package org.nuxeo.ecm.automation.features;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.PermissionProvider;
import org.nuxeo.ecm.platform.usermanager.UserManager;

/* loaded from: input_file:org/nuxeo/ecm/automation/features/PrincipalHelper.class */
public class PrincipalHelper {
    protected UserManager userManager;
    protected PermissionProvider permissionProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/nuxeo/ecm/automation/features/PrincipalHelper$Collector.class */
    public interface Collector<T> {
        void collect(NuxeoPrincipal nuxeoPrincipal) throws ClientException;

        void collect(NuxeoGroup nuxeoGroup) throws ClientException;

        HashSet<T> getResult();
    }

    /* loaded from: input_file:org/nuxeo/ecm/automation/features/PrincipalHelper$EmailCollector.class */
    static class EmailCollector implements Collector<String> {
        protected final String userSchemaName;
        protected final String userEmailFieldName;
        protected HashSet<String> result = new HashSet<>();

        public EmailCollector(String str, String str2) {
            this.userSchemaName = str;
            this.userEmailFieldName = str2;
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoPrincipal nuxeoPrincipal) throws ClientException {
            if (nuxeoPrincipal == null) {
                return;
            }
            String str = (String) nuxeoPrincipal.getModel().getProperty(this.userSchemaName, this.userEmailFieldName);
            if (StringUtils.isEmpty(str)) {
                return;
            }
            this.result.add(str);
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoGroup nuxeoGroup) throws ClientException {
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public HashSet<String> getResult() {
            return this.result;
        }
    }

    /* loaded from: input_file:org/nuxeo/ecm/automation/features/PrincipalHelper$IdCollector.class */
    static class IdCollector implements Collector<String> {
        protected final boolean prefixIds;
        protected HashSet<String> result = new HashSet<>();

        public IdCollector(boolean z) {
            this.prefixIds = z;
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoPrincipal nuxeoPrincipal) throws ClientException {
            String name;
            if (nuxeoPrincipal == null || (name = nuxeoPrincipal.getName()) == null) {
                return;
            }
            if (this.prefixIds) {
                this.result.add("user:" + name);
            } else {
                this.result.add(name);
            }
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoGroup nuxeoGroup) throws ClientException {
            String name;
            if (nuxeoGroup == null || (name = nuxeoGroup.getName()) == null) {
                return;
            }
            if (this.prefixIds) {
                this.result.add("group:" + name);
            } else {
                this.result.add(name);
            }
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public HashSet<String> getResult() {
            return this.result;
        }
    }

    /* loaded from: input_file:org/nuxeo/ecm/automation/features/PrincipalHelper$PrincipalCollector.class */
    static class PrincipalCollector implements Collector<NuxeoPrincipal> {
        protected HashSet<NuxeoPrincipal> result = new HashSet<>();

        PrincipalCollector() {
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoPrincipal nuxeoPrincipal) throws ClientException {
            if (nuxeoPrincipal == null) {
                return;
            }
            this.result.add(nuxeoPrincipal);
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public void collect(NuxeoGroup nuxeoGroup) throws ClientException {
        }

        @Override // org.nuxeo.ecm.automation.features.PrincipalHelper.Collector
        public HashSet<NuxeoPrincipal> getResult() {
            return this.result;
        }
    }

    public PrincipalHelper(UserManager userManager, PermissionProvider permissionProvider) {
        this.userManager = userManager;
        this.permissionProvider = permissionProvider;
    }

    public Set<String> getEmailsForPermission(DocumentModel documentModel, String str, boolean z) throws ClientException {
        return collectObjectsMatchingPermission(documentModel, str, z, true, new EmailCollector(this.userManager.getUserSchemaName(), this.userManager.getUserEmailField()));
    }

    public Set<String> getUserAndGroupIdsForPermission(DocumentModel documentModel, String str, boolean z, boolean z2, boolean z3) throws ClientException {
        return collectObjectsMatchingPermission(documentModel, str, z, z2, new IdCollector(z3));
    }

    public Set<NuxeoPrincipal> getPrincipalsForPermission(DocumentModel documentModel, String str, boolean z, boolean z2) throws ClientException {
        return collectObjectsMatchingPermission(documentModel, str, z, z2, new PrincipalCollector());
    }

    public HashSet<?> collectObjectsMatchingPermission(DocumentModel documentModel, String str, boolean z, boolean z2, Collector<?> collector) throws ClientException {
        String[] permissionsToCheck = getPermissionsToCheck(str);
        for (ACL acl : documentModel.getACP().getACLs()) {
            for (ACE ace : acl.getACEs()) {
                if (ace.isGranted() && permissionMatch(permissionsToCheck, ace.getPermission())) {
                    NuxeoGroup group = this.userManager.getGroup(ace.getUsername());
                    if (group == null) {
                        collector.collect(this.userManager.getPrincipal(ace.getUsername()));
                    } else if (!z) {
                        if (z2) {
                            resolveGroups(group, collector);
                        } else {
                            collector.collect(group);
                        }
                    }
                }
            }
        }
        return collector.getResult();
    }

    public void resolveGroups(NuxeoGroup nuxeoGroup, Collector<?> collector) throws ClientException {
        if (nuxeoGroup != null) {
            Iterator it = nuxeoGroup.getMemberUsers().iterator();
            while (it.hasNext()) {
                collector.collect(this.userManager.getPrincipal((String) it.next()));
            }
            Iterator it2 = nuxeoGroup.getMemberGroups().iterator();
            while (it2.hasNext()) {
                resolveGroups(this.userManager.getGroup((String) it2.next()), collector);
            }
        }
    }

    public String[] getPermissionsToCheck(String str) {
        String[] permissionGroups = this.permissionProvider.getPermissionGroups(str);
        if (permissionGroups == null) {
            return new String[]{str, "Everything"};
        }
        String[] strArr = new String[permissionGroups.length + 2];
        strArr[0] = str;
        System.arraycopy(permissionGroups, 0, strArr, 1, permissionGroups.length);
        strArr[permissionGroups.length + 1] = "Everything";
        return strArr;
    }

    public boolean permissionMatch(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }
}
