diff --git a/core/src/main/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServlet.java b/core/src/main/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServlet.java index 905d06ee..352f2d92 100644 --- a/core/src/main/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServlet.java +++ b/core/src/main/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServlet.java @@ -152,6 +152,11 @@ private void checkPermissions(ResourceResolver rr, RequestData data) throws Acce Session session = rr.adaptTo(Session.class); AccessControlManager acm = session.getAccessControlManager(); Privilege[] privs = new Privilege[] { acm.privilegeFromName(Privilege.JCR_WRITE) }; + + if (!acm.hasPrivileges(JOB_DATA_LOCATION, privs)) { + throw new AccessDeniedException(JOB_DATA_LOCATION); + } + for (String path : data.getPaths()) { if (!acm.hasPrivileges(path, privs)) { throw new AccessDeniedException(path); diff --git a/core/src/test/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServletTest.java b/core/src/test/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServletTest.java index 4fb1c444..16d6e836 100644 --- a/core/src/test/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServletTest.java +++ b/core/src/test/java/com/adobe/aem/modernize/servlet/ScheduleConversionJobServletTest.java @@ -137,6 +137,33 @@ public void invalidJobData() throws Exception { assertTrue(StringUtils.isBlank(result.getJob()), "Tracking path"); } + @Test + public void noPermissionsJobDataPath() throws Exception { + MockSlingHttpServletRequest request = new MockSlingHttpServletRequest(resourceResolver, bundleContext); + MockSlingHttpServletResponse response = new MockSlingHttpServletResponse(); + ScheduleConversionJobServlet.RequestData requestData = buildJobData(); + Map params = new HashMap<>(); + params.put("data", new ObjectMapper().writeValueAsString(requestData)); + request.setParameterMap(params); + + new Expectations() {{ + resourceResolver.adaptTo(Session.class); + result = session; + session.getAccessControlManager(); + result = accessControlManager; + accessControlManager.hasPrivileges(ConversionJob.JOB_DATA_LOCATION, withInstanceOf(Privilege[].class)); + result = false; + }}; + + servlet.doPost(request, response); + ScheduleConversionJobServlet.ResponseData result = new ObjectMapper().readValue(response.getOutputAsString(), ScheduleConversionJobServlet.ResponseData.class); + + assertEquals(SC_FORBIDDEN, response.getStatus(), "Response status code"); + assertFalse(result.isSuccess(), "Response status"); + assertNotNull(result.getMessage(), "Response message"); + assertTrue(StringUtils.isBlank(result.getJob()), "Tracking path"); + } + @Test public void noPermissionsSinglePath() throws Exception { MockSlingHttpServletRequest request = new MockSlingHttpServletRequest(resourceResolver, bundleContext); @@ -151,7 +178,9 @@ public void noPermissionsSinglePath() throws Exception { result = session; session.getAccessControlManager(); result = accessControlManager; - accessControlManager.hasPrivileges(anyString, withInstanceOf(Privilege[].class)); + accessControlManager.hasPrivileges(ConversionJob.JOB_DATA_LOCATION, withInstanceOf(Privilege[].class)); + result = true; + accessControlManager.hasPrivileges("/content/test/path", withInstanceOf(Privilege[].class)); result = false; }}; @@ -178,9 +207,12 @@ public void noPermissionsMultiplePaths() throws Exception { result = session; session.getAccessControlManager(); result = accessControlManager; - accessControlManager.hasPrivileges(anyString, withInstanceOf(Privilege[].class)); - times = 2; - returns(true, false); + accessControlManager.hasPrivileges(ConversionJob.JOB_DATA_LOCATION, withInstanceOf(Privilege[].class)); + result = true; + accessControlManager.hasPrivileges("/content/test/path", withInstanceOf(Privilege[].class)); + result = true; + accessControlManager.hasPrivileges("/content/other/path", withInstanceOf(Privilege[].class)); + result = false; }}; servlet.doPost(request, response); @@ -228,6 +260,8 @@ public void noPermissionDesign() throws Exception { result = session; session.getAccessControlManager(); result = accessControlManager; + accessControlManager.hasPrivileges(ConversionJob.JOB_DATA_LOCATION, withInstanceOf(Privilege[].class)); + result = true; accessControlManager.hasPrivileges("/content/test/path", withInstanceOf(Privilege[].class)); result = true; accessControlManager.hasPrivileges("/content/other/path", withInstanceOf(Privilege[].class)); @@ -267,6 +301,8 @@ public void noPermissionConf() throws Exception { result = session; session.getAccessControlManager(); result = accessControlManager; + accessControlManager.hasPrivileges(ConversionJob.JOB_DATA_LOCATION, withInstanceOf(Privilege[].class)); + result = true; accessControlManager.hasPrivileges("/content/test/path", withInstanceOf(Privilege[].class)); result = true; accessControlManager.hasPrivileges("/content/other/path", withInstanceOf(Privilege[].class)); diff --git a/docs/Gemfile b/docs/Gemfile index d459a510..cffb3213 100644 --- a/docs/Gemfile +++ b/docs/Gemfile @@ -15,7 +15,7 @@ gem "minima", "~> 2.5.1" # If you want to use GitHub Pages, remove the "gem "jekyll"" above and # uncomment the line below. To upgrade, run `bundle update github-pages`. -gem "github-pages", "~> 222", group: :jekyll_plugins +gem "github-pages", "~> 223", group: :jekyll_plugins # If you have any plugins, put them here! group :jekyll_plugins do @@ -25,10 +25,13 @@ end # Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem # and associated library. platforms :mingw, :x64_mingw, :mswin, :jruby do - gem "tzinfo", "~> 1.2" + gem "tzinfo", "~> 2.0" gem "tzinfo-data" end # Performance-booster for watching directories on Windows gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin] +gem "nokogiri", ">= 1.13.2" + + diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index 6d3b39e0..7c57390f 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.4.1) + activesupport (6.0.4.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -17,7 +17,7 @@ GEM commonmarker (0.17.13) ruby-enum (~> 0.5) concurrent-ruby (1.1.9) - dnsruby (1.61.7) + dnsruby (1.61.9) simpleidn (~> 0.1) em-websocket (0.5.3) eventmachine (>= 0.12.9) @@ -26,29 +26,33 @@ GEM ffi (>= 1.15.0) eventmachine (1.2.7) execjs (2.8.1) - faraday (1.8.0) + faraday (1.10.0) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) + faraday-net_http_persistent (~> 1.0) faraday-patron (~> 1.0) faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday-retry (~> 1.0) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) + faraday-multipart (1.0.3) + multipart-post (>= 1.2, < 3) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) - ffi (1.15.4) + faraday-retry (1.0.3) + ffi (1.15.5) forwardable-extended (2.6.0) gemoji (3.0.1) - github-pages (222) + github-pages (223) github-pages-health-check (= 1.17.9) jekyll (= 3.9.0) jekyll-avatar (= 0.7.0) @@ -58,6 +62,7 @@ GEM jekyll-feed (= 0.15.1) jekyll-gist (= 1.5.0) jekyll-github-metadata (= 2.13.0) + jekyll-include-cache (= 0.2.1) jekyll-mentions (= 1.6.0) jekyll-optional-front-matter (= 0.3.2) jekyll-paginate (= 1.1.0) @@ -138,6 +143,8 @@ GEM jekyll-github-metadata (2.13.0) jekyll (>= 3.4, < 5.0) octokit (~> 4.0, != 4.4.0) + jekyll-include-cache (0.2.1) + jekyll (>= 3.7, < 5.0) jekyll-mentions (1.6.0) html-pipeline (~> 2.3) jekyll (>= 3.7, < 5.0) @@ -215,26 +222,28 @@ GEM kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (4.0.3) - listen (3.7.0) + listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) + mini_portile2 (2.8.0) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.14.4) + minitest (5.15.0) multipart-post (2.1.1) - nokogiri (1.12.5-x86_64-darwin) + nokogiri (1.13.3) + mini_portile2 (~> 2.8.0) racc (~> 1.4) - octokit (4.21.0) + octokit (4.22.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (4.0.6) racc (1.6.0) - rb-fsevent (0.11.0) + rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.5) @@ -265,16 +274,17 @@ GEM unf_ext unf_ext (0.0.8) unicode-display_width (1.8.0) - zeitwerk (2.5.1) + zeitwerk (2.5.4) PLATFORMS ruby DEPENDENCIES - github-pages (~> 222) + github-pages (~> 223) jekyll-feed (~> 0.15.1) minima (~> 2.5.1) - tzinfo (~> 1.2) + nokogiri (>= 1.13.2) + tzinfo (~> 2.0) tzinfo-data wdm (~> 0.1.1) diff --git a/ui.apps.structure/pom.xml b/ui.apps.structure/pom.xml index 8eb7d91e..e4ee7f68 100644 --- a/ui.apps.structure/pom.xml +++ b/ui.apps.structure/pom.xml @@ -35,6 +35,8 @@ /apps /apps/aem-modernize + /apps/aem-modernize/content + /apps/aem-modernize-packages /apps/cq @@ -45,6 +47,7 @@ /apps/cq/core/content /apps/cq/core/content/nav /apps/cq/core/content/nav/tools + /apps/cq/core/content/nav/tools/aem-modernize diff --git a/ui.apps/src/main/content/jcr_root/apps/cq/core/content/nav/tools/aem-modernize/.content.xml b/ui.apps/src/main/content/jcr_root/apps/cq/core/content/nav/tools/aem-modernize/.content.xml index ce214db6..99757425 100644 --- a/ui.apps/src/main/content/jcr_root/apps/cq/core/content/nav/tools/aem-modernize/.content.xml +++ b/ui.apps/src/main/content/jcr_root/apps/cq/core/content/nav/tools/aem-modernize/.content.xml @@ -24,6 +24,7 @@ jcr:title="AEM Modernize Tools" id="aem-modernize"> + diff --git a/ui.config/pom.xml b/ui.config/pom.xml index 113b2ea5..71fd771f 100644 --- a/ui.config/pom.xml +++ b/ui.config/pom.xml @@ -39,8 +39,6 @@ - src/main/content/jcr_root - org.apache.jackrabbit @@ -72,6 +70,7 @@ org.apache.jackrabbit filevault-package-maven-plugin + ${project.basedir}/src/cs/content/jcr_root com.adobe.aem @@ -102,6 +101,7 @@ org.apache.jackrabbit filevault-package-maven-plugin + ${project.basedir}/src/aem65/content/jcr_root aem65 @@ -142,6 +142,7 @@ org.apache.jackrabbit filevault-package-maven-plugin + ${project.basedir}/src/cs/content/jcr_root java8 @@ -182,6 +183,7 @@ org.apache.jackrabbit filevault-package-maven-plugin + ${project.basedir}/src/aem65/content/jcr_root java8aem65 diff --git a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config b/ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config similarity index 100% rename from ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config rename to ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config diff --git a/ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config b/ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config new file mode 100644 index 00000000..887dc953 --- /dev/null +++ b/ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config @@ -0,0 +1,40 @@ +scripts=[" +create path /var/aem-modernize(sling:Folder) +create path /var/aem-modernize/job-data(sling:Folder) + +# Cover any missing paths on CS +create path /etc/designs(sling:Folder) + +create service user aem-modernize-schedule-job-service with path system/aem-modernize +set ACL for aem-modernize-schedule-job-service + allow jcr:read on / + allow jcr:readAccessControl on /content,/conf,/etc + allow rep:write on /var/aem-modernize/job-data +end + +create service user aem-modernize-convert-service with path system/aem-modernize +set ACL for aem-modernize-convert-service + allow jcr:read on / + allow rep:write on /etc/designs + allow rep:write on /conf + allow rep:write on /content + allow jcr:versionManagement on /content + allow rep:write on /var/aem-modernize/job-data +end + +create path /apps/aem-modernize(sling:Folder) +create path /apps/aem-modernize/content(sling:Folder) + +create path /apps/cq(sling:Folder) +create path /apps/cq/core(sling:Folder) +create path /apps/cq/core/content(sling:Folder) +create path /apps/cq/core/content/nav(sling:Folder) +create path /apps/cq/core/content/nav/tools(sling:Folder) +create path /apps/cq/core/content/nav/tools/aem-modernize(sling:OrderedFolder) + +set ACL for everyone + deny jcr:all on /apps/aem-modernize + deny jcr:all on /apps/cq/core/content/nav/tools/aem-modernize + deny jcr:all on /var/aem-modernize +end +"] diff --git a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config b/ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config similarity index 100% rename from ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config rename to ui.config/src/aem65/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config diff --git a/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config new file mode 100644 index 00000000..8cb30ed3 --- /dev/null +++ b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.event.jobs.QueueConfiguration-aem-modernize.config @@ -0,0 +1,6 @@ +queue.name="AEM Modernize Tools Queue" +queue.topics=["com/adobe/aem/modernize/job/topic/convert/*"] +queue.type="ORDERED" +queue.priority="MIN" +queue.retries="0" +queue.maxparallel="1" diff --git a/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config new file mode 100644 index 00000000..66189a1b --- /dev/null +++ b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config @@ -0,0 +1,40 @@ +scripts=[" +create path /var/aem-modernize(sling:Folder) +create path /var/aem-modernize/job-data(sling:Folder) + +# Cover any missing paths on CS +create path /etc/designs(sling:Folder) + +create service user aem-modernize-schedule-job-service with forced path system/cq:services/aem-modernize +set principal ACL for aem-modernize-schedule-job-service + allow jcr:read on / + allow jcr:readAccessControl on /content,/conf,/etc + allow rep:write on /var/aem-modernize/job-data +end + +create service user aem-modernize-convert-service with forced path system/cq:services/aem-modernize +set principal ACL for aem-modernize-convert-service + allow jcr:read on / + allow rep:write on /etc/designs + allow rep:write on /conf + allow rep:write on /content + allow jcr:versionManagement on /content + allow rep:write on /var/aem-modernize/job-data +end + +create path /apps/aem-modernize(sling:Folder) +create path /apps/aem-modernize/content(sling:Folder) + +create path /apps/cq(sling:Folder) +create path /apps/cq/core(sling:Folder) +create path /apps/cq/core/content(sling:Folder) +create path /apps/cq/core/content/nav(sling:Folder) +create path /apps/cq/core/content/nav/tools(sling:Folder) +create path /apps/cq/core/content/nav/tools/aem-modernize(sling:OrderedFolder) + +set ACL for everyone + deny jcr:all on /apps/aem-modernize + deny jcr:all on /apps/cq/core/content/nav/tools/aem-modernize + deny jcr:all on /var/aem-modernize +end +"] diff --git a/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config new file mode 100644 index 00000000..d85a00ff --- /dev/null +++ b/ui.config/src/cs/content/jcr_root/apps/aem-modernize/osgiconfig/config.author/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-aem-modernize.config @@ -0,0 +1,4 @@ +user.mapping=[ \ + "com.adobe.aem.aem-modernize-tools.core:schedule-job\=[aem-modernize-schedule-job-service]", \ + "com.adobe.aem.aem-modernize-tools.core:convert-content\=[aem-modernize-convert-service]" \ +] diff --git a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.dev/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config b/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.dev/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config deleted file mode 100644 index f32c2f51..00000000 --- a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.dev/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config +++ /dev/null @@ -1,59 +0,0 @@ -scripts=[" -create path /var/aem-modernize(sling:Folder) -create path /var/aem-modernize/job-data(sling:Folder) - -# Cover any missing paths on CS -create path /etc/designs(sling:Folder) - -create service user aem-modernize-schedule-job-service with path system/aem-modernize -set ACL for aem-modernize-schedule-job-service - allow jcr:read on / - allow jcr:readAccessControl on /content,/conf,/etc - allow rep:write on /var/aem-modernize/job-data -end - -create service user aem-modernize-convert-service with path system/aem-modernize -set ACL for aem-modernize-convert-service - allow jcr:read on / - allow rep:write on /etc/designs - allow rep:write on /conf - allow rep:write on /content - allow jcr:versionManagement on /content - allow rep:write on /var/aem-modernize/job-data -end - -create path /apps/aem-modernize(nt:unstructured) -create path /apps/aem-modernize/content(nt:unstructured) -create path /apps/aem-modernize/content/component(nt:unstructured) -create path /apps/aem-modernize/content/full(nt:unstructured) -create path /apps/aem-modernize/content/job(nt:unstructured) -create path /apps/aem-modernize/content/policy(nt:unstructured) -create path /apps/aem-modernize/content/structure(nt:unstructured) - - -create path /apps/cq(nt:unstructured) -create path /apps/cq/core(nt:unstructured) -create path /apps/cq/core/content(nt:unstructured) -create path /apps/cq/core/content/nav(nt:unstructured) -create path /apps/cq/core/content/nav/tools(nt:unstructured) -create path /apps/cq/core/content/nav/tools/aem-modernize(nt:unstructured) - - -set ACL for everyone - deny jcr:all on /apps/aem-modernize/content/component - deny jcr:all on /apps/aem-modernize/content/full - deny jcr:all on /apps/aem-modernize/content/job - deny jcr:all on /apps/aem-modernize/content/policy - deny jcr:all on /apps/aem-modernize/content/structure - deny jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end - -set ACL for administrators - allow jcr:all on /apps/aem-modernize/content/component - allow jcr:all on /apps/aem-modernize/content/full - allow jcr:all on /apps/aem-modernize/content/job - allow jcr:all on /apps/aem-modernize/content/policy - allow jcr:all on /apps/aem-modernize/content/structure - allow jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end -"] diff --git a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.prod/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config b/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.prod/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config deleted file mode 100644 index f32c2f51..00000000 --- a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.prod/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config +++ /dev/null @@ -1,59 +0,0 @@ -scripts=[" -create path /var/aem-modernize(sling:Folder) -create path /var/aem-modernize/job-data(sling:Folder) - -# Cover any missing paths on CS -create path /etc/designs(sling:Folder) - -create service user aem-modernize-schedule-job-service with path system/aem-modernize -set ACL for aem-modernize-schedule-job-service - allow jcr:read on / - allow jcr:readAccessControl on /content,/conf,/etc - allow rep:write on /var/aem-modernize/job-data -end - -create service user aem-modernize-convert-service with path system/aem-modernize -set ACL for aem-modernize-convert-service - allow jcr:read on / - allow rep:write on /etc/designs - allow rep:write on /conf - allow rep:write on /content - allow jcr:versionManagement on /content - allow rep:write on /var/aem-modernize/job-data -end - -create path /apps/aem-modernize(nt:unstructured) -create path /apps/aem-modernize/content(nt:unstructured) -create path /apps/aem-modernize/content/component(nt:unstructured) -create path /apps/aem-modernize/content/full(nt:unstructured) -create path /apps/aem-modernize/content/job(nt:unstructured) -create path /apps/aem-modernize/content/policy(nt:unstructured) -create path /apps/aem-modernize/content/structure(nt:unstructured) - - -create path /apps/cq(nt:unstructured) -create path /apps/cq/core(nt:unstructured) -create path /apps/cq/core/content(nt:unstructured) -create path /apps/cq/core/content/nav(nt:unstructured) -create path /apps/cq/core/content/nav/tools(nt:unstructured) -create path /apps/cq/core/content/nav/tools/aem-modernize(nt:unstructured) - - -set ACL for everyone - deny jcr:all on /apps/aem-modernize/content/component - deny jcr:all on /apps/aem-modernize/content/full - deny jcr:all on /apps/aem-modernize/content/job - deny jcr:all on /apps/aem-modernize/content/policy - deny jcr:all on /apps/aem-modernize/content/structure - deny jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end - -set ACL for administrators - allow jcr:all on /apps/aem-modernize/content/component - allow jcr:all on /apps/aem-modernize/content/full - allow jcr:all on /apps/aem-modernize/content/job - allow jcr:all on /apps/aem-modernize/content/policy - allow jcr:all on /apps/aem-modernize/content/structure - allow jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end -"] diff --git a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.stage/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config b/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.stage/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config deleted file mode 100644 index f32c2f51..00000000 --- a/ui.config/src/main/content/jcr_root/apps/aem-modernize/osgiconfig/config.author.stage/org.apache.sling.jcr.repoinit.RepositoryInitializer-aem-modernize.config +++ /dev/null @@ -1,59 +0,0 @@ -scripts=[" -create path /var/aem-modernize(sling:Folder) -create path /var/aem-modernize/job-data(sling:Folder) - -# Cover any missing paths on CS -create path /etc/designs(sling:Folder) - -create service user aem-modernize-schedule-job-service with path system/aem-modernize -set ACL for aem-modernize-schedule-job-service - allow jcr:read on / - allow jcr:readAccessControl on /content,/conf,/etc - allow rep:write on /var/aem-modernize/job-data -end - -create service user aem-modernize-convert-service with path system/aem-modernize -set ACL for aem-modernize-convert-service - allow jcr:read on / - allow rep:write on /etc/designs - allow rep:write on /conf - allow rep:write on /content - allow jcr:versionManagement on /content - allow rep:write on /var/aem-modernize/job-data -end - -create path /apps/aem-modernize(nt:unstructured) -create path /apps/aem-modernize/content(nt:unstructured) -create path /apps/aem-modernize/content/component(nt:unstructured) -create path /apps/aem-modernize/content/full(nt:unstructured) -create path /apps/aem-modernize/content/job(nt:unstructured) -create path /apps/aem-modernize/content/policy(nt:unstructured) -create path /apps/aem-modernize/content/structure(nt:unstructured) - - -create path /apps/cq(nt:unstructured) -create path /apps/cq/core(nt:unstructured) -create path /apps/cq/core/content(nt:unstructured) -create path /apps/cq/core/content/nav(nt:unstructured) -create path /apps/cq/core/content/nav/tools(nt:unstructured) -create path /apps/cq/core/content/nav/tools/aem-modernize(nt:unstructured) - - -set ACL for everyone - deny jcr:all on /apps/aem-modernize/content/component - deny jcr:all on /apps/aem-modernize/content/full - deny jcr:all on /apps/aem-modernize/content/job - deny jcr:all on /apps/aem-modernize/content/policy - deny jcr:all on /apps/aem-modernize/content/structure - deny jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end - -set ACL for administrators - allow jcr:all on /apps/aem-modernize/content/component - allow jcr:all on /apps/aem-modernize/content/full - allow jcr:all on /apps/aem-modernize/content/job - allow jcr:all on /apps/aem-modernize/content/policy - allow jcr:all on /apps/aem-modernize/content/structure - allow jcr:all on /apps/cq/core/content/nav/tools/aem-modernize -end -"]