From fe8a0cbcbd39fbf96d42b37f443f34b44a67e16f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Sun, 22 Dec 2019 15:03:29 +0100
Subject: [PATCH] Update helper for permission protection support

---
 data/helpers.d/setting | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

diff --git a/data/helpers.d/setting b/data/helpers.d/setting
index c862d4ef6..ef909b7d7 100644
--- a/data/helpers.d/setting
+++ b/data/helpers.d/setting
@@ -241,10 +241,12 @@ ynh_webpath_register () {
 #
 # example: ynh_permission_create --permission admin --url /admin --allowed alice bob
 #
-# usage: ynh_permission_create --permission "permission" [--url "url"] [--allowed group1 group2]
+# usage: ynh_permission_create --permission "permission" [--url "url"] [--allowed group1 group2] [--is_protected "true"|"false"]
 # | arg: permission - the name for the permission (by default a permission named "main" already exist)
 # | arg: url - (optional) URL for which access will be allowed/forbidden
 # | arg: allowed - (optional) A list of group/user to allow for the permission
+# | arg: is_protected - (optional) Define if this permission is protected. If it is protected the administrator
+# |                                won't be able to add or remove the visitors group of this permission.  By default it's 'false'
 #
 # If provided, 'url' is assumed to be relative to the app domain/path if they
 # start with '/'.  For example:
@@ -259,10 +261,11 @@ ynh_webpath_register () {
 #
 # Requires YunoHost version 3.7.0 or higher.
 ynh_permission_create() {
-    declare -Ar args_array=( [p]=permission= [u]=url= [a]=allowed= )
+    declare -Ar args_array=( [p]=permission= [u]=url= [a]=allowed= [p]=is_protected= )
     local permission
     local url
     local allowed
+    local is_protected
     ynh_handle_getopts_args "$@"
 
     if [[ -n ${url:-} ]]; then
@@ -270,12 +273,18 @@ ynh_permission_create() {
     else
         url="None"
     fi
-
     if [[ -n ${allowed:-} ]]; then
         allowed=",allowed=['${allowed//';'/"','"}']"
     fi
+    if [ -n ${is_protected} ]; then
+        if [ $is_protected == "true" ]; then
+            is_protected=",is_protected=$is_protected=True"
+        else
+            is_protected=",is_protected=$is_protected=False"
+        fi
+    fi
     
-    yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission', url=$url ${allowed:-} , sync_perm=False)"
+    yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission', url=$url ${allowed:-} ${is_protected:-} , sync_perm=False)"
 }
 
 # Remove a permission for the app (note that when the app is removed all permission is automatically removed)
@@ -333,26 +342,36 @@ ynh_permission_url() {
 
 # Update a permission for the app
 #
-# usage: ynh_permission_update --permission "permission" --add "group" ["group" ...] --remove  "group" ["group" ...]
+# usage: ynh_permission_update --permission "permission" --add "group" ["group" ...] --remove  "group" ["group" ...] [--is_protected "true"|"false"]
 # | arg: permission - the name for the permission (by default a permission named "main" already exist)
 # | arg: add - the list of group or users to enable add to the permission
 # | arg: remove - the list of group or users to remove from the permission
+# | arg: is_protected - (optional) Define if this permission is protected. If it is protected the administrator
+# |                                won't be able to add or remove the visitors group of this permission. By default it's 'false'
 #
 # example: ynh_permission_update --permission admin --add samdoe --remove all_users
 # Requires YunoHost version 3.7.0 or higher.
 ynh_permission_update() {
-    declare -Ar args_array=( [p]=permission= [a]=add= [r]=remove= )
+    declare -Ar args_array=( [p]=permission= [a]=add= [r]=remove= [p]=is_protected= )
     local permission
     local add
     local remove
+    local is_protected
     ynh_handle_getopts_args "$@"
 
     if [[ -n ${add:-} ]]; then
-        add="--add ${add//';'/" "}"
+        add=",add=['${add//';'/"','"}']"
     fi
     if [[ -n ${remove:-} ]]; then
-        remove="--remove ${remove//';'/" "} "
+        remove=",remove=['${remove//';'/"','"}']"
+    fi
+    if [ -n ${is_protected} ]; then
+        if [ $is_protected == "true" ]; then
+            is_protected=",is_protected=$is_protected=True"
+        else
+            is_protected=",is_protected=$is_protected=False"
+        fi
     fi
 
-    yunohost user permission update "$app.$permission" ${add:-} ${remove:-}
+    yunohost tools shell -c "from yunohost.permission import user_permission_update; user_permission_update('$app.$permission', ${add:-} ${remove} ${is_protected:-} , sync_perm=False)"
 }