blob: 379f48cde3094fa5849af6a6dd7891537aee1d3b [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with this
# work for additional information regarding copyright ownership. The ASF
# licenses this file to You under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
create service user su with forced path /home/users/system/cq:services/myfeature
set ACL for su
remove * on /var
set ACL on /var
remove jcr:all for su
set principal ACL for su
allow jcr:all on /var restriction(rep:ntNames,nt:unstructured)
create group gr1 with path my/group/path
set repository ACL for gr1
allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement
set ACL on /conf,/content
allow jcr:read,jcr:modifyProperties for gr1 restriction(rep:glob,*)
allow jcr:read for gr1 restriction(rep:itemNames,jcr:primaryType,jcr:mixinTypes) restriction(rep:ntNames\,nt:folder)
set ACL for gr1 (ACLOptions\=someOption,someOtherOption,namespaced:option)
deny jcr:versionManagement on /content nodetypes nt:folder restriction(rep:glob,/subtree)
remove jcr:lockManagement on /content,func(gr1)
remove * on :repository,home(gr1)/sub
create group gr2 with forced path /home/groups/myfeature
set ACL on /conf,/libs
allow jcr:read,jcr:write for gr1,gr2 restriction(rep:glob,/subtree)
remove jcr:modifyProperties for gr2
create group gr3
create user a
create user b with path myfeature
create user c with forced path /home/users/bla with password plaintext
create user d with password {SHA-256} dc460da4ad72c482231e28e688e01f2778a88ce31a08826899d54ef7183998b5
add a,b,c,d to group gr3
remove a,b from group gr1
disable service user deprecated_service_user : \"Disabled user to make an example\"
disable service user deprecated_service_user : \"This message explains why it's disabled. Whitespace is preserved.\"
disable service user deprecated_service_user : \"Testing escaped double \\\"quote\\\" in this string.\"
disable service user deprecated_service_user : \"Testing quoted escaped backslash \\\"\\\\\\\" in this string.\"
disable service user deprecated_service_user : \"Testing unescaped single backslash \ in this string.\"
delete service user deprecated_service_user
delete user c
delete group gr1",\
create path /test(sling:Folder)/a(nt:folder mixin mix:referenceable,mix:shareable)/b(nt:unstructured)/c(sling:Folder mixin mix:created)
create path (sling:Folder) /test/a(nt:folder mixin mix:referenceable,mix:shareable)/b(nt:unstructured)/c( mixin mix:created)
register namespace ( prefix ) http://prefix/v0.0.0",\
"register nodetypes
<< <slingevent\=\'\'>
<< [slingevent:Event] > nt:unstructured, nt:hierarchyNode
<< - slingevent:topic (string)
<< - slingevent:properties (binary)
register abstract privilege privAbstract
register privilege priv1
register privilege priv2 with privAbstract,priv1",\
delete ACL for ana
delete ACL for alice, aida
delete ACL on :repository, home(anni), functionNamesAreFree(aendu)
delete ACL on /, /var, /etc
delete ACL on /content
delete principal ACL for ada, amy
delete principal ACL for adi",\
remove ACE on /libs,/apps, /, /content/
allow jcr:read for user1,user2
allow privilege_without_namespace for user4
deny jcr:write,something:else,another:one for user2
deny jcr:lockManagement for user1
deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2)
remove ACE for user1,u2
allow jcr:read on /content
allow jcr:addChildNodes, jcr:modifyProperties on /content restriction(rep:glob)
deny jcr:read on /etc, /var restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
remove principal ACE for principal1,principal2
allow jcr:read on /content
deny jcr:modifyProperties on /apps, /content restriction(rep:itemNames,prop1,prop2)
allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat)
allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat)
allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*)
allow jcr:something on / restriction(rep:glob)
allow jcr:all on :repository,home(alice)