From 17c267a481b5c1a42405a92d135c2cc8ab6cd377 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 11 Aug 2016 10:46:13 +0200
Subject: [PATCH] library/roles/dnet_user_services_perms: Fix to the ACL
 handling. Now it's possibile to specify the acl permissions.

---
 dnet_user_services_perms/defaults/main.yml              | 6 +++---
 dnet_user_services_perms/tasks/dnet-users-data-dirs.yml | 6 +++---
 drupal-org/tasks/drupal-main.yml                        | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/dnet_user_services_perms/defaults/main.yml b/dnet_user_services_perms/defaults/main.yml
index 4320c6da..380333a4 100644
--- a/dnet_user_services_perms/defaults/main.yml
+++ b/dnet_user_services_perms/defaults/main.yml
@@ -16,9 +16,9 @@ dnet_log_directories:
 
 # Define the following if you want some directories readable and writable by the dnet group but outside the dnet app data dirs
 #dnet_users_data_directories:
-#  - { name: '/data/1', perms: 0755, create: True, file: False, owner: 'root', group: 'dnet' }
-#  - { name: '/data/2', create: False, perms: 0755, file: False, owner: 'root', group: 'dnet' }
-#  - { name: '/data/bah', create: False, perms: 0644, file: True }
+#  - { name: '/data/1', perms: 0755, create: True, file: False, owner: 'root', group: 'dnet', aclperms: 'rwx' }
+#  - { name: '/data/2', create: False, perms: 0755, file: False, owner: 'root', group: 'dnet', aclperms: 'rwx' }
+#  - { name: '/data/bah', create: False, perms: 0644, file: True, aclperms: 'rw' }
 
 # Define the following array when you want to add commands to the sudoers file
 #dnet_sudo_commands:
diff --git a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
index 227471e6..dc8c1684 100644
--- a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
+++ b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
@@ -6,19 +6,19 @@
   tags: [ 'dnet', 'users', 'dnet_u_acl' ]
 
 - name: Set the read/write/access permissions on the users dnet data dirs
-  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present
+  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present
   with_items: '{{ dnet_users_data_directories }}'
   when: not item.file
   tags: [ 'dnet', 'users', 'dnet_u_acl' ]
 
 - name: Set the default read/write/access permissions on the users dnet data dirs
-  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
+  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present default=yes
   with_items: '{{ dnet_users_data_directories }}'
   when: not item.file
   tags: [ 'dnet', 'users', 'dnet_u_acl' ]
 
 - name: Set the read/write permissions on pre-existing files inside the users dnet data dirs
-  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rw state=present
+  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
   with_items: '{{ dnet_users_data_directories }}'
   when: item.file
   tags: [ 'dnet', 'users', 'dnet_u_acl' ]
diff --git a/drupal-org/tasks/drupal-main.yml b/drupal-org/tasks/drupal-main.yml
index 520cfb76..2c6a093c 100644
--- a/drupal-org/tasks/drupal-main.yml
+++ b/drupal-org/tasks/drupal-main.yml
@@ -57,7 +57,7 @@
   tags: drupal
 
 - name: Create the files directory
-  file: dest={{ drupal_install_dir }}/{{ item.virthost }}/sites/default/files owner={{ item.user }} group={{ item.group }} mode=0770 state=directory
+  file: dest={{ drupal_install_dir }}/{{ item.virthost }}/sites/default/files owner={{ item.user }} group={{ item.group }} mode=0775 state=directory
   with_items: '{{ phpfpm_pools }}'
   when: ( unpack_drupal | changed )
   tags: drupal