package pl.ds.websight.usermanager.rest.permission;

import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.ds.websight.rest.framework.RestAction;
import pl.ds.websight.rest.framework.RestActionResult;
import pl.ds.websight.rest.framework.annotations.SlingAction;
import pl.ds.websight.usermanager.rest.AbstractRestAction;
import pl.ds.websight.usermanager.rest.Messages;
import pl.ds.websight.usermanager.rest.permission.UpdatePermissionsRestModel;
import pl.ds.websight.usermanager.rest.requestparameters.Action;

@SlingAction
@Component
/* loaded from: input_file:pl/ds/websight/usermanager/rest/permission/UpdatePermissionsRestAction.class */
public class UpdatePermissionsRestAction extends AbstractRestAction<UpdatePermissionsRestModel, Void> implements RestAction<UpdatePermissionsRestModel, Void> {
    private static final Logger LOG = LoggerFactory.getLogger(UpdatePermissionsRestAction.class);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pl.ds.websight.usermanager.rest.AbstractRestAction
    public RestActionResult<Void> performAction(UpdatePermissionsRestModel updatePermissionsRestModel) throws RepositoryException {
        Session session = updatePermissionsRestModel.getSession();
        Principal principal = updatePermissionsRestModel.getAuthorizable().getPrincipal();
        for (UpdatePermissionsRestModel.Record record : updatePermissionsRestModel.getRecords()) {
            String path = record.getPath();
            if (!session.nodeExists(path)) {
                LOG.warn("Could not update permissions. Node at {} does not exist", path);
                return RestActionResult.failure(Messages.UPDATE_PERMISSIONS_ERROR, Messages.formatMessage("Could not find node '%s'", path));
            }
            updatePermissions(session, record, principal);
        }
        session.save();
        return RestActionResult.success(Messages.UPDATE_PERMISSIONS_SUCCESS, Messages.formatMessage(Messages.UPDATE_PERMISSIONS_SUCCESS_DETAILS, updatePermissionsRestModel.getAuthorizableId()));
    }

    private static void updatePermissions(Session session, UpdatePermissionsRestModel.Record record, Principal principal) throws RepositoryException {
        String path = record.getPath();
        AccessControlManager accessControlManager = session.getAccessControlManager();
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, path);
        for (Map.Entry<Action, Boolean> entry : record.getActions().entrySet()) {
            Boolean value = entry.getValue();
            Privilege[] privileges = getPrivileges(session, entry.getKey().getRequiredPrivileges());
            if (value == null) {
                for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : accessControlList.getAccessControlEntries()) {
                    if (jackrabbitAccessControlEntry.getPrincipal().equals(principal)) {
                        removePrivilegesFromEntry(accessControlList, jackrabbitAccessControlEntry, Arrays.asList(privileges), principal);
                    }
                }
            } else {
                accessControlList.addEntry(principal, privileges, value.booleanValue());
            }
        }
        accessControlManager.setPolicy(path, accessControlList);
    }

    private static void removePrivilegesFromEntry(JackrabbitAccessControlList jackrabbitAccessControlList, JackrabbitAccessControlEntry jackrabbitAccessControlEntry, List<Privilege> list, Principal principal) throws RepositoryException {
        Privilege[] privileges = jackrabbitAccessControlEntry.getPrivileges();
        if (privileges == null || !Arrays.asList(privileges).containsAll(list)) {
            return;
        }
        Privilege[] privilegeArr = (Privilege[]) Arrays.stream(privileges).filter(privilege -> {
            return !list.contains(privilege);
        }).toArray(i -> {
            return new Privilege[i];
        });
        jackrabbitAccessControlList.removeAccessControlEntry(jackrabbitAccessControlEntry);
        if (privilegeArr.length > 0) {
            jackrabbitAccessControlList.addEntry(principal, privilegeArr, jackrabbitAccessControlEntry.isAllow());
        }
    }

    private static Privilege[] getPrivileges(Session session, List<String> list) throws RepositoryException {
        return AccessControlUtils.privilegesFromNames(session, (String[]) list.toArray(ArrayUtils.EMPTY_STRING_ARRAY));
    }

    @Override // pl.ds.websight.usermanager.rest.AbstractRestAction
    protected String getUnexpectedErrorMessage() {
        return Messages.UPDATE_PERMISSIONS_ERROR;
    }
}
