val
/
deployment_ddcdn_multisite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

set permissions for schema imported collections

This commit is contained in:
Valentin 2024-11-29 18:17:06 +01:00
parent f697e7549a
commit 923f96a692
4 changed files with 31 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
bin/add-site/install_directus.sh
View File

@ -19,6 +19,7 @@ sed -i "s/^ADMIN_EMAIL=.*/ADMIN_EMAIL=${directus_admin_email}/" "/home/${USERNAM
sed -i "s/^ADMIN_PASSWORD=.*/ADMIN_PASSWORD=${directus_admin_password}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env" sed -i "s/^ADMIN_PASSWORD=.*/ADMIN_PASSWORD=${directus_admin_password}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env"
# @TODO: random port # @TODO: random port
port=8055 port=8055
key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') key=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
@ -28,12 +29,10 @@ sed -i "s/^KEY=.*/KEY=${key}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env"
sed -i "s/^SECRET=.*/SECRET=${secret}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env" sed -i "s/^SECRET=.*/SECRET=${secret}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env"
sed -i "s/^PORT=.*/PORT=${port}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env" sed -i "s/^PORT=.*/PORT=${port}/" "/home/${USERNAME}/cms.${DOMAIN_NAME}/.env"
# Start the services using Docker Compose
docker compose -f "/home/${USERNAME}/cms.${DOMAIN_NAME}/docker-compose.yml" up -d docker compose -f "/home/${USERNAME}/cms.${DOMAIN_NAME}/docker-compose.yml" up -d
sleep 10 sleep 10
# Wait for the database to be ready
echo "Waiting for Directus database to be ready..." echo "Waiting for Directus database to be ready..."
until docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -uroot -e "SELECT 1 FROM directus.directus_roles LIMIT 1" &> /dev/null until docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -uroot -e "SELECT 1 FROM directus.directus_roles LIMIT 1" &> /dev/null
do do
@ -41,16 +40,18 @@ do
sleep 5 sleep 5
done done
# @TODO: ask if import db
# and prompt "take care of permissions settings"
# else do the install db manipulations
docker cp assets/directus_policies.sql "${DOMAIN_NAME}_Directus_DB:/directus_policies.sql" docker cp assets/directus_policies.sql "${DOMAIN_NAME}_Directus_DB:/directus_policies.sql"
docker exec -i "${DOMAIN_NAME}_Directus_DB" sh -c " docker exec -i "${DOMAIN_NAME}_Directus_DB" sh -c "
mariadb -uroot directus < /directus_policies.sql mariadb -uroot directus < /directus_policies.sql
" "
# docker exec -i "${DOMAIN_NAME}_Directus" sh -c "npx directus roles create --role Website && npx directus roles create --role User" website_role_uuid=$(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -N -uroot -e "SELECT id FROM directus.directus_roles WHERE name='Website'")
user_role_uuid=$(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -N -uroot -e "SELECT id FROM directus.directus_roles WHERE name='User'")
website_role_uuid=$(echo $(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -uroot -e "SELECT id FROM directus.directus_roles WHERE name='Website'") | awk '{print $2}') admin_role_uuid=$(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -N -uroot -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'")
user_role_uuid=$(echo $(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -uroot -e "SELECT id FROM directus.directus_roles WHERE name='User'") | awk '{print $2}')
admin_role_uuid=$(echo $(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -uroot -e "SELECT id FROM directus.directus_roles WHERE name='Administrator'") | awk '{print $2}')
website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n') website_password=$(head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n')
@ -64,16 +65,6 @@ docker exec -i "${DOMAIN_NAME}_Directus_DB" sh -c "
UPDATE directus.directus_users SET token='${WEBSITE_TOKEN}' WHERE email='website@${DOMAIN_NAME}'; UPDATE directus.directus_users SET token='${WEBSITE_TOKEN}' WHERE email='website@${DOMAIN_NAME}';
\" directus \" directus
" "
# @TODO: random port
# INSERT INTO directus_permissions (role, collection, action, permissions, validation, fields)
# VALUES ('${website_role_uuid}', 'directus_files', 'read', '{}', '{}', '*');
# INSERT INTO directus_permissions (role, collection, action, permissions, validation, fields)
# VALUES ('${user_role_uuid}', 'directus_files', 'read', '{}', '{}', '*');
# INSERT INTO directus_permissions (role, collection, action, permissions, validation, fields)
# VALUES ('${user_role_uuid}', 'directus_folders', 'read', '{}', '{}', '*');
# @TODO: website permission
docker network connect web "${DOMAIN_NAME}_Directus" docker network connect web "${DOMAIN_NAME}_Directus"
@ -88,6 +79,26 @@ if [[ "$answer" == "y" ]]; then
docker cp /home/${USERNAME}/snapshot.yaml "${DOMAIN_NAME}_Directus":/directus/snapshot.yaml docker cp /home/${USERNAME}/snapshot.yaml "${DOMAIN_NAME}_Directus":/directus/snapshot.yaml
docker exec -i "${DOMAIN_NAME}_Directus" sh -c "npx directus schema apply --yes ./snapshot.yaml" docker exec -i "${DOMAIN_NAME}_Directus" sh -c "npx directus schema apply --yes ./snapshot.yaml"
can_see_policy_id=$(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -N -uroot -e "SELECT id FROM directus.directus_policies WHERE name='CanSee'")
can_edit_policy_id=$(docker exec -i "${DOMAIN_NAME}_Directus_DB" mariadb -N -uroot -e "SELECT id FROM directus.directus_policies WHERE name='CanEdit'")
docker exec -i "${DOMAIN_NAME}_Directus_DB" sh -c "mariadb -N -u root directus -e \"SELECT collection FROM directus_collections;\"" | while read collection_name; do
echo $collection_name;
docker exec -i "${DOMAIN_NAME}_Directus_DB" sh -c "
mariadb -uroot directus -e \"
INSERT INTO directus_permissions (collection, action, permissions, fields, policy)
VALUES
('${collection_name}', 'read', '{}', '*', '${can_see_policy_id}'),
('${collection_name}', 'read', '{}', '*', '${can_edit_policy_id}'),
('${collection_name}', 'create', '{}', '*', '${can_edit_policy_id}'),
('${collection_name}', 'update', '{}', '*', '${can_edit_policy_id}'),
('${collection_name}', 'delete', '{}', '*', '${can_edit_policy_id}');
\"
"
done
# @TODO: check set permissions for collections imported via schema
fi fi
if ! grep -q "cms.${DOMAIN_NAME}" "$CADDYFILE"; then if ! grep -q "cms.${DOMAIN_NAME}" "$CADDYFILE"; then

1
bin/add-site/set_url.sh
View File

@ -5,6 +5,7 @@ read DOMAIN_NAME
check_global_const IP check_global_const IP
# @TODO : Automate the DNS configuration with OVH api
echo -e "${PURPLE}${BOLD}Configure the ${DOMAIN_NAME} DNS ZONE as the following${RESET}" echo -e "${PURPLE}${BOLD}Configure the ${DOMAIN_NAME} DNS ZONE as the following${RESET}"
echo -e "${BLUE}Domain : ${DOMAIN_NAME} | Type : A | Target : ${IP}${RESET}" echo -e "${BLUE}Domain : ${DOMAIN_NAME} | Type : A | Target : ${IP}${RESET}"
echo -e "${BLUE}Domain : cms.${DOMAIN_NAME} | Type : A | Target : ${IP}${RESET}" echo -e "${BLUE}Domain : cms.${DOMAIN_NAME} | Type : A | Target : ${IP}${RESET}"

0
bin/variables.sh → bin/env-setup.sh
View File

4
install.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
. bin/variables.sh . bin/env-setup.sh
echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" echo -e "${PURPLE}${BOLD}Deployment Debian + Docker + Caddy + Directus + Nuxt${RESET}"
if [ "$(dirname "$(readlink -f "$0")")" != "$(pwd)" ]; then if [ "$(dirname "$(readlink -f "$0")")" != "$(pwd)" ]; then
echo "Please run this script from its directory." echo "Please run this script from its directory."