Develop NOT for production #26
Conversation
- Fix YunoHost-Apps#17 - Here get a specific commit (specific command action for plugin)
[fix] partially YunoHost-Apps#25 using an alt user for super-super-admin [dev] Add a activatePlugin (to manage ls via a ynh plugin (when i done it) [dev] Little fix on installer (warning when testing files in patch directory) [dev] Using LimeSurvey install command for installing
| @@ -56,7 +56,12 @@ return array( | |||
| // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates | |||
| 'debug'=>0, | |||
| 'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2 | |||
| 'enableLdap'=>true | |||
| /* yunohost part */ | |||
| 'auth_webserver_user_map' => array( '{{ admin }}'=>'ynh_admin'),// Primary user as ynh admin | |||
There was a problem hiding this comment.
admin choosen when installing : super-super admin via webserver only #25
There was a problem hiding this comment.
Why do we need to call this user ynh_admin (and not {{ admin }} ) ?
There was a problem hiding this comment.
I do some test : if you remove user access (1st user) from LS : then you don't have a user who can set super-admin ...
The issue with LS is
- Only the 1st super-admin (userid==1) can set other super-admin
- The 1st super-admin (userid==1) can always log by DBAuth
- The 1st super admin can not be removed (from LS)
- The 1st super-admin have always all the rights on all ...
Then : if you set 'ynh-user1' to super-admin at start, play a little, via yunohots : remove this admin, set other admin : the new admin don't are really a real super-admin ....
It's really the point where i didn't know how it's best to fix ....
| 'enableLdap'=>true | ||
| /* yunohost part */ | ||
| 'auth_webserver_user_map' => array( '{{ admin }}'=>'ynh_admin'),// Primary user as ynh admin | ||
| 'auth_webserver_autocreate_user'=>1, |
| (2,'AuditLog',0), | ||
| (3,'oldUrlCompat',0), | ||
| (4,'ExportR',0), | ||
| (5,'Authwebserver',1), | ||
| (6,'extendedStartPage',0), | ||
| (7,'ExportSTATAxml',0), | ||
| (8,'QuickMenu',0), | ||
| (9,'AuthLDAP',0); | ||
| (9,'AuthLDAP',1); |
There was a problem hiding this comment.
Fix 'another domain' or AuthWebserver not default with another domain (allow ldap)
There was a problem hiding this comment.
OK, I need to test. If I remember, with AuthLDAP the user is obliged to login twice no ?
There was a problem hiding this comment.
Yes, but there are some issue with Auth webserver if LS are not a subdirectory of ynh primary server. Last time i test it ....
| @@ -2,7 +2,7 @@ | |||
| "name": "LimeSurvey", | |||
| "id": "limesurvey", | |||
| "packaging_format": 1, | |||
| "version": "2.62.2", | |||
| "version": "2.62.2.1", | |||
There was a problem hiding this comment.
I wait for 2.62.3 for final release : false version
| update | ||
|
|
||
| --- | ||
| application/commands/ActivatePluginCommand.php | 70 ++++++++++++++++++++++++++ |
There was a problem hiding this comment.
To move DB direct access system to ls system (with a new ynh plugin (i work on it). Think we can manage really more easily ls via ynh after.
| sudo mkdir -p "$DEST" | ||
| sudo chown $AS_USER: "$DEST" | ||
| sudo chown $AS_USER: "$DEST" | ||
| if [ "$(echo ${SOURCE_FILE##*.})" == "gz" ]; then | ||
| ynh_exec_as "$AS_USER" tar xf $SOURCE_FILE -C "$DEST" --strip-components 1 | ||
| elif [ "$(echo ${SOURCE_FILE##*.})" == "bz2" ]; then | ||
| ynh_exec_as "$AS_USER" tar xjf $SOURCE_FILE -C "$DEST" --strip-components 1 | ||
| elif [ "$(echo ${SOURCE_FILE##*.})" == "zip" ]; then | ||
| mkdir -p "/tmp/$SOURCE_FILE" | ||
| ynh_exec_as "$AS_USER" unzip -q $SOURCE_FILE -d "/tmp/$SOURCE_FILE" |
There was a problem hiding this comment.
I try with zip : but seems there are an issue here : user don't have the right on /tmp/$SOURCE_FILE not ls related and not really needed
| # Apply patches | ||
| if [ -f ${PKG_DIR}/patches/$SOURCE_ID-*.patch ]; then |
There was a problem hiding this comment.
Before : have an error shown here, now allow multiple patch file without bad sentence in command
|
@zamentur que pense tu des modifications ici ? Est ce que je continu dans ce sens sur l'utilisateur numéro 1 ou bien est ce que je revient sur le principe que l'utilisateur 1 reste celui de ynh. En fait : ici c'est la mise à jour que j'aurais plus de mal à gérer. Denis |
| # Set permissions | ||
| ynh_set_default_perm $local_path | ||
| sudo chmod -R u+w $local_path/tmp | ||
| sudo chmod -R u+w $local_path/upload | ||
| sudo chmod -R u+w $local_path/application/config/ | ||
| #~ sudo chmod -R u+w $local_path/application/config/ |
There was a problem hiding this comment.
Without write options the ynh_admin can't change the configuration of LS.
What was the idea to remove this ?
There was a problem hiding this comment.
Oups, unsure , maybe a bad removing during testing ... but have another idea here : allow to load user-config from another file (in user directory). Must be reviewed.
|
|
||
| sudo yunohost app addaccess $app -u $admin | ||
| ynh_sso_access "/index.php?r=admin,/index.php?r=plugins,/scripts" |
There was a problem hiding this comment.
I don't remember why I have put a protection on /index.php?r=plugins,/scripts
May be it's historical (with the last version of the package)
There was a problem hiding this comment.
/script : really not needed, about plugins : specific : ls have issue here (plugins/index) but some plugin must allow public access to plugins/
| (2,'AuditLog',0), | ||
| (3,'oldUrlCompat',0), | ||
| (4,'ExportR',0), | ||
| (5,'Authwebserver',1), | ||
| (6,'extendedStartPage',0), | ||
| (7,'ExportSTATAxml',0), | ||
| (8,'QuickMenu',0), | ||
| (9,'AuthLDAP',0); | ||
| (9,'AuthLDAP',1); |
There was a problem hiding this comment.
OK, I need to test. If I remember, with AuthLDAP the user is obliged to login twice no ?
|
tested, works well. About ynh_admin, I don't know I am not sure to understand why it's needed, but you have a better knowledge on LS than me. |
|
Yes : ynh_admin are really the issue here ..... 2 options :
It's the choice, i can do 2, but not sure for 1 (know less ynh than LS ). And see : #25 the super-super-admin can not come from LDAP ..... |
|
PS : i think i improve LS to allow multiple super-super-admin ;) |
After more thinking : you're right . Best seems to have a dedicated user for 1st admin (else you can break system if you remove the rights of the first user (tested with old ynh). I review next week, update to last version, make a multiple download system for other needed plugins . |
|
Must review all :( |
There are some difference between same domain and other domain
=> Currently user 1 must not be a ynh user : solution create a fake one : done here