package org.apache.james.mailbox.store;

import com.github.fge.lambdas.Throwing;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Optional;
import javax.inject.Inject;
import javax.mail.Flags;
import org.apache.james.core.User;
import org.apache.james.mailbox.MailboxSession;
import org.apache.james.mailbox.RightManager;
import org.apache.james.mailbox.acl.GroupMembershipResolver;
import org.apache.james.mailbox.acl.MailboxACLResolver;
import org.apache.james.mailbox.events.EventBus;
import org.apache.james.mailbox.events.MailboxIdRegistrationKey;
import org.apache.james.mailbox.exception.DifferentDomainException;
import org.apache.james.mailbox.exception.MailboxException;
import org.apache.james.mailbox.exception.UnsupportedRightException;
import org.apache.james.mailbox.model.MailboxACL;
import org.apache.james.mailbox.model.MailboxId;
import org.apache.james.mailbox.model.MailboxPath;
import org.apache.james.mailbox.store.event.EventFactory;
import org.apache.james.mailbox.store.mail.MailboxMapper;
import org.apache.james.mailbox.store.mail.model.Mailbox;

/* loaded from: input_file:org/apache/james/mailbox/store/StoreRightManager.class */
public class StoreRightManager implements RightManager {
    public static final boolean GROUP_FOLDER = true;
    private final EventBus eventBus;
    private final MailboxSessionMapperFactory mailboxSessionMapperFactory;
    private final MailboxACLResolver aclResolver;
    private final GroupMembershipResolver groupMembershipResolver;

    @Inject
    public StoreRightManager(MailboxSessionMapperFactory mailboxSessionMapperFactory, MailboxACLResolver mailboxACLResolver, GroupMembershipResolver groupMembershipResolver, EventBus eventBus) {
        this.mailboxSessionMapperFactory = mailboxSessionMapperFactory;
        this.aclResolver = mailboxACLResolver;
        this.groupMembershipResolver = groupMembershipResolver;
        this.eventBus = eventBus;
    }

    public boolean hasRight(MailboxPath mailboxPath, MailboxACL.Right right, MailboxSession mailboxSession) throws MailboxException {
        return myRights(mailboxPath, mailboxSession).contains(right);
    }

    public boolean hasRight(MailboxId mailboxId, MailboxACL.Right right, MailboxSession mailboxSession) throws MailboxException {
        return myRights(mailboxId, mailboxSession).contains(right);
    }

    public boolean hasRight(Mailbox mailbox, MailboxACL.Right right, MailboxSession mailboxSession) throws MailboxException {
        return myRights(mailbox, mailboxSession).contains(right);
    }

    public MailboxACL.Rfc4314Rights myRights(MailboxPath mailboxPath, MailboxSession mailboxSession) throws MailboxException {
        return myRights(this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession).findMailboxByPath(mailboxPath), mailboxSession);
    }

    public MailboxACL.Rfc4314Rights myRights(MailboxId mailboxId, MailboxSession mailboxSession) throws MailboxException {
        return myRights(this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession).findMailboxById(mailboxId), mailboxSession);
    }

    public MailboxACL.Rfc4314Rights myRights(Mailbox mailbox, MailboxSession mailboxSession) throws UnsupportedRightException {
        User user = mailboxSession.getUser();
        return (MailboxACL.Rfc4314Rights) Optional.ofNullable(user).map(Throwing.function(obj -> {
            return this.aclResolver.resolveRights(user.asString(), this.groupMembershipResolver, mailbox.getACL(), mailbox.getUser(), false);
        }).sneakyThrow()).orElse(MailboxACL.NO_RIGHTS);
    }

    public MailboxACL.Rfc4314Rights[] listRights(MailboxPath mailboxPath, MailboxACL.EntryKey entryKey, MailboxSession mailboxSession) throws MailboxException {
        return this.aclResolver.listRights(entryKey, this.groupMembershipResolver, this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession).findMailboxByPath(mailboxPath).getUser(), false);
    }

    public MailboxACL listRights(MailboxPath mailboxPath, MailboxSession mailboxSession) throws MailboxException {
        return this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession).findMailboxByPath(mailboxPath).getACL();
    }

    public void applyRightsCommand(MailboxPath mailboxPath, MailboxACL.ACLCommand aCLCommand, MailboxSession mailboxSession) throws MailboxException {
        assertSharesBelongsToUserDomain(mailboxPath.getUser(), aCLCommand);
        MailboxMapper mailboxMapper = this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession);
        Mailbox findMailboxByPath = mailboxMapper.findMailboxByPath(mailboxPath);
        this.eventBus.dispatch(((EventFactory.MailboxAclUpdatedFinalStage) ((EventFactory.RequireAclDiff) ((EventFactory.RequireMailbox) ((EventFactory.RequireSession) EventFactory.aclUpdated().randomEventId()).mailboxSession(mailboxSession)).mailbox(findMailboxByPath)).aclDiff(mailboxMapper.updateACL(findMailboxByPath, aCLCommand))).build(), new MailboxIdRegistrationKey(findMailboxByPath.getMailboxId())).block();
    }

    private void assertSharesBelongsToUserDomain(String str, MailboxACL.ACLCommand aCLCommand) throws DifferentDomainException {
        assertSharesBelongsToUserDomain(str, (Map<MailboxACL.EntryKey, MailboxACL.Rfc4314Rights>) ImmutableMap.of(aCLCommand.getEntryKey(), aCLCommand.getRights()));
    }

    public boolean isReadWrite(MailboxSession mailboxSession, Mailbox mailbox, Flags flags) throws UnsupportedRightException {
        MailboxACL.Rfc4314Rights myRights = myRights(mailbox, mailboxSession);
        return myRights.contains(MailboxACL.Right.Insert) || myRights.contains(MailboxACL.Right.PerformExpunge) || checkDeleteFlag(myRights, flags) || checkSeenFlag(myRights, flags) || checkWriteFlag(myRights, flags);
    }

    private boolean checkWriteFlag(MailboxACL.Rfc4314Rights rfc4314Rights, Flags flags) {
        return rfc4314Rights.contains(MailboxACL.Right.Write) && (flags.contains(Flags.Flag.ANSWERED) || flags.contains(Flags.Flag.DRAFT) || flags.contains(Flags.Flag.FLAGGED) || flags.contains(Flags.Flag.RECENT) || flags.contains(Flags.Flag.USER));
    }

    private boolean checkSeenFlag(MailboxACL.Rfc4314Rights rfc4314Rights, Flags flags) {
        return flags.contains(Flags.Flag.SEEN) && rfc4314Rights.contains(MailboxACL.Right.WriteSeenFlag);
    }

    private boolean checkDeleteFlag(MailboxACL.Rfc4314Rights rfc4314Rights, Flags flags) {
        return flags.contains(Flags.Flag.DELETED) && rfc4314Rights.contains(MailboxACL.Right.DeleteMessages);
    }

    public void setRights(MailboxId mailboxId, MailboxACL mailboxACL, MailboxSession mailboxSession) throws MailboxException {
        setRights(this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession).findMailboxById(mailboxId).generateAssociatedPath(), mailboxACL, mailboxSession);
    }

    public void setRights(MailboxPath mailboxPath, MailboxACL mailboxACL, MailboxSession mailboxSession) throws MailboxException {
        assertSharesBelongsToUserDomain(mailboxPath.getUser(), mailboxACL.getEntries());
        MailboxMapper mailboxMapper = this.mailboxSessionMapperFactory.getMailboxMapper(mailboxSession);
        setRights(mailboxACL, mailboxMapper, mailboxMapper.findMailboxByPath(mailboxPath), mailboxSession);
    }

    @VisibleForTesting
    void assertSharesBelongsToUserDomain(String str, Map<MailboxACL.EntryKey, MailboxACL.Rfc4314Rights> map) throws DifferentDomainException {
        if (map.keySet().stream().filter(entryKey -> {
            return !entryKey.getNameType().equals(MailboxACL.NameType.special);
        }).map((v0) -> {
            return v0.getName();
        }).anyMatch(str2 -> {
            return areDomainsDifferent(str2, str);
        })) {
            throw new DifferentDomainException();
        }
    }

    @VisibleForTesting
    boolean areDomainsDifferent(String str, String str2) {
        return !User.fromUsername(str).getDomainPart().equals(User.fromUsername(str2).getDomainPart());
    }

    private void setRights(MailboxACL mailboxACL, MailboxMapper mailboxMapper, Mailbox mailbox, MailboxSession mailboxSession) throws MailboxException {
        this.eventBus.dispatch(((EventFactory.MailboxAclUpdatedFinalStage) ((EventFactory.RequireAclDiff) ((EventFactory.RequireMailbox) ((EventFactory.RequireSession) EventFactory.aclUpdated().randomEventId()).mailboxSession(mailboxSession)).mailbox(mailbox)).aclDiff(mailboxMapper.setACL(mailbox, mailboxACL))).build(), new MailboxIdRegistrationKey(mailbox.getMailboxId())).block();
    }

    public MailboxACL getResolvedMailboxACL(Mailbox mailbox, MailboxSession mailboxSession) throws UnsupportedRightException {
        return filteredForSession(mailbox, this.aclResolver.applyGlobalACL(mailbox.getACL(), false), mailboxSession);
    }

    @VisibleForTesting
    static MailboxACL filteredForSession(Mailbox mailbox, MailboxACL mailboxACL, MailboxSession mailboxSession) throws UnsupportedRightException {
        if (mailbox.generateAssociatedPath().belongsTo(mailboxSession)) {
            return mailboxACL;
        }
        MailboxACL.EntryKey createUserEntryKey = MailboxACL.EntryKey.createUserEntryKey(mailboxSession.getUser().asString());
        MailboxACL.Rfc4314Rights rfc4314Rights = (MailboxACL.Rfc4314Rights) mailboxACL.getEntries().getOrDefault(createUserEntryKey, new MailboxACL.Rfc4314Rights(new MailboxACL.Right[0]));
        return rfc4314Rights.contains(MailboxACL.Right.Administer) ? mailboxACL : new MailboxACL(ImmutableMap.of(createUserEntryKey, rfc4314Rights));
    }
}
