| # Test the principal-based ACL syntax |
| |
| set principal ACL for principal1,principal2 |
| remove * on /libs,/apps |
| allow jcr:read on /content |
| |
| deny jcr:write on /apps |
| |
| # Optional nodetypes clause |
| deny jcr:lockManagement on /apps, /content nodetypes sling:Folder, nt:unstructured |
| # nodetypes clause with restriction clause |
| deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2) |
| remove jcr:understand,some:other on /apps |
| |
| # multi value restriction |
| allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) |
| |
| # multiple restrictions |
| allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| |
| # restrictions with glob patterns |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) |
| |
| allow jcr:something on / restriction(rep:glob) |
| end |
| |
| # Test the principal-baesd ACL syntax with options SLING-6423 |
| |
| set principal ACL for principal1,principal2 (ACLOptions=mergePreserve) |
| remove * on /libs,/apps |
| allow jcr:read on /content |
| end |
| |
| # with multiple options |
| |
| set principal ACL for principal1,principal2 (ACLOptions=mergePreserve,someOtherOption,someOther123,namespaced:option) |
| remove * on /libs,/apps |
| allow jcr:read on /content |
| end |
| |
| # repository level |
| |
| set principal ACL for principal1,principal2 |
| allow jcr:namespaceManagement on :repository |
| end |
| |
| set principal ACL for principal1 |
| allow jcr:all on :repository,/content |
| end |