Let's Dive into details of this implementation step by step, Here's a review of the code:

• Access Control Logic:

The code starts by checking the value of ACL. If ACL is truthy, it proceeds with access control checks. Otherwise, it falls into the else block, the actual SC logic will be hosted in this else block. ACL is true when requests arrive to storage, timestamp, height, block, and the block includes the // ACL comment.

• Input Declaration: var input = {};

Variable "input" is the object where the event properties of the request are going to be stored. is also parsed:

input.headers; -where to check compatibility at a header level.

input.path - is going to retreive the requested path,

input.query - the query string params.

input.jwt is the location where the decoded payload of a verified jwt token is displayed. (the actual jwt signature is located raw @input.headers.jwt)

(only keys registered in the NxtFi blockchain are eligible to sign jwt tokens)

• Helper Functions/Statements:

function blockAccess(){
    var res = {};
    res.private="No tienes permiso para ver esta informacion";
    sendResponse(res);
}

It is good to mention the importance of the helper functions/statements inside in the Smart Contract's code. It enhances it's readability, thus reducing the risk of errors and improving maintainability. In the provided example: good examples of this type are:

sendRespone(resObj){ throw JSON.stringify(resObj) }

This is the function responsible of throwing the necessary exception to make ACL runtime exit in a specific way. the returned object is a general porpouse object-literal stringified as JSON string.