| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| # CMS root paths |
| create path (sling:OrderedFolder) /etc/i18n |
| set ACL for everyone |
| allow jcr:read on /etc/i18n |
| end |
| create path (sling:OrderedFolder) /etc/taxonomy |
| set ACL for everyone |
| allow jcr:read on /etc/taxonomy |
| end |
| create path (sling:OrderedFolder) /static |
| set ACL for everyone |
| allow jcr:read on /static |
| end |
| create path (sling:OrderedFolder) /conf |
| set ACL for everyone |
| allow jcr:read on /conf |
| end |
| create path (sling:OrderedFolder) /content |
| create path (sling:OrderedFolder) /etc/usergenerated |
| set ACL for everyone |
| allow jcr:read on /etc/usergenerated |
| end |
| |
| # Groups |
| create path (rep:AuthorizableFolder) /home/groups |
| create path (rep:AuthorizableFolder) /home/groups/sling-cms |
| create group administrators with path sling-cms |
| set ACL for administrators |
| allow jcr:all on / |
| end |
| create group authors with path sling-cms |
| set ACL for authors |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| create group job-users with path sling-cms |
| create group taxonomy-users with path sling-cms |
| set ACL for taxonomy-users |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/taxonomy |
| end |
| create group ugc-users with path sling-cms |
| set ACL for ugc-users |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated |
| end |
| |
| # Service users |
| create service user sling-cms-metadata |
| set ACL for sling-cms-metadata |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| create service user sling-cms-transformer |
| set ACL for sling-cms-transformer |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| create service user sling-cms-ugc |
| set ACL for sling-cms-ugc |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated |
| end |
| create service user sling-cms-versionmgr |
| set ACL for sling-cms-versionmgr |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on / |
| allow jcr:read on /jcr:system/jcr:versionStorage |
| end |