[GitHub] [sling-org-apache-sling-jcr-repoinit] anchela commented on a change in pull request #22: SLING-11160 : Repoinit does not allow to remove individual ACEs (jcr impl)

Wed, 02 Mar 2022 02:58:10 -0800 


anchela commented on a change in pull request #22:
URL: 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/22#discussion_r817578444



##########
File path: src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
##########
@@ -291,6 +328,42 @@ public static void setPrincipalAcl(Session session, String 
principalName, Collec
         }
     }
 
+    public static void removePrincipalEntries(Session session, String 
principalName, Collection<AclLine> lines) throws RepositoryException {
+        final JackrabbitAccessControlManager acMgr = getJACM(session);
+        Principal principal = AccessControlUtils.getPrincipal(session, 
principalName);
+        if (principal == null) {
+            // due to transient nature of the repo-init the principal lookup 
may not succeed if completed through query
+            // -> save transient changes and retry principal lookup
+            session.save();
+            principal = AccessControlUtils.getPrincipal(session, 
principalName);
+            checkState(principal != null, "Principal not found: " + 
principalName);
+        }
+
+        final PrincipalAccessControlList acl = 
getPrincipalAccessControlList(acMgr, principal, true);
+        boolean modified = false;
+        for (AclLine line : lines) {
+            List<String> jcrPaths = getJcrPaths(session, 
line.getProperty(PROP_PATHS));
+            LocalRestrictions restr = 
createLocalRestrictions(line.getRestrictions(), acl, session);
+            List<String> privNames = line.getProperty(PROP_PRIVILEGES);
+            Privilege[] privs = 
AccessControlUtils.privilegesFromNames(session, privNames.toArray(new 
String[0]));
+            Predicate<PrincipalAccessControlList.Entry> predicate = entry -> {
+                if (!jcrPaths.contains(entry.getEffectivePath())) {
+                    return false;
+                }
+                LocalAccessControlEntry lace = new 
LocalAccessControlEntry(entry.getPrincipal(), privs, line.getAction()== 
AclLine.Action.ALLOW, restr);
+                return lace.isEqual(entry);
+            };
+            if (removePrincipalEntries(acl, principalName, predicate)) {
+                modified = true;

Review comment:
       yes, i agree




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to