Skip to content

Instantly share code, notes, and snippets.

View mchrominski's full-sized avatar

Mateusz Chrominski mchrominski

4 followers · 0 following
View GitHub Profile
@mchrominski
mchrominski / restrictions-prefixes.groovy
Created September 27, 2015 12:19
def applyRestriction(path, prefix) {
def acl = getAcl(path)
def restrictions = new HashMap<String, Value>()
def values = new Value[1]
values[0] = session.getValueFactory().createValue(prefix)
restrictions.put("rep:prefixes", values)
acl.addEntry(principal, privileges, false, emptyMap, restrictions)
acMgr.setPolicy(acl.getPath(), acl);
@mchrominski
mchrominski / multitenant-config-positive.yaml
Last active April 15, 2020 19:27
- group_config:
- massive-dynamic-authors:
- name : Massive Dynamic authors group
path : /home/groups/acme
- ace_config:
- massive-dynamic-authors :
- path: /content
permission: allow
actions: read
repGlob: ''
@mchrominski
mchrominski / multitenant-config-negative.yaml
Created September 27, 2015 12:15
- group_config:
- massive-dynamic-authors:
- name : Massive Dynamic authors group
path : /home/groups/acme
- ace_config:
- massive-dynamic-authors:
- path: /content
permission: allow
actions: read
- path: /content
@mchrominski
mchrominski / purgeAllAcl.groovy
Created September 27, 2015 12:14
def crawlAndRemoveAcls(authId) {
getResource("/jcr:system/rep:permissionStore/crx.default/$authId").getChildren().each{ r ->
def path = r.valueMap["rep:accessControlledPath"]
clearAcls(authId, path)
}
}
@mchrominski
mchrominski / purgeAcl.groovy
Created September 27, 2015 12:06
Purge Apache OAK ACL entries for given user on given path
import java.security.*;
import javax.jcr.security.*;
import org.apache.jackrabbit.api.security.*;
import org.apache.jackrabbit.api.security.principal.*
import org.apache.jackrabbit.commons.jackrabbit.authorization.*
def clearAcls(authId, path) {
def acMgr = session.getAccessControlManager()
def acl = null
for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
@mchrominski
mchrominski / pdf-reviewers-refined.yaml
Last active September 27, 2015 12:06
[Refined] ACTool configuration file for PDF reviewers group
- group_config:
- pdf-reviewers:
- name : Page PDF reviewers
path : /home/groups/acme
- ace_config:
- pdf-reviewers:
- path: '/content/*//print.pdf'
permission: allow
actions: read
@mchrominski
mchrominski / pdf-reviewers.yaml
Created September 27, 2015 11:59
ACTool configuration file for PDF reviewers group
- group_config:
- pdf-reviewers:
- name : Page PDF reviewers
path : /home/groups/acme
- ace_config:
- pdf-reviewers:
- path: /content
permission: allow
actions: read
@mchrominski
mchrominski / HidePropertyRestrictionProviderImpl.java
Created September 27, 2015 11:54
Example implementation of custom Apache OAK restriction
package com.cognifide.training.zg;
import com.google.common.collect.ImmutableMap;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.*;
import org.slf4j.Logger;