From 446f99521ffaa8ce0b14ff9184ce2f847bcaace5 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Wed, 2 Feb 2022 00:05:11 +0100
Subject: [PATCH] Change default value of ACL_ACCESS_GROUP option

Previously ACL_ACCESS_GROUP defaulted to the value of ACL_SELFSERVICE_GROUP,
now it defaults to "uffd_access". Note that ACL_SELFSERVICE_GROUP has the same
default value. If you set ACL_SELFSERVICE_GROUP to a different value but not
ACL_ACCESS_GROUP, you will need to update your config.
---
 README.md               | 2 ++
 uffd/__init__.py        | 2 --
 uffd/default_config.cfg | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 0ca4fec3..78c6fca0 100644
--- a/README.md
+++ b/README.md
@@ -95,6 +95,8 @@ After running the migrations you can remove all `LDAP_*`-prefixed settings from
 
 Upgrading will not perform any write access to the LDAP server.
 
+If the config option `ACL_SELFSERVICE_GROUP` is set but not `ACL_ACCESS_GROUP`, make sure to set `ACL_ACCESS_GROUP` to the same value as `ACL_SELFSERVICE_GROUP`,
+
 ## Python Coding Style Conventions
 
 PEP 8 without double new lines, tabs instead of spaces and a max line length of 160 characters.
diff --git a/uffd/__init__.py b/uffd/__init__.py
index ae885358..e370e999 100644
--- a/uffd/__init__.py
+++ b/uffd/__init__.py
@@ -53,8 +53,6 @@ def init_config(app: Flask, test_config):
 		for filename in ["config.cfg", "config.json", "config.yml", "config.yaml"]:
 			if load_config_file(app, os.path.join(app.instance_path, filename), silent=True):
 				break
-	# Prior to v1.1 login required ACL_SELFSERVICE_GROUP and ACL_ACCESS_GROUP did not exist
-	app.config.setdefault('ACL_ACCESS_GROUP', app.config['ACL_SELFSERVICE_GROUP'])
 
 	if app.env == "production" and app.secret_key is None:
 		raise Exception("SECRET_KEY not configured and we are running in production mode!")
diff --git a/uffd/default_config.cfg b/uffd/default_config.cfg
index f869cc67..0628f106 100644
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -22,7 +22,7 @@ ACL_ADMIN_GROUP="uffd_admin"
 # Group required to access selfservice functions (view selfservice, change profile/password/roles)
 ACL_SELFSERVICE_GROUP="uffd_access"
 # Group required to login
-#ACL_ACCESS_GROUP="uffd_access" # if unset, the value of ACL_SELFSERVICE_GROUP is used
+ACL_ACCESS_GROUP="uffd_access"
 # Members can create invite links for signup
 ACL_SIGNUP_GROUP="uffd_signup"
 
-- 
GitLab