Add group-permission support

This commit is contained in:
Josué Tille 2020-03-25 16:33:19 +01:00
parent f933d40896
commit 3f8bc89834
No known key found for this signature in database
GPG Key ID: 716A6C99B04194EF
5 changed files with 28 additions and 11 deletions

View File

@ -1,3 +1,6 @@
INSERT INTO `__APP__`.`login_source` (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) VALUES INSERT INTO `__APP__`.`login_source`
('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}', '1464014433', '1464015955') (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`)
ON DUPLICATE KEY UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}' VALUES
('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955')
ON DUPLICATE KEY
UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}';

View File

@ -20,7 +20,7 @@
"mysql" "mysql"
], ],
"requirements": { "requirements": {
"yunohost": ">= 3.6.4" "yunohost": ">= 3.7.0.6"
}, },
"arguments": { "arguments": {
"install" : [ "install" : [

View File

@ -87,10 +87,8 @@ set_permission() {
} }
set_access_settings() { set_access_settings() {
if [ "$is_public" = '1' ] if [ "$is_public" == '1' ];
then then
ynh_app_setting_set --app $app --key unprotected_uris --value "/" ynh_permission_update --permission "main" --add "visitors"
else
ynh_app_setting_delete --app $app --key skipped_regex
fi fi
} }

View File

@ -90,14 +90,13 @@ ynh_script_progression --message="Configuring application, step 2/2..."
# Start gitea for building mysql tables # Start gitea for building mysql tables
systemctl start "$app".service systemctl start "$app".service
# Wait till login_source mysql table is created # Wait untill login_source mysql table is created
while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null) while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null)
do do
sleep 2 sleep 2
done done
# Add ldap config # Add ldap config
ynh_replace_string --match_string "__ADMIN__" --replace_string "$admin" --target_file ../conf/login_source.sql
ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
@ -113,6 +112,10 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile
ynh_script_progression --message="Protecting directory" ynh_script_progression --message="Protecting directory"
set_access_settings set_access_settings
# Create permission
ynh_script_progression --message="Configuring permissions"
ynh_permission_create --permission="admin" --allowed=$admin
# Add gitea to YunoHost's monitored services # Add gitea to YunoHost's monitored services
ynh_script_progression --message="Register gitea service..." ynh_script_progression --message="Register gitea service..."
yunohost service add "$app" --log "/var/log/$app/gitea.log" yunohost service add "$app" --log "/var/log/$app/gitea.log"

View File

@ -65,7 +65,6 @@ if [[ $migration_process -eq 1 ]]; then
ynh_secure_remove --file=$final_path/custom/conf/auth.d ynh_secure_remove --file=$final_path/custom/conf/auth.d
# Restore authentication from SQL database # Restore authentication from SQL database
ynh_replace_string --match_string __ADMIN__ --replace_string "$admin" --target_file ../conf/login_source.sql
ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
@ -189,6 +188,20 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# Set all permissions
ynh_script_progression --message="Update permission..."
if ! ynh_permission_exists --permission admin; then
ynh_app_setting_delete --app $app --key unprotected_uris
ynh_permission_create --permission 'admin' --allowed "$admin"
# Update ldap config
ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
fi
if [ "$is_public" == '1' ];
then
ynh_permission_update --permission "main" --add "visitors"
fi
# Set permissions # Set permissions
ynh_script_progression --message="Protecting directory" ynh_script_progression --message="Protecting directory"
set_permission set_permission