package eu.xenit.apix.alfresco.permissions;

import com.github.dynamicextensionsalfresco.osgi.OsgiService;
import eu.xenit.apix.alfresco.ApixToAlfrescoConversion;
import eu.xenit.apix.data.NodeRef;
import eu.xenit.apix.data.QName;
import eu.xenit.apix.permissions.IPermissionService;
import eu.xenit.apix.permissions.NodePermission;
import eu.xenit.apix.permissions.PermissionValue;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.model.Repository;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.ModelDAO;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("eu.xenit.apix.permissions.IPermissionService")
@OsgiService
/* loaded from: input_file:eu/xenit/apix/alfresco/permissions/PermissionService.class */
public class PermissionService implements IPermissionService {
    private static final String FULL_CONTROL = "FullControl";

    @Autowired
    public Repository repository;

    @Autowired
    public ModelDAO modelDAO;
    private org.alfresco.service.cmr.security.PermissionService permissionService;
    private ApixToAlfrescoConversion c;
    private static final Logger logger = LoggerFactory.getLogger(PermissionService.class);
    private static final Set<String> ALL_REGISTERED_PERMISSIONS = new HashSet(20);
    private final String[] permissionStrings = {IPermissionService.READ, IPermissionService.WRITE, IPermissionService.DELETE, IPermissionService.CREATE_CHILDREN, IPermissionService.ADD_CHILDREN, IPermissionService.READ_PERMISSIONS, IPermissionService.CHANGE_PERMISSIONS, IPermissionService.READ_RECORDS, IPermissionService.FILING};
    private Map<String, PermissionValue> fullControlPermissions = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: eu.xenit.apix.alfresco.permissions.PermissionService$3, reason: invalid class name */
    /* loaded from: input_file:eu/xenit/apix/alfresco/permissions/PermissionService$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$alfresco$service$cmr$security$AccessStatus = new int[AccessStatus.values().length];

        static {
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AccessStatus[AccessStatus.ALLOWED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AccessStatus[AccessStatus.DENIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$alfresco$service$cmr$security$AccessStatus[AccessStatus.UNDETERMINED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Autowired
    public PermissionService(ServiceRegistry serviceRegistry, ApixToAlfrescoConversion apixToAlfrescoConversion) {
        this.permissionService = serviceRegistry.getPermissionService();
        for (String str : this.permissionStrings) {
            this.fullControlPermissions.put(str, PermissionValue.ALLOW);
        }
        this.c = apixToAlfrescoConversion;
    }

    private synchronized Set<String> getAllRegisteredPermissions() {
        if (ALL_REGISTERED_PERMISSIONS.isEmpty()) {
            Iterator it = this.modelDAO.getAllPermissions().iterator();
            while (it.hasNext()) {
                ALL_REGISTERED_PERMISSIONS.add(((PermissionReference) it.next()).getName());
            }
        }
        return ALL_REGISTERED_PERMISSIONS;
    }

    private List<AccessPermission> sorted(Set<AccessPermission> set) {
        ArrayList arrayList = new ArrayList(set);
        Collections.sort(arrayList, new Comparator<AccessPermission>() { // from class: eu.xenit.apix.alfresco.permissions.PermissionService.1
            @Override // java.util.Comparator
            public int compare(AccessPermission accessPermission, AccessPermission accessPermission2) {
                return accessPermission.getAuthority().compareTo(accessPermission2.getAuthority());
            }
        });
        return arrayList;
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public NodePermission getNodePermissions(NodeRef nodeRef) {
        NodePermission nodePermission = new NodePermission();
        org.alfresco.service.cmr.repository.NodeRef alfresco = this.c.alfresco(nodeRef);
        nodePermission.setInheritFromParent(this.permissionService.getInheritParentPermissions(alfresco));
        Set<AccessPermission> allSetPermissions = this.permissionService.getAllSetPermissions(alfresco);
        ArrayList arrayList = new ArrayList();
        for (AccessPermission accessPermission : sorted(allSetPermissions)) {
            if (accessPermission.getPosition() == 0) {
                NodePermission.Access access = new NodePermission.Access();
                access.setAllowed(accessPermission.getAccessStatus() == AccessStatus.ALLOWED);
                access.setAuthority(accessPermission.getAuthority());
                access.setPermission(accessPermission.getPermission());
                arrayList.add(access);
            }
        }
        nodePermission.setOwnAccessList(new HashSet(arrayList));
        ArrayList arrayList2 = new ArrayList();
        for (AccessPermission accessPermission2 : sorted(allSetPermissions)) {
            if (accessPermission2.getPosition() != 0) {
                NodePermission.Access access2 = new NodePermission.Access();
                access2.setAllowed(accessPermission2.getAccessStatus() == AccessStatus.ALLOWED);
                access2.setAuthority(accessPermission2.getAuthority());
                access2.setPermission(accessPermission2.getPermission());
                arrayList2.add(access2);
            }
        }
        nodePermission.setInheritedAccessList(new HashSet(arrayList2));
        return nodePermission;
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public void setNodePermissions(NodeRef nodeRef, NodePermission nodePermission) {
        if (nodePermission.getInheritedAccessList() != null && nodePermission.getInheritedAccessList().size() > 0) {
            throw new IllegalArgumentException("Only ownAccessList is allowed when setting ACL (not inheritedAccessList).");
        }
        org.alfresco.service.cmr.repository.NodeRef alfresco = this.c.alfresco(nodeRef);
        this.permissionService.deletePermissions(alfresco);
        this.permissionService.setInheritParentPermissions(alfresco, nodePermission.isInheritFromParent());
        for (NodePermission.Access access : nodePermission.getOwnAccessList()) {
            this.permissionService.setPermission(alfresco, access.getAuthority(), access.getPermission(), access.isAllowed());
        }
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public boolean hasPermission(NodeRef nodeRef, String str) {
        AccessStatus hasPermission = this.permissionService.hasPermission(this.c.alfresco(nodeRef), str);
        String fullyAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
        switch (AnonymousClass3.$SwitchMap$org$alfresco$service$cmr$security$AccessStatus[hasPermission.ordinal()]) {
            case 1:
                logger.debug("User {} has permission {} on node {}", new Object[]{fullyAuthenticatedUser, str, nodeRef});
                return true;
            case 2:
            case 3:
            default:
                logger.warn("User {} does not have permission {} on node {} due to access status {}", new Object[]{fullyAuthenticatedUser, str, nodeRef, hasPermission});
                return false;
        }
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public void setPermission(NodeRef nodeRef, String str, String str2) {
        this.permissionService.setPermission(this.c.alfresco(nodeRef), str, str2, true);
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public void deletePermission(NodeRef nodeRef, String str, String str2) {
        this.permissionService.deletePermission(this.c.alfresco(nodeRef), str, str2);
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public void setInheritParentPermissions(NodeRef nodeRef, boolean z) {
        this.permissionService.setInheritParentPermissions(this.c.alfresco(nodeRef), z);
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public Map<String, PermissionValue> getPermissionsFast(NodeRef nodeRef) {
        org.alfresco.service.cmr.repository.NodeRef alfresco = this.c.alfresco(nodeRef);
        if (!this.permissionService.hasPermission(alfresco, IPermissionService.READ_PERMISSIONS).equals(AccessStatus.ALLOWED)) {
            return getPermissions(nodeRef);
        }
        final ArrayList arrayList = new ArrayList();
        final ArrayList arrayList2 = new ArrayList();
        AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Object>() { // from class: eu.xenit.apix.alfresco.permissions.PermissionService.2
            public Object doWork() throws Exception {
                for (PermissionReference permissionReference : PermissionService.this.modelDAO.getAllExposedPermissions()) {
                    PermissionService.logger.debug("======================================================");
                    PermissionService.logger.debug("permission ref name: " + permissionReference.getName());
                    PermissionService.logger.debug("permission ref qname: " + permissionReference.getQName().getPrefixString());
                    if (!permissionReference.getQName().equals(ContentModel.TYPE_BASE)) {
                        RolePermissionModel rolePermissionModel = new RolePermissionModel(permissionReference, PermissionService.this.modelDAO, new QName("{http://www.alfresco.org/model/content/1.0}content"));
                        if (rolePermissionModel.getActions().contains(PermissionService.FULL_CONTROL)) {
                            arrayList2.add(rolePermissionModel.getRoleName());
                        }
                        arrayList.add(rolePermissionModel);
                    }
                }
                return null;
            }
        });
        HashSet hashSet = new HashSet();
        Set<AccessPermission> permissions = this.permissionService.getPermissions(alfresco);
        if (hasFullControl(arrayList2, permissions)) {
            return this.fullControlPermissions;
        }
        for (AccessPermission accessPermission : permissions) {
            logger.debug("accessPermission authority: " + accessPermission.getAuthority());
            logger.debug("accessPermission permission: " + accessPermission.getPermission());
            logger.debug("accessPermission status: " + accessPermission.getAccessStatus());
            if (accessPermission.getAccessStatus().equals(AccessStatus.ALLOWED)) {
                Iterator it = arrayList.iterator();
                while (true) {
                    if (it.hasNext()) {
                        RolePermissionModel rolePermissionModel = (RolePermissionModel) it.next();
                        if (rolePermissionModel.getRoleName().equals(accessPermission.getPermission())) {
                            hashSet.addAll(rolePermissionModel.getActions());
                            break;
                        }
                    }
                }
            }
        }
        HashMap hashMap = new HashMap();
        for (String str : this.permissionStrings) {
            if (hashSet.contains(str)) {
                hashMap.put(str, PermissionValue.ALLOW);
            } else {
                hashMap.put(str, PermissionValue.DENY);
            }
        }
        return hashMap;
    }

    @Override // eu.xenit.apix.permissions.IPermissionService
    public Map<String, PermissionValue> getPermissions(NodeRef nodeRef) {
        HashMap hashMap = new HashMap();
        for (String str : this.permissionStrings) {
            if (getAllRegisteredPermissions().contains(str)) {
                switch (AnonymousClass3.$SwitchMap$org$alfresco$service$cmr$security$AccessStatus[this.permissionService.hasPermission(this.c.alfresco(nodeRef), str).ordinal()]) {
                    case 1:
                        hashMap.put(str, PermissionValue.ALLOW);
                        break;
                    case 2:
                    case 3:
                        hashMap.put(str, PermissionValue.DENY);
                        break;
                }
            } else {
                hashMap.put(str, PermissionValue.DENY);
            }
        }
        return hashMap;
    }

    private boolean hasFullControl(List<String> list, Set<AccessPermission> set) {
        for (AccessPermission accessPermission : set) {
            if (accessPermission.getAccessStatus().equals(AccessStatus.ALLOWED) && list.contains(accessPermission.getPermission())) {
                return true;
            }
        }
        return false;
    }
}
