#
#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.
[feature name=cms]

[variables]
    oak.version=1.16.0

[artifacts startLevel=5]
    org.apache.sling/org.apache.sling.cms.api/${cms.version}
    org.apache.sling/org.apache.sling.cms.ui/${cms.version}
    com.github.livesense/org.liveSense.fragment.sun.misc/1.0.5

[artifacts startLevel=15]
    com.vladsch.flexmark/flexmark-osgi/0.50.44
    org.apache.cocoon/cocoon-serializers-charsets/1.0.2
    org.apache.commons/commons-compress/1.19
    org.apache.commons/commons-email/1.5
    org.apache.commons/commons-math3/3.6.1
    org.apache.jackrabbit/oak-auth-external/${oak.version}
    org.apache.jackrabbit/oak-auth-ldap/${oak.version}
    org.apache.servicemix.bundles/org.apache.servicemix.bundles.xmlbeans/3.0.2_1
    org.apache.sling/org.apache.sling.fileoptim/0.9.4
    org.apache.sling/org.apache.sling.resourcemerger/1.3.10
    org.jsoup/jsoup/1.12.1

[artifacts startLevel=20]
    com.sun.mail/javax.mail/1.6.2
    org.apache.commons/commons-text/1.8
    org.apache.servicemix.bundles/org.apache.servicemix.bundles.jasypt/1.9.3_1
    org.apache.servicemix.bundles/org.apache.servicemix.bundles.poi/4.1.1_1
    org.apache.sling/org.apache.sling.cms.core/${cms.version}
    org.apache.sling/org.apache.sling.cms.reference/${cms.version}
    org.apache.sling/org.apache.sling.cms.transformer/${cms.version}
    org.apache.sling/org.apache.sling.commons.crypto/1.0.0
    org.apache.sling/org.apache.sling.commons.messaging.mail/1.0.0
    org.apache.sling/org.apache.sling.commons.messaging/1.0.0
    org.apache.tika/tika-bundle/1.22

[:repoinit]

    # CMS root paths
    create path (sling:OrderedFolder) /etc/i18n
    set ACL for everyone
        allow   jcr:read	on /etc/i18n
    end
    create path (sling:OrderedFolder) /etc/taxonomy
    set ACL for everyone
        allow   jcr:read	on /etc/taxonomy
    end
    create path (sling:OrderedFolder) /static
    set ACL for everyone
        allow   jcr:read	on /static
    end
    create path (sling:OrderedFolder) /conf
    set ACL for everyone
        allow   jcr:read	on /conf
    end
    create path (sling:OrderedFolder) /content
    create path (sling:OrderedFolder) /etc/usergenerated
    set ACL for everyone
        allow   jcr:read    on /etc/usergenerated
    end


    # Groups
    create path (rep:AuthorizableFolder) /home/groups
    create path (rep:AuthorizableFolder) /home/groups/sling-cms
    create group administrators with path sling-cms
    set ACL for administrators
        allow   jcr:all    on /
    end
    create group authors with path sling-cms
    set ACL for authors
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
        allow   jcr:read    on /
    end
    create group job-users with path sling-cms
    create group taxonomy-users with path sling-cms
    set ACL for taxonomy-users
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/taxonomy
    end
    create group ugc-users with path sling-cms
    set ACL for ugc-users
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
    end

    # Service users
    create service user sling-cms-error
    set ACL for sling-cms-error
    	allow	jcr:read	on /
    end
    create service user sling-cms-metadata
    set ACL for sling-cms-metadata
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
        allow   jcr:read    on /
    end
    create service user sling-cms-transformer
    set ACL for sling-cms-transformer
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
        allow   jcr:read    on /
    end
    create service user sling-rewriter
    set ACL for sling-rewriter
        allow   jcr:read    on /
    end
    create service user sling-cms-ugc
    set ACL for sling-cms-ugc
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
    end
    create service user sling-cms-versionmgr
    set ACL for sling-cms-versionmgr
        allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
    end


[configurations]
  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling-cms-error
     user.mapping=[
        "org.apache.sling.cms.core:sling-cms-error\=sling-cms-error",
        "org.apache.sling.models.impl:sling-cms-error\=sling-cms-error"
    ]

  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling-cms-metadata
     user.mapping=[
        "org.apache.sling.cms.core:sling-cms-metadata\=sling-cms-metadata"
    ]

  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling-cms-transformer
     user.mapping=[
        "org.apache.sling.cms.transformer:sling-cms-transformer\=sling-cms-transformer"
    ]

  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling-cms-versionmgr
     user.mapping=[
        "org.apache.sling.cms.core:sling-cms-versionmgr\=sling-cms-versionmgr"
    ]

  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling-cms-ugc
     user.mapping=[
        "org.apache.sling.cms.core:sling-cms-ugc\=sling-cms-ugc"
    ]

  org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling.rewriter
     user.mapping=[
        "org.apache.sling.rewriter\=sling-rewriter"
    ]

  org.apache.felix.hc.generalchecks.ServicesCheck-securityfilterconfigured
    hc.name="Sling CMS - Security Filter Configured"
    hc.tags=["configuration"]
    statusForMissing="WARN"
    services.list=["(component.name\=org.apache.sling.cms.core.internal.filters.CMSSecurityFilter)"]

  org.apache.sling.hc.support.DefaultLoginsHealthCheck-slingcms
    logins=["admin:admin"]
    hc.name="Sling CMS - Default Logins Check"
    hc.tags=["configuration"]

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-jobqueue
    mbean.name="org.apache.sling:type\=queues,name\=AllQueues"
    hc.name="Sling - Job Queue"
    hc.tags=["sling","system-resources"]
    attribute.value.constraint="< 1000"
    attribute.name="NumberOfQueuedJobs"
    statusForFailedContraint="WARN"

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-requestdurationwarn
    mbean.name="org.apache.sling:type\=engine,service\=RequestProcessor"
    hc.name="Sling - StdDev Request Duration (WARN)"
    hc.tags=["sling","system-resources"]
    attribute.value.constraint="matches (1)?\\d?\\d\\..*"
    attribute.name="StandardDeviationDurationMsec"
    statusForFailedContraint="WARN"

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-requestdurationcritical
    mbean.name="org.apache.sling:type\=engine,service\=RequestProcessor"
    hc.name="Sling - StdDev Request Duration (CRITICAL)"
    hc.tags=["sling","system-resources"]
    attribute.value.constraint="matches (1|2|3|4)?\\d?\\d\\..*"
    attribute.name="StandardDeviationDurationMsec"
    statusForFailedContraint="CRITICAL"

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-index
    mbean.name="org.apache.jackrabbit.oak:name\=async,type\=IndexStats"
    hc.name="Jackrabbit Oak - Index"
    hc.tags=["oak","system-resources"]
    attribute.value.constraint="false"
    attribute.name="Failing"
    statusForFailedContraint="CRITICAL"

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-luceneindex
    mbean.name="org.apache.jackrabbit.oak:name\=Lucene Index statistics,type\=LuceneIndex"
    hc.name="Jackrabbit Oak - Lucene Index"
    hc.tags=["oak","system-resources"]
    attribute.value.constraint="false"
    attribute.name="Failing"
    statusForFailedContraint="CRITICAL"

  org.apache.felix.hc.generalchecks.JmxAttributeCheck-slowqueries
    mbean.name="org.apache.jackrabbit.oak:name\=Oak Query Statistics,type\=QueryStats"
    hc.name="Jackrabbit Oak - Slow Queries"
    hc.tags=["oak","system-resources"]
    attribute.value.constraint="0"
    attribute.name="SlowQueriesQueueSize"
    statusForFailedContraint="WARN"

  org.apache.sling.servlets.get.DefaultGetServlet
    index.files=["index","index.html"]
    aliases=[""]
    enable.html=B"false"
    json.maximumresults=I"200"
    enable.txt=B"false"
    enable.xml=B"false"
    index=B"false"
    enable.json=B"true"
    ecmaSuport=B"true"
