#
#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.
#

# CMS root paths
create path (sling:OrderedFolder) /etc/i18n
set ACL for everyone
    allow   jcr:read	on /etc/i18n
end
create path (sling:OrderedFolder) /etc/taxonomy
set ACL for everyone
    allow   jcr:read	on /etc/taxonomy
end
create path (sling:OrderedFolder) /static
set ACL for everyone
    allow   jcr:read	on /static
end
create path (sling:OrderedFolder) /conf
set ACL for everyone
    allow   jcr:read	on /conf
end
create path (sling:OrderedFolder) /content
create path (sling:OrderedFolder) /etc/usergenerated
set ACL for everyone
    allow   jcr:read    on /etc/usergenerated
end

# Groups
create path (rep:AuthorizableFolder) /home/groups
create path (rep:AuthorizableFolder) /home/groups/sling-cms
create group administrators with path sling-cms
set ACL for administrators
    allow   jcr:all    on /
end
create group authors with path sling-cms
set ACL for authors
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
    allow   jcr:read    on /
end
create group job-users with path sling-cms
create group taxonomy-users with path sling-cms
set ACL for taxonomy-users
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/taxonomy
end
create group ugc-users with path sling-cms
set ACL for ugc-users
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
end

# Service users
create service user sling-cms-metadata
set ACL for sling-cms-metadata
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
    allow   jcr:read    on /
end
create service user sling-cms-transformer
set ACL for sling-cms-transformer
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
    allow   jcr:read    on /
end
create service user sling-cms-ugc
set ACL for sling-cms-ugc
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
end
create service user sling-cms-versionmgr
set ACL for sling-cms-versionmgr
    allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /
    allow   jcr:read    on /jcr:system/jcr:versionStorage
end