asandikci/autodeploygit_ynh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Improve permissions management

Browse source
This commit is contained in:
Kay0u 2021-01-06 13:31:32 +01:00
parent 1e2ee09860
commit 9b6cc80ecc
No known key found for this signature in database
GPG key ID: AAFEEB16CFA2AE2D
3 changed files with 22 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifest.json
View file

@ -15,7 +15,7 @@
"url": "http://example.com" "url": "http://example.com"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.7" "yunohost": ">= 4.1.2"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

14
scripts/install
View file

@ -220,7 +220,8 @@ chown -R $app: $final_path
# Set the app as temporarily public for curl call # Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
ynh_app_setting_set --app=$app --key=skipped_uris --value="/" # Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Reload SSOwat config # Reload SSOwat config
yunohost app ssowatconf yunohost app ssowatconf
@ -232,7 +233,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access # Remove the public access
ynh_app_setting_delete --app=$app --key=skipped_uris ynh_permission_update --permission="main" --remove="visitors"
#================================================= #=================================================
# MODIFY A CONFIG FILE # MODIFY A CONFIG FILE
@ -339,11 +340,16 @@ if [ $is_public -eq 1 ]
then then
# Everyone can access the app. # Everyone can access the app.
# The "main" permission is automatically created before the install script. # The "main" permission is automatically created before the install script.
ynh_permission_update --permission "main" --add "visitors" ynh_permission_update --permission="main" --add="visitors"
fi fi
# Only the admin can access the admin panel of the app (if the app has an admin panel) # Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access to the api part
# We don't want to display the tile in the sso so we put --show_tile="false"
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX

38
scripts/upgrade
View file

@ -52,28 +52,22 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi fi
### If nobody installed your app before 3.7, ### If nobody installed your app before 4.1,
### then you may safely remove these lines ### then you may safely remove these lines
# Cleaning legacy permissions # Cleaning legacy permissions
is_public=$(ynh_app_setting_get --app=$app --key=is_public) if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
if [ -n "$is_public" ]; then
# Remove unprotected_uris
ynh_app_setting_delete --app=$app --key=unprotected_uris
# Remove protected_uris
ynh_app_setting_delete --app=$app --key=protected_uris
# Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
# Remove skipped_uris. If the app was public, add visitors again to the main permission
if ynh_permission_has_user --permission=main --user=visitors
then
ynh_app_setting_delete --app=$app --key=skipped_uris
ynh_permission_update --permission "main" --add "visitors"
else
ynh_app_setting_delete --app=$app --key=skipped_uris
fi
ynh_app_setting_delete --app=$app --key=is_public ynh_app_setting_delete --app=$app --key=is_public
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
fi fi
#================================================= #=================================================
@ -203,16 +197,6 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
# Set permissions on app files # Set permissions on app files
chown -R root: $final_path chown -R root: $final_path
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading permissions configuration..." --time --weight=1
# Create the admin permission if needed
if ! ynh_permission_exists --permission "admin"; then
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
fi
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================