in src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java [218:247]
protected void handleOperation(SlingHttpServletRequest request,
PostResponse response, List<Modification> changes)
throws RepositoryException {
Session session = request.getResourceResolver().adaptTo(Session.class);
String resourcePath = getItemPath(request);
String principalId = request.getParameter("principalId");
String order = request.getParameter("order");
Principal principal = validateArgs(session, resourcePath, principalId);
// Calculate a map of restriction names to the restriction definition.
// Use for fast lookup during the calls below.
Map<String, RestrictionDefinition> srMap = buildRestrictionNameToDefinitionMap(resourcePath);
AccessControlManager acm = AccessControlUtil.getAccessControlManager(session);
Map<Privilege, Integer> privilegeLongestDepthMap = PrivilegesHelper.buildPrivilegeLongestDepthMap(acm.privilegeFromName(PrivilegeConstants.JCR_ALL));
// first calculate what is currently stored in the ace
Map<Privilege, LocalPrivilege> privilegeToLocalPrivilegesMap = loadStoredAce(acm, resourcePath, principal, srMap);
// and now merge the changes from the request parameters
processPostedPrivilegeDeleteParams(acm, request, privilegeToLocalPrivilegesMap);
processPostedRestrictionDeleteParams(acm, request, srMap, privilegeToLocalPrivilegesMap);
processPostedPrivilegeAndRestrictionParams(acm, request, srMap, privilegeToLocalPrivilegesMap, privilegeLongestDepthMap);
// consolidate any aggregates that are still valid
PrivilegesHelper.consolidateAggregates(session, resourcePath, privilegeToLocalPrivilegesMap, privilegeLongestDepthMap);
// and then store it
modifyAce(session, resourcePath, principalId, privilegeToLocalPrivilegesMap.values(), order, false, changes);
}