sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From enor...@apache.org
Subject [sling-site] branch master updated: Release JCR Jackrabbit Access Manager 3.0.4, JCR ContentLoader 2.3.0
Date Thu, 20 Dec 2018 19:45:12 GMT
This is an automated email from the ASF dual-hosted git repository.

enorman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 1067658  Release JCR Jackrabbit Access Manager 3.0.4, JCR ContentLoader 2.3.0
1067658 is described below

commit 1067658d2d879fd27dfc87e72744fe2980653b3f
Author: Eric Norman <enorman@apache.org>
AuthorDate: Thu Dec 20 11:13:55 2018 -0800

    Release JCR Jackrabbit Access Manager 3.0.4, JCR ContentLoader 2.3.0
---
 .../bundles/content-loading-jcr-contentloader.md   | 30 ++++++++++
 ...anaging-permissions-jackrabbit-accessmanager.md | 64 ++++++++++++----------
 src/main/jbake/content/releases.md                 |  1 +
 src/main/jbake/templates/downloads.tpl             |  4 +-
 4 files changed, 67 insertions(+), 32 deletions(-)

diff --git a/src/main/jbake/content/documentation/bundles/content-loading-jcr-contentloader.md
b/src/main/jbake/content/documentation/bundles/content-loading-jcr-contentloader.md
index 974c219..dc67019 100644
--- a/src/main/jbake/content/documentation/bundles/content-loading-jcr-contentloader.md
+++ b/src/main/jbake/content/documentation/bundles/content-loading-jcr-contentloader.md
@@ -315,5 +315,35 @@ You can also add new principals (users or groups) to the repository by
adding a
         ]
     }
 
+### ACE Restrictions (since 2.3.0)
+When adding a `security:acl` object to a content node definition in JSON you can also define
restrictions on the ACEs to further filter the impact. Example:
+
+    {
+        "security:acl": [
+            { 
+                "principal": "TestUser1", 
+                "granted": [
+                    "jcr:read",
+                    "jcr:write"
+                ],
+                "restrictions": {
+                    "rep:glob": "glob1"
+                }
+            },
+            { 
+                "principal": "TestGroup1", 
+                "granted": [
+                    "jcr:modifyAccessControl"
+                ],
+                "restrictions": {
+                    "rep:itemNames": [
+                        "name1",
+                        "name2"
+                    ]
+                }
+            }
+        ]
+    }
+
 
 [i18n-json-file-based]: https://sling.apache.org/documentation/bundles/internationalization-support-i18n.html#json-file-based
diff --git a/src/main/jbake/content/documentation/bundles/managing-permissions-jackrabbit-accessmanager.md
b/src/main/jbake/content/documentation/bundles/managing-permissions-jackrabbit-accessmanager.md
index 1b5c1cd..4710280 100644
--- a/src/main/jbake/content/documentation/bundles/managing-permissions-jackrabbit-accessmanager.md
+++ b/src/main/jbake/content/documentation/bundles/managing-permissions-jackrabbit-accessmanager.md
@@ -5,13 +5,13 @@ tags=security
 ~~~~~~
 
 
-The `jackrabbit-accessmanager` bundle delivers a REST interface to manipulate users permissions
in the JCR. After installing the `jackrabbit-accessmanager` bundle the REST services are exposed
under the path of the node where you will manipulate the permissions for a user with a specific
selector like `modifyAce`, `acl` and `deleteAce`.
+The `jackrabbit-accessmanager` bundle delivers a REST interface to manipulate users permissions
in the JCR. After installing the `jackrabbit-accessmanager` bundle the REST services are exposed
under the path of the node where you will manipulate the permissions for a user with a specific
selector like `modifyAce`, `acl`, `eacl` and `deleteAce`.
 [TOC]
 
 ## Privileges
 
-| privilagename | description |
-|---|---|
+| Name | Description |
+|--|--|
 | jcr:read | the privilege to retrieve a node and get its properties and their values |
 | jcr:readAccessControl | the privilege to get the access control policy of a node |
 | jcr:modifyProperties | the privilege to create, modify and remove the properties of a node
|
@@ -30,47 +30,51 @@ The `jackrabbit-accessmanager` bundle delivers a REST interface to manipulate
us
 ## Add or modify permissions
 
 To modify the permissions for a node POST a request to `/<path-to-the-node>.modifyAce.<html
or json>`. The following parameters are available:
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-  
-* *numeric* - Place the target ACE at the specified numeric index. |
+
+| Name | Description |
+|--|--|
+| principalId | The id of the user or group to modify the access rights for |
+| order | The position of the entry within the list (see below for details) |
+| privilege@[privilege_name] | One param for each privilege to modify.  The value must be
either 'granted', 'denied' or 'none'. |
+| restriction@[restriction_name] | (since 3.0.4) One param for each restriction value.  The
same parameter name may be used again for multi-value restrictions.  The value is the target
value of the restriction. |
+| restriction@[restriction_name]@Delete | (since 3.0.4) One param for each restriction to
delete.  The parameter value is ignored and can be anything. |
+
+The `order` parameter may have the following values:
+
+| Value | Description |
+|--|--|
+| `first` | Place the target entry as the first amongst its siblings |
+| `last` | Place the target entry as the last amongst its siblings |
+| `before *xyz*` | Place the target entry immediately before the sibling whose name is *xyz*
|
+| `after *xyz*` | Place the target entry immediately after the sibling whose name is *xyz*
|
+| numeric | Place the target entry at the indicated numeric place amongst its siblings where
*0* is equivalent to `first` and *1* means the second place |
 
 
 Responses:
 | 200 | Success |
 | 500  | Failure, HTML (or JSON) explains failure. |
+
 Example with curl:
 
     curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html
 
+Single value restriction example with curl:
+
+    curl -FprincipalId=myuser -Fprivilege@jcr:read=granted -Frestriction@rep:glob=child1
http://localhost:8080/test/node.modifyAce.html
+
+Multi value restriction example with curl:
+
+    curl -FprincipalId=myuser -Fprivilege@jcr:read=granted -Frestriction@rep:itemNames=name1
-Frestriction@rep:itemNames=name2 http://localhost:8080/test/node.modifyAce.html
+
+Remove existing restriction example with curl:
+
+    curl -FprincipalId=myuser -Frestriction@rep:glob@Delete=yes http://localhost:8080/test/node.modifyAce.html
 
 
 ## Delete permissions
 
 To delete permissions for a node POST a request to `/<path-to-the-node>.deleteAce.<html
or json>`. The following parameters are available:
   
-  
-  
-  
 
 Responses:
 | 200 | Success |
@@ -102,4 +106,4 @@ Example:
 
 <div class="note">
 See section 16.3 of the JCR 2.0 specification for an explanation of the difference between
bound and effective policies.
-</div>
\ No newline at end of file
+</div>
diff --git a/src/main/jbake/content/releases.md b/src/main/jbake/content/releases.md
index 3044cf8..3b2b9bc 100644
--- a/src/main/jbake/content/releases.md
+++ b/src/main/jbake/content/releases.md
@@ -8,6 +8,7 @@ This is a list of all our releases, available from our [downloads](/downloads.cg
 
 ## December 2018
 
+* JCR Jackrabbit Access Manager 3.0.4, JCR ContentLoader 2.3.0 (20th)
 * API 2.20.0, Servlets Resolver 2.5.2, Servlets Annotations 1.2.4 (18th)
 * Capabilities 0.1.2, Capabilities JCR 0.1.2 (17th)
 * JCR Base 3.0.6 (16th)
diff --git a/src/main/jbake/templates/downloads.tpl b/src/main/jbake/templates/downloads.tpl
index 654349f..6b289ba 100644
--- a/src/main/jbake/templates/downloads.tpl
+++ b/src/main/jbake/templates/downloads.tpl
@@ -126,10 +126,10 @@ def bundles=[
   "JCR API Wrapper|org.apache.sling.jcr.jcr-wrapper|2.0.0|Y|jar",
   "JCR Base|org.apache.sling.jcr.base|3.0.6|Y|jar",
   "JCR ClassLoader|org.apache.sling.jcr.classloader|3.2.4|Y|jar",
-  "JCR Content Loader|org.apache.sling.jcr.contentloader|2.2.6|Y|jar",
+  "JCR Content Loader|org.apache.sling.jcr.contentloader|2.3.0|Y|jar",
   "JCR Content Parser|org.apache.sling.jcr.contentparser|1.2.6|Y|jar",
   "JCR DavEx|org.apache.sling.jcr.davex|1.3.10|Y|jar",
-  "JCR Jackrabbit AccessManager|org.apache.sling.jcr.jackrabbit.accessmanager|3.0.2|Y|jar",
+  "JCR Jackrabbit AccessManager|org.apache.sling.jcr.jackrabbit.accessmanager|3.0.4|Y|jar",
   "JCR Jackrabbit UserManager|org.apache.sling.jcr.jackrabbit.usermanager|2.2.8|Y|jar",
   "JCR Oak Server|org.apache.sling.jcr.oak.server|1.2.2|Y|jar",
   "JCR Registration|org.apache.sling.jcr.registration|1.0.6|Y|jar",


Mime
View raw message