You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2019/09/20 08:51:24 UTC

[sling-site] branch master updated: SLING-8722 - Documentation for SLING-8602 and SLING-8619

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-site.git


The following commit(s) were added to refs/heads/master by this push:
     new a9b8f98  SLING-8722 - Documentation for SLING-8602 and SLING-8619
a9b8f98 is described below

commit a9b8f980b45fa2ebe68b779e4e322dac0cbea63b
Author: Angela Schreiber <an...@apache.org>
AuthorDate: Fri Sep 20 10:50:38 2019 +0200

    SLING-8722 - Documentation for SLING-8602 and SLING-8619
---
 .../bundles/repository-initialization.md           | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/src/main/jbake/content/documentation/bundles/repository-initialization.md b/src/main/jbake/content/documentation/bundles/repository-initialization.md
index daeb4e2..107b11c 100644
--- a/src/main/jbake/content/documentation/bundles/repository-initialization.md
+++ b/src/main/jbake/content/documentation/bundles/repository-initialization.md
@@ -96,6 +96,54 @@ The language is self-explaining but please refer to the actual test cases for de
     set repository ACL for alice,bob
         allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement
     end
+    
+    # Set repository level ACL (variant, see SLING-8619)
+    # since
+    # o.a.s.repoinit.parser 1.2.8 and
+    # o.a.s.jcr.repoinit 1.1.14
+    set ACL for alice,bob
+        allow jcr:namespaceManagement on :repository
+    end
+    
+    # Set principal-based access control (see SLING-8602)
+    # since
+    # o.a.s.repoinit.parser 1.2.8 and
+    # o.a.s.jcr.repoinit 1.1.14
+    # precondition for o.a.s.jcr.repoinit: 
+    # repository needs to support 'o.a.j.api.security.authorization.PrincipalAccessControlList'
+    set principal ACL for alice,bob
+        remove * on /libs,/apps
+        allow jcr:read on /content,/var
+        deny jcr:write on /content/example.com
+        
+        # Optional nodetypes clause
+        deny jcr:lockManagement on /apps, /content nodetypes sling:Folder, nt:unstructured
+    
+        # nodetypes clause with restriction clause
+        deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
+    
+        # multi value restriction
+        allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
+    
+        # multiple restrictions
+        allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
+    
+        # restrictions with glob patterns
+        allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat)
+        allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat)
+        allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*)
+        allow jcr:read on / restriction(rep:glob)
+    end
+    
+    # Set principal-based access control on repository level (see SLING-8602)
+    # since
+    # o.a.s.repoinit.parser 1.2.8 and
+    # o.a.s.jcr.repoinit 1.1.14
+    # precondition for o.a.s.jcr.repoinit: 
+    # repository needs to support 'o.a.j.api.security.authorization.PrincipalAccessControlList'
+    set principal ACL for alice,bob
+        allow jcr:namespaceManagement on :repository 
+    end
 	
 	# register namespace requires 
 	# o.a.s.repoinit.parser 1.0.4