package org.nuxeo.ecm.automation.core.operations.users;

import java.util.AbstractMap;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.nuxeo.ecm.automation.OperationContext;
import org.nuxeo.ecm.automation.OperationException;
import org.nuxeo.ecm.automation.core.annotations.Context;
import org.nuxeo.ecm.automation.core.annotations.Operation;
import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
import org.nuxeo.ecm.automation.core.annotations.Param;
import org.nuxeo.ecm.automation.core.util.Properties;
import org.nuxeo.ecm.automation.core.util.StringList;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.platform.usermanager.NuxeoGroupImpl;
import org.nuxeo.ecm.platform.usermanager.UserManager;

@Operation(id = CreateOrUpdateGroup.ID, category = "Users & Groups", label = "Create or Update Group", description = "Create or Update Group")
/* loaded from: input_file:org/nuxeo/ecm/automation/core/operations/users/CreateOrUpdateGroup.class */
public class CreateOrUpdateGroup {
    public static final String ID = "Group.CreateOrUpdate";
    public static final String CREATE_OR_UPDATE = "createOrUpdate";
    public static final String CREATE = "create";
    public static final String UPDATE = "update";
    public static final String GROUP_SCHEMA = "group";
    protected static final String GROUP_COLON = "group:";
    public static final String GROUP_NAME = "groupname";
    public static final String GROUP_LABEL = "grouplabel";
    public static final String GROUP_DESCRIPTION = "description";
    public static final String MEMBERS = "members";
    public static final String SUB_GROUPS = "subGroups";
    public static final String PARENT_GROUPS = "parentGroups";
    public static final String GROUP_TENANTID = "tenantId";

    @Context
    protected UserManager userManager;

    @Context
    protected OperationContext ctx;

    @Param(name = GROUP_NAME)
    protected String groupName;

    @Param(name = "tenantId", required = false)
    protected String tenantId;

    @Param(name = GROUP_LABEL, required = false)
    protected String groupLabel;

    @Param(name = GROUP_DESCRIPTION, required = false)
    protected String groupDescription;

    @Param(name = MEMBERS, required = false)
    protected StringList members;

    @Param(name = SUB_GROUPS, required = false)
    protected StringList subGroups;

    @Param(name = PARENT_GROUPS, required = false)
    protected StringList parentGroups;

    @Param(name = "properties", required = false)
    protected Properties properties = new Properties();

    @Param(name = "mode", required = false, values = {"createOrUpdate", "create", "update"})
    protected String mode;

    @OperationMethod
    public void run() throws OperationException {
        boolean z;
        String tenantGroupName = getTenantGroupName(this.groupName, this.tenantId);
        DocumentModel groupModel = this.userManager.getGroupModel(tenantGroupName);
        if (groupModel == null) {
            if ("update".equals(this.mode)) {
                throw new OperationException("Cannot update non-existent group: " + this.groupName);
            }
            z = true;
            groupModel = this.userManager.getBareGroupModel();
            groupModel.setProperty(GROUP_SCHEMA, GROUP_NAME, tenantGroupName);
        } else {
            if ("create".equals(this.mode)) {
                throw new OperationException("Cannot create already-existing group: " + this.groupName);
            }
            z = false;
            checkCanCreateOrUpdateGroup(groupModel);
        }
        if (this.members != null) {
            groupModel.setProperty(GROUP_SCHEMA, MEMBERS, this.members);
        }
        if (this.subGroups != null) {
            groupModel.setProperty(GROUP_SCHEMA, SUB_GROUPS, this.subGroups);
        }
        if (this.parentGroups != null) {
            groupModel.setProperty(GROUP_SCHEMA, PARENT_GROUPS, this.parentGroups);
        }
        for (Map.Entry entry : Arrays.asList(new AbstractMap.SimpleEntry("tenantId", this.tenantId), new AbstractMap.SimpleEntry(GROUP_LABEL, this.groupLabel), new AbstractMap.SimpleEntry(GROUP_DESCRIPTION, this.groupDescription))) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (StringUtils.isNotBlank(str2)) {
                this.properties.put(str, str2);
            }
        }
        for (Map.Entry entry2 : this.properties.entrySet()) {
            String str3 = (String) entry2.getKey();
            String str4 = (String) entry2.getValue();
            if (str3.startsWith(GROUP_COLON)) {
                str3 = str3.substring(GROUP_COLON.length());
            }
            groupModel.setProperty(GROUP_SCHEMA, str3, str4);
        }
        checkCanCreateOrUpdateGroup(groupModel);
        if (z) {
            this.userManager.createGroup(groupModel);
        } else {
            this.userManager.updateGroup(groupModel);
        }
    }

    public static String getTenantGroupName(String str, String str2) {
        return StringUtils.isBlank(str2) ? str : BaseSession.computeMultiTenantDirectoryId(str2, str);
    }

    protected void checkCanCreateOrUpdateGroup(DocumentModel documentModel) {
        NuxeoPrincipal principal = this.ctx.getPrincipal();
        if (principal.isAdministrator()) {
            return;
        }
        if (!principal.isMemberOf(SuggestUserEntries.POWERUSERS) || !canCreateOrUpdateGroup(documentModel)) {
            throw new NuxeoException("User is not allowed to create or edit groups", 403);
        }
    }

    protected boolean canCreateOrUpdateGroup(DocumentModel documentModel) {
        Set<String> computeAllGroups = computeAllGroups(new NuxeoGroupImpl(documentModel, this.userManager.getGroupConfig()));
        List administratorsGroups = this.userManager.getAdministratorsGroups();
        Stream<String> stream = computeAllGroups.stream();
        Objects.requireNonNull(administratorsGroups);
        return stream.noneMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    protected Set<String> computeAllGroups(NuxeoGroup nuxeoGroup) {
        HashSet hashSet = new HashSet();
        LinkedList linkedList = new LinkedList();
        linkedList.add(nuxeoGroup);
        while (!linkedList.isEmpty()) {
            NuxeoGroup nuxeoGroup2 = (NuxeoGroup) linkedList.poll();
            hashSet.add(nuxeoGroup2.getName());
            Stream filter = nuxeoGroup2.getParentGroups().stream().filter(str -> {
                return !hashSet.contains(str);
            });
            UserManager userManager = this.userManager;
            Objects.requireNonNull(userManager);
            Stream map = filter.map(userManager::getGroup);
            Objects.requireNonNull(linkedList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }
}
