@PUT public Response update( @QueryParam("principal") String principal, @QueryParam("type") @DefaultValue("USER") String typeStr, @QueryParam("role") @DefaultValue("READER") String role, @QueryParam("file") @DefaultValue("true") boolean file) { if (principal == null) return Response.status(Response.Status.BAD_REQUEST).build(); checkPermission(); SubjectAcl.Type type = SubjectAcl.Type.valueOf(typeStr.toUpperCase()); String actions = PermissionsUtils.asActions(isDraft() ? role.toUpperCase() : "READER"); subjectAclService.addSubjectPermission(type, principal, resource, actions, instance); if (file) { subjectAclService.addSubjectPermission(type, principal, fileResource, actions, fileInstance); } return Response.noContent().build(); }