| # Complete example with several intermixed statement types |
| # |
| # This file should contain a self-explaining example of every repoinit |
| # statement, to serve as a general example. |
| # |
| # Please update the docs at |
| # https://sling.apache.org/documentation/bundles/repository-initialization.html |
| # if changing this file, it contains a somewhat adapted version of this. And |
| # indicate there from which version of which bundles a new feature is available. |
| # |
| |
| create service user user1, u-ser_2 |
| set ACL on /libs,/apps |
| remove * for user1,u-ser_2 |
| allow jcr:read for user1,u-ser_2 |
| allow privilege_without_namespace for user4 |
| |
| deny jcr:write for u-ser_2 |
| deny jcr:lockManagement for user1 |
| remove jcr:understand,some:other for u3 |
| end |
| |
| create service user bob_the_service |
| create service user zoo_the_keeper with path relative/zoo |
| create service user zoo_the_keeper with path /absolute/zoo |
| |
| # Verify that indent is not required |
| set ACL on /tmp |
| allow some:otherPrivilege for bob_the_service |
| end |
| |
| # Nodetypes inside the path apply to just that path element |
| create path /content/example.com(sling:Folder) |
| |
| # A nodetype in front is used as the default for all path elements |
| create path (nt:unstructured) /var |
| |
| set ACL for alice, bob,fred |
| remove * on / |
| allow jcr:read on /content,/var |
| deny jcr:write on /content/example.com |
| deny jcr:all on / nodetypes example:Page |
| |
| end |
| |
| set ACL for restrictions_examples |
| deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) |
| allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) |
| # empty rep:glob means "apply to this node but not its children" |
| allow jcr:something on / restriction(rep:glob) |
| |
| end |
| |
| register namespace ( NSprefix ) uri:someURI/v1.42 |
| |
| register nodetypes |
| <<=== |
| <slingevent='http://sling.apache.org/jcr/event/1.0'> |
| |
| << [slingevent:Event] > nt:unstructured, nt:hierarchyNode |
| - slingevent:topic (string) |
| - slingevent:properties (binary) |
| ===>> |
| |
| register privilege crx:replicate |
| register privilege priv |
| register abstract privilege abstract_priv |
| register abstract privilege namespaced:priv3 |
| register privilege priv with declared_aggregate_priv |
| register privilege priv with declared_aggregate_priv1,declared_aggregate_priv2 |
| register privilege priv with declared_aggregate_priv1,namespaced:_priv4 |
| |
| create user userE with password {someEncoding} afdgwdsdf |
| create user one_with-more-chars.ok:/123456 with password {encoding_with.ok-:/12345} pw-with.ok-:/13456 |
| create user userF with path /for/userF |
| create user userG with path /for/userG with password ggg |
| create user userH with path for/userH |
| create user userJ with path for/userJ with password jjj |
| create service user the-last-one |
| |
| disable service user svc1 : "This is the message" |
| disable user spongeBob : "Left the company" |
| |
| # Delete (service) users |
| delete user userA |
| delete user userB_listsAreNotSupported |
| delete service user svcA |
| delete service user svcB,svcC |
| |
| # Groups are supported since version 1.2.4, SLING-8219 |
| create group since124_A |
| create group since124_B with path /path_B |
| delete group since124_C |
| |
| # Forced paths when creating users and groups are supported |
| # since version 1.6.4, SLING-9857 |
| create user AF with forced path /path/user/AF |
| create service user BF with forced path /path/service/BF |
| create group GF with forced path /path/group/GF |
| |
| # Home function maps to user and group home folders |
| set ACL on home(alice) |
| allow jcr:one for alice, bob, carol |
| end |
| |
| set ACL for bob |
| allow jcr:two on home(alice), /another/path, home(larry) |
| end |
| |
| set ACL on home(alice)/sub/folder/of/their/homes |
| allow jcr:three for fred |
| end |
| |
| # Add/remove principals to group, since V1.5.2 |
| add user1,user2 to group grpA |
| remove user3,user5 from group grpB |
| |
| # Set properties, since V1.6.2 |
| # 'set' overwrites any existing value while |
| # 'default' only sets the property if not set yet |
| set properties on /pathA, /path/B |
| set sling:ResourceType{String} to /x/y/z |
| default someInteger{Long} to 42 |
| set someFlag{Boolean} to true |
| default someDate{Date} to "2020-03-19T11:39:33.437+05:30" |
| set quotedMix to "quoted", non-quoted, "the last \" one" |
| end |
| |
| # Set properties on users or groups, since V1.6.8 |
| # 'set' overwrites any existing value while |
| # 'default' only sets the property if not set yet |
| set properties on authorizable(bob), authorizable(grpB)/nested |
| set someString{String} to /x/y/z |
| default someInteger{Long} to 42 |
| set someFlag{Boolean} to true |
| default someDate{Date} to "2020-03-19T11:39:33.437+05:30" |
| set quotedMix to "quoted", non-quoted, "the last \" one" |
| end |
| |
| # Remove AC policies entirely (not just individual entries) |
| delete ACL for ana |
| delete ACL for alice, aida |
| delete ACL on :repository, home(anni), functionNamesAreFree(aendu) |
| delete ACL on /, /var, /etc |
| delete ACL on /content |
| delete principal ACL for ada, amy |
| delete principal ACL for adi |
