package org.nuxeo.ecm.automation.core.operations.document;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.nuxeo.ecm.automation.core.annotations.Context;
import org.nuxeo.ecm.automation.core.annotations.Operation;
import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
import org.nuxeo.ecm.automation.core.annotations.Param;
import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.platform.usermanager.UserConfig;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.services.config.ConfigurationService;

@Operation(id = AddPermission.ID, category = "Document", label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = {"Document.AddACL"})
/* loaded from: input_file:org/nuxeo/ecm/automation/core/operations/document/AddPermission.class */
public class AddPermission {
    public static final String ID = "Document.AddPermission";
    public static final String NOTIFY_KEY = "notify";
    public static final String COMMENT_KEY = "comment";
    public static final String ALLOW_VIRTUAL_USER = "nuxeo.automation.allowVirtualUser";

    @Context
    protected CoreSession session;

    @Param(name = "users", required = false, alias = {"users"}, description = "ACE target set of users and/or groups.")
    protected List<String> users;

    @Param(name = "username", required = false, alias = {"user"}, description = "ACE target user/group.")
    @Deprecated
    protected String user;

    @Param(name = UserConfig.EMAIL_COLUMN, required = false, description = "ACE target user/group.")
    protected String email;

    @Param(name = "permission", description = "ACE permission.")
    protected String permission;

    @Param(name = "begin", required = false, description = "ACE begin date.")
    protected Calendar begin;

    @Param(name = "end", required = false, description = "ACE end date.")
    protected Calendar end;

    @Param(name = "comment", required = false, description = "Comment")
    protected String comment;

    @Param(name = "acl", required = false, values = {ACL.LOCAL_ACL}, description = "ACL name.")
    protected String aclName = ACL.LOCAL_ACL;

    @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.")
    protected boolean blockInheritance = false;

    @Param(name = "notify", required = false, description = "Notify the user or not")
    protected boolean notify = false;

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentModel documentModel) {
        validateParameters();
        addPermission(documentModel);
        return documentModel;
    }

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentRef documentRef) {
        DocumentModel document = this.session.getDocument(documentRef);
        validateParameters();
        addPermission(document);
        return document;
    }

    protected void addPermission(DocumentModel documentModel) {
        ACP acp = documentModel.getACP() != null ? documentModel.getACP() : new ACPImpl();
        HashMap hashMap = new HashMap();
        hashMap.put("notify", Boolean.valueOf(this.notify));
        hashMap.put("comment", this.comment);
        String name = this.session.getPrincipal().getName();
        boolean z = false;
        if (this.blockInheritance) {
            z = acp.blockInheritance(this.aclName, name);
        }
        Iterator<String> it = this.users.iterator();
        while (it.hasNext()) {
            z = acp.addACE(this.aclName, ACE.builder(it.next(), this.permission).creator(name).begin(this.begin).end(this.end).contextData(hashMap).build()) || z;
        }
        if (z) {
            documentModel.setACP(acp, true);
        }
    }

    protected void validateParameters() {
        if (this.user == null && ((this.users == null || this.users.isEmpty()) && this.email == null)) {
            throw new IllegalParameterException("'users' or 'email' parameters must be set");
        }
        if (this.email != null && this.end == null) {
            throw new IllegalParameterException("'end' parameter must be set when adding a permission for an 'email'");
        }
        ensureUserListIsUsed();
        if (((ConfigurationService) Framework.getService(ConfigurationService.class)).isBooleanPropertyFalse(ALLOW_VIRTUAL_USER)) {
            UserManager userManager = (UserManager) Framework.getService(UserManager.class);
            List list = (List) this.users.stream().filter(str -> {
                return !NuxeoPrincipal.isTransientUsername(str) && userManager.getUserModel(str) == null && userManager.getGroupModel(str) == null;
            }).collect(Collectors.toList());
            if (!list.isEmpty()) {
                throw new IllegalParameterException(String.format("The following set of User or Group names do not exist: [%s]. Please provide valid ones.", String.join(",", list)));
            }
        }
    }

    protected void ensureUserListIsUsed() {
        this.users = this.users == null ? new ArrayList() : new ArrayList(this.users);
        if (this.user != null && !this.users.contains(this.user)) {
            this.users.add(this.user);
        } else {
            if (this.email == null || !this.users.isEmpty()) {
                return;
            }
            this.users.add(NuxeoPrincipal.computeTransientUsername(this.email));
        }
    }
}
