Apache-Sling
view release on metacpan or search on metacpan
lib/Apache/Sling/Authz.pm view on Meta::CPAN
my $message = "Privileges on \"$remoteDest\" for \"$principal\" ";
$message .= ( $success ? "removed." : "were not removed." );
$content->set_results( "$message", $res );
return $success;
}
#}}}
#{{{sub get_acl
=pod
=head2 get_acl
Return the access control list for the node in JSON format
=cut
sub get_acl {
my ( $content, $remoteDest ) = @_;
my $res = Apache::Sling::Request::request(
\$content,
Apache::Sling::AuthzUtil::get_acl_setup(
$content->{'BaseURL'}, $remoteDest
)
);
my $success = Apache::Sling::AuthzUtil::get_acl_eval($res);
my $message = (
$success
? ${$res}->content
: "Could not view ACL for \"$remoteDest\""
);
$content->set_results( "$message", $res );
return $success;
}
#}}}
#{{{ sub help
sub help {
print <<"EOF";
Usage: perl $0 [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
The following options are accepted:
--auth (type) - Specify auth type. If ommitted, default is used.
--delete or -d - delete access control list for node for principal.
--help or -? - view the script synopsis and options.
--log or -L (log) - Log script output to specified log file.
--man or -M - view the full script documentation.
--(no-)addChildNodes - Grant or deny the addChildNodes privilege
--(no-)all - Grant or deny all above privileges
--(no-)modifyACL - Grant or deny the modifyACL privilege
--(no-)modifyProps - Grant or deny the modifyProperties privilege
--(no-)readACL - Grant or deny the readACL privilege
--(no-)read - Grant or deny the read privilege
--(no-)removeChilds - Grant or deny the removeChildNodes privilege
--(no-)removeNode - Grant or deny the removeNode privilege
--(no-)write - Grant or deny the write privileges:
modifyProperties,addChildNodes,removeNode,removeChildNodes
--pass or -p (password) - Password of user performing content manipulations.
--principal or -P (principal) - Principal to grant, deny, or delete privilege for.
--remote or -r (remoteNode) - specify remote node under JCR root to act on.
--url or -U (URL) - URL for system being tested against.
--user or -u (username) - Name of user to perform content manipulations as.
--verbose or -v or -vv or -vvv - Increase verbosity of output.
--view or -V - view access control list for node.
Options may be merged together. -- stops processing of options.
Space is not required between options and their arguments.
For full details run: perl $0 --man
EOF
return 1;
}
#}}}
#{{{ sub man
sub man {
my ($authz) = @_;
print <<'EOF';
authz perl script. Provides a means of manipulating access control on content
in sling from the command line. This script can be used to get, set, update and
delete content permissions. It also acts as a reference implementation for the
Authz perl library.
EOF
$authz->help();
print <<"EOF";
* Authenticate and view the ACL for the /data node:
perl $0 -U http://localhost:8080 -r /data -V -u admin -p admin
* Authenticate and grant the read privilege to the owner principal, view the result:
perl $0 -U http://localhost:8080 -r /testdata -P owner --read -u admin -p admin -V
* Authenticate and grant the modifyProps privilege to the everyone principal, * view the result:
perl $0 -U http://localhost:8080 -r /testdata -P everyone --modifyProps -u admin -p admin -V
* Authenticate and deny the addChildNodes privilege to the testuser principal, * view the result:
perl $0 -U http://localhost:8080 -r /testdata -P testuser --no-addChildNodes -u admin -p admin -V
* Authenticate with form based authentication and grant the read and write privileges to the g-testgroup principal, log the results, including the resulting JSON, to authz.log:
perl $0 -U http://localhost:8080 -r /testdata -P g-testgroup --read --write -u admin -p admin --auth form -V -L authz.log
JSR-283 privileges:
The following privileges are not yet supported, but may be soon:
--(no-)lockManage - Grant or deny the lockManagement privilege
--(no-)versionManage - Grant or deny the versionManagement privilege
--(no-)nodeTypeManage - Grant or deny the nodeTypeManagement privilege
( run in 0.382 second using v1.01-cache-2.11-cpan-8f98c5d2c55 )