@Override protected List<Task> getExtraInstallTasks(InstallContext installContext) { List<Task> list = new ArrayList<Task>(); // We have to enable PUT/DELETE method in /server/IPConfig/allow-all.methods list.add(new CheckAndModifyPropertyValueTask("Enable PUT method", "Enables PUT method in '/server/IPConfig/allow-all.methods'", RepositoryConstants.CONFIG, "/server/IPConfig/allow-all", "methods", "GET,POST", "GET,POST,PUT,DELETE")); list.add(new ArrayDelegateTask("Update 'rest-editor' role", new AddPermissionTask("Update 'rest-editor' role", "Allows access to the REST API documentation interface residing under '/.rest/api-docs' in role 'rest-editor'.", "rest-editor", "uri", "/.rest/commands*", Permission.NONE, false), new AddPermissionTask("Update 'rest-editor' role", "Denies access to the 'nodes' endpoint.", "rest-editor", "uri", "/.rest/nodes*", Permission.NONE, false), new AddPermissionTask("Update 'rest-editor' role", "Allows access to the 'nodes' endpoint for workspace 'website'.", "rest-editor", "uri", "/.rest/nodes/v1/website*", Permission.ALL, false), new AddPermissionTask("Update 'rest-editor' role", "Denies access to the 'properties' endpoint.", "rest-editor", "uri", "/.rest/properties*", Permission.NONE, false), new AddPermissionTask("Update 'rest-editor' role", "Allows access to the 'nodes' properties for workspace 'website'.", "rest-editor", "uri", "/.rest/properties/v1/website*", Permission.ALL, false) )); return list; }
@Override protected List<Task> getExtraInstallTasks(InstallContext installContext) { List<Task> list = new ArrayList<>(); // Add role 'rest-admin' to superuser list.add(new AddRoleToUserTask("Add role 'rest-admin' to user 'superuser'", "superuser", "rest-admin")); // Add role 'rest-anonymous' to anonymous list.add(new AddRoleToUserTask("Add role 'rest-anonymous' to user 'anonymous'", "anonymous", "rest-anonymous")); // Deny web access to '/.rest' in role 'security-base' list.add(new AddPermissionTask("Update 'security-base' role", "Denies access to the REST interfaces residing under '/.rest' to role 'security-base'.", "security-base", "uri", "/.rest*", 0, false)); return list; } }
@Override protected List<Task> getExtraInstallTasks(InstallContext ctx) { final List<Task> tasks = new ArrayList<Task>(); tasks.add(new ModuleDependencyBootstrapTask("dms")); tasks.add(new ModuleDependencyBootstrapTask("data")); tasks.add(inboxMenu); tasks.add(flowsPageMenu); tasks.add(new InstallWorkflowDefinitionTask("Setup default activation workflow definition", "Adds the default activation workflow definition under the /modules/workflow/config/flows/activation config node.", "activation", "info/magnolia/module/workflow/default-activation-workflow.xml")); tasks.add(new InstallWorkflowDefinitionTask("Setup default deactivation workflow definition", "Adds the default deactivation workflow definition under the /modules/workflow/config/flows/deactivation config node.", "deactivation", "info/magnolia/module/workflow/deactivation-workflow.xml")); tasks.add(changeWebsiteTreeConfigurationTask); tasks.add(changeDMSTreeConfigurationTask); // TODO: MAGNOLIA-2979, move that to the samples if (ctx.isModuleRegistered("samples")) { tasks.add(new AddUserToGroupTask("Add sample user eve to the editors group", "eve", "editors")); tasks.add(new AddUserToGroupTask("Add sample user patrick to the publishers group", "patrick", "publishers")); tasks.add(new AddRoleToGroupTask("Update editors group with samples role", "editors","editors")); } tasks.add(new AddUserToGroupTask("Add superuser to the publishers group", "superuser", "publishers")); // MAGNOLIA-2603 and MAGNOLIA-2971 // the worflow base role grants only read permission. Now that the superuser is added to the publisher group he gets this restrictive permission assigned // to allow the superuser editing the workflow definition we have to add that permission explicitly to the superuser role tasks.add(new AddPermissionTask("Update Superuser Role", "Add all those permissions explicitly which could be overwritten by assigning the workflow base role.", "superuser", "config", "/modules/workflow/config/flows", Permission.ALL, true)); return tasks; }
@Override public void execute(InstallContext ctx) throws TaskExecutionException { try { final ModuleDefinition def = ctx.getCurrentModuleDefinition(); // register repositories for (RepositoryDefinition repDef : def.getRepositories()) { for (final String workspace : repDef.getWorkspaces()) { ArrayDelegateTask arrayDelegateTask = new ArrayDelegateTask(String.format("Bootstrap the %s if empty, grant it to superuser and subscribe it if activation is installed so that activation can be used.", workspace), new InitializeWorkspaceTask("", "", workspace), new AddPermissionTask("", "superuser", workspace, "/*", Permission.ALL, false), new SubscribeWorkspaceTask(workspace)); arrayDelegateTask.execute(ctx); } } } catch (Throwable e) { throw new TaskExecutionException("Could not bootstrap workspace: " + e.getMessage(), e); } }
@Test public void autoGeneratedDescription() throws Exception { // GIVEN Task task = new AddPermissionTask("taskName", "roleName", RepositoryConstants.CONFIG, "/path", Permission.ADD, true); // WHEN // THEN assertEquals("Adds permission '/path*=1' for workspace 'config'.", task.getDescription()); } }
new AddPermissionTask("Add read on dam for anonymous role", "", "anonymous", "dam", "/", info.magnolia.cms.security.Permission.READ, true) )); tasks.add(new AppLauncherReorderingTask("assets", "edit", Order.AFTER, "pages"));
.addTask(new AddPermissionTask("Add read permission for rss workspace to 'rss-aggregator-base' role", "rss-aggregator-base", RSSAggregatorConstants.WORKSPACE, "/*", Permission.READ, false)) .addTask(new AddIsPublishedRuleToAllDeactivateActionsTask("", "/modules/rssaggregator/apps/")));