all/src/main/content/jcr_root/apps/acs-commons/config/org.apache.sling.jcr.repoinit.RepositoryInitializer-acs-commons-all.config
scripts=[
"
# These paths must exist otherwise the following ACL applicaiton will fail, resulting in err'ing build
create path /content/cq:tags(sling:Folder)
create path /etc/packages(sling:Folder)
# create default contextual configuration for redirects: /conf/global/settings/redirects
create path /conf/global(sling:Folder)
create path /conf/global/settings(sling:Folder)
create path /conf/global/settings/redirects(nt:unstructured)
# See https://github.com/Adobe-Consulting-Services/acs-aem-commons/commit/246afa6746abf1678975bc68f8ecb9a983548d36
create path /var/acs-commons(nt:folder)
set ACL for everyone
allow jcr:read on /var/acs-commons
end
create path /etc/acs-commons(sling:OrderedFolder)
create path /etc/acs-commons/redirect-maps(sling:OrderedFolder)
create path /etc/acs-commons/redirect-maps/jcr:content(nt:unstructured)
set ACL for everyone
allow jcr:read on /etc/acs-commons/redirect-maps
end
# Not supported in 6.4.8
#set properties on /conf/global/settings/redirects
# set sling:resourceType{String} to acs-commons/components/utilities/manage-redirects/redirects
#end
# user to invalidate cached redirects on change
create service user acs-commons-manage-redirects-service with path system/acs-commons
set ACL for acs-commons-manage-redirects-service
allow jcr:read on /
allow jcr:read on /conf
end
# Marketo config service needs to be able to read /conf and /content
create service user acs-commons-marketo-conf-service with path system/acs-commons
set ACL for acs-commons-marketo-conf-service
allow jcr:read on /conf
allow jcr:read on /content
end
# web requests need read access to redirect configurations, e.g. /conf/global/settings/redirects
set ACL for everyone
allow jcr:read on /conf restriction(rep:glob,/*/settings/redirects)
allow jcr:read on /conf restriction(rep:glob,/*/settings/redirects/*)
end
create service user acs-commons-automatic-package-replicator-service with path system/acs-commons
create path /etc/acs-commons/automatic-package-replication(sling:OrderedFolder)
set ACL for acs-commons-automatic-package-replicator-service
allow jcr:read,jcr:versionManagement,rep:write,crx:replicate on /etc/packages
allow jcr:read on /
allow jcr:read on /etc/acs-commons/automatic-package-replication
end
# Component error handler
create service user acs-commons-component-error-handler-service with path system/acs-commons
set ACL for acs-commons-component-error-handler-service
allow jcr:read on /content
allow jcr:read on /apps
end
# Email Service
create service user acs-commons-email-service with path system/acs-commons
create path (sling:Folder) /etc/notification/email
set ACL for acs-commons-email-service
allow jcr:read on /etc/notification/email
end
# Error page handler
create service user acs-commons-error-page-handler-service with path system/acs-commons
set ACL for acs-commons-error-page-handler-service
allow jcr:read on /content
end
# HTTP Cache JCR storage provider
create service user acs-commons-httpcache-jcr-storage-service with path system/acs-commons
create path /var/acs-commons/httpcache(sling:Folder)
set ACL for acs-commons-httpcache-jcr-storage-service
allow jcr:read, rep:write on /var/acs-commons/httpcache
end
# Share Component Properties
create service user acs-commons-shared-component-props-service with path system/acs-commons
set ACL for acs-commons-shared-component-props-service
allow jcr:read on /apps
end
# Package Garbage Collection
create service user acs-commons-package-garbage-collection-service with path system/acs-commons
set ACL for acs-commons-package-garbage-collection-service
allow jcr:read, rep:write on /etc/packages
end
# AEM 6.5 - Root ACLs
create service user acs-commons-dispatcher-flush-service with path system/acs-commons
set ACL for acs-commons-dispatcher-flush-service
allow jcr:read,crx:replicate,jcr:removeNode on /
end
# AEM 6.5 - Ensure Service User
create service user acs-commons-ensure-service-user-service with path system/acs-commons
set ACL for acs-commons-ensure-service-user-service
allow jcr:read, rep:write, jcr:readAccessControl, jcr:modifyAccessControl on /
allow rep:userManagement on /home/users
allow rep:userManagement on /home/groups
end
# AEM 6.5 - On Deploy Scripts
create service user acs-commons-on-deploy-scripts-service with path system/acs-commons
create path /var/acs-commons/on-deploy-scripts-status(sling:OrderedFolder)
set ACL for acs-commons-on-deploy-scripts-service
allow jcr:read on /
allow jcr:versionManagement, jcr:read, rep:write, jcr:lockManagement on /var/acs-commons/on-deploy-scripts-status
allow jcr:versionManagement, jcr:read, rep:write, jcr:lockManagement, crx:replicate on /content
allow jcr:versionManagement, jcr:read, rep:write, jcr:lockManagement on /etc
end
# AEM 6.5 - Ensure Oak Index
create service user acs-commons-ensure-oak-index-service with path system/acs-commons
set ACL for acs-commons-ensure-oak-index-service
allow jcr:read on /apps
allow jcr:read,rep:write,rep:indexDefinitionManagement on /oak:index
end
"
]