package org.nuxeo.ecm.directory;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.Path;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.Lock;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.PropertyException;
import org.nuxeo.ecm.core.api.impl.DataModelImpl;
import org.nuxeo.ecm.core.api.impl.DocumentModelImpl;
import org.nuxeo.ecm.core.api.impl.DocumentModelListImpl;
import org.nuxeo.ecm.core.api.local.ClientLoginModule;
import org.nuxeo.ecm.core.schema.types.Field;
import org.nuxeo.ecm.directory.BaseDirectoryDescriptor;
import org.nuxeo.ecm.directory.api.DirectoryDeleteConstraint;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/directory/BaseSession.class */
public abstract class BaseSession implements Session, EntrySource {
    protected static final String POWER_USERS_GROUP = "powerusers";
    protected static final String READONLY_ENTRY_FLAG = "READONLY_ENTRY";
    protected static final String MULTI_TENANT_ID_FORMAT = "tenant_%s_%s";
    private static final Log log = LogFactory.getLog(BaseSession.class);
    protected final Directory directory;
    protected PermissionDescriptor[] permissions;
    protected boolean readAllColumns;
    protected String schemaName;
    protected Map<String, Field> schemaFieldMap;
    protected String directoryName;
    protected BaseDirectoryDescriptor.SubstringMatchType substringMatchType;
    protected Class<? extends Reference> referenceClass;
    protected String passwordHashAlgorithm;
    protected boolean autoincrementId;

    protected BaseSession(Directory directory, Class<? extends Reference> cls) {
        this.permissions = null;
        this.directory = directory;
        this.schemaFieldMap = directory.getSchemaFieldMap();
        this.schemaName = directory.getSchema();
        this.directoryName = directory.getName();
        BaseDirectoryDescriptor descriptor = directory.getDescriptor();
        this.substringMatchType = descriptor.getSubstringMatchType();
        this.autoincrementId = descriptor.isAutoincrementIdField();
        this.permissions = descriptor.permissions;
        this.passwordHashAlgorithm = descriptor.passwordHashAlgorithm;
        this.referenceClass = cls;
    }

    public abstract Directory getDirectory();

    @Override // org.nuxeo.ecm.directory.Session
    public void setReadAllColumns(boolean z) {
        this.readAllColumns = z;
    }

    @Override // org.nuxeo.ecm.directory.Session
    public String getIdField() {
        return this.directory.getIdField();
    }

    @Override // org.nuxeo.ecm.directory.Session
    public String getPasswordField() {
        return this.directory.getPasswordField();
    }

    @Override // org.nuxeo.ecm.directory.Session
    public boolean isAuthenticating() {
        return this.directory.getPasswordField() != null;
    }

    @Override // org.nuxeo.ecm.directory.Session
    public boolean isReadOnly() {
        return this.directory.isReadOnly();
    }

    public void checkPermission(String str) {
        if (hasPermission(str)) {
            return;
        }
        if (str.equals("Write") && isReadOnly()) {
            throw new DirectorySecurityException("Directory is read-only");
        }
        throw new DirectorySecurityException("User " + ClientLoginModule.getCurrentPrincipal() + " does not have " + str + " permission");
    }

    public void checkDeleteConstraints(String str) {
        List<DirectoryDeleteConstraint> directoryDeleteConstraints = this.directory.getDirectoryDeleteConstraints();
        DirectoryService directoryService = (DirectoryService) Framework.getLocalService(DirectoryService.class);
        if (directoryDeleteConstraints == null || directoryDeleteConstraints.isEmpty()) {
            return;
        }
        Iterator<DirectoryDeleteConstraint> it = directoryDeleteConstraints.iterator();
        while (it.hasNext()) {
            if (!it.next().canDelete(directoryService, str)) {
                throw new DirectoryDeleteConstraintException("This entry is referenced in another vocabulary.");
            }
        }
    }

    public boolean hasPermission(String str) {
        if (str.equals("Write") && isReadOnly()) {
            if (!log.isTraceEnabled()) {
                return false;
            }
            log.trace("Directory is read-only");
            return false;
        }
        NuxeoPrincipal currentPrincipal = ClientLoginModule.getCurrentPrincipal();
        if (currentPrincipal == null) {
            return true;
        }
        String name = currentPrincipal.getName();
        if (name.equals(DirectoryService.SYSTEM_DIRECTORY_TYPE) || currentPrincipal.isAdministrator()) {
            return true;
        }
        if (this.permissions == null || this.permissions.length == 0) {
            if (currentPrincipal.isAdministrator() || currentPrincipal.isMemberOf(POWER_USERS_GROUP) || str.equals("Read")) {
                return true;
            }
            if (!log.isTraceEnabled()) {
                return false;
            }
            log.trace("User " + currentPrincipal + " does not have " + str + " permission");
            return false;
        }
        ArrayList arrayList = new ArrayList(currentPrincipal.getAllGroups());
        arrayList.add("Everyone");
        boolean hasPermission = hasPermission(str, name, arrayList);
        if (!hasPermission && str.equals("Read")) {
            hasPermission = hasPermission("Write", name, arrayList);
        }
        if (!hasPermission && log.isTraceEnabled()) {
            log.trace("User " + currentPrincipal + " does not have " + str + " permission");
        }
        return hasPermission;
    }

    protected boolean hasPermission(String str, String str2, List<String> list) {
        for (PermissionDescriptor permissionDescriptor : this.permissions) {
            if (permissionDescriptor.name.equals(str)) {
                if (permissionDescriptor.groups != null) {
                    for (String str3 : permissionDescriptor.groups) {
                        if (list.contains(str3)) {
                            return true;
                        }
                    }
                }
                if (permissionDescriptor.users != null) {
                    for (String str4 : permissionDescriptor.users) {
                        if (str4.equals(str2)) {
                            return true;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public static DocumentModel createEntryModel(String str, String str2, String str3, Map<String, Object> map) throws PropertyException {
        DocumentModelImpl documentModelImpl = new DocumentModelImpl(str, str2, str3, (Path) null, (Lock) null, (DocumentRef) null, (DocumentRef) null, new String[]{str2}, new HashSet(), (String) null, (String) null);
        if (map == null) {
            map = Collections.emptyMap();
        }
        documentModelImpl.addDataModel(new DataModelImpl(str2, map));
        return documentModelImpl;
    }

    public static DocumentModel createEntryModel(String str, String str2, String str3, Map<String, Object> map, boolean z) throws PropertyException {
        DocumentModel createEntryModel = createEntryModel(str, str2, str3, map);
        if (z) {
            setReadOnlyEntry(createEntryModel);
        }
        return createEntryModel;
    }

    public static boolean isReadOnlyEntry(DocumentModel documentModel) {
        return documentModel.getContextData(READONLY_ENTRY_FLAG) == Boolean.TRUE;
    }

    public static void setReadOnlyEntry(DocumentModel documentModel) {
        documentModel.putContextData(READONLY_ENTRY_FLAG, Boolean.TRUE);
    }

    public static void setReadWriteEntry(DocumentModel documentModel) {
        documentModel.putContextData(READONLY_ENTRY_FLAG, Boolean.FALSE);
    }

    public static String computeMultiTenantDirectoryId(String str, String str2) {
        return String.format(MULTI_TENANT_ID_FORMAT, str, str2);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModel getEntry(String str) throws DirectoryException {
        return getEntry(str, true);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModel getEntry(String str, boolean z) throws DirectoryException {
        if (hasPermission("Read")) {
            return this.readAllColumns ? getEntryFromSource(str, z) : this.directory.getCache().getEntry(str, this, z);
        }
        return null;
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList getEntries() throws DirectoryException {
        return !hasPermission("Read") ? new DocumentModelListImpl() : query(Collections.emptyMap());
    }

    @Override // org.nuxeo.ecm.directory.EntrySource
    public DocumentModel getEntryFromSource(String str, boolean z) throws DirectoryException {
        DocumentModelList query = query(Collections.singletonMap(this.schemaFieldMap != null ? this.schemaFieldMap.get(getIdField()).getName().getPrefixedName() : getIdField(), str), Collections.emptySet(), Collections.emptyMap(), true);
        if (query.isEmpty()) {
            return null;
        }
        return (DocumentModel) query.get(0);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModel createEntry(DocumentModel documentModel) {
        return createEntry(documentModel.getProperties(this.schemaName));
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModel createEntry(Map<String, Object> map) throws DirectoryException {
        checkPermission("Write");
        DocumentModel createEntryWithoutReferences = createEntryWithoutReferences(map);
        Object obj = map.get(this.schemaFieldMap != null ? this.schemaFieldMap.get(getIdField()).getName().getPrefixedName() : getIdField());
        String id = createEntryWithoutReferences.getId();
        for (Reference reference : getDirectory().getReferences()) {
            String prefixedName = this.schemaFieldMap.get(reference.getFieldName()).getName().getPrefixedName();
            if (getDirectory().getReferences(reference.getFieldName()).size() <= 1) {
                List<String> list = (List) map.get(prefixedName);
                if (reference.getClass() == this.referenceClass) {
                    reference.addLinks(id, list, this);
                } else {
                    reference.addLinks(id, list);
                }
            } else if (log.isWarnEnabled()) {
                log.warn("Directory " + this.directoryName + " cannot create field " + reference.getFieldName() + " for entry " + obj + ": this field is associated with more than one reference");
            }
        }
        getDirectory().invalidateCaches();
        return createEntryWithoutReferences;
    }

    @Override // org.nuxeo.ecm.directory.Session
    public void updateEntry(DocumentModel documentModel) throws DirectoryException {
        checkPermission("Write");
        for (String str : updateEntryWithoutReferences(documentModel)) {
            List<Reference> references = this.directory.getReferences(str);
            if (references.size() <= 1) {
                Reference reference = references.get(0);
                List<String> list = (List) documentModel.getProperty(this.schemaName, str);
                if (reference.getClass() == this.referenceClass) {
                    reference.setTargetIdsForSource(documentModel.getId(), list, this);
                } else {
                    reference.setTargetIdsForSource(documentModel.getId(), list);
                }
            } else if (log.isWarnEnabled()) {
                log.warn("Directory " + getDirectory().getName() + " cannot update field " + str + " for entry " + documentModel.getId() + ": this field is associated with more than one reference");
            }
        }
        getDirectory().invalidateCaches();
    }

    @Override // org.nuxeo.ecm.directory.Session
    public void deleteEntry(DocumentModel documentModel) throws DirectoryException {
        deleteEntry(documentModel.getId());
    }

    @Override // org.nuxeo.ecm.directory.Session
    @Deprecated
    public void deleteEntry(String str, Map<String, String> map) throws DirectoryException {
        deleteEntry(str);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public void deleteEntry(String str) throws DirectoryException {
        checkPermission("Write");
        checkDeleteConstraints(str);
        for (Reference reference : getDirectory().getReferences()) {
            if (reference.getClass() == this.referenceClass) {
                reference.removeLinksForSource(str, this);
            } else {
                reference.removeLinksForSource(str);
            }
        }
        deleteEntryWithoutReferences(str);
        getDirectory().invalidateCaches();
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList query(Map<String, Serializable> map) throws DirectoryException {
        return query(map, Collections.emptySet());
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList query(Map<String, Serializable> map, Set<String> set) throws DirectoryException {
        return query(map, set, new HashMap());
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, Map<String, String> map2) throws DirectoryException {
        return query(map, set, map2, false);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, Map<String, String> map2, boolean z) throws DirectoryException {
        return query(map, set, map2, z, 0, 0);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, Map<String, String> map2, boolean z, int i, int i2) throws DirectoryException {
        log.info("Call an unoverrided query with offset and limit.");
        DocumentModelList query = query(map, set, map2, z);
        int i3 = i2 + i;
        if (i3 > query.size()) {
            i3 = query.size();
        }
        return new DocumentModelListImpl(query.subList(i2, i3));
    }

    @Override // org.nuxeo.ecm.directory.Session
    public List<String> getProjection(Map<String, Serializable> map, String str) throws DirectoryException {
        return getProjection(map, Collections.emptySet(), str);
    }

    @Override // org.nuxeo.ecm.directory.Session
    public List<String> getProjection(Map<String, Serializable> map, Set<String> set, String str) throws DirectoryException {
        DocumentModelList query = query(map, set);
        ArrayList arrayList = new ArrayList();
        Iterator it = query.iterator();
        while (it.hasNext()) {
            arrayList.add(String.valueOf(((DocumentModel) it.next()).getProperty(this.schemaName, str)));
        }
        return arrayList;
    }

    protected abstract DocumentModel createEntryWithoutReferences(Map<String, Object> map);

    protected abstract List<String> updateEntryWithoutReferences(DocumentModel documentModel) throws DirectoryException;

    protected abstract void deleteEntryWithoutReferences(String str) throws DirectoryException;
}
