You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2019/09/20 08:51:24 UTC
[sling-site] branch master updated: SLING-8722 - Documentation for
SLING-8602 and SLING-8619
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-site.git
The following commit(s) were added to refs/heads/master by this push:
new a9b8f98 SLING-8722 - Documentation for SLING-8602 and SLING-8619
a9b8f98 is described below
commit a9b8f980b45fa2ebe68b779e4e322dac0cbea63b
Author: Angela Schreiber <an...@apache.org>
AuthorDate: Fri Sep 20 10:50:38 2019 +0200
SLING-8722 - Documentation for SLING-8602 and SLING-8619
---
.../bundles/repository-initialization.md | 48 ++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/src/main/jbake/content/documentation/bundles/repository-initialization.md b/src/main/jbake/content/documentation/bundles/repository-initialization.md
index daeb4e2..107b11c 100644
--- a/src/main/jbake/content/documentation/bundles/repository-initialization.md
+++ b/src/main/jbake/content/documentation/bundles/repository-initialization.md
@@ -96,6 +96,54 @@ The language is self-explaining but please refer to the actual test cases for de
set repository ACL for alice,bob
allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement
end
+
+ # Set repository level ACL (variant, see SLING-8619)
+ # since
+ # o.a.s.repoinit.parser 1.2.8 and
+ # o.a.s.jcr.repoinit 1.1.14
+ set ACL for alice,bob
+ allow jcr:namespaceManagement on :repository
+ end
+
+ # Set principal-based access control (see SLING-8602)
+ # since
+ # o.a.s.repoinit.parser 1.2.8 and
+ # o.a.s.jcr.repoinit 1.1.14
+ # precondition for o.a.s.jcr.repoinit:
+ # repository needs to support 'o.a.j.api.security.authorization.PrincipalAccessControlList'
+ set principal ACL for alice,bob
+ remove * on /libs,/apps
+ allow jcr:read on /content,/var
+ deny jcr:write on /content/example.com
+
+ # Optional nodetypes clause
+ deny jcr:lockManagement on /apps, /content nodetypes sling:Folder, nt:unstructured
+
+ # nodetypes clause with restriction clause
+ deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
+
+ # multi value restriction
+ allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
+
+ # multiple restrictions
+ allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
+
+ # restrictions with glob patterns
+ allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat)
+ allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat)
+ allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*)
+ allow jcr:read on / restriction(rep:glob)
+ end
+
+ # Set principal-based access control on repository level (see SLING-8602)
+ # since
+ # o.a.s.repoinit.parser 1.2.8 and
+ # o.a.s.jcr.repoinit 1.1.14
+ # precondition for o.a.s.jcr.repoinit:
+ # repository needs to support 'o.a.j.api.security.authorization.PrincipalAccessControlList'
+ set principal ACL for alice,bob
+ allow jcr:namespaceManagement on :repository
+ end
# register namespace requires
# o.a.s.repoinit.parser 1.0.4