protected void deleteAces()

in src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeletePrincipalAcesServlet.java [115:173]

• 42 lines of code
• 11 McCabe index (conditional complexity)

    protected void deleteAces(Session jcrSession, String resourcePath, String[] principalNamesToDelete,
        List<Modification> changes) throws RepositoryException {
        @NotNull
        Set<Principal> found = validateArgs(jcrSession, resourcePath, principalNamesToDelete);
        try {
            JackrabbitAccessControlManager jacm = (JackrabbitAccessControlManager)AccessControlUtil.getAccessControlManager(jcrSession);

            // track which of the submitted principals had an ACE removed
            Set<Principal> removedPrincipalSet = new HashSet<>();

            // log the warning about principals where no ACE was found
            for (Principal principal : found) {
                PrincipalAccessControlList updatedAcl = getAccessControlListOrNull(jacm, principal);

                // if there is no AccessControlList, then there is nothing to be deleted
                if (updatedAcl == null) {
                    // log the warning about principals where no ACE was found
                    log.warn("No AccessControlEntry was found to be deleted for principal: {}", principal.getName());
                } else {
                    //keep track of the existing Aces for the target principal
                    AccessControlEntry[] accessControlEntries = Stream.of(updatedAcl.getAccessControlEntries())
                        .filter(entry -> entry instanceof PrincipalAccessControlList.Entry &&
                                PrincipalAceHelper.matchesResourcePath(resourcePath, entry))
                        .toArray(size -> new AccessControlEntry[size]);

                    List<AccessControlEntry> oldAces = new ArrayList<>();
                    for (AccessControlEntry ace : accessControlEntries) {
                        if (found.contains(ace.getPrincipal())) {
                            oldAces.add(ace);
                        }
                    }

                    //remove the old aces
                    if (!oldAces.isEmpty()) {
                        for (AccessControlEntry ace : oldAces) {
                            updatedAcl.removeAccessControlEntry(ace);

                            // remove from the candidate set
                            removedPrincipalSet.add(ace.getPrincipal());
                        }
                    }

                    // log the warning about principals where no ACE was found
                    if (removedPrincipalSet.contains(principal)) {
                        if (changes != null) {
                            changes.add(Modification.onDeleted(principal.getName()));
                        }
                    } else {
                        log.warn("No AccessControlEntry was found to be deleted for principal: {}", principal.getName());
                    }

                    //apply the changed policy
                    jacm.setPolicy(updatedAcl.getPath(), updatedAcl);
                }
            }
        } catch (RepositoryException re) {
            throw new RepositoryException("Failed to delete access control.", re);
        }
    }