diff --git a/filter_plugins/csp_filters.py b/filter_plugins/csp_filters.py index 727ec9a4..dd8fdc60 100644 --- a/filter_plugins/csp_filters.py +++ b/filter_plugins/csp_filters.py @@ -117,7 +117,7 @@ class FilterModule(object): # ReCaptcha integration: allow loading scripts from Google if feature enabled if self.is_feature_enabled(applications, 'recaptcha', application_id): - if directive == 'script-src-elem': + if directive in ['script-src-elem',"frame-src"]: tokens.append('https://www.gstatic.com') tokens.append('https://www.google.com') diff --git a/roles/docker-nextcloud/Update.md b/roles/docker-nextcloud/Update.md deleted file mode 100644 index 946f55ca..00000000 --- a/roles/docker-nextcloud/Update.md +++ /dev/null @@ -1,13 +0,0 @@ -# Update Nextcloud (manuel) - -To perform a manuel Nexcloud update execute: - -```bash -docker-compose exec -T -u www-data application /var/www/html/occ upgrade -docker-compose exec -T -u www-data application /var/www/html/occ maintenance:repair --include-expensive -docker-compose exec -T -u www-data application /var/www/html/occ app:update --all -docker-compose exec -T -u www-data application /var/www/html/occ db:add-missing-columns -docker-compose exec -T -u www-data application /var/www/html/occ db:add-missing-indices -docker-compose exec -T -u www-data application /var/www/html/occ db:add-missing-primary-keys -docker-compose exec -T -u www-data application /var/www/html/occ maintenance:mode --off -``` \ No newline at end of file diff --git a/roles/docker-nextcloud/docs/OCC.md b/roles/docker-nextcloud/docs/OCC.md index cd21ee23..f204cbf8 100644 --- a/roles/docker-nextcloud/docs/OCC.md +++ b/roles/docker-nextcloud/docs/OCC.md @@ -9,49 +9,6 @@ To use OCC, run: ```bash docker-compose exec -it -u www-data application /var/www/html/occ ``` -## User Administration - -### List Users -```bash -docker compose exec -it -u www-data application php occ user:list -``` - -### Get User Info -```bash -docker compose exec -u www-data application php occ user:info {{username}} -``` - -### Sync Users -```bash -docker compose exec -it -u www-data application php occ user:sync -``` - -### Create user via CLI -```bash -docker compose exec -it -u www-data application php occ user:add {{username}} -``` - -### Make user admin via cli -```bash -docker compose exec -it -u www-data application php occ group:adduser admin {{username}} -``` - -### Delete user via CLI -```bash -docker compose exec -it -u www-data application php occ user:delete {{username}} -``` - -### Delete all User (if no ldap is used) -```bash -for user in $(docker compose exec -u www-data application php occ user:list --output=json | jq -r 'keys[]'); do - docker compose exec -u www-data application php occ user:delete "$user" -done -``` - -### Identify users which exist still in nextcloud but not in LDAP anymore -```bash -occ ldap:show-remnants -``` ## App Administration ```bash diff --git a/roles/docker-nextcloud/docs/Users.md b/roles/docker-nextcloud/docs/Users.md new file mode 100644 index 00000000..59f9217e --- /dev/null +++ b/roles/docker-nextcloud/docs/Users.md @@ -0,0 +1,43 @@ +# User Administration + +### List Users +```bash +docker compose exec -it -u www-data application php occ user:list +``` + +### Get User Info +```bash +docker compose exec -u www-data application php occ user:info {{username}} +``` + +### Sync Users +```bash +docker compose exec -it -u www-data application php occ user:sync +``` + +### Create user via CLI +```bash +docker compose exec -it -u www-data application php occ user:add {{username}} +``` + +### Make user admin via cli +```bash +docker compose exec -it -u www-data application php occ group:adduser admin {{username}} +``` + +### Delete user via CLI +```bash +docker compose exec -it -u www-data application php occ user:delete {{username}} +``` + +### Delete all User (if no ldap is used) +```bash +for user in $(docker compose exec -u www-data application php occ user:list --output=json | jq -r 'keys[]'); do + docker compose exec -u www-data application php occ user:delete "$user" +done +``` + +### Identify users which exist still in nextcloud but not in LDAP anymore +```bash +occ ldap:show-remnants +``` \ No newline at end of file diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index a00c39f4..ca3c5553 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -64,3 +64,11 @@ 'Removing' in db_indices_result.stdout or 'updated successfully' in db_indices_result.stdout failed_when: db_indices_result.rc != 0 + +- name: Ensure Nextcloud administrator is in the 'admin' group + command: > + docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }} + php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }} + register: add_admin_to_group + changed_when: "'Added user' in add_admin_to_group.stdout" + failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr" diff --git a/roles/docker-presentation/vars/configuration.yml b/roles/docker-presentation/vars/configuration.yml index 7611c8b8..fe223e64 100644 --- a/roles/docker-presentation/vars/configuration.yml +++ b/roles/docker-presentation/vars/configuration.yml @@ -17,8 +17,10 @@ csp: flags: style-src: unsafe-inline: true + script-src: + unsafe-eval: true script-src-elem: - unsafe-eval: true + unsafe-inline: true domains: canonical: - "slides.{{ primary_domain }}" \ No newline at end of file