in src/main/java/org/apache/sling/starter/access/models/Ace.java [442:492]
protected Map<Privilege, PrivilegeItem> getPersistedPrivilegesMap() throws RepositoryException {
if (persistedPrivilegesMap == null) {
Session jcrSession = request.getResourceResolver().adaptTo(Session.class);
Map<Privilege, String> privilegeToLongestPath = AceUtils.getPrivilegeLongestPathMap(jcrSession);
String acePath = getAcePath();
persistedPrivilegesMap = initialPrivilegesMap(privilegeToLongestPath, acePath);
JsonObject ace;
try {
ace = getAce.getAce(jcrSession, acePath, getPrincipalId());
} catch (ResourceNotFoundException rnfe) {
// no ACE exists yet?
ace = null;
}
if (ace != null) {
aceExists = true;
AccessControlManager acm = jcrSession.getAccessControlManager();
//make a temp map for quick lookup below
Set<RestrictionDefinition> supportedRestrictions = getSupportedRestrictions();
Map<String, RestrictionDefinition> srMap = toSrMap(supportedRestrictions);
JsonObject privileges = ace.getJsonObject("privileges");
for (String pn : privileges.keySet()) {
Privilege p = acm.privilegeFromName(pn);
PrivilegeItem privilegeItem = persistedPrivilegesMap.computeIfAbsent(p, key -> new PrivilegeItem(key.getName(), false, false, privilegeToLongestPath.get(key)));
JsonObject privilegeObj = privileges.getJsonObject(pn);
JsonValue allowJsonValue = privilegeObj.get("allow");
if (allowJsonValue != null) {
privilegeItem.setAllowExists(true);
privilegeItem.setGranted(true);
if (allowJsonValue instanceof JsonObject) {
List<RestrictionItem> restrictionItems = jsonToRestrictionItems(srMap, (JsonObject)allowJsonValue);
privilegeItem.setAllowRestrictions(restrictionItems);
}
}
JsonValue denyJsonValue = privilegeObj.get("deny");
if (denyJsonValue != null) {
privilegeItem.setDenyExists(true);
privilegeItem.setDenied(true);
if (denyJsonValue instanceof JsonObject) {
List<RestrictionItem> restrictionItems = jsonToRestrictionItems(srMap, (JsonObject)denyJsonValue);
privilegeItem.setDenyRestrictions(restrictionItems);
}
}
}
}
}
return persistedPrivilegesMap;
}