in src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java [163:217]
protected void deleteAces(Session jcrSession, String resourcePath,
String[] principalNamesToDelete, List<Modification> changes) throws RepositoryException {
@NotNull
Set<Principal> found = validateArgs(jcrSession, resourcePath, principalNamesToDelete);
try {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
AccessControlList updatedAcl = getAccessControlListOrNull(accessControlManager, resourcePath, false);
// if there is no AccessControlList, then there is nothing to be deleted
if (updatedAcl == null) {
// log the warning about principals where no ACE was found
for (Principal principal : found) {
log.warn("No AccessControlEntry was found to be deleted for principal: {}", principal.getName());
}
} else {
//keep track of the existing Aces for the target principal
AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
List<AccessControlEntry> oldAces = new ArrayList<>();
for (AccessControlEntry ace : accessControlEntries) {
if (found.contains(ace.getPrincipal())) {
oldAces.add(ace);
}
}
// track which of the submitted principals had an ACE removed
Set<Principal> removedPrincipalSet = new HashSet<>();
//remove the old aces
if (!oldAces.isEmpty()) {
for (AccessControlEntry ace : oldAces) {
updatedAcl.removeAccessControlEntry(ace);
// remove from the candidate set
removedPrincipalSet.add(ace.getPrincipal());
}
}
// log the warning about principals where no ACE was found
for (Principal principal : found) {
if (removedPrincipalSet.contains(principal)) {
if (changes != null) {
changes.add(Modification.onDeleted(principal.getName()));
}
} else {
log.warn("No AccessControlEntry was found to be deleted for principal: {}", principal.getName());
}
}
//apply the changed policy
accessControlManager.setPolicy(resourcePath, updatedAcl);
}
} catch (RepositoryException re) {
throw new RepositoryException("Failed to delete access control.", re);
}
}