How to skip an url from the SSO with the new permissions?

Hardware: VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / …
YunoHost version: 4.1.7
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no / yes
If yes, please explain:

Description of my issue

Since a recent update, looks like 4.1.x, an old skipped url or so got removed. Hard to say exactly when though since it was a public ical from Kanboard that may have just ran out of data recently.

Anyway, I need to get a public access on that specific address, but

  • The settings.yml does not take anymore a simple skipped_url or whatever
  • The admin panel does not allow to add any specific permission, or I didn’t find where.
  • The CLI command doesn’t either.
  • I won’t repackage the app to get a permission for a specific and personal need !

So, how one gets to have a specific permission on an url ?

And it wouldn’t be right not to say it… That’s a fucking regression and can’t believe no one needed to do that kind of thing over the past year…

Hi @Maniack_Crudelis

I’m not familiar with the skipped_url setting / feature, can you find some documentation ? Maybe we can find out if it was dropped or replaced by something else.

I’m not sure using swear words here is of any help. Yunohost is run by volunteers doing their best with limited ressources, let’s say polite. Thanks in advance.

There might be some way to override a given URL by adding some custom nginx configuration.

There was a documentation, I wrote it…

It was replaced by something else, the permission system.

I know pretty well who run YunoHost, you can believe me on that…
Considering I warned many times that there was a lot of regression on that feature, looks like being upset isn’t far from normal…

That’s exactly what I’m worried about. I’m not sure there is, unless I missed the doc about it.
And it was a feature used by a lot of people that may be interrested by having it back.

I have used the custom web app to open holes in SSO to specific URL’s. Would that be an option here?

I agree with @arthurlutz for the tone of messages. I like this community and the friendly members. The frustration will (hopefully) wear, but the message will stay (if not edited)

I’m mostly looking for a way for everyone to be able to set specific url public the way it was possible before.
Because for what I’m concerned about, I’ll always find a way to tweak my instance. Not everyone will.

Yet, I’m not sure to understand how you would have a public url for an app using a custom webapp, considering the url is already used by the other app. But maybe I’m missing something in your idea ?

Just drop it, that’s a lost cause. If I would have been the always-nice guy, it would have been done way before.
When someone fucks things up, I’m not staying silent. Some may think that’s rude, I rather prefer being honest. That’s all !
And that’s the same IRL, most that know me here know that as well.

You are, quite unfortunately, not missing anything in my idea. I just tried pointing a custom web app to a specific location in Nextcloud; it does not work for paths that are already claimed by another application.

I can’t save/install. It says:

This URL is either unavailable, or conflicts with the already installed app(s):
* → Foto's en andere bestanden delen (Nextcloud) (nextcloud)

Sorry to not be of any help.

I didn’t follow as well as i wanted the second iteration on permission, but i think the syntax for what you search should be :
In /etc/ssowat/conf.json.persistent

    "permissions": {
        "kanboard.ical": {
            "users": [], 
            "auth_header": false, 
            "show_tile": false, 
            "uris": ["YOUR_PATH"], 
            "label": "Ical kanboard", 
            "public": true

An other way could be :

source /usr/share/yunohost/helpers
ynh_permission_create --permission "ical" --url "/YOUR_RELATIVE_PATH" --allowed "visitors" --label "Kanboard (ical)"

But i think the first method is the right for end users, even if we can find the documentation for the second here : User groups and permissions | Yunohost Documentation

Using /etc/ssowat/conf.json.persistent sounds like the right solution, unfortunately it doesn’t work.
And yunohost app ssowatconf with --debug doesn’t say anything about how the config is read.

Considering an ical url looks like https://domain.tld/kanboard/?controller=ICalendarController&action=project&token=[:alnum:]*
With or without the domain it doesn’t work, with ?, & and even = replaced by . it doesn’t either.
Finally tried to escape the ? but got an error for “corrupted YAML”.

Considering domain.tld/kanboard alone doesn’t work either, my bet goes on a wrong syntax somewhere or just the whole file being ignored by the permission mecanism.

For the second solution, it’s my solution to make it works on separate script, but I don’t think that would be a right solution for common users.
Also, not sure what would happen after an upgrade or in case of remove of the app.

Really think that conf.json.persistent would be a good solution unless a proper CLI.

Playing with the persistent json, I noticed that re:domain.tld/kanboard.*$ does work while re:domain.tld/kanboard/.*ICalendar.*$ doesn’t.
Neither does re:domain.tld/kanboard/.controller=ICalendar.*$

It doesn’t sounds to me like PCRE…

Which make me think that the issue is more profound than just adding a permission, while still an issue.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.