package org.jahia.modules.graphql.provider.dxm.acl.service;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.ItemNotFoundException;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import org.jahia.services.content.JCRContentUtils;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.decorator.JCRSiteNode;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {JahiaAclService.class}, immediate = true)
/* loaded from: input_file:org/jahia/modules/graphql/provider/dxm/acl/service/JahiaAclServiceImpl.class */
public class JahiaAclServiceImpl implements JahiaAclService {

    @Reference
    private JahiaUserManagerService userService;

    @Reference
    private JahiaGroupManagerService groupService;
    public static final String JCR_ROLEGROUP_TYPE = "j:roleGroup";
    public static final String JCR_ROLE_DEPENDENCIES_TYPE = "j:dependencies";
    public static final String REMOVE = "REMOVE";

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public List<JahiaAclRole> getRoles() throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        NodeIterator execQuery = execQuery("select * from [jnt:role] as r where isdescendantnode(r,['/roles'])");
        while (execQuery.hasNext()) {
            JahiaAclRole jahiaAclRole = new JahiaAclRole((JCRNodeWrapper) execQuery.next());
            if (!jahiaAclRole.isHidden() && !jahiaAclRole.isPrivileged()) {
                arrayList.add(jahiaAclRole);
            }
        }
        return arrayList;
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public JahiaAclRole getRole(String str) throws RepositoryException {
        NodeIterator execQuery = execQuery("select * from [jnt:role] as r where localname()='" + JCRContentUtils.sqlEncode(str) + "' and isdescendantnode(r,['/roles'])");
        if (execQuery.hasNext()) {
            return new JahiaAclRole((JCRNodeWrapper) execQuery.next());
        }
        return null;
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public boolean grantRoles(JCRNodeWrapper jCRNodeWrapper, String str, List<String> list) throws RepositoryException {
        if (!isValidPrincipal(jCRNodeWrapper, str)) {
            throw new ItemNotFoundException("Invalid user");
        }
        HashMap hashMap = new HashMap(list.size());
        boolean aclInheritanceBreak = jCRNodeWrapper.getAclInheritanceBreak();
        for (String str2 : list) {
            hashMap.put(str2, (aclInheritanceBreak || !hasInheritedPermission(jCRNodeWrapper, str, str2)) ? "GRANT" : REMOVE);
        }
        return jCRNodeWrapper.changeRoles(str, hashMap);
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public boolean revokeRoles(JCRNodeWrapper jCRNodeWrapper, String str, List<String> list) throws RepositoryException {
        HashMap hashMap = new HashMap(list.size());
        boolean aclInheritanceBreak = jCRNodeWrapper.getAclInheritanceBreak();
        for (String str2 : list) {
            hashMap.put(str2, (aclInheritanceBreak || hasInheritedPermission(jCRNodeWrapper, str, str2)) ? "DENY" : REMOVE);
        }
        return jCRNodeWrapper.changeRoles(str, hashMap);
    }

    private boolean isValidPrincipal(JCRNodeWrapper jCRNodeWrapper, String str) throws RepositoryException {
        String str2 = null;
        JCRSiteNode resolveSite = jCRNodeWrapper.getResolveSite();
        if (resolveSite != null) {
            str2 = resolveSite.getSiteKey();
        }
        String[] split = str.split(":");
        boolean z = false;
        if ("u".equals(split[0])) {
            z = this.userService.lookupUser(split[1], str2) != null;
        } else if ("g".equals(split[0])) {
            z = this.groupService.lookupGroup(str2, split[1]) != null;
        }
        return z;
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public boolean hasInheritedPermission(JCRNodeWrapper jCRNodeWrapper, String str, String str2) {
        return getAclEntries(jCRNodeWrapper, str).stream().anyMatch(jahiaAclEntry -> {
            return str2.equals(jahiaAclEntry.getRoleName()) && jahiaAclEntry.isGrantType() && jahiaAclEntry.isInherited();
        });
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public List<JahiaAclEntry> getAclEntries(JCRNodeWrapper jCRNodeWrapper, String str) {
        ArrayList arrayList = new ArrayList();
        Map aclEntries = jCRNodeWrapper.getAclEntries();
        if (aclEntries == null) {
            return arrayList;
        }
        List list = (List) aclEntries.get(str);
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new JahiaAclEntry(jCRNodeWrapper, str, (String[]) it.next()));
        }
        return arrayList;
    }

    @Override // org.jahia.modules.graphql.provider.dxm.acl.service.JahiaAclService
    public List<JahiaAclEntry> getAclEntries(JCRNodeWrapper jCRNodeWrapper) {
        ArrayList arrayList = new ArrayList();
        Map aclEntries = jCRNodeWrapper.getAclEntries();
        if (aclEntries == null) {
            return arrayList;
        }
        for (Map.Entry entry : aclEntries.entrySet()) {
            String str = (String) entry.getKey();
            Iterator it = ((List) entry.getValue()).iterator();
            while (it.hasNext()) {
                arrayList.add(new JahiaAclEntry(jCRNodeWrapper, str, (String[]) it.next()));
            }
        }
        return arrayList;
    }

    private NodeIterator execQuery(String str) throws RepositoryException {
        return JCRSessionFactory.getInstance().getCurrentUserSession("default").getWorkspace().getQueryManager().createQuery(str, "JCR-SQL2").execute().getNodes();
    }
}
