@Override
  public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException {

    if ((itemId != null && "cafebabe-cafe-babe-cafe-babecafebabe".equals(itemId.toString()))
        || (itemPath != null && "/".equals(itemPath.toString()))) {
      // quick check - allow access to root to all like in old mgnl security
      return true;
    }

    if (itemPath == null) {

      // we deal only with permissions on nodes
      if (!itemId.denotesNode()) {
        itemId = ((PropertyId) itemId).getParentId();
      }

      synchronized (monitor) {
        if (readCache.containsKey(itemId)) {
          return readCache.get(itemId);
        }

        itemPath = session.getHierarchyManager().getPath(itemId);
        boolean canRead = canRead(itemPath, itemId);
        readCache.put(itemId, canRead);
        return canRead;
      }
    }

    String path = pathResolver.getJCRPath(itemPath);
    log.debug("Read request for " + path + " :: " + itemId);
    return ami.isGranted(path, Permission.READ);
  }
 @Override
 public boolean grants(Path absPath, int permissions) throws RepositoryException {
   long magnoliaPermissions = convertJackrabbitPermissionsToMagnoliaPermissions(permissions);
   return ami.isGranted(pathResolver.getJCRPath(absPath), magnoliaPermissions);
 }
 public DefaultACLBasedPermissions(
     List<Permission> permissions, SessionImpl systemSession, Map<?, ?> configuration) {
   // TODO: use provider instead of fixed impl
   ami.setPermissionList(permissions);
   this.session = systemSession;
 }