forked from tls-kr/tls-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
post-install.xql
52 lines (39 loc) · 1.56 KB
/
post-install.xql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
xquery version "3.1";
(:~ The post-install runs after contents are copied to db.
:
: @version 0.6.0
: @see http://www.adamretter.org.uk/presentations/security-in-existdb_xml-prague_existdb_20120210.pdf
: @see http://localhost:8080/exist/apps/doc/security.xml?field=all&id=D3.21.11#permissions
:)
(: The following external variables are set by the repo:deploy function :)
(: file path pointing to the exist installation directory :)
declare variable $home external;
(: path to the directory containing the unpacked .xar package :)
declare variable $dir external;
(: the target collection into which the app is deployed :)
declare variable $target external;
declare variable $api := $target || "/api";
declare variable $ace := $target || '/modules/admin';
declare variable $modules := $target || '/modules';
(: set perm on api :)
declare function local:special-permission($uri as xs:string, $perm as xs:string) as empty-sequence() {
for $res in xmldb:get-child-resources($uri)
let $path := $uri || "/" || $res
return
( sm:chown(xs:anyURI($path), "admin"),
sm:chgrp(xs:anyURI($path), "dba"),
sm:chmod(xs:anyURI($path), $perm) )
};
(: ace functions are admin only :)
sm:chown(xs:anyURI($ace), "admin"),
sm:chgrp(xs:anyURI($ace), "dba"),
sm:chmod(xs:anyURI($ace), 'rwxrwx---'),
local:special-permission($ace, 'rwxrwx---')
(: set execute on api for world :)
,
for $res in xmldb:get-child-resources($api)
let $path := $api || "/" || $res
return
sm:chmod(xs:anyURI($path), "rwxrwxr-x")
(: special treatment :)
(:,sm:chmod(xs:anyURI($api || "/save_swl.xql"), 'rwsrws--x'):)