From 99cc3a5cef3cd6ce9ca34608f52b396178017720 Mon Sep 17 00:00:00 2001
From: Gabriel Cossette <gabriel@weblibre.ca>
Date: Wed, 30 Jun 2021 21:45:26 +0000
Subject: [PATCH] update

---
 manifest.json   | 11 ++++++++++-
 scripts/install | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 0eb423f..08bf5c6 100644
--- a/manifest.json
+++ b/manifest.json
@@ -38,7 +38,16 @@
                 "type": "path",
                 "example": "/site",
                 "default": "/"
-            }
+            },
+			{
+				"name": "user",
+				"type": "user",
+				"ask": {
+					"en": "Choose the WordPress administrator (must be an existing YunoHost user)",
+					"fr": "Administrateur du site (doit être un utilisateur YunoHost existant)"
+				},
+				"example": "john"
+			}
         ]
     }
 }
diff --git a/scripts/install b/scripts/install
index 28f5152..9691746 100644
--- a/scripts/install
+++ b/scripts/install
@@ -22,6 +22,7 @@ ynh_abort_if_errors
 
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
+user=$YNH_APP_ARG_USER
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -86,6 +87,40 @@ setfacl -m g:$app:rx /var/www
 
 chown -R $app: "$final_path"
 
+if ! ynh_system_group_exists "web"    # Check if the group exists on the system
+then    # If the user doesn't exist
+    yunohost user group create web
+fi
+
+ynh_package_install proftpd-mod-ldap
+
+echo "<IfModule mod_ldap.c>
+    LDAPServer ldap://localhost/??sub
+    LDAPUsers ou=users,dc=yunohost,dc=org (uid=%u)
+</IfModule>
+
+PassivePorts                  50000 50100
+
+<IfModule mod_tls.c>
+    TLSEngine                               on
+    TLSLog                                  /var/log/proftpd/tls.log
+    TLSProtocol                             SSLv23
+    TLSRSACertificateFile                   /etc/yunohost/certs/$domain/crt.pem
+    TLSRSACertificateKeyFile                /etc/yunohost/certs/$domain/key.pem
+    TLSVerifyClient                         off
+    TLSOptions                              NoSessionReuseRequired
+    TLSRequired                             on
+</IfModule>" > /etc/proftpd/conf.d/yunohost.conf
+
+systemctl restart proftpd
+
+yunohost firewall allow TCP 21
+yunohost firewall allow TCP 50000:50100
+
+# Allow web group to browse content of /var/www
+setfacl -m g:tiny_file_manager:rx /var/www
+setfacl -m g:tiny_file_manager.main:rx /var/www
+
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -97,6 +132,15 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
 # GENERIC FINALIZATION
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Configuring permissions..." --weight=1
+
+ynh_permission_update --permission="main" --remove=all_users
+
+ynh_permission_update --permission="main" --add=$user
+
 #=================================================
 # RELOAD NGINX
 #=================================================