in src/main/java/org/apache/sling/jcr/contentloader/internal/readers/JsonReader.java [476:565]
private void createAce(JsonObject ace, ContentCreator contentCreator) throws RepositoryException {
String principalID = ace.getString("principal");
String order = ace.getString("order", null);
// first start with an empty map
Map<String, LocalPrivilege> privilegeToLocalPrivilegesMap = new LinkedHashMap<>();
Node parentNode = contentCreator.getParent();
ValueFactory vf = parentNode.getSession().getValueFactory();
// Calculate a map of restriction names to the restriction definition.
// Use for fast lookup during the calls below.
Map<String, RestrictionDefinition> srMap = toSrMap(parentNode);
// for backward compatibility, process the older syntax
JsonArray granted = (JsonArray) ace.get("granted");
JsonArray denied = (JsonArray) ace.get("denied");
if (granted != null || denied != null) {
JsonValue restrictions = ace.get("restrictions");
Set<LocalRestriction> restrictionsSet = Collections.emptySet();
if (restrictions instanceof JsonObject) {
restrictionsSet = toLocalRestrictions((JsonObject)restrictions, srMap, vf);
}
if (granted != null) {
for (int a = 0; a < granted.size(); a++) {
String privilegeName = granted.getString(a);
LocalPrivilege lp = privilegeToLocalPrivilegesMap.computeIfAbsent(privilegeName, LocalPrivilege::new);
lp.setAllow(true);
lp.setAllowRestrictions(restrictionsSet);
}
}
if (denied != null) {
for (int a = 0; a < denied.size(); a++) {
String privilegeName = denied.getString(a);
LocalPrivilege lp = privilegeToLocalPrivilegesMap.computeIfAbsent(privilegeName, LocalPrivilege::new);
lp.setDeny(true);
lp.setDenyRestrictions(restrictionsSet);
}
}
}
// now process the newer syntax
JsonValue privileges = ace.get("privileges");
if (privileges instanceof JsonObject) {
JsonObject privilegesObj = (JsonObject)privileges;
for (Entry<String, JsonValue> entry : privilegesObj.entrySet()) {
String privilegeName = entry.getKey();
JsonValue privilegeValue = entry.getValue();
if (privilegeValue instanceof JsonObject) {
JsonObject privilegeValueObj = (JsonObject)privilegeValue;
JsonValue allow = privilegeValueObj.get("allow");
boolean isAllow = false;
Set<LocalRestriction> allowRestrictions = Collections.emptySet();
if (allow instanceof JsonObject) {
isAllow = true;
allowRestrictions = toLocalRestrictions((JsonObject)allow, srMap, vf);
} else if (JsonValue.TRUE.equals(allow)) {
isAllow = true;
}
JsonValue deny = privilegeValueObj.get("deny");
boolean isDeny = false;
Set<LocalRestriction> denyRestrictions = Collections.emptySet();
if (deny instanceof JsonObject) {
isDeny = true;
denyRestrictions = toLocalRestrictions((JsonObject)deny, srMap, vf);
} else if (JsonValue.TRUE.equals(deny)) {
isDeny = true;
}
if (isAllow || isDeny) {
LocalPrivilege lp = privilegeToLocalPrivilegesMap.computeIfAbsent(privilegeName, LocalPrivilege::new);
if (isAllow) {
lp.setAllow(true);
lp.setAllowRestrictions(allowRestrictions);
}
if (isDeny) {
lp.setDeny(true);
lp.setDenyRestrictions(denyRestrictions);
}
}
}
}
}
// do the work.
contentCreator.createAce(principalID, new ArrayList<>(privilegeToLocalPrivilegesMap.values()), order);
}