wordpress_ynh icon indicating copy to clipboard operation
wordpress_ynh copied to clipboard

Published 20 hours ago verified publisher icon YunoHost-Apps

Permissions ldap

Open Gofannon opened this issue 2 years ago • 2 comments

Problem

  1. This package "rights management" confused me (for a small non-profit organization)
    • "Wordpress admin" permissions allows to give access to page "wp-admin" so a user can log in to the "Wordpress admin"
    • If the user is different from the "admin" declared while installing, it:
      • cannot login to the WP "admin panel" (after find out the url of the page)
      • After been given the "admin permission in YNH", it has no right in Wordpress (aka WP)
    • An "WP admin" needs to provide the rights credential in WP admin panel to the new user.
    • SSO doesn't work
      • I have to loggin twich ( first on ssowat and second on WP /wp-admin )

User rights are managed from the WP user panel, no integration with YNH (Good idea to decouple access rights between YNH and WP?)

  1. LDAP Configuration was confusing with "sql request" so I migrated to something more understandable to me (can be debated of course!)

Solution

  1. Migrate to "YNH permission LDAP system"
    • YNH admin gives the permission as "admin", "editor" or "main" to the users or groups and "nothing" has to be done in WP directly
    • some pending issues:
      • Lack of customization from WP as everything is done in the "YNH permission panel" ?
      • Migration to the new system has not been "functionally tested" on a "real wordpress installation"
      • Who has priority between "LDAP" and "WP existing permission" for example?
  2. Migrate to json file and the tool already used $wpcli to manage the LDAP configuration (instead of sql query)

PR tested on a fresh install of WP what the code runs but I didn't push more on a functional side. Need volunteers for this to not mess up existing deployments

PR Status

  • [X] Code finished and ready to be reviewed/tested
    • tested on "single" and "multisite" setup
  • [ ] The fix/enhancement were manually tested (if applicable)

Automatic tests

Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

Gofannon avatar Mar 25 '23 19:03 Gofannon

!testme

Gofannon avatar Mar 25 '23 19:03 Gofannon

Meow :cat2: Test Badge

yunohost-bot avatar Mar 25 '23 19:03 yunohost-bot