Merge pull request #111 from YunoHost/permissions
Using new permissions system
This commit is contained in:
Kayou
GitHub
@@ -72,7 +72,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
|
||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||
ynh_app_setting_set --app=$app --key=language --value=$language
|
||||
|
||||
#=================================================
|
||||
@@ -222,7 +221,8 @@ chown -R $app: $final_path
|
||||
|
||||
# Set the app as temporarily public for curl call
|
||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
||||
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
|
||||
# Making the app public for curl
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
# Reload SSOwat config
|
||||
yunohost app ssowatconf
|
||||
|
||||
@@ -234,10 +234,7 @@ ynh_script_progression --message="Finalizing installation..." --time --weight=1
|
||||
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
||||
|
||||
# Remove the public access
|
||||
if [ $is_public -eq 0 ]
|
||||
then
|
||||
ynh_app_setting_delete --app=$app --key=skipped_uris
|
||||
fi
|
||||
ynh_permission_update --permission="main" --remove="visitors"
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILE
|
||||
@@ -347,15 +344,24 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
||||
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
||||
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
||||
# Everyone can access the app.
|
||||
# The "main" permission is automatically created before the install script.
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
|
||||
|
||||
# Everyone can access to the api part
|
||||
# We don't want to display the tile in the sso so we put --show_tile="false"
|
||||
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
|
||||
ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
||||
Reference in New Issue
Block a user