Wonno · January 16, 2019 14:50
diff --git a/nexus-repo-manager-privilege-example.groovy b/nexus-repo-manager-privilege-example.groovy
 import org.sonatype.nexus.common.entity.*
 import org.sonatype.nexus.security.*
 import org.sonatype.nexus.security.authz.*
 import org.sonatype.nexus.selector.*

 import com.google.common.collect.ImmutableMap

 // use container.lookup to fetch internal APIs we need to use
 def selectorManager = container.lookup(SelectorManager.class.name)
 def securitySystem = container.lookup(SecuritySystem.class.name)
 def authorizationManager = securitySystem.getAuthorizationManager('default')

 // create content selector (if not already present)
 def selectorConfig = new SelectorConfiguration(
    name: 'mycompany-custom-selector',
    type: 'jexl',
    description: 'selector for my custom package',
    attributes: ['expression': 'coordinate.groupId =^ "com.mycompany"']
 )
 if (selectorManager.browse().find { it -> it.name == selectorConfig.name } == null) {
  selectorManager.create(selectorConfig)
 }

 // create snapshot and release repositories
 def snapshotName = "mycompany-maven-snapshots"
 def releaseName = "mycompany-maven-releases"
 repository.createMavenHosted(snapshotName, 'default', false,
    org.sonatype.nexus.repository.maven.VersionPolicy.SNAPSHOT,
    org.sonatype.nexus.repository.storage.WritePolicy.ALLOW)
 repository.createMavenHosted(releaseName, 'default', false,
    org.sonatype.nexus.repository.maven.VersionPolicy.RELEASE,
    org.sonatype.nexus.repository.storage.WritePolicy.ALLOW_ONCE)

 // create content selector privilege for release repo
 def releaseProperties = ImmutableMap.builder()
  .put("content-selector", selectorConfig.name)
  .put("repository", releaseName)
  .put("actions", "browse,read,edit")
  .build()
 def releasePrivilege = new org.sonatype.nexus.security.privilege.Privilege(
    id: "mycompany-release-priv",
    version: '',
    name: "mycompany-release-priv",
    description: "Content Selector Release privilege",
    type: "repository-content-selector",
    properties: releaseProperties
 )
 authorizationManager.addPrivilege(releasePrivilege)

 // create content selector privilege for snapshot repo
 def snapshotProperties = ImmutableMap.builder()
  .put("content-selector", selectorConfig.name)
  .put("repository", snapshotName)
  .put("actions", "browse,read,edit")
  .build()
 def snapshotPrivilege = new org.sonatype.nexus.security.privilege.Privilege(
    id: "mycompany-snapshot-priv",
    version: '',
    name: "mycompany-snapshot-priv",
    description: "Content Selector Snapshot privilege",
    type: "repository-content-selector",
    properties: snapshotProperties
 )
 authorizationManager.addPrivilege(snapshotPrivilege)

 // create a role with the snapshot and release privileges
 def role = new org.sonatype.nexus.security.role.Role(
    roleId: "mycompany-role",
    source: "Nexus",
    name: "mycompany-role",
    description: "My Company Role",
    readOnly: false,
    privileges: [ snapshotPrivilege.id, releasePrivilege.id ],
    roles: []
 )
 authorizationManager.addRole(role)

 // add a local user account with the role
 security.addUser("devuser",
      "Delilah", "Developer",
      "[email protected]", true,
      "devpassword", [ role.roleId ])
	import org.sonatype.nexus.common.entity.*
	import org.sonatype.nexus.security.*
	import org.sonatype.nexus.security.authz.*
	import org.sonatype.nexus.selector.*

	import com.google.common.collect.ImmutableMap

	// use container.lookup to fetch internal APIs we need to use
	def selectorManager = container.lookup(SelectorManager.class.name)
	def securitySystem = container.lookup(SecuritySystem.class.name)
	def authorizationManager = securitySystem.getAuthorizationManager('default')

	// create content selector (if not already present)
	def selectorConfig = new SelectorConfiguration(
	name: 'mycompany-custom-selector',
	type: 'jexl',
	description: 'selector for my custom package',
	attributes: ['expression': 'coordinate.groupId =^ "com.mycompany"']
	)
	if (selectorManager.browse().find { it -> it.name == selectorConfig.name } == null) {
	selectorManager.create(selectorConfig)
	}

	// create snapshot and release repositories
	def snapshotName = "mycompany-maven-snapshots"
	def releaseName = "mycompany-maven-releases"
	repository.createMavenHosted(snapshotName, 'default', false,
	org.sonatype.nexus.repository.maven.VersionPolicy.SNAPSHOT,
	org.sonatype.nexus.repository.storage.WritePolicy.ALLOW)
	repository.createMavenHosted(releaseName, 'default', false,
	org.sonatype.nexus.repository.maven.VersionPolicy.RELEASE,
	org.sonatype.nexus.repository.storage.WritePolicy.ALLOW_ONCE)

	// create content selector privilege for release repo
	def releaseProperties = ImmutableMap.builder()
	.put("content-selector", selectorConfig.name)
	.put("repository", releaseName)
	.put("actions", "browse,read,edit")
	.build()
	def releasePrivilege = new org.sonatype.nexus.security.privilege.Privilege(
	id: "mycompany-release-priv",
	version: '',
	name: "mycompany-release-priv",
	description: "Content Selector Release privilege",
	type: "repository-content-selector",
	properties: releaseProperties
	)
	authorizationManager.addPrivilege(releasePrivilege)

	// create content selector privilege for snapshot repo
	def snapshotProperties = ImmutableMap.builder()
	.put("content-selector", selectorConfig.name)
	.put("repository", snapshotName)
	.put("actions", "browse,read,edit")
	.build()
	def snapshotPrivilege = new org.sonatype.nexus.security.privilege.Privilege(
	id: "mycompany-snapshot-priv",
	version: '',
	name: "mycompany-snapshot-priv",
	description: "Content Selector Snapshot privilege",
	type: "repository-content-selector",
	properties: snapshotProperties
	)
	authorizationManager.addPrivilege(snapshotPrivilege)

	// create a role with the snapshot and release privileges
	def role = new org.sonatype.nexus.security.role.Role(
	roleId: "mycompany-role",
	source: "Nexus",
	name: "mycompany-role",
	description: "My Company Role",
	readOnly: false,
	privileges: [ snapshotPrivilege.id, releasePrivilege.id ],
	roles: []
	)
	authorizationManager.addRole(role)

	// add a local user account with the role
	security.addUser("devuser",
	"Delilah", "Developer",
	"[email protected]", true,
	"devpassword", [ role.roleId ])