Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions ldap #214

Open
wants to merge 12 commits into
base: testing
Choose a base branch
from
Open

Permissions ldap #214

wants to merge 12 commits into from

Conversation

Gofannon
Copy link

Problem

  1. This package "rights management" confused me (for a small non-profit organization)
    • "Wordpress admin" permissions allows to give access to page "wp-admin" so a user can log in to the "Wordpress admin"
    • If the user is different from the "admin" declared while installing, it:
      • cannot login to the WP "admin panel" (after find out the url of the page)
      • After been given the "admin permission in YNH", it has no right in Wordpress (aka WP)
    • An "WP admin" needs to provide the rights credential in WP admin panel to the new user.
    • SSO doesn't work
      • I have to loggin twich ( first on ssowat and second on WP /wp-admin )

User rights are managed from the WP user panel, no integration with YNH (Good idea to decouple access rights between YNH and WP?)

  1. LDAP Configuration was confusing with "sql request" so I migrated to something more understandable to me (can be debated of course!)

Solution

  1. Migrate to "YNH permission LDAP system"
    • YNH admin gives the permission as "admin", "editor" or "main" to the users or groups and "nothing" has to be done in WP directly
    • some pending issues:
      • Lack of customization from WP as everything is done in the "YNH permission panel" ?
      • Migration to the new system has not been "functionally tested" on a "real wordpress installation"
      • Who has priority between "LDAP" and "WP existing permission" for example?
  2. Migrate to json file and the tool already used $wpcli to manage the LDAP configuration (instead of sql query)

PR tested on a fresh install of WP what the code runs but I didn't push more on a functional side. Need volunteers for this to not mess up existing deployments

PR Status

  • Code finished and ready to be reviewed/tested
    • tested on "single" and "multisite" setup
  • The fix/enhancement were manually tested (if applicable)

Automatic tests

Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

@Gofannon
Copy link
Author

!testme

@yunohost-bot
Copy link
Contributor

Meow 🐈
Test Badge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Gofannon @yunohost-bot