| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with this |
| # work for additional information regarding copyright ownership. The ASF |
| # licenses this file to You under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations under |
| # the License. |
| scripts=[\ |
| " |
| create service user su with forced path system/cq:services/myfeature |
| set ACL for su |
| remove * on /var |
| end |
| set ACL on /var |
| remove jcr:all for su |
| end |
| set principal ACL for su |
| allow jcr:all on /var restriction(rep:ntNames,nt:unstructured) |
| end",\ |
| " |
| create group gr1 with path my/group/path |
| set repository ACL for gr1 |
| allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement |
| end",\ |
| " |
| set ACL on /conf,/content |
| allow jcr:read,jcr:modifyProperties for gr1 restriction(rep:glob,*) |
| allow jcr:read for gr1 restriction(rep:itemNames,jcr:primaryType,jcr:mixinTypes) restriction(rep:ntNames\,nt:folder) |
| end",\ |
| " |
| set ACL for gr1 (ACLOptions\=someOption,someOtherOption,namespaced:option) |
| deny jcr:versionManagement on /content nodetypes nt:folder restriction(rep:glob,/subtree) |
| remove jcr:lockManagement on /content,func(gr1) |
| remove * on :repository,home(gr1)/sub |
| end",\ |
| " |
| create group gr2 with forced path /home/groups/myfeature |
| set ACL on /conf,/libs |
| allow jcr:read,jcr:write for gr1,gr2 restriction(rep:glob,/subtree) |
| remove jcr:modifyProperties for gr2 |
| end",\ |
| " |
| create group gr3 |
| create user a |
| create user b with path myfeature |
| create user c with forced path /home/users/bla with password plaintext |
| create user d with password {SHA-256} dc460da4ad72c482231e28e688e01f2778a88ce31a08826899d54ef7183998b5 |
| add a,b,c,d to group gr3 |
| remove a,b from group gr1 |
| disable service user deprecated_service_user : \"Disabled user to make an example\" |
| disable service user deprecated_service_user : \"This message explains why it's disabled. Whitespace is preserved.\" |
| disable service user deprecated_service_user : \"Testing escaped double \\\"quote\\\" in this string.\" |
| disable service user deprecated_service_user : \"Testing quoted escaped backslash \\\"\\\\\\\" in this string.\" |
| disable service user deprecated_service_user : \"Testing unescaped single backslash \ in this string.\" |
| delete service user deprecated_service_user |
| delete user c |
| delete group gr1",\ |
| " |
| create path /test(sling:Folder)/a(nt:folder mixin mix:referenceable,mix:shareable)/b(nt:unstructured)/c(sling:Folder mixin mix:created) |
| create path (sling:Folder) /test/a(nt:folder mixin mix:referenceable,mix:shareable)/b(nt:unstructured)/c( mixin mix:created) |
| ensure nodes /three/four(nt:folk)/five(nt:jazz)/six |
| ensure nodes (nt:x) /seven/eight/nine |
| ensure nodes /one(mixin nt:art)/step(mixin nt:dance)/two/steps |
| ensure nodes (nt:foxtrot) /one/step(mixin nt:dance)/two/steps |
| ensure nodes /one/step(mixin nt:dance,nt:art)/two/steps |
| ensure nodes /one/step(nt:foxtrot mixin nt:dance)/two/steps |
| ensure nodes /one/step(nt:foxtrot mixin nt:dance,nt:art)/two/steps |
| ensure nodes /one:and/step/two:and/steps |
| ",\ |
| " |
| add mixin mix:one,mix:two to /thePath1,/thePath2 |
| add mixin mix:three, mix:four to /thePath3, /thePath4 |
| remove mixin mix:one,mix:two from /thePath1,/thePath2 |
| remove mixin mix:three, mix:four from /thePath3, /thePath4 |
| ",\ |
| " |
| register namespace ( prefix ) http://prefix/v0.0.0",\ |
| "register nodetypes |
| <<\=\=\= |
| << <slingevent\=\'http://sling.apache.org/jcr/event/1.0\'> |
| << [slingevent:Event] > nt:unstructured, nt:hierarchyNode |
| << - slingevent:topic (string) |
| << - slingevent:properties (binary) |
| \=\=\=>>",\ |
| " |
| register abstract privilege privAbstract |
| register privilege priv1 |
| register privilege priv2 with privAbstract,priv1",\ |
| " |
| delete ACL for ana |
| delete ACL for alice, aida |
| delete ACL on :repository, home(anni), functionNamesAreFree(aendu) |
| delete ACL on /, /var, /etc |
| delete ACL on /content |
| delete principal ACL for ada, amy |
| delete principal ACL for adi",\ |
| " |
| remove ACE on /libs,/apps, /, /content/example.com/some-other_path |
| allow jcr:read for user1,user2 |
| allow privilege_without_namespace for user4 |
| deny jcr:write,something:else,another:one for user2 |
| deny jcr:lockManagement for user1 |
| deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) |
| end",\ |
| " |
| remove ACE for user1,u2 |
| allow jcr:read on /content |
| allow jcr:addChildNodes, jcr:modifyProperties on /content restriction(rep:glob) |
| deny jcr:read on /etc, /var restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| end",\ |
| " |
| remove principal ACE for principal1,principal2 |
| allow jcr:read on /content |
| deny jcr:modifyProperties on /apps, /content restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) |
| allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) |
| allow jcr:something on / restriction(rep:glob) |
| allow jcr:all on :repository,home(alice) |
| end",\ |
| " |
| ensure principal ACL for principal1,principal2 |
| allow jcr:read on /content |
| allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) |
| allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| end"\ |
| ] |
| |