing_permission['show_tile'] @@ -461,7 +454,7 @@ def permission_url(operation_logger, permission, permission_sync_to_user() logger.debug(m18n.n('permission_updated', permission=permission)) - return user_permission_list(full=True)["permissions"][permission] + return user_permission_info(permission) @is_unit_operation() @@ -485,9 +478,7 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True) # Make sure this permission exists - existing_permission = user_permission_list(full=True)["permissions"].get(permission, None) - if not existing_permission: - raise YunohostError('permission_not_found', permission=permission) + _ = user_permission_info(permission) # Actually delete the permission @@ -516,7 +507,7 @@ def permission_sync_to_user(): ldap = _get_ldap_interface() groups = user_group_list(full=True)["groups"] - permissions = user_permission_list(full=True, full_path=False)["permissions"] + permissions = user_permission_list(full=True)["permissions"] for permission_name, permission_infos in permissions.items(): @@ -575,7 +566,7 @@ def _update_ldap_group_permission(permission, allowed, from yunohost.utils.ldap import _get_ldap_interface ldap = _get_ldap_interface() - existing_permission = user_permission_list(full=True, full_path=False)["permissions"][permission] + existing_permission = user_permission_info(permission) update = {} @@ -612,7 +603,7 @@ def _update_ldap_group_permission(permission, allowed, if sync_perm: permission_sync_to_user() - new_permission = user_permission_list(full=True)["permissions"][permission] + new_permission = user_permission_info(permission) # Trigger app callbacks diff --git a/src/yunohost/tests/test_backuprestore.py b/src/yunohost/tests/test_backuprestore.py index b5197f68f..67a228700 100644 --- a/src/yunohost/tests/test_backuprestore.py +++ b/src/yunohost/tests/test_backuprestore.py @@ -518,7 +518,7 @@ def test_backup_and_restore_with_ynh_restore(mocker): @pytest.mark.with_permission_app_installed def test_backup_and_restore_permission_app(mocker): - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res @@ -533,7 +533,7 @@ def test_backup_and_restore_permission_app(mocker): _test_backup_and_restore_app(mocker, "permissions_app") - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res diff --git a/src/yunohost/tests/test_permission.py b/src/yunohost/tests/test_permission.py index 1c5abdcdd..ae5f8ce4f 100644 --- a/src/yunohost/tests/test_permission.py +++ b/src/yunohost/tests/test_permission.py @@ -305,12 +305,10 @@ def test_permission_list(): assert set(res['wiki.main']['corresponding_users']) == set(["alice", "bob"]) assert res['blog.main']['corresponding_users'] == ["alice"] assert res['blog.api']['corresponding_users'] == [] - assert res['wiki.main']['url'] == maindomain + "/wiki" - assert res['blog.main']['url'] == maindomain + "/blog" + assert res['wiki.main']['url'] == "/" + assert res['blog.main']['url'] == "/" assert res['blog.api']['url'] == None - assert set(res['wiki.main']['additional_urls']) == {maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow'} - assert res['blog.main']['additional_urls'] == [] - assert res['blog.api']['additional_urls'] == [] + assert set(res['wiki.main']['additional_urls']) == {'/whatever', '/idontnow'} assert res['wiki.main']['protected'] == False assert res['blog.main']['protected'] == False assert res['blog.api']['protected'] == True @@ -324,10 +322,13 @@ def test_permission_list(): assert res['blog.main']['auth_header'] == True assert res['blog.api']['auth_header'] == True - res = user_permission_list(full=True, full_path=False)['permissions'] - assert res['wiki.main']['url'] == "/" - assert res['blog.main']['url'] == "/" - assert set(res['wiki.main']['additional_urls']) == {'/whatever', '/idontnow'} + res = user_permission_list(full=True, absolute_urls=True)['permissions'] + assert res['wiki.main']['url'] == maindomain + "/wiki" + assert res['blog.main']['url'] == maindomain + "/blog" + assert res['blog.api']['url'] == None + assert set(res['wiki.main']['additional_urls']) == {maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow'} + assert res['blog.main']['additional_urls'] == [] + assert res['blog.api']['additional_urls'] == [] # @@ -416,7 +417,7 @@ def test_permission_create_with_urls_management_simple_domain(mocker): url="/", additional_urls=['/whatever','/idontnow'], auth_header=False, domain=maindomain, path='/site') - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert "site.main" in res assert res['site.main']['url'] == maindomain + "/site" assert set(res['site.main']['additional_urls']) == {maindomain + "/site/whatever", maindomain + "/site/idontnow"} @@ -433,7 +434,7 @@ def test_permission_create_with_urls_management_multiple_domain(mocker): auth_header=True, domain=maindomain, path='/site') - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert "site.main" in res assert res['site.main']['url'] == maindomain + "/site/something" assert set(res['site.main']['additional_urls']) == {other_domains[0] + "/blabla", other_domains[1] + "/ahh"} @@ -640,7 +641,7 @@ def test_permission_protected_update(mocker): def test_permission_redefine_url(): permission_url("blog.main", url="/pwet") - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert res["blog.main"]["url"] == "/pwet" @@ -654,10 +655,10 @@ def test_permission_remove_url(): def test_permission_main_url_regex(): permission_url("blog.main", url="re:/[a-z]+reboy/.*") - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert res["blog.main"]["url"] == "re:/[a-z]+reboy/.*" - res = user_permission_list(full=True, full_path=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res["blog.main"]["url"] == "re:%s/blog/[a-z]+reboy/.*" % maindomain.replace('.', '\.') @@ -670,7 +671,7 @@ def test_permission_main_url_bad_regex(mocker): def test_permission_add_additional_url(): permission_url("wiki.main", add_url=[other_domains[0] + "/heyby", "/myhouse"]) - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res['wiki.main']['url'] == maindomain + "/wiki" assert set(res['wiki.main']['additional_urls']) == {maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow', @@ -681,10 +682,10 @@ def test_permission_add_additional_url(): def test_permission_add_additional_regex(): permission_url("blog.main", add_url=["re:/[a-z]+reboy/.*"]) - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert res["blog.main"]["additional_urls"] == ["re:/[a-z]+reboy/.*"] - res = user_permission_list(full=True, full_path=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res["blog.main"]["additional_urls"] == ["re:%s/blog/[a-z]+reboy/.*" % maindomain.replace('.', '\.')] @@ -696,7 +697,7 @@ def test_permission_add_additional_bad_regex(mocker): def test_permission_remove_additional_url(): permission_url("wiki.main", remove_url=['/whatever']) - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res['wiki.main']['url'] == maindomain + "/wiki" assert res['wiki.main']['additional_urls'] == [maindomain + '/wiki/idontnow'] @@ -705,7 +706,7 @@ def test_permssion_add_additional_url_already_exist(): permission_url("wiki.main", add_url=['/whatever', "/myhouse"]) permission_url("wiki.main", add_url=['/whatever']) - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res['wiki.main']['url'] == maindomain + "/wiki" assert set(res['wiki.main']['additional_urls']) == {maindomain + '/wiki/whatever', maindomain + '/wiki/idontnow', @@ -716,7 +717,7 @@ def test_permission_remove_additional_url_dont_exist(): permission_url("wiki.main", remove_url=['/shouldntexist', '/whatever']) permission_url("wiki.main", remove_url=['/shouldntexist']) - res = user_permission_list(full=True)['permissions'] + res = user_permission_list(full=True, absolute_urls=True)['permissions'] assert res['wiki.main']['url'] == maindomain + "/wiki" assert res['wiki.main']['additional_urls'] == [maindomain + '/wiki/idontnow'] @@ -814,7 +815,7 @@ def test_show_tile_cant_be_enabled(): allowed=["all_users"], protected=False, sync_perm=True, domain=maindomain, path="/web") - permissions = user_permission_list(full=True, full_path=False)['permissions'] + permissions = user_permission_list(full=True)['permissions'] assert permissions['site.main']['show_tile'] == False assert permissions['web.main']['show_tile'] == False @@ -830,7 +831,7 @@ def test_permission_app_install(): app_install(os.path.join(get_test_apps_dir(), "permissions_app_ynh"), args="domain=%s&domain_2=%s&path=%s&is_public=0&admin=%s" % (maindomain, other_domains[0], "/urlpermissionapp", "alice"), force=True) - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert "permissions_app.main" in res assert "permissions_app.admin" in res assert "permissions_app.dev" in res @@ -871,14 +872,14 @@ def test_permission_app_change_url(): args="domain=%s&domain_2=%s&path=%s&admin=%s" % (maindomain, other_domains[0], "/urlpermissionapp", "alice"), force=True) # FIXME : should rework this test to look for differences in the generated app map / app tiles ... - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert res['permissions_app.main']['url'] == "/" assert res['permissions_app.admin']['url'] == "/admin" assert res['permissions_app.dev']['url'] == "/dev" app_change_url("permissions_app", maindomain, "/newchangeurl") - res = user_permission_list(full=True, full_path=False)['permissions'] + res = user_permission_list(full=True)['permissions'] assert res['permissions_app.main']['url'] == "/" assert res['permissions_app.admin']['url'] == "/admin" assert res['permissions_app.dev']['url'] == "/dev" diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 12a8df7ef..64a30d821 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -461,7 +461,7 @@ def user_info(username): if service_status("dovecot")["status"] != "running": logger.warning(m18n.n('mailbox_used_space_dovecot_down')) - elif username not in user_permission_list(full=True)["permissions"]["mail.main"]["corresponding_users"]: + elif username not in user_permission_info("mail.main")["corresponding_users"]: logger.warning(m18n.n('mailbox_disabled', user=username)) else: try: @@ -768,7 +768,7 @@ def user_group_info(groupname): def user_permission_list(short=False, full=False): import yunohost.permission - return yunohost.permission.user_permission_list(short, full) + return yunohost.permission.user_permission_list(short, full, absolute_urls=True) def user_permission_update(permission, add=None, remove=None, label=None, show_tile=None, sync_perm=True):