in src/main/java/org/apache/sling/pipes/internal/ACLPipe.java [180:208]
void bindAclsForAuthorizableResource(Authorizable auth) throws RepositoryException {
//query for searching in full repository where auth is prinicpal in access control entry.
logger.info("binding acls for authorizable {} and authID {}", auth.getPath(), auth.getID());
String query = "/jcr:root//element(*, rep:ACE)[@rep:principalName = '" + auth.getID() + "']";
Iterator<Resource> resources = resolver.findResources(query, javax.jcr.query.Query.XPATH);
JsonObjectBuilder authPermisions = Json.createObjectBuilder();
JsonArrayBuilder allowArray = Json.createArrayBuilder();
JsonArrayBuilder denyArray = Json.createArrayBuilder();
resources.forEachRemaining(res -> {
String[] privilegeSet = res.adaptTo(ValueMap.class).get(PRIVILEGES_KEY, String[].class);
JsonArrayBuilder privilegesArray = Json.createArrayBuilder();
for(String privilege: privilegeSet){
privilegesArray.add(privilege);
}
JsonObjectBuilder aceObj = Json.createObjectBuilder();
aceObj.add(PATH_KEY, res.getParent().getParent().getPath());
aceObj.add(PRIVILEGES_JSON_KEY, privilegesArray);
if (res.getResourceType().equals(ACE_GRANT_KEY) ){
allowArray.add(aceObj);
}
else if (res.getResourceType().equals(ACE_DENY_KEY)) {
denyArray.add(aceObj);
}
});
authPermisions.add(PN_AUTHORIZABLE, auth.getID());
authPermisions.add(PN_ALLOW, allowArray);
authPermisions.add(PN_DENY, denyArray);
outputBinding = JsonUtil.toString(authPermisions);
}