From 3f8bc8983455c7b301e40bb0dde5d9c7fb954bae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Wed, 25 Mar 2020 16:33:19 +0100
Subject: [PATCH] Add group-permission support

---
 conf/login_source.sql |  9 ++++++---
 manifest.json         |  2 +-
 scripts/_common.sh    |  6 ++----
 scripts/install       |  7 +++++--
 scripts/upgrade       | 15 ++++++++++++++-
 5 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/conf/login_source.sql b/conf/login_source.sql
index 7454918..ee9da47 100644
--- a/conf/login_source.sql
+++ b/conf/login_source.sql
@@ -1,3 +1,6 @@
-INSERT INTO `__APP__`.`login_source` (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) VALUES
-('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}', '1464014433', '1464015955')
-ON DUPLICATE KEY UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}'
+INSERT INTO `__APP__`.`login_source` 
+(`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`)
+VALUES
+('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955')
+ON DUPLICATE KEY 
+UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}';
diff --git a/manifest.json b/manifest.json
index 37eda47..897129c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -20,7 +20,7 @@
         "mysql"
     ],
     "requirements": {
-        "yunohost": ">= 3.6.4"
+        "yunohost": ">= 3.7.0.6"
     },
     "arguments": {
         "install" : [
diff --git a/scripts/_common.sh b/scripts/_common.sh
index d6e5689..d52dfc7 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -87,10 +87,8 @@ set_permission() {
 }
 
 set_access_settings() {
-    if [ "$is_public" = '1' ]
+    if [ "$is_public" == '1' ];
     then
-        ynh_app_setting_set --app $app --key unprotected_uris --value "/"
-    else
-        ynh_app_setting_delete --app $app --key skipped_regex
+        ynh_permission_update --permission "main" --add "visitors"
     fi
 }
diff --git a/scripts/install b/scripts/install
index 57901c4..f5687ad 100644
--- a/scripts/install
+++ b/scripts/install
@@ -90,14 +90,13 @@ ynh_script_progression --message="Configuring application, step 2/2..."
 # Start gitea for building mysql tables
 systemctl start "$app".service
 
-# Wait till login_source mysql table is created
+# Wait untill login_source mysql table is created
 while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname"  <<< "SELECT * FROM login_source;" &>/dev/null)
 do
     sleep 2
 done
 
 # Add ldap config
-ynh_replace_string --match_string "__ADMIN__" --replace_string "$admin" --target_file ../conf/login_source.sql
 ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
 ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
 
@@ -113,6 +112,10 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile
 ynh_script_progression --message="Protecting directory"
 set_access_settings
 
+# Create permission
+ynh_script_progression --message="Configuring permissions"
+ynh_permission_create --permission="admin" --allowed=$admin
+
 # Add gitea to YunoHost's monitored services
 ynh_script_progression --message="Register gitea service..."
 yunohost service add "$app" --log "/var/log/$app/gitea.log"
diff --git a/scripts/upgrade b/scripts/upgrade
index 58eccbf..fb7e3f3 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -65,7 +65,6 @@ if [[ $migration_process -eq 1 ]]; then
     ynh_secure_remove --file=$final_path/custom/conf/auth.d
 
     # Restore authentication from SQL database
-    ynh_replace_string --match_string __ADMIN__ --replace_string "$admin" --target_file ../conf/login_source.sql
     ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql
     ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
 
@@ -189,6 +188,20 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile
 # GENERIC FINALIZATION
 #=================================================
 
+# Set all permissions
+ynh_script_progression --message="Update permission..."
+if ! ynh_permission_exists --permission admin; then
+    ynh_app_setting_delete --app $app --key unprotected_uris
+    ynh_permission_create --permission 'admin' --allowed "$admin"
+    # Update ldap config
+    ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
+    ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
+fi
+if [ "$is_public" == '1' ];
+then
+    ynh_permission_update --permission "main" --add "visitors"
+fi
+
 # Set permissions
 ynh_script_progression --message="Protecting directory"
 set_permission