mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
470 lines
17 KiB
Bash
470 lines
17 KiB
Bash
#!/bin/bash
|
|
|
|
# Get an application setting
|
|
#
|
|
# usage: ynh_app_setting_get --app=app --key=key
|
|
# | arg: -a, --app - the application id
|
|
# | arg: -k, --key - the setting to get
|
|
#
|
|
# Requires YunoHost version 2.2.4 or higher.
|
|
ynh_app_setting_get() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=ak
|
|
declare -Ar args_array=( [a]=app= [k]=key= )
|
|
local app
|
|
local key
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
ynh_app_setting "get" "$app" "$key"
|
|
}
|
|
|
|
# Set an application setting
|
|
#
|
|
# usage: ynh_app_setting_set --app=app --key=key --value=value
|
|
# | arg: -a, --app - the application id
|
|
# | arg: -k, --key - the setting name to set
|
|
# | arg: -v, --value - the setting value to set
|
|
#
|
|
# Requires YunoHost version 2.2.4 or higher.
|
|
ynh_app_setting_set() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=akv
|
|
declare -Ar args_array=( [a]=app= [k]=key= [v]=value= )
|
|
local app
|
|
local key
|
|
local value
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
ynh_app_setting "set" "$app" "$key" "$value"
|
|
}
|
|
|
|
# Delete an application setting
|
|
#
|
|
# usage: ynh_app_setting_delete --app=app --key=key
|
|
# | arg: -a, --app - the application id
|
|
# | arg: -k, --key - the setting to delete
|
|
#
|
|
# Requires YunoHost version 2.2.4 or higher.
|
|
ynh_app_setting_delete() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=ak
|
|
declare -Ar args_array=( [a]=app= [k]=key= )
|
|
local app
|
|
local key
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
ynh_app_setting "delete" "$app" "$key"
|
|
}
|
|
|
|
# Add skipped_uris urls into the config
|
|
#
|
|
# usage: ynh_add_skipped_uris [--appid=app] --url=url1,url2 [--regex]
|
|
# | arg: -a, --appid - the application id
|
|
# | arg: -u, --url - the urls to add to the sso for this app
|
|
# | arg: -r, --regex - Use the key 'skipped_regex' instead of 'skipped_uris'
|
|
#
|
|
# An URL set with 'skipped_uris' key will be totally ignored by the SSO,
|
|
# which means that the access will be public and the logged-in user information will not be passed to the app.
|
|
#
|
|
# Requires YunoHost version 3.6.0 or higher.
|
|
ynh_add_skipped_uris() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=aur
|
|
declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
|
|
local appid
|
|
local url
|
|
local regex
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
appid={appid:-$app}
|
|
regex={regex:-0}
|
|
|
|
local key=skipped_uris
|
|
if [ $regex -eq 1 ]; then
|
|
key=skipped_regex
|
|
fi
|
|
|
|
ynh_app_setting_set --app=$appid --key=$key --value="$url"
|
|
}
|
|
|
|
# Add unprotected_uris urls into the config
|
|
#
|
|
# usage: ynh_add_unprotected_uris [--appid=app] --url=url1,url2 [--regex]
|
|
# | arg: -a, --appid - the application id
|
|
# | arg: -u, --url - the urls to add to the sso for this app
|
|
# | arg: -r, --regex - Use the key 'unprotected_regex' instead of 'unprotected_uris'
|
|
#
|
|
# An URL set with unprotected_uris key will be accessible publicly, but if an user is logged in,
|
|
# his information will be accessible (through HTTP headers) to the app.
|
|
#
|
|
# Requires YunoHost version 3.6.0 or higher.
|
|
ynh_add_unprotected_uris() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=aur
|
|
declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
|
|
local appid
|
|
local url
|
|
local regex
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
appid={appid:-$app}
|
|
regex={regex:-0}
|
|
|
|
local key=unprotected_uris
|
|
if [ $regex -eq 1 ]; then
|
|
key=unprotected_regex
|
|
fi
|
|
|
|
ynh_app_setting_set --app=$appid --key=$key --value="$url"
|
|
}
|
|
|
|
# Add protected_uris urls into the config
|
|
#
|
|
# usage: ynh_add_protected_uris [--appid=app] --url=url1,url2 [--regex]
|
|
# | arg: -a, --appid - the application id
|
|
# | arg: -u, --url - the urls to add to the sso for this app
|
|
# | arg: -r, --regex - Use the key 'protected_regex' instead of 'protected_uris'
|
|
#
|
|
# An URL set with protected_uris will be blocked by the SSO and accessible only to authenticated and authorized users.
|
|
#
|
|
# Requires YunoHost version 3.6.0 or higher.
|
|
ynh_add_protected_uris() {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=aur
|
|
declare -Ar args_array=( [a]=appid= [u]=url= [r]=regex )
|
|
local appid
|
|
local url
|
|
local regex
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
appid={appid:-$app}
|
|
regex={regex:-0}
|
|
|
|
local key=protected_uris
|
|
if [ $regex -eq 1 ]; then
|
|
key=protected_regex
|
|
fi
|
|
|
|
ynh_app_setting_set --app=$appid --key=$key --value="$url"
|
|
}
|
|
|
|
# Small "hard-coded" interface to avoid calling "yunohost app" directly each
|
|
# time dealing with a setting is needed (which may be so slow on ARM boards)
|
|
#
|
|
# [internal]
|
|
#
|
|
ynh_app_setting()
|
|
{
|
|
if [[ "$1" == "delete" ]] && [[ "$3" =~ ^(unprotected|skipped)_ ]]
|
|
then
|
|
current_value=$(ynh_app_setting_get --app=$app --key=$3)
|
|
fi
|
|
|
|
ACTION="$1" APP="$2" KEY="$3" VALUE="${4:-}" python2.7 - <<EOF
|
|
import os, yaml, sys
|
|
app, action = os.environ['APP'], os.environ['ACTION'].lower()
|
|
key, value = os.environ['KEY'], os.environ.get('VALUE', None)
|
|
setting_file = "/etc/yunohost/apps/%s/settings.yml" % app
|
|
assert os.path.exists(setting_file), "Setting file %s does not exists ?" % setting_file
|
|
with open(setting_file) as f:
|
|
settings = yaml.load(f)
|
|
if action == "get":
|
|
if key in settings:
|
|
print(settings[key])
|
|
else:
|
|
if action == "delete":
|
|
if key in settings:
|
|
del settings[key]
|
|
elif action == "set":
|
|
if key in ['redirected_urls', 'redirected_regex']:
|
|
value = yaml.load(value)
|
|
if any(key.startswith(word+"_") for word in ["unprotected", "protected", "skipped"]):
|
|
sys.stderr.write("/!\\ Packagers! This app is still using the skipped/protected/unprotected_uris/regex settings which are now obsolete and deprecated... Instead, you should use the new helpers 'ynh_permission_{create,urls,update,delete}' and the 'visitors' group to initialize the public/private access. Check out the documentation at the bottom of yunohost.org/groups_and_permissions to learn how to use the new permission mechanism.\n")
|
|
settings[key] = value
|
|
else:
|
|
raise ValueError("action should either be get, set or delete")
|
|
with open(setting_file, "w") as f:
|
|
yaml.safe_dump(settings, f, default_flow_style=False)
|
|
EOF
|
|
|
|
# Fucking legacy permission management.
|
|
# We need this because app temporarily set the app as unprotected to configure it with curl...
|
|
if [[ "$3" =~ ^(unprotected|skipped)_ ]]
|
|
then
|
|
if [[ "$1" == "set" ]] && [[ "${4:-}" == "/" ]]
|
|
then
|
|
ynh_permission_update --permission "main" --add "visitors"
|
|
elif [[ "$1" == "delete" ]] && [[ "${current_value:-}" == "/" ]]
|
|
then
|
|
ynh_permission_update --permission "main" --remove "visitors"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Check availability of a web path
|
|
#
|
|
# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
|
|
#
|
|
# usage: ynh_webpath_available --domain=domain --path_url=path
|
|
# | arg: -d, --domain - the domain/host of the url
|
|
# | arg: -p, --path_url - the web path to check the availability of
|
|
#
|
|
# Requires YunoHost version 2.6.4 or higher.
|
|
ynh_webpath_available () {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=dp
|
|
declare -Ar args_array=( [d]=domain= [p]=path_url= )
|
|
local domain
|
|
local path_url
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
yunohost domain url-available $domain $path_url
|
|
}
|
|
|
|
# Register/book a web path for an app
|
|
#
|
|
# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
|
|
#
|
|
# usage: ynh_webpath_register --app=app --domain=domain --path_url=path
|
|
# | arg: -a, --app - the app for which the domain should be registered
|
|
# | arg: -d, --domain - the domain/host of the web path
|
|
# | arg: -p, --path_url - the web path to be registered
|
|
#
|
|
# Requires YunoHost version 2.6.4 or higher.
|
|
ynh_webpath_register () {
|
|
# Declare an array to define the options of this helper.
|
|
local legacy_args=adp
|
|
declare -Ar args_array=( [a]=app= [d]=domain= [p]=path_url= )
|
|
local app
|
|
local domain
|
|
local path_url
|
|
# Manage arguments with getopts
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
yunohost app register-url $app $domain $path_url
|
|
}
|
|
|
|
# Create a new permission for the app
|
|
#
|
|
# example: ynh_permission_create --permission admin --url /admin --additional_urls 'domain.tld/otherurl /superadmin' --allowed alice bob --tile_name 'My app admin'
|
|
#
|
|
# usage: ynh_permission_create --permission "permission" [--url "url"] [--additional_urls "second-url" [ "other-url" ]] [--auth_header true|false]
|
|
# [--allowed group1 [ group2 ]] [--label "label"] [--show_tile true|false]
|
|
# [--protected true|false]
|
|
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
|
|
# | arg: url - (optional) URL for which access will be allowed/forbidden
|
|
# | arg: additional_urls - (optional) List of additional URL for which access will be allowed/forbidden
|
|
# | arg: auth_header - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application. Default is true
|
|
# | arg: allowed - (optional) A list of group/user to allow for the permission
|
|
# | arg: label - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin. Default is "APP_LABEL (permission name)".
|
|
# | arg: show_tile - (optional) Define if a tile will be shown in the SSO
|
|
# | arg: protected - (optional) Define if this permission is protected. If it is protected the administrator
|
|
# | won't be able to add or remove the visitors group of this permission.
|
|
# | By default it's 'true' (for the permission different than 'main').
|
|
#
|
|
# If provided, 'url' is assumed to be relative to the app domain/path if they
|
|
# start with '/'. For example:
|
|
# / -> domain.tld/app
|
|
# /admin -> domain.tld/app/admin
|
|
# domain.tld/app/api -> domain.tld/app/api
|
|
#
|
|
# 'url' can be later treated as a regex if it starts with "re:".
|
|
# For example:
|
|
# re:/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$
|
|
# re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$
|
|
#
|
|
# Requires YunoHost version 3.7.0 or higher.
|
|
ynh_permission_create() {
|
|
declare -Ar args_array=( [p]=permission= [u]=url= [A]=additional_urls= [h]=auth_header= [a]=allowed= [l]=label= [t]=show_tile= [P]=protected= )
|
|
local permission
|
|
local url
|
|
local additional_urls
|
|
local auth_header
|
|
local allowed
|
|
local label
|
|
local show_tile
|
|
local protected
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
if [[ -n ${url:-} ]]; then
|
|
url=",url='$url'"
|
|
fi
|
|
|
|
if [[ -n ${additional_urls:-} ]]; then
|
|
additional_urls=",additional_urls=['${additional_urls//';'/"','"}']"
|
|
fi
|
|
|
|
if [[ -n ${auth_header:-} ]]; then
|
|
if [ $auth_header == "true" ]; then
|
|
auth_header=",auth_header=True"
|
|
else
|
|
auth_header=",auth_header=False"
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${allowed:-} ]]; then
|
|
allowed=",allowed=['${allowed//';'/"','"}']"
|
|
fi
|
|
|
|
if [[ -n ${label:-} ]]; then
|
|
label=",label='$label'"
|
|
else
|
|
label=",label='$YNH_APP_LABEL ($permission)'"
|
|
fi
|
|
|
|
if [[ -n ${show_tile:-} ]]; then
|
|
if [ $show_tile == "true" ]; then
|
|
show_tile=",show_tile=True"
|
|
else
|
|
show_tile=",show_tile=False"
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${protected:-} ]]; then
|
|
if [ $protected == "true" ]; then
|
|
protected=",protected=True"
|
|
else
|
|
protected=",protected=False"
|
|
fi
|
|
fi
|
|
|
|
yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission' ${url:-} ${additional_urls:-} ${auth_header:-} ${allowed:-} ${label:-} ${show_tile:-} ${protected:-} , sync_perm=False)"
|
|
}
|
|
|
|
# Remove a permission for the app (note that when the app is removed all permission is automatically removed)
|
|
#
|
|
# example: ynh_permission_delete --permission editors
|
|
#
|
|
# usage: ynh_permission_delete --permission "permission"
|
|
# | arg: permission - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
|
|
#
|
|
# Requires YunoHost version 3.7.0 or higher.
|
|
ynh_permission_delete() {
|
|
declare -Ar args_array=( [p]=permission= )
|
|
local permission
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$app.$permission', sync_perm=False)"
|
|
}
|
|
|
|
# Check if a permission exists
|
|
#
|
|
# usage: ynh_permission_exists --permission=permission
|
|
# | arg: -p, --permission - the permission to check
|
|
#
|
|
# Requires YunoHost version 3.7.0 or higher.
|
|
ynh_permission_exists() {
|
|
declare -Ar args_array=( [p]=permission= )
|
|
local permission
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
yunohost user permission list -s | grep -w -q "$app.$permission"
|
|
}
|
|
|
|
# Redefine the url associated to a permission
|
|
#
|
|
# usage: ynh_permission_url --permission "permission" [--url "url"] [--add_url "new-url" [ "other-new-url" ]] [--remove_url "old-url" [ "other-old-url"]]
|
|
# [--auth_header true|false][--clear_urls]
|
|
# | arg: permission - the name for the permission (by default a permission named "main" is removed automatically when the app is removed)
|
|
# | arg: url - (optional) URL for which access will be allowed/forbidden. Note that if you want to remove url you can pass an empty sting as arguments ("").
|
|
# | arg: add_url - (optional) List of additional url to add for which access will be allowed/forbidden.
|
|
# | arg: remove_url - (optional) List of additional url to remove for which access will be allowed/forbidden
|
|
# | arg: auth_header - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application
|
|
# | arg: clear_urls - (optional) Clean all urls (url and additional_urls)
|
|
#
|
|
# Requires YunoHost version 3.7.0 or higher.
|
|
ynh_permission_url() {
|
|
declare -Ar args_array=([p]=permission= [u]=url= [a]=add_url= [r]=remove_url= [h]=auth_header= [c]=clear_urls)
|
|
local permission
|
|
local url
|
|
local add_url
|
|
local remove_url
|
|
local auth_header
|
|
local clear_urls
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
if [[ -n ${url:-} ]]; then
|
|
url=",url='$url'"
|
|
fi
|
|
|
|
if [[ -n ${add_url:-} ]]; then
|
|
add_url=",add_url=['${add_url//';'/"','"}']"
|
|
fi
|
|
|
|
if [[ -n ${remove_url:-} ]]; then
|
|
remove_url=",remove_url=['${remove_url//';'/"','"}']"
|
|
fi
|
|
|
|
if [[ -n ${auth_header:-} ]]; then
|
|
if [ $auth_header == "true" ]; then
|
|
auth_header=",auth_header=True"
|
|
else
|
|
auth_header=",auth_header=False"
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${clear_urls:-} ]] && [ $clear_urls -eq 1 ]; then
|
|
clear_urls=",clear_urls=True"
|
|
fi
|
|
|
|
yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.$permission' ${url:-} ${add_url:-} ${remove_url:-} ${auth_header:-} ${clear_urls:-} )"
|
|
}
|
|
|
|
|
|
# Update a permission for the app
|
|
#
|
|
# usage: ynh_permission_update --permission "permission" [--add "group" ["group" ...]] [--remove "group" ["group" ...]]
|
|
# [--label "label"] [--show_tile true|false] [--protected true|false]
|
|
# | arg: permission - the name for the permission (by default a permission named "main" already exist)
|
|
# | arg: add - the list of group or users to enable add to the permission
|
|
# | arg: remove - the list of group or users to remove from the permission
|
|
# | arg: label - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin.
|
|
# | arg: show_tile - (optional) Define if a tile will be shown in the SSO
|
|
# | arg: protected - (optional) Define if this permission is protected. If it is protected the administrator
|
|
# | won't be able to add or remove the visitors group of this permission.
|
|
#
|
|
# example: ynh_permission_update --permission admin --add samdoe --remove all_users
|
|
# Requires YunoHost version 3.7.0 or higher.
|
|
ynh_permission_update() {
|
|
declare -Ar args_array=( [p]=permission= [a]=add= [r]=remove= [l]=label= [t]=show_tile= [P]=protected= )
|
|
local permission
|
|
local add
|
|
local remove
|
|
local label
|
|
local show_tile
|
|
local protected
|
|
ynh_handle_getopts_args "$@"
|
|
|
|
if [[ -n ${add:-} ]]; then
|
|
add=",add=['${add//';'/"','"}']"
|
|
fi
|
|
if [[ -n ${remove:-} ]]; then
|
|
remove=",remove=['${remove//';'/"','"}']"
|
|
fi
|
|
|
|
if [[ -n ${label:-} ]]; then
|
|
label=",label='$label'"
|
|
fi
|
|
|
|
if [[ -n ${show_tile:-} ]]; then
|
|
if [ $show_tile == "true" ]; then
|
|
show_tile=",show_tile=True"
|
|
else
|
|
show_tile=",show_tile=False"
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${protected:-} ]]; then
|
|
if [ $protected == "true" ]; then
|
|
protected=",protected=True"
|
|
else
|
|
protected=",protected=False"
|
|
fi
|
|
fi
|
|
|
|
yunohost tools shell -c "from yunohost.permission import user_permission_update; user_permission_update('$app.$permission' ${add:-} ${remove:-} ${label:-} ${show_tile:-} ${protected:-} , force=True, sync_perm=False)"
|
|
}
|