in src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java [445:485]
public static void removePrincipalEntries(
@NotNull SessionContext context, String principalName, Collection<AclLine> lines)
throws RepositoryException {
final JackrabbitAccessControlManager acMgr = context.getAccessControlManager();
Principal principal = context.getPrincipalWithSave(principalName);
checkState(principal != null, PRINCIPAL_NOT_FOUND_PATTERN, principalName);
final PrincipalAccessControlList acl = getPrincipalAccessControlList(acMgr, principal, true);
boolean modified = false;
for (AclLine line : lines) {
List<String> jcrPaths = getJcrPaths(context.getSession(), line.getProperty(PROP_PATHS));
LocalRestrictions restr = createLocalRestrictions(line.getRestrictions(), acl, context.getSession());
List<String> privNames = line.getProperty(PROP_PRIVILEGES);
Predicate<PrincipalAccessControlList.Entry> predicate = entry -> {
if (!jcrPaths.contains(entry.getEffectivePath())) {
return false;
}
LocalAccessControlEntry lace = new LocalAccessControlEntry(
context,
entry.getPrincipal(),
privNames.toArray(new String[0]),
line.getAction() == AclLine.Action.ALLOW,
restr);
return lace.isEqual(entry);
};
if (removePrincipalEntries(acl, principalName, predicate)) {
modified = true;
} else {
LOG.info(
"No matching access control entry found to remove for principal {} at {}. Expected entry with isAllow={}, privileges={}, restrictions={}",
principalName,
jcrPaths,
line.getAction(),
privNames,
line.getRestrictions());
}
}
if (modified) {
acMgr.setPolicy(acl.getPath(), acl);
}
}