Using new permissions system
This commit is contained in:
parent
15bf6f665e
commit
86d348b312
3 changed files with 42 additions and 25 deletions
|
@ -15,7 +15,7 @@
|
||||||
"url": "http://example.com"
|
"url": "http://example.com"
|
||||||
},
|
},
|
||||||
"requirements": {
|
"requirements": {
|
||||||
"yunohost": ">= 3.5"
|
"yunohost": ">= 3.7"
|
||||||
},
|
},
|
||||||
"multi_instance": true,
|
"multi_instance": true,
|
||||||
"services": [
|
"services": [
|
||||||
|
|
|
@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
|
||||||
ynh_app_setting_set --app=$app --key=language --value=$language
|
ynh_app_setting_set --app=$app --key=language --value=$language
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -233,10 +232,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1
|
||||||
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
||||||
|
|
||||||
# Remove the public access
|
# Remove the public access
|
||||||
if [ $is_public -eq 0 ]
|
|
||||||
then
|
|
||||||
ynh_app_setting_delete --app=$app --key=skipped_uris
|
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MODIFY A CONFIG FILE
|
# MODIFY A CONFIG FILE
|
||||||
|
@ -336,15 +332,19 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
||||||
|
|
||||||
# Make app public if necessary
|
# Make app public if necessary
|
||||||
if [ $is_public -eq 1 ]
|
if [ $is_public -eq 1 ]
|
||||||
then
|
then
|
||||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
# Everyone can access the app.
|
||||||
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
# The "main" permission is automatically created before the install script.
|
||||||
|
ynh_permission_update --permission "main" --add "visitors"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
||||||
|
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX
|
# RELOAD NGINX
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
language=$(ynh_app_setting_get --app=$app --key=language)
|
language=$(ynh_app_setting_get --app=$app --key=language)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
|
@ -41,15 +40,6 @@ upgrade_type=$(ynh_check_app_version_changed)
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
||||||
|
|
||||||
# Fix is_public as a boolean value
|
|
||||||
if [ "$is_public" = "Yes" ]; then
|
|
||||||
ynh_app_setting_set --app=$app --key=is_public --value=1
|
|
||||||
is_public=1
|
|
||||||
elif [ "$is_public" = "No" ]; then
|
|
||||||
ynh_app_setting_set --app=$app --key=is_public --value=0
|
|
||||||
is_public=0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If db_name doesn't exist, create it
|
# If db_name doesn't exist, create it
|
||||||
if [ -z "$db_name" ]; then
|
if [ -z "$db_name" ]; then
|
||||||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
||||||
|
@ -62,6 +52,35 @@ if [ -z "$final_path" ]; then
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If nobody installed your app before 3.7, then you may
|
||||||
|
# safely remove these lines
|
||||||
|
|
||||||
|
# Cleaning legacy permissions
|
||||||
|
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||||
|
skipped_uris=$(ynh_app_setting_get --app=$app --key=skipped_uris)
|
||||||
|
unprotected_uris=$(ynh_app_setting_get --app=$app --key=unprotected_uris)
|
||||||
|
protected_uris=$(ynh_app_setting_get --app=$app --key=protected_uris)
|
||||||
|
|
||||||
|
# Remove is_public if exists
|
||||||
|
if [ ! -z "$is_public" ]; then
|
||||||
|
ynh_app_setting_delete --app=$app --key=is_public
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove skipped_uris if exists
|
||||||
|
if [ ! -z "$skipped_uris" ]; then
|
||||||
|
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove unprotected_uris if exists
|
||||||
|
if [ ! -z "$unprotected_uris" ]; then
|
||||||
|
ynh_app_setting_delete --app=$app --key=unprotected_uris
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove protected_uris if exists
|
||||||
|
if [ ! -z "$protected_uris" ]; then
|
||||||
|
ynh_app_setting_delete --app=$app --key=protected_uris
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -192,13 +211,11 @@ chown -R root: $final_path
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
|
ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
|
||||||
|
|
||||||
# Make app public if necessary
|
# Create the admin permission if needed
|
||||||
if [ $is_public -eq 1 ]
|
if ! ynh_permission_exists --permission "admin"; then
|
||||||
then
|
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
||||||
# unprotected_uris allows SSO credentials to be passed anyway
|
|
||||||
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
Loading…
Reference in a new issue