package org.nuxeo.ecm.webapp.security;

import java.io.Serializable;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.faces.context.FacesContext;
import javax.faces.model.SelectItem;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.core.Events;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.nuxeo.common.utils.i18n.Labeler;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.PermissionProvider;
import org.nuxeo.ecm.core.api.security.UserEntry;
import org.nuxeo.ecm.core.api.security.UserVisiblePermission;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.platform.query.api.PageSelection;
import org.nuxeo.ecm.platform.query.api.PageSelections;
import org.nuxeo.ecm.platform.ui.web.api.NavigationContext;
import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webapp.base.InputController;
import org.nuxeo.runtime.api.Framework;

@Name("securityActions")
@Scope(ScopeType.CONVERSATION)
/* loaded from: input_file:org/nuxeo/ecm/webapp/security/SecurityActionsBean.class */
public class SecurityActionsBean extends InputController implements SecurityActions, Serializable {
    private static final long serialVersionUID = -7190826911734958662L;

    @In(create = true)
    protected transient NavigationContext navigationContext;

    @In(create = true, required = false)
    protected transient CoreSession documentManager;

    @In(create = true)
    protected PermissionActionListManager permissionActionListManager;

    @In(create = true)
    protected PermissionListManager permissionListManager;

    @In(create = true)
    protected PrincipalListManager principalListManager;

    @In(create = true)
    protected transient UserManager userManager;

    @In(create = true)
    protected NuxeoPrincipal currentUser;
    protected String[] CACHED_PERMISSION_TO_CHECK;
    protected SecurityData securityData;
    protected boolean obsoleteSecurityData = true;
    protected PageSelections<String> entries;
    protected transient List<String> cachedValidatedUserAndGroups;
    protected transient List<String> cachedDeletedUserAndGroups;
    private Boolean blockRightInheritance;
    protected String selectedEntry;
    protected List<String> selectedEntries;
    private static final Log log = LogFactory.getLog(SecurityActionsBean.class);
    protected static final String[] SEED_PERMISSIONS_TO_CHECK = {"WriteSecurity", "ReadSecurity"};
    private static final Labeler labeler = new Labeler("label.security.permission");

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    @Observer(value = {"userAllDocumentTypesSelectionChanged"}, create = false)
    @BypassInterceptors
    public void resetSecurityData() {
        this.obsoleteSecurityData = true;
        this.blockRightInheritance = null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public void rebuildSecurityData() {
        DocumentModel currentDocument = this.navigationContext.getCurrentDocument();
        if (currentDocument != null) {
            if (this.securityData == null) {
                this.securityData = new SecurityData();
                this.securityData.setDocumentType(currentDocument.getType());
            }
            ACP acp = this.documentManager.getACP(currentDocument.getRef());
            if (acp != null) {
                SecurityDataConverter.convertToSecurityData(acp, this.securityData);
            } else {
                this.securityData.clear();
            }
            reconstructTableModel();
            List<String> list = this.securityData.getCurrentDocDeny().get("Everyone");
            if (list != null && list.contains("Everything")) {
                this.blockRightInheritance = Boolean.TRUE;
            }
            if (this.blockRightInheritance == null) {
                this.blockRightInheritance = Boolean.FALSE;
            }
            this.obsoleteSecurityData = false;
        }
    }

    protected void reconstructTableModel() {
        List<String> currentDocumentUsers = getCurrentDocumentUsers();
        this.entries = new PageSelections<>();
        if (currentDocumentUsers != null) {
            for (String str : currentDocumentUsers) {
                if ("Everyone".equals(str)) {
                    List<String> list = this.securityData.getCurrentDocGrant().get(str);
                    List<String> list2 = this.securityData.getCurrentDocDeny().get(str);
                    if (list2 != null && list2.contains("Everything") && list == null && list2.size() == 1) {
                    }
                }
                this.entries.add(new PageSelection(str, false));
            }
        }
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public PageSelections<String> getDataTableModel() {
        if (this.obsoleteSecurityData) {
            rebuildSecurityData();
        }
        return this.entries;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public SecurityData getSecurityData() {
        if (this.obsoleteSecurityData) {
            rebuildSecurityData();
        }
        return this.securityData;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String updateSecurityOnDocument() {
        List<UserEntry> convertToUserEntries = SecurityDataConverter.convertToUserEntries(this.securityData);
        ACPImpl acp = this.currentDocument.getACP();
        if (acp == null) {
            acp = new ACPImpl();
        }
        acp.setRules((UserEntry[]) convertToUserEntries.toArray(new UserEntry[0]));
        this.currentDocument.setACP(acp, true);
        this.documentManager.save();
        Events.instance().raiseEvent("documentSecurityChanged", new Object[0]);
        rebuildSecurityData();
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String addPermission(String str, String str2, boolean z) {
        if (this.securityData == null) {
            this.securityData = getSecurityData();
        }
        String str3 = str2;
        String str4 = str2;
        List<UserVisiblePermission> visibleUserPermissions = getVisibleUserPermissions(this.securityData.getDocumentType());
        if (visibleUserPermissions != null) {
            Iterator<UserVisiblePermission> it = visibleUserPermissions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserVisiblePermission next = it.next();
                if (next.getId().equals(str2)) {
                    str3 = next.getPermission();
                    str4 = next.getDenyPermission();
                    break;
                }
            }
        } else {
            log.debug("no entry for documentType in visibleUserPermissions this should never happend, using default mapping ...");
        }
        if (z) {
            boolean removeModifiablePrivilege = this.securityData.removeModifiablePrivilege(str, str4, !z);
            if (!removeModifiablePrivilege) {
                removeModifiablePrivilege = this.securityData.removeModifiablePrivilege(str, str3, !z);
            }
            if (!removeModifiablePrivilege) {
                this.securityData.addModifiablePrivilege(str, str3, z);
            }
        } else {
            boolean removeModifiablePrivilege2 = this.securityData.removeModifiablePrivilege(str, str3, !z);
            if (!removeModifiablePrivilege2) {
                removeModifiablePrivilege2 = this.securityData.removeModifiablePrivilege(str, str4, !z);
            }
            if (!removeModifiablePrivilege2) {
                this.securityData.addModifiablePrivilege(str, str4, z);
            }
        }
        reconstructTableModel();
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String addPermission() {
        return addPermission(this.selectedEntry, this.permissionListManager.getSelectedPermission(), this.permissionActionListManager.getSelectedGrant().equals("Grant"));
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String addPermissions() {
        if (this.selectedEntries == null || this.selectedEntries.isEmpty()) {
            FacesMessages.instance().add(ComponentUtils.translate(FacesContext.getCurrentInstance(), "error.rightsManager.noUsersSelected"), new Object[0]);
            return null;
        }
        String selectedPermission = this.permissionListManager.getSelectedPermission();
        boolean equals = this.permissionActionListManager.getSelectedGrant().equals("Grant");
        Iterator<String> it = this.selectedEntries.iterator();
        while (it.hasNext()) {
            addPermission(it.next(), selectedPermission, equals);
        }
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String addPermissionAndUpdate() {
        addPermission();
        updateSecurityOnDocument();
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String addPermissionsAndUpdate() {
        addPermissions();
        updateSecurityOnDocument();
        this.selectedEntries = null;
        this.facesMessages.add(StatusMessage.Severity.INFO, (String) this.resourcesAccessor.getMessages().get("message.updated.rights"), new Object[0]);
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String saveSecurityUpdates() {
        updateSecurityOnDocument();
        this.selectedEntries = null;
        this.facesMessages.add(StatusMessage.Severity.INFO, (String) this.resourcesAccessor.getMessages().get("message.updated.rights"), new Object[0]);
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String removePermission() {
        this.securityData.removeModifiablePrivilege(this.selectedEntry, this.permissionListManager.getSelectedPermission(), this.permissionActionListManager.getSelectedGrant().equals("Grant"));
        reconstructTableModel();
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String removePermissionAndUpdate() {
        removePermission();
        if (checkPermissions()) {
            updateSecurityOnDocument();
            return null;
        }
        this.facesMessages.add(StatusMessage.Severity.ERROR, (String) this.resourcesAccessor.getMessages().get("message.updated.rights"), new Object[0]);
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String removePermissions() {
        Iterator<PageSelection<String>> it = getSelectedRows().iterator();
        while (it.hasNext()) {
            this.securityData.removeModifiablePrivilege((String) it.next().getData());
            if (!checkPermissions()) {
                this.facesMessages.add(StatusMessage.Severity.ERROR, (String) this.resourcesAccessor.getMessages().get("message.error.removeRight"), new Object[0]);
                return null;
            }
        }
        reconstructTableModel();
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String removePermissionsAndUpdate() {
        Iterator it = getDataTableModel().getEntries().iterator();
        while (it.hasNext()) {
            this.securityData.removeModifiablePrivilege((String) ((PageSelection) it.next()).getData());
            if (!checkPermissions()) {
                this.facesMessages.add(StatusMessage.Severity.ERROR, (String) this.resourcesAccessor.getMessages().get("message.error.removeRight"), new Object[0]);
                return null;
            }
        }
        updateSecurityOnDocument();
        this.facesMessages.add(StatusMessage.Severity.INFO, (String) this.resourcesAccessor.getMessages().get("message.updated.rights"), new Object[0]);
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public boolean getCanAddSecurityRules() {
        return this.documentManager.hasPermission(this.currentDocument.getRef(), "WriteSecurity");
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public boolean getCanRemoveSecurityRules() {
        return this.documentManager.hasPermission(this.currentDocument.getRef(), "WriteSecurity") && !getSelectedRows().isEmpty();
    }

    private List<PageSelection<String>> getSelectedRows() {
        ArrayList arrayList = new ArrayList();
        if (!getDataTableModel().isEmpty()) {
            for (PageSelection pageSelection : getDataTableModel().getEntries()) {
                if (pageSelection.isSelected()) {
                    arrayList.add(pageSelection);
                }
            }
        }
        return arrayList;
    }

    public List<UserVisiblePermission> getVisibleUserPermissions(String str) {
        return ((PermissionProvider) Framework.getService(PermissionProvider.class)).getUserVisiblePermissionDescriptors(str);
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public List<SelectItem> getSettablePermissions() {
        String type = this.navigationContext.getCurrentDocument().getType();
        String[] uIPermissions = ((UIPermissionService) Framework.getRuntime().getComponent(UIPermissionService.NAME)).getUIPermissions(type);
        if (uIPermissions == null || uIPermissions.length == 0) {
            List<UserVisiblePermission> visibleUserPermissions = getVisibleUserPermissions(type);
            uIPermissions = new String[visibleUserPermissions.size()];
            int i = 0;
            Iterator<UserVisiblePermission> it = visibleUserPermissions.iterator();
            while (it.hasNext()) {
                uIPermissions[i] = it.next().getId();
                i++;
            }
        }
        return asSelectItems(uIPermissions);
    }

    protected List<SelectItem> asSelectItems(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(new SelectItem(str, (String) this.resourcesAccessor.getMessages().get(labeler.makeLabel(str))));
        }
        return arrayList;
    }

    public List<SelectItem> getUserVisiblePermissionSelectItems(String str) {
        List<UserVisiblePermission> visibleUserPermissions = getVisibleUserPermissions(str);
        ArrayList arrayList = new ArrayList();
        Iterator<UserVisiblePermission> it = visibleUserPermissions.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return asSelectItems((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public Map<String, String> getIconAltMap() {
        return this.principalListManager.iconAlt;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public Map<String, String> getIconPathMap() {
        return this.principalListManager.iconPath;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public Boolean getBlockRightInheritance() {
        return this.blockRightInheritance;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public void setBlockRightInheritance(Boolean bool) {
        this.blockRightInheritance = bool;
    }

    public String blockRightInheritance() {
        if (this.blockRightInheritance.booleanValue()) {
            this.securityData.addModifiablePrivilege("Everyone", "Everything", false);
            Principal userPrincipal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
            if (this.securityData.getCurrentDocumentUsers() != null && !this.securityData.getCurrentDocumentUsers().contains(userPrincipal.getName())) {
                this.securityData.addModifiablePrivilege(userPrincipal.getName(), "Everything", true);
                Iterator it = this.userManager.getAdministratorsGroups().iterator();
                while (it.hasNext()) {
                    this.securityData.addModifiablePrivilege((String) it.next(), "Everything", true);
                }
            }
        } else {
            this.securityData.removeModifiablePrivilege("Everyone", "Everything", false);
        }
        updateSecurityOnDocument();
        this.selectedEntries = null;
        return null;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public Boolean displayInheritedPermissions() {
        return Boolean.valueOf(getDisplayInheritedPermissions());
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public boolean getDisplayInheritedPermissions() {
        if (this.blockRightInheritance == null) {
            rebuildSecurityData();
        }
        return (this.blockRightInheritance.booleanValue() || this.securityData.getParentDocumentsUsers().isEmpty()) ? false : true;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public List<String> getCurrentDocumentUsers() {
        return validateUserGroupList(this.securityData.getCurrentDocumentUsers());
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public List<String> getParentDocumentsUsers() {
        return validateUserGroupList(this.securityData.getParentDocumentsUsers());
    }

    private List<String> validateUserGroupList(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (str.equals("Everyone")) {
                arrayList.add(str);
            } else if (isUserGroupInCache(str).booleanValue()) {
                arrayList.add(str);
            } else if (!isUserGroupInDeletedCache(str).booleanValue()) {
                if (this.userManager.getPrincipal(str) != null) {
                    arrayList.add(str);
                    addUserGroupInCache(str);
                } else if (this.userManager.getGroup(str) != null) {
                    arrayList.add(str);
                    addUserGroupInCache(str);
                } else {
                    addUserGroupInDeletedCache(str);
                }
            }
        }
        return arrayList;
    }

    private Boolean isUserGroupInCache(String str) {
        if (this.cachedValidatedUserAndGroups == null) {
            return false;
        }
        return Boolean.valueOf(this.cachedValidatedUserAndGroups.contains(str));
    }

    private void addUserGroupInCache(String str) {
        if (this.cachedValidatedUserAndGroups == null) {
            this.cachedValidatedUserAndGroups = new ArrayList();
        }
        this.cachedValidatedUserAndGroups.add(str);
    }

    private Boolean isUserGroupInDeletedCache(String str) {
        if (this.cachedDeletedUserAndGroups == null) {
            return false;
        }
        return Boolean.valueOf(this.cachedDeletedUserAndGroups.contains(str));
    }

    private void addUserGroupInDeletedCache(String str) {
        if (this.cachedDeletedUserAndGroups == null) {
            this.cachedDeletedUserAndGroups = new ArrayList();
        }
        this.cachedDeletedUserAndGroups.add(str);
    }

    private boolean checkPermissions() {
        if (this.currentUser.isAdministrator()) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.currentUser.getName());
        arrayList.addAll(this.currentUser.getAllGroups());
        ACPImpl acp = this.currentDocument.getACP();
        new SecurityDataConverter();
        List<UserEntry> convertToUserEntries = SecurityDataConverter.convertToUserEntries(this.securityData);
        if (null == acp) {
            acp = new ACPImpl();
        }
        acp.setRules((UserEntry[]) convertToUserEntries.toArray(new UserEntry[0]));
        boolean z = acp.getAccess((String[]) arrayList.toArray(new String[0]), getPermissionsToCheck()).toBoolean();
        if (!z) {
            rebuildSecurityData();
        }
        return z;
    }

    protected String[] getPermissionsToCheck() {
        if (this.CACHED_PERMISSION_TO_CHECK == null) {
            PermissionProvider permissionProvider = (PermissionProvider) Framework.getService(PermissionProvider.class);
            LinkedList linkedList = new LinkedList();
            for (String str : SEED_PERMISSIONS_TO_CHECK) {
                linkedList.add(str);
                String[] permissionGroups = permissionProvider.getPermissionGroups(str);
                if (permissionGroups != null) {
                    linkedList.addAll(Arrays.asList(permissionGroups));
                }
            }
            this.CACHED_PERMISSION_TO_CHECK = (String[]) linkedList.toArray(new String[linkedList.size()]);
        }
        return this.CACHED_PERMISSION_TO_CHECK;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public String getSelectedEntry() {
        return this.selectedEntry;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public void setSelectedEntry(String str) {
        this.selectedEntry = str;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public List<String> getSelectedEntries() {
        return this.selectedEntries;
    }

    @Override // org.nuxeo.ecm.webapp.security.SecurityActions
    public void setSelectedEntries(List<String> list) {
        this.selectedEntries = list;
    }
}
