in src/main/java/org/apache/sling/serviceuser/webconsole/impl/ServiceUserWebConsolePlugin.java [935:1034]
private boolean updatePrivileges(HttpServletRequest request, ResourceResolver resolver) {
List<Pair<String, String>> privileges = this.getPrivileges(request);
String name = getParameter(request, PN_NAME, "");
List<String> currentPolicies = new ArrayList<>();
findACLs(resolver, name, currentPolicies);
for (int i = 0; i < currentPolicies.size(); i++) {
String path = StringUtils.substringBefore(currentPolicies.get(i), "/rep:policy");
currentPolicies.set(i, StringUtils.isNotBlank(path) ? path : "/");
}
log.debug("Loaded current policy paths: {}", currentPolicies);
Map<String, List<String>> toSet = new HashMap<>();
for (Pair<String, String> privilege : privileges) {
if (!toSet.containsKey(privilege.getKey())) {
toSet.put(privilege.getKey(), new ArrayList<String>());
}
toSet.get(privilege.getKey()).add(privilege.getValue());
}
log.debug("Loaded updated policy paths: {}", currentPolicies);
String lastEntry = null;
try {
Session session = resolver.adaptTo(Session.class);
AccessControlManager accessManager = session.getAccessControlManager();
PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
for (Entry<String, List<String>> pol : toSet.entrySet()) {
lastEntry = pol.getKey();
currentPolicies.remove(pol.getKey());
log.debug("Updating policies for {}", pol.getKey());
AccessControlPolicy[] policies = accessManager.getPolicies(pol.getKey());
List<String> toRemove = new ArrayList<>();
for (AccessControlPolicy p : policies) {
if (p instanceof AccessControlList) {
AccessControlList policy = (AccessControlList) p;
for (AccessControlEntry entry : policy.getAccessControlEntries()) {
Principal prin = entry.getPrincipal();
if (prin.getName().equals(name)) {
for (Privilege privilege : entry.getPrivileges()) {
if (!pol.getValue().contains(privilege.getName())) {
log.debug("Removing privilege {}", privilege);
toRemove.add(privilege.getName());
}
}
}
}
}
}
Principal principal = principalManager.getPrincipal(name);
AccessControlUtil.replaceAccessControlEntry(
session,
pol.getKey(),
principal,
pol.getValue().toArray(new String[pol.getValue().size()]),
new String[0],
toRemove.toArray(new String[toRemove.size()]),
null);
}
session.save();
for (String oldPolicy : currentPolicies) {
boolean removed = false;
log.debug("Removing policy for {}", oldPolicy);
AccessControlPolicy[] policies = accessManager.getPolicies(oldPolicy);
AccessControlEntry toRemove = null;
for (AccessControlPolicy p : policies) {
if (p instanceof AccessControlList) {
AccessControlList policy = (AccessControlList) p;
for (AccessControlEntry entry : policy.getAccessControlEntries()) {
Principal prin = entry.getPrincipal();
if (prin.getName().equals(name)) {
toRemove = entry;
break;
}
}
if (toRemove != null) {
removed = true;
policy.removeAccessControlEntry(toRemove);
accessManager.setPolicy(oldPolicy, policy);
session.save();
log.debug("Removed access control entry {}", toRemove);
}
}
}
if (!removed) {
log.warn("No policy found for {}", oldPolicy);
}
}
} catch (RepositoryException e) {
log.error("Exception updating principals with {}, failed on {}", toSet, lastEntry, e);
return false;
}
return true;
}