This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def applyRestriction(path, prefix) { | |
def acl = getAcl(path) | |
def restrictions = new HashMap<String, Value>() | |
def values = new Value[1] | |
values[0] = session.getValueFactory().createValue(prefix) | |
restrictions.put("rep:prefixes", values) | |
acl.addEntry(principal, privileges, false, emptyMap, restrictions) | |
acMgr.setPolicy(acl.getPath(), acl); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- group_config: | |
- massive-dynamic-authors: | |
- name : Massive Dynamic authors group | |
path : /home/groups/acme | |
- ace_config: | |
- massive-dynamic-authors : | |
- path: /content | |
permission: allow | |
actions: read | |
repGlob: '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- group_config: | |
- massive-dynamic-authors: | |
- name : Massive Dynamic authors group | |
path : /home/groups/acme | |
- ace_config: | |
- massive-dynamic-authors: | |
- path: /content | |
permission: allow | |
actions: read | |
- path: /content |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def crawlAndRemoveAcls(authId) { | |
getResource("/jcr:system/rep:permissionStore/crx.default/$authId").getChildren().each{ r -> | |
def path = r.valueMap["rep:accessControlledPath"] | |
clearAcls(authId, path) | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.security.*; | |
import javax.jcr.security.*; | |
import org.apache.jackrabbit.api.security.*; | |
import org.apache.jackrabbit.api.security.principal.* | |
import org.apache.jackrabbit.commons.jackrabbit.authorization.* | |
def clearAcls(authId, path) { | |
def acMgr = session.getAccessControlManager() | |
def acl = null | |
for (AccessControlPolicy policy : acMgr.getPolicies(path)) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- group_config: | |
- pdf-reviewers: | |
- name : Page PDF reviewers | |
path : /home/groups/acme | |
- ace_config: | |
- pdf-reviewers: | |
- path: '/content/*//print.pdf' | |
permission: allow | |
actions: read |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- group_config: | |
- pdf-reviewers: | |
- name : Page PDF reviewers | |
path : /home/groups/acme | |
- ace_config: | |
- pdf-reviewers: | |
- path: /content | |
permission: allow | |
actions: read |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.cognifide.training.zg; | |
import com.google.common.collect.ImmutableMap; | |
import org.apache.felix.scr.annotations.Component; | |
import org.apache.felix.scr.annotations.Service; | |
import org.apache.jackrabbit.oak.api.PropertyState; | |
import org.apache.jackrabbit.oak.api.Tree; | |
import org.apache.jackrabbit.oak.api.Type; | |
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.*; | |
import org.slf4j.Logger; |