# Complete example with several intermixed statement types
# 
# This file should contain a self-explaining example of every repoinit
# statement, to serve as a general example.
#
# Please update the docs at
# https://sling.apache.org/documentation/bundles/repository-initialization.html
# if changing this file, it contains a somewhat adapted version of this. And
# indicate there from which version of which bundles a new feature is available.
#

create service user user1, u-ser_2
set ACL on /libs,/apps
    remove * for user1,u-ser_2
    allow jcr:read for user1,u-ser_2

    deny jcr:write for u-ser_2
    deny jcr:lockManagement for user1
    remove jcr:understand,some:other for u3
end

create service user bob_the_service
create service user zoo_the_keeper with path relative/zoo
create service user zoo_the_keeper with path /absolute/zoo

# Verify that indent is not required
set ACL on /tmp
allow some:otherPrivilege for bob_the_service
end

# Nodetypes inside the path apply to just that path element
create path /content/example.com(sling:Folder)

# A nodetype in front is used as the default for all path elements
create path (nt:unstructured) /var

set ACL for alice, bob,fred
    remove * on /
    allow jcr:read on /content,/var
    deny jcr:write on /content/example.com
    deny jcr:all on / nodetypes example:Page
    
end

set ACL for restrictions_examples
    deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
    allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
    allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
    allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*)
    # empty rep:glob means "apply to this node but not its children"
    allow jcr:something on / restriction(rep:glob)

end

register namespace ( NSprefix ) uri:someURI/v1.42

register nodetypes
<<===
    <slingevent='http://sling.apache.org/jcr/event/1.0'>
    
<<  [slingevent:Event] > nt:unstructured, nt:hierarchyNode
      - slingevent:topic (string)
      - slingevent:properties (binary)
===>>

register privilege crx:replicate
register privilege priv
register abstract privilege abstract_priv
register privilege priv with declared_aggregate_priv
register privilege priv with declared_aggregate_priv1,declared_aggregate_priv2

create user userE with password {someEncoding} afdgwdsdf
create user one_with-more-chars.ok:/123456 with password {encoding_with.ok-:/12345} pw-with.ok-:/13456
create user userF with path /for/userF
create user userG with path /for/userG with password ggg
create user userH with path for/userH
create user userJ with path for/userJ with password jjj
create service user the-last-one

disable service user svc1 : "This  is the message"

# Groups are supported since version 1.2.4, SLING-8219
create group since124_A
create group since124_B with path /path_B
delete group since124_C

# Home function maps to user and group home folders
set ACL on home(alice)
  allow jcr:one for alice, bob, carol
end

set ACL for bob
  allow jcr:two on home(alice), /another/path, home(larry)
end  

set ACL on home(alice)/sub/folder/of/their/homes
  allow jcr:three for fred
end

# Add/remove principals to group, since V1.5.2
add user1,user2 to group grpA
remove user3,user5 from group grpB
