package org.nuxeo.ecm.multi.tenant.acl;

import java.util.List;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.event.Event;
import org.nuxeo.ecm.core.event.EventListener;
import org.nuxeo.ecm.multi.tenant.MultiTenantHelper;
import org.nuxeo.ecm.multi.tenant.MultiTenantService;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/multi/tenant/acl/ACLUpdateListener.class */
public class ACLUpdateListener implements EventListener {
    public void handleEvent(Event event) {
        String owningTenantId;
        if ("beforeDocumentSecurityModification".equals(event.getName())) {
            MultiTenantService multiTenantService = (MultiTenantService) Framework.getService(MultiTenantService.class);
            if (multiTenantService.isTenantIsolationEnabled(event.getContext().getCoreSession())) {
                List<String> prohibitedGroups = multiTenantService.getProhibitedGroups();
                DocumentModel sourceDocument = event.getContext().getSourceDocument();
                for (ACL acl : event.getContext().getProperty("newACP").getACLs()) {
                    int i = 0;
                    for (ACE ace : acl.getACEs()) {
                        if (ace.isGranted() && prohibitedGroups.contains(ace.getUsername()) && (owningTenantId = MultiTenantHelper.getOwningTenantId(sourceDocument)) != null) {
                            acl.set(i, new ACE(MultiTenantHelper.computeTenantMembersGroup(owningTenantId), ace.getPermission(), ace.isGranted()));
                        }
                        i++;
                    }
                }
            }
        }
    }
}
