Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

ACL package backup of AEM groups programatically AEMaaCS

Avatar

Community Advisor

Hi All,

 

I have ~800 user groups which I need to take a back up from AEMaaCS using acl-packager ( refer below url )

 

https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.ht...

 

I am trying to copy past the groups 1 by 1 into the package definition. But it's not worth doing it. Is there any automated way to create the ACL package programatically ?

 

Any suggestions are appreciated. Thank you in advance. 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Jagadeesh_Prakash 

This is very basic example of a groovy

import com.day.cq.security.util.AuthorizableUtil
import org.apache.jackrabbit.vault.fs.api.PathFilterSet
import org.apache.jackrabbit.vault.packaging.JcrPackage
import org.apache.jackrabbit.vault.packaging.JcrPackageDefinition
import org.apache.jackrabbit.vault.packaging.PackageManager
import org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl
import javax.jcr.Session

def session = repository.loginService("readService", null) // Use service user for security best practices
def packageManager = new JcrPackageManagerImpl(session)
def packageName = "acl-package"
def packageGroup = "my-packages"
def packageVersion = "1.0"

// Create package path
def packagePath = "/etc/packages/${packageGroup}/${packageName}-${packageVersion}.zip"

// Create a new package
JcrPackage jcrPackage = packageManager.create(packageGroup, packageName, packageVersion)
JcrPackageDefinition packageDefinition = jcrPackage.getDefinition()
packageDefinition.set("description", "Package containing ACLs and content")

// Create filter to include nodes and ACLs
def filter = packageDefinition.getMetaInf().getFilter()

// Paths to include
def paths = ["/home/users", "/home/groups"]
def contentPath = "/content"

// Add paths to the filter
paths.each { path ->
    def filterSet = new PathFilterSet(path)
    filter.add(filterSet)
    
    // Include ACLs for each path
    def aclFilterSet = new PathFilterSet(path + "/rep:policy")
    filter.add(aclFilterSet)
}

// Include ACLs for the /content section for those groups
def groupManager = session.getUserManager().getGroupManager()
def allGroups = groupManager.findAuthorizables("rep:groupId", "*", AuthorizableType.GROUP)
allGroups.each { group ->
    def groupId = group.getID()
    def groupAclPath = "${contentPath}/rep:policy/rep:principalName/${groupId}"
    if (session.itemExists(groupAclPath)) {
        def contentAclFilterSet = new PathFilterSet(groupAclPath)
        filter.add(contentAclFilterSet)
    }
}

// Save the package
jcrPackage.save(session)
session.save()
session.logout()

println "ACL package created successfully at ${packagePath}"


Arun Patidar

View solution in original post

8 Replies

Avatar

Community Advisor

@Jagadeesh_Prakash 

 

I haven't done this myself but found this article where there is python script to do this. Check this link out which might be helpful to you.

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-16448

 

Avatar

Community Advisor

@gkalyan  I got it but I have ~500 + user groups. So Its bit hard for me to execute and find the path and do the package. Rather I use acl-package instead. Anyways thank you 

Avatar

Community Advisor

Hi @gkalyan 
Sorry, I overlooked.

@Jagadeesh_Prakash  if yo have a groovy script enabled then you can use groovy to create package with any definition/paths.



Arun Patidar

Avatar

Community Advisor

@arunpatidar Yes that's the option I was looking at. But you have any sample with that can you post it here. Or else once I am done with the groovy I will post it as well. 

Avatar

Correct answer by
Community Advisor

Hi @Jagadeesh_Prakash 

This is very basic example of a groovy

import com.day.cq.security.util.AuthorizableUtil
import org.apache.jackrabbit.vault.fs.api.PathFilterSet
import org.apache.jackrabbit.vault.packaging.JcrPackage
import org.apache.jackrabbit.vault.packaging.JcrPackageDefinition
import org.apache.jackrabbit.vault.packaging.PackageManager
import org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl
import javax.jcr.Session

def session = repository.loginService("readService", null) // Use service user for security best practices
def packageManager = new JcrPackageManagerImpl(session)
def packageName = "acl-package"
def packageGroup = "my-packages"
def packageVersion = "1.0"

// Create package path
def packagePath = "/etc/packages/${packageGroup}/${packageName}-${packageVersion}.zip"

// Create a new package
JcrPackage jcrPackage = packageManager.create(packageGroup, packageName, packageVersion)
JcrPackageDefinition packageDefinition = jcrPackage.getDefinition()
packageDefinition.set("description", "Package containing ACLs and content")

// Create filter to include nodes and ACLs
def filter = packageDefinition.getMetaInf().getFilter()

// Paths to include
def paths = ["/home/users", "/home/groups"]
def contentPath = "/content"

// Add paths to the filter
paths.each { path ->
    def filterSet = new PathFilterSet(path)
    filter.add(filterSet)
    
    // Include ACLs for each path
    def aclFilterSet = new PathFilterSet(path + "/rep:policy")
    filter.add(aclFilterSet)
}

// Include ACLs for the /content section for those groups
def groupManager = session.getUserManager().getGroupManager()
def allGroups = groupManager.findAuthorizables("rep:groupId", "*", AuthorizableType.GROUP)
allGroups.each { group ->
    def groupId = group.getID()
    def groupAclPath = "${contentPath}/rep:policy/rep:principalName/${groupId}"
    if (session.itemExists(groupAclPath)) {
        def contentAclFilterSet = new PathFilterSet(groupAclPath)
        filter.add(contentAclFilterSet)
    }
}

// Save the package
jcrPackage.save(session)
session.save()
session.logout()

println "ACL package created successfully at ${packagePath}"


Arun Patidar