package org.nuxeo.ecm.automation.core.operations.document;

import org.nuxeo.ecm.automation.core.Constants;
import org.nuxeo.ecm.automation.core.annotations.Context;
import org.nuxeo.ecm.automation.core.annotations.Operation;
import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
import org.nuxeo.ecm.automation.core.annotations.Param;
import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException;

@Operation(id = RemovePermission.ID, category = Constants.CAT_DOCUMENT, label = "Remove Permission", description = "Remove a permission given its id or all permissions for a given user on the input document(s). Parameter 'id' or 'user' must be set. Returns the document(s).")
/* loaded from: input_file:org/nuxeo/ecm/automation/core/operations/document/RemovePermission.class */
public class RemovePermission {
    public static final String ID = "Document.RemovePermission";

    @Context
    protected CoreSession session;

    @Param(name = "id", required = false)
    protected String id;

    @Param(name = "user", required = false)
    protected String user;

    @Param(name = "acl", required = false)
    String aclName = "local";

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentModel documentModel) {
        removePermission(documentModel);
        return this.session.getDocument(documentModel.getRef());
    }

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentRef documentRef) {
        DocumentModel document = this.session.getDocument(documentRef);
        removePermission(document);
        return document;
    }

    protected void removePermission(DocumentModel documentModel) {
        if (this.id == null && this.user == null) {
            throw new IllegalParameterException("'id' or 'user' parameter must be set");
        }
        ACP acp = documentModel.getACP() != null ? documentModel.getACP() : new ACPImpl();
        boolean z = false;
        if (this.user != null) {
            z = acp.removeACEsByUsername(this.aclName, this.user);
        } else if (this.id != null) {
            z = acp.removeACE(this.aclName, ACE.fromId(this.id));
        }
        if (z) {
            documentModel.setACP(acp, true);
        }
    }
}
