package org.nuxeo.ecm.webapp.security;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.faces.application.FacesMessage;
import javax.faces.component.UIComponent;
import javax.faces.component.UIInput;
import javax.faces.context.FacesContext;
import javax.faces.validator.ValidatorException;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Factory;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.core.Events;
import org.jboss.seam.international.StatusMessage;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.repository.RepositoryManager;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils;
import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
import org.nuxeo.ecm.platform.usermanager.UserAdapter;
import org.nuxeo.ecm.platform.usermanager.UserAdapterImpl;
import org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException;
import org.nuxeo.ecm.platform.usermanager.exceptions.UserAlreadyExistsException;
import org.nuxeo.ecm.user.invite.UserInvitationService;
import org.nuxeo.runtime.api.Framework;

@Name("userManagementActions")
@Install(precedence = 10)
@Scope(ScopeType.CONVERSATION)
/* loaded from: input_file:org/nuxeo/ecm/webapp/security/UserManagementActions.class */
public class UserManagementActions extends AbstractUserGroupManagement implements Serializable {
    private static final long serialVersionUID = 1;
    private static final Log log = LogFactory.getLog(UserManagementActions.class);
    public static final String USERS_TAB = "USER_CENTER:UsersGroupsHome:UsersHome";
    public static final String USERS_LISTING_CHANGED = "usersListingChanged";
    public static final String USERS_SEARCH_CHANGED = "usersSearchChanged";
    public static final String USER_SELECTED_CHANGED = "selectedUserChanged";
    public static final String SELECTED_LETTER_CHANGED = "selectedLetterChanged";
    protected DocumentModel selectedUser;
    protected DocumentModel newUser;
    protected String oldPassword;
    protected String selectedLetter = "";
    protected boolean immediateCreation = false;
    protected boolean createAnotherUser = false;
    protected String defaultRepositoryName = null;

    @Override // org.nuxeo.ecm.webapp.security.AbstractUserGroupManagement
    protected String computeListingMode() {
        return this.userManager.getUserListingMode();
    }

    public DocumentModel getSelectedUser() {
        this.shouldResetStateOnTabChange = true;
        return this.selectedUser;
    }

    public void setSelectedUser(DocumentModel documentModel) {
        fireSeamEvent(USER_SELECTED_CHANGED);
        this.selectedUser = documentModel;
    }

    @Deprecated
    public void setSelectedUser(String str) {
        setSelectedUser(refreshUser(str));
    }

    public void setSelectedUserName(String str) {
        setSelectedUser(refreshUser(str));
    }

    public String getSelectedUserName() {
        return this.selectedUser.getId();
    }

    protected DocumentModel refreshUser(String str) {
        return this.userManager.getUserModel(str);
    }

    public String getSelectedLetter() {
        return this.selectedLetter;
    }

    public void setSelectedLetter(String str) {
        if (str != null && !str.equals(this.selectedLetter)) {
            this.selectedLetter = str;
            fireSeamEvent(SELECTED_LETTER_CHANGED);
        }
        this.selectedLetter = str;
    }

    public DocumentModel getNewUser() {
        if (this.newUser == null) {
            this.newUser = this.userManager.getBareUserModel();
        }
        return this.newUser;
    }

    public boolean getAllowEditUser() {
        return (this.selectedUser == null || !getCanEditUsers(true) || BaseSession.isReadOnlyEntry(this.selectedUser)) ? false : true;
    }

    protected boolean getCanEditUsers(boolean z) {
        if (this.userManager.areUsersReadOnly().booleanValue()) {
            return false;
        }
        if (this.selectedUser != null && this.userManager.getAnonymousUserId() != null && this.userManager.getAnonymousUserId().equals(this.selectedUser.getId())) {
            return false;
        }
        if ((this.selectedUser != null && this.userManager.getPrincipal(this.selectedUser.getId()).isAdministrator() && !this.currentUser.isAdministrator()) || !(this.currentUser instanceof NuxeoPrincipal)) {
            return false;
        }
        NuxeoPrincipal nuxeoPrincipal = this.currentUser;
        if (this.webActions.checkFilter(AbstractUserGroupManagement.USERS_GROUPS_MANAGEMENT_ACCESS_FILTER)) {
            return true;
        }
        return z && this.selectedUser != null && nuxeoPrincipal.getName().equals(this.selectedUser.getId());
    }

    public boolean getAllowChangePassword() {
        return (this.selectedUser == null || !getCanEditUsers(true) || BaseSession.isReadOnlyEntry(this.selectedUser)) ? false : true;
    }

    public boolean getAllowCreateUser() {
        return getCanEditUsers(false);
    }

    public boolean getAllowDeleteUser() {
        return (this.selectedUser == null || !getCanEditUsers(false) || BaseSession.isReadOnlyEntry(this.selectedUser)) ? false : true;
    }

    public void clearSearch() {
        this.searchString = null;
        fireSeamEvent(USERS_SEARCH_CHANGED);
    }

    public void createUser() {
        try {
            if (this.immediateCreation) {
                setSelectedUser(this.userManager.createUser(this.newUser));
                this.immediateCreation = false;
                this.facesMessages.add(StatusMessage.Severity.INFO, this.resourcesAccessor.getMessages().get("info.userManager.userCreated"), new Object[0]);
                if (this.createAnotherUser) {
                    this.showCreateForm = true;
                } else {
                    this.showCreateForm = false;
                    this.showUserOrGroup = true;
                    this.detailsMode = null;
                }
                fireSeamEvent(USERS_LISTING_CHANGED);
            } else {
                UserInvitationService userInvitationService = (UserInvitationService) Framework.getService(UserInvitationService.class);
                HashMap hashMap = new HashMap();
                hashMap.put("registration:originatingUser", this.currentUser.getName());
                userInvitationService.submitRegistrationRequest(wrapToUserRegistration(new UserAdapterImpl(this.newUser, this.userManager)), hashMap, UserInvitationService.ValidationMethod.EMAIL, true);
                this.facesMessages.add(StatusMessage.Severity.INFO, this.resourcesAccessor.getMessages().get("info.userManager.userInvited"), new Object[0]);
                if (this.createAnotherUser) {
                    this.showCreateForm = true;
                } else {
                    this.showCreateForm = false;
                    this.showUserOrGroup = false;
                    this.detailsMode = null;
                }
            }
            this.newUser = null;
        } catch (UserAlreadyExistsException e) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, this.resourcesAccessor.getMessages().get("error.userManager.userAlreadyExists"), new Object[0]);
        } catch (InvalidPasswordException e2) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, this.resourcesAccessor.getMessages().get("error.userManager.invalidPassword"), new Object[0]);
        } catch (Exception e3) {
            String localizedMessage = e3.getLocalizedMessage();
            if (e3.getCause() != null) {
                localizedMessage = localizedMessage + e3.getCause().getLocalizedMessage();
            }
            log.error(localizedMessage, e3);
            this.facesMessages.add(StatusMessage.Severity.ERROR, localizedMessage, new Object[0]);
        }
    }

    private String getDefaultRepositoryName() {
        if (this.defaultRepositoryName == null) {
            try {
                this.defaultRepositoryName = ((RepositoryManager) Framework.getService(RepositoryManager.class)).getDefaultRepository().getName();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return this.defaultRepositoryName;
    }

    public void updateUser() {
        try {
            new UpdateUserUnrestricted(getDefaultRepositoryName(), this.selectedUser).runUnrestricted();
        } catch (InvalidPasswordException e) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, this.resourcesAccessor.getMessages().get("error.userManager.invalidPassword"), new Object[0]);
        }
        this.detailsMode = AbstractUserGroupManagement.DETAILS_VIEW_MODE;
        fireSeamEvent(USERS_LISTING_CHANGED);
    }

    public String changePassword() {
        try {
            updateUser();
            this.detailsMode = AbstractUserGroupManagement.DETAILS_VIEW_MODE;
            this.facesMessages.add(FacesMessage.SEVERITY_INFO, this.resourcesAccessor.getMessages().get("label.userManager.password.changed"), new Object[0]);
            fireSeamEvent(USERS_LISTING_CHANGED);
            return null;
        } catch (InvalidPasswordException e) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, this.resourcesAccessor.getMessages().get("error.userManager.invalidPassword"), new Object[0]);
            return null;
        }
    }

    public String updateProfilePassword() {
        if (!this.userManager.checkUsernamePassword(this.currentUser.getName(), this.oldPassword)) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, this.resourcesAccessor.getMessages().get("label.userManager.old.password.error"), new Object[0]);
            return null;
        }
        try {
            Framework.doPrivileged(() -> {
                this.userManager.updateUser(this.selectedUser);
            });
            this.facesMessages.add(FacesMessage.SEVERITY_INFO, this.resourcesAccessor.getMessages().get("label.userManager.password.changed"), new Object[0]);
            this.detailsMode = AbstractUserGroupManagement.DETAILS_VIEW_MODE;
            fireSeamEvent(USERS_LISTING_CHANGED);
            return null;
        } catch (InvalidPasswordException e) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, this.resourcesAccessor.getMessages().get("error.userManager.invalidPassword"), new Object[0]);
            return null;
        }
    }

    public void deleteUser() {
        this.userManager.deleteUser(this.selectedUser);
        this.selectedUser = null;
        this.showUserOrGroup = false;
        fireSeamEvent(USERS_LISTING_CHANGED);
    }

    public void validateUserName(FacesContext facesContext, UIComponent uIComponent, Object obj) {
        if ((obj instanceof String) && StringUtils.containsOnly((String) obj, AbstractUserGroupManagement.VALID_CHARS)) {
            return;
        }
        FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate(facesContext, "label.userManager.wrong.username"), (String) null);
        facesContext.addMessage((String) null, facesMessage);
        throw new ValidatorException(facesMessage);
    }

    public void validateGroups(FacesContext facesContext, UIComponent uIComponent, Object obj) {
        UIInput referencedComponent = getReferencedComponent("groupsValueHolderId", uIComponent);
        List<String> list = referencedComponent == null ? null : (List) referencedComponent.getLocalValue();
        if (list == null || list.isEmpty() || isAllowedToAdminGroups(list)) {
            return;
        }
        throwValidationException(facesContext, "label.userManager.invalidGroupSelected", new Object[0]);
    }

    boolean isAllowedToAdminGroups(List<String> list) {
        if (this.currentUser.isAdministrator()) {
            return true;
        }
        List<String> allAdminGroups = getAllAdminGroups();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (allAdminGroups.contains(it.next())) {
                return false;
            }
        }
        return true;
    }

    private void throwValidationException(FacesContext facesContext, String str, Object... objArr) {
        throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate(facesContext, str, objArr), (String) null));
    }

    private UIInput getReferencedComponent(String str, UIComponent uIComponent) {
        String str2 = (String) uIComponent.getAttributes().get(str);
        if (str2 == null) {
            log.error(String.format("Target component id (%s) not found in attributes", str));
            return null;
        }
        UIInput findComponent = uIComponent.findComponent(str2);
        if (findComponent == null) {
            return null;
        }
        return findComponent;
    }

    public void validatePassword(FacesContext facesContext, UIComponent uIComponent, Object obj) {
        Object localValue = getReferencedComponent("firstPasswordInputId", uIComponent).getLocalValue();
        Object localValue2 = getReferencedComponent("secondPasswordInputId", uIComponent).getLocalValue();
        if (localValue == null || localValue2 == null) {
            log.error("Cannot validate passwords: value(s) not found");
        } else {
            if (localValue.equals(localValue2)) {
                return;
            }
            throwValidationException(facesContext, "label.userManager.password.not.match", new Object[0]);
        }
    }

    /* JADX WARN: Type inference failed for: r2v10, types: [java.lang.Object[], java.io.Serializable] */
    private DocumentModel wrapToUserRegistration(UserAdapter userAdapter) {
        UserInvitationService userInvitationService = (UserInvitationService) Framework.getService(UserInvitationService.class);
        DocumentModel userRegistrationModel = userInvitationService.getUserRegistrationModel((String) null);
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoUsernameField(), userAdapter.getName());
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoFirstnameField(), userAdapter.getFirstName());
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoLastnameField(), userAdapter.getLastName());
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoEmailField(), userAdapter.getEmail());
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoGroupsField(), (Serializable) userAdapter.getGroups().toArray());
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoCompanyField(), userAdapter.getCompany());
        String tenantId = userAdapter.getTenantId();
        if (StringUtils.isBlank(tenantId)) {
            tenantId = this.currentUser.getTenantId();
        }
        userRegistrationModel.setPropertyValue(userInvitationService.getConfiguration().getUserInfoTenantIdField(), tenantId);
        return userRegistrationModel;
    }

    @Factory(value = "notReadOnly", scope = ScopeType.APPLICATION)
    public boolean isNotReadOnly() {
        return !Framework.isBooleanPropertyTrue("org.nuxeo.ecm.webapp.readonly.mode");
    }

    public List<String> getUserVirtualGroups(String str) {
        NuxeoPrincipalImpl principal = this.userManager.getPrincipal(str);
        if (principal instanceof NuxeoPrincipalImpl) {
            return principal.getVirtualGroups();
        }
        return null;
    }

    public String viewUser(String str) {
        this.webActions.setCurrentTabIds("MAIN_TABS:home,USER_CENTER:UsersGroupsHome:UsersHome");
        setSelectedUser(str);
        setShowUser(Boolean.TRUE.toString());
        return AbstractUserGroupManagement.VIEW_HOME;
    }

    public String viewUser() {
        if (this.selectedUser != null) {
            return viewUser(this.selectedUser.getId());
        }
        return null;
    }

    public void setShowUser(String str) {
        this.showUserOrGroup = Boolean.valueOf(str).booleanValue();
        this.shouldResetStateOnTabChange = false;
    }

    protected void fireSeamEvent(String str) {
        Events.instance().raiseEvent(str, new Object[0]);
    }

    @Factory(value = "anonymousUserDefined", scope = ScopeType.APPLICATION)
    public boolean anonymousUserDefined() {
        return this.userManager.getAnonymousUserId() != null;
    }

    @Observer({USERS_LISTING_CHANGED})
    public void onUsersListingChanged() {
        this.contentViewActions.refreshOnSeamEvent(USERS_LISTING_CHANGED);
        this.contentViewActions.resetPageProviderOnSeamEvent(USERS_LISTING_CHANGED);
    }

    @Observer({USERS_SEARCH_CHANGED})
    public void onUsersSearchChanged() {
        this.contentViewActions.refreshOnSeamEvent(USERS_SEARCH_CHANGED);
        this.contentViewActions.resetPageProviderOnSeamEvent(USERS_SEARCH_CHANGED);
    }

    @Observer({SELECTED_LETTER_CHANGED})
    public void onSelectedLetterChanged() {
        this.contentViewActions.refreshOnSeamEvent(SELECTED_LETTER_CHANGED);
        this.contentViewActions.resetPageProviderOnSeamEvent(SELECTED_LETTER_CHANGED);
    }

    @Observer({"currentTabChanged_MAIN_TABS", "currentTabChanged_NUXEO_ADMIN", "currentTabChanged_USER_CENTER", "currentTabChanged_UsersGroupsManager_sub_tab", "currentTabChanged_UsersGroupsHome_sub_tab", "currentTabSelected_MAIN_TABS", "currentTabSelected_NUXEO_ADMIN", "currentTabSelected_USER_CENTER", "currentTabSelected_UsersGroupsManager_sub_tab", "currentTabSelected_UsersGroupsHome_sub_tab"})
    public void resetState() {
        if (this.shouldResetStateOnTabChange) {
            this.newUser = null;
            this.selectedUser = null;
            this.showUserOrGroup = false;
            this.showCreateForm = false;
            this.immediateCreation = false;
            this.detailsMode = AbstractUserGroupManagement.DETAILS_VIEW_MODE;
        }
    }

    public boolean isImmediateCreation() {
        return this.immediateCreation;
    }

    public void setImmediateCreation(boolean z) {
        this.immediateCreation = z;
    }

    public boolean isCreateAnotherUser() {
        return this.createAnotherUser;
    }

    public void setCreateAnotherUser(boolean z) {
        this.createAnotherUser = z;
    }

    public String getOldPassword() {
        return this.oldPassword;
    }

    public void setOldPassword(String str) {
        this.oldPassword = str;
    }
}
