Enable again and configure LDAP correctly

Author: Josue-T

conf/local.py.j2

@@ -29,47 +29,42 @@ DATABASES = {
         'USER': '{{ db_user }}',
         'PASSWORD': '{{ db_pwd }}',
         'HOST': '127.0.0.1',
-        'PORT': '5432', 
+        'PORT': '5432',
     },
 }
 
 FEEDS = (('ffdn', 'http://www.ffdn.org/fr/rss.xml', 3),)
 
 
 
-#    # Tous acces
-#    # parametrer SSO en protect_uris
-#    # OU
-#    # Pas d'acces
-#    # hook
-#    # parametrer SSO en protect_uris
-#    import ldap
-#    from django_auth_ldap.config import LDAPSearch, PosixGroupType
-#    AUTHENTICATION_BACKENDS = (
-#        'django_auth_ldap.backend.LDAPBackend',
-#        'django.contrib.auth.backends.ModelBackend',
-#    )
-#    AUTH_LDAP_SERVER_URI = "ldap://localhost:389"
-#    AUTH_LDAP_USER_SEARCH = LDAPSearch("uid={{ admin }},ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
-#    AUTH_LDAP_USER_ATTR_MAP = {
-#        "username": "uid",
-#        "first_name": "givenName",
-#        "last_name": "sn",
-#        "email": "mail",
-#    }
-#    AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-#        "is_active": "cn=sftpusers,ou=groups,dc=yunohost,dc=org",
-#        "is_staff": "cn=sftpusers,ou=groups,dc=yunohost,dc=org",
-#        "is_superuser": "cn=sftpusers,ou=groups,dc=yunohost,dc=org"
-#    }
-#    AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)")
-#    AUTH_LDAP_GROUP_TYPE = PosixGroupType()
-#    AUTH_LDAP_ALWAYS_UPDATE_USER = True
-#    AUTH_LDAP_AUTHORIZE_ALL_USERS = True
-#    AUTH_LDAP_FIND_GROUP_PERMS = True
-#    #AUTH_LDAP_CACHE_GROUPS = True
-#    #AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300
-#    #import logging
-#    #logger = logging.getLogger('django_auth_ldap')
-#    #logger.addHandler(logging.StreamHandler())
-#    #logger.setLevel(logging.DEBUG)
+# Tous acces
+import ldap
+from django_auth_ldap.config import LDAPSearch, MemberDNGroupType
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+AUTH_LDAP_SERVER_URI = "ldap://localhost:389"
+AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+AUTH_LDAP_USER_ATTR_MAP = {
+    "username": "uid",
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail",
+}
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn={{ app }}.main,ou=permission,dc=yunohost,dc=org",
+    "is_staff": "cn={{ app }}.staff,ou=permission,dc=yunohost,dc=org",
+    "is_superuser": "cn={{ app }}.superadmin,ou=permission,dc=yunohost,dc=org"
+}
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=permission,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE)
+AUTH_LDAP_GROUP_TYPE = MemberDNGroupType("inheritPermission", "permissionYnh")
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+AUTH_LDAP_AUTHORIZE_ALL_USERS = False
+AUTH_LDAP_FIND_GROUP_PERMS = True
+AUTH_LDAP_CACHE_GROUPS = True
+AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1000
+# import logging
+# logger = logging.getLogger('django_auth_ldap')
+# logger.addHandler(logging.StreamHandler())
+# logger.setLevel(logging.DEBUG)

manifest.toml

@@ -31,10 +31,6 @@ ram.runtime = "50M"
     # this is a generic question - ask strings are automatically handled by Yunohost's core
     type = "domain"
 
-    [install.admin]
-    # this is a generic question - ask strings are automatically handled by Yunohost's core
-    type = "user"
-
     [install.email]
     ask.en = "Choose email were send notification"
     ask.fr = "Choisissez l'email vers lequel envoyer les notifications"
@@ -53,6 +49,22 @@ ram.runtime = "50M"
     type = "string"
     example = "https://www.exemple.tld"
 
+    [install.init_staff_permission]
+    ask.en = "Which group will have the staff access"
+    ask.fr = "Quel groupe aura accès l'accès en tant que staff"
+    help.en = "Users of this group should have access to the Coin admin page"
+    help.fr = "Les utilisateurs de ce groupe devrait avoir accès à la page d'administration de Coin"
+    type = "group"
+    default = "admins"
+
+    [install.init_superadmin_permission]
+    ask.en = "Which group will have the superadmin access"
+    ask.fr = "Quel groupe aura accès l'accès en tant que super admin"
+    help.en = "Users of this group should have all access on the Coin admin page"
+    help.fr = "Les utilisateurs de ce groupe devrait avoir tout les accès sur la page d'administration de Coin"
+    type = "group"
+    default = "admins"
+
 [resources]
         [resources.sources.main]
         url = "https://code.ffdn.org/ffdn/coin/-/archive/bcaad5f.tar.gz"
@@ -65,7 +77,13 @@ ram.runtime = "50M"
 
     [resources.permissions]
     main.url = "/"
-    main.allowed = "visitors"
+    main.allowed = ["visitors", "all_users"]
+
+    staff.show_tile = false
+    staff.label = "Staff"
+
+    superadmin.show_tile = false
+    superadmin.label = "Super admin"
 
     [resources.apt]
     packages = "gunicorn, python3, python3-venv, libpq-dev, libsasl2-dev, libjpeg-dev, libxml2-dev, libxslt1-dev, libpango1.0-0, postgresql, postgresql-contrib, postgresql-server-dev-all python3-dev"

scripts/install

@@ -9,7 +9,7 @@ ynh_app_setting_set --app=$app --key=secret --value=$secret
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-ynh_script_progression --message="Setting up source files..." 
+ynh_script_progression --message="Setting up source files..."
 
 ynh_setup_source --dest_dir="$install_dir"
 
@@ -22,20 +22,20 @@ chown -R $app:www-data "$install_dir"
 #=================================================
 # PYTHON DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing more dependencies..." 
+ynh_script_progression --message="Installing more dependencies..."
 
 pushd "$install_dir"
     python3 -m venv venv
     venv/bin/pip install --upgrade pip
     venv/bin/pip install gunicorn
-	#echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt
+    echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt
     venv/bin/pip install -r requirements.txt
 popd
 
 #=================================================
 # CONFIGURATION DJANGO
 #=================================================
-ynh_script_progression --message="Configuring application..." 
+ynh_script_progression --message="Configuring application..."
 
 export prefix="${path#"/"}/"
 prefix=${prefix%"/"}
@@ -65,7 +65,7 @@ chown -R $app:www-data "/var/log/$app"
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
-ynh_script_progression --message="Adding a configuration file..." 
+ynh_script_progression --message="Adding a configuration file..."
 
 ynh_add_config --template="gunicorn_config.py" --destination="$install_dir/gunicorn_config.py"
 
@@ -88,7 +88,7 @@ yunohost service add $app --description "$app daemon" --log="/var/log/$app/$app.
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting systemd service..." 
+ynh_script_progression --message="Starting systemd service..."
 
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"

scripts/upgrade

@@ -32,7 +32,7 @@ pushd "$install_dir"
     python3 -m venv venv
     venv/bin/pip install --upgrade pip
     venv/bin/pip install gunicorn
-	#echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt
+    echo "django-auth-ldap<1.4" >> $install_dir/requirements.txt
     venv/bin/pip install -r requirements.txt
 popd