import org.sonatype.nexus.common.entity.*import org.sonatype.nexus.security.*i

1. import org.sonatype.nexus.common.entity.*
2. import org.sonatype.nexus.security.*
3. import org.sonatype.nexus.security.authz.*
4. import org.sonatype.nexus.selector.*
5.  
6. import com.google.common.collect.ImmutableMap
7.  
8. // use container.lookup to fetch internal APIs we need to use
9. def selectorManager = container.lookup(SelectorManager.class.name)
10. def securitySystem = container.lookup(SecuritySystem.class.name)
11. def authorizationManager = securitySystem.getAuthorizationManager('default')
12.  
13. // create content selector (if not already present)
14. def selectorConfig = new SelectorConfiguration(
15. name: 'mycompany-custom-selector',
16. type: 'jexl',
17. description: 'selector for my custom package',
18. attributes: ['expression': 'coordinate.groupId =^ "com.mycompany"']
19. )
20. if (selectorManager.browse().find { it -> it.name == selectorConfig.name } == null) {
21. selectorManager.create(selectorConfig)
22. }
23.  
24. // create snapshot and release repositories
25. def snapshotName = "mycompany-maven-snapshots"
26. def releaseName = "mycompany-maven-releases"
27. repository.createMavenHosted(snapshotName, 'default', false,
28. org.sonatype.nexus.repository.maven.VersionPolicy.SNAPSHOT,
29. org.sonatype.nexus.repository.storage.WritePolicy.ALLOW)
30. repository.createMavenHosted(releaseName, 'default', false,
31. org.sonatype.nexus.repository.maven.VersionPolicy.RELEASE,
32. org.sonatype.nexus.repository.storage.WritePolicy.ALLOW_ONCE)
33.  
34. // create content selector privilege for release repo
35. def releaseProperties = ImmutableMap.builder()
36. .put("content-selector", selectorConfig.name)
37. .put("repository", releaseName)
38. .put("actions", "browse,read,edit")
39. .build()
40. def releasePrivilege = new org.sonatype.nexus.security.privilege.Privilege(
41. id: "mycompany-release-priv",
42. version: '',
43. name: "mycompany-release-priv",
44. description: "Content Selector Release privilege",
45. type: "repository-content-selector",
46. properties: releaseProperties
47. )
48. authorizationManager.addPrivilege(releasePrivilege)
49.  
50. // create content selector privilege for snapshot repo
51. def snapshotProperties = ImmutableMap.builder()
52. .put("content-selector", selectorConfig.name)
53. .put("repository", snapshotName)
54. .put("actions", "browse,read,edit")
55. .build()
56. def snapshotPrivilege = new org.sonatype.nexus.security.privilege.Privilege(
57. id: "mycompany-snapshot-priv",
58. version: '',
59. name: "mycompany-snapshot-priv",
60. description: "Content Selector Snapshot privilege",
61. type: "repository-content-selector",
62. properties: snapshotProperties
63. )
64. authorizationManager.addPrivilege(snapshotPrivilege)
65.  
66. // create a role with the snapshot and release privileges
67. def role = new org.sonatype.nexus.security.role.Role(
68. roleId: "mycompany-role",
69. source: "Nexus",
70. name: "mycompany-role",
71. description: "My Company Role",
72. readOnly: false,
73. privileges: [ snapshotPrivilege.id, releasePrivilege.id ],
74. roles: []
75. )
76. authorizationManager.addRole(role)
77.  
78. // add a local user account with the role
79. security.addUser("devuser",
80. "Delilah", "Developer",
81. "companydev@mycompany.com", true,
82. "devpassword", [ role.roleId ])