| # CMS root paths |
| create path (sling:OrderedFolder) /etc/i18n |
| create path (sling:OrderedFolder) /etc/taxonomy |
| create path (sling:OrderedFolder) /static |
| create path (sling:OrderedFolder) /etc/usergenerated |
| |
| set ACL for everyone |
| allow jcr:read on /etc/i18n |
| allow jcr:read on /etc/taxonomy |
| allow jcr:read on /static |
| allow jcr:read on /conf |
| allow jcr:read on /etc/usergenerated |
| end |
| |
| # Groups |
| create path (rep:AuthorizableFolder) /home/groups |
| create path (rep:AuthorizableFolder) /home/groups/sling-cms |
| |
| create group administrators with path sling-cms |
| |
| set ACL for administrators |
| allow jcr:all on / |
| end |
| |
| create group authors with path sling-cms |
| |
| set ACL for authors |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| |
| create group job-users with path sling-cms |
| |
| create group taxonomy-users with path sling-cms |
| |
| set ACL for taxonomy-users |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/taxonomy |
| end |
| |
| create group ugc-users with path sling-cms |
| |
| set ACL for ugc-users |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated |
| end |
| |
| # Service users |
| create service user sling-cms-error with path system/sling/cms |
| |
| set principal ACL for sling-cms-error |
| allow jcr:read on / |
| end |
| |
| create service user sling-cms-metadata with path system/sling/cms |
| |
| set principal ACL for sling-cms-metadata |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| |
| create service user sling-cms-transformer with path system/sling/cms |
| |
| set principal ACL for sling-cms-transformer |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static |
| allow jcr:read on / |
| end |
| |
| create service user sling-cms-ugc with path system/sling/cms |
| |
| set principal ACL for sling-cms-ugc |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated |
| end |
| |
| create service user sling-cms-versionmgr with path system/sling/cms |
| |
| set principal ACL for sling-cms-versionmgr |
| allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content |
| end |