package org.jahia.modules.forms.api.impl.builder;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.jcr.NodeIterator;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.jahia.modules.forms.api.impl.AbstractResource;
import org.jahia.modules.forms.api.impl.live.FormSubmission;
import org.jahia.modules.forms.api.subresources.FormLive;
import org.jahia.services.content.JCRCallback;
import org.jahia.services.content.JCRContentUtils;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.JCRTemplate;
import org.json.JSONArray;
import org.json.JSONException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:forms-core-3.8.0.jar:org/jahia/modules/forms/api/impl/builder/FormRoleManager.class */
public class FormRoleManager extends AbstractResource {
    private static final Logger logger = LoggerFactory.getLogger(FormRoleManager.class);
    public static final String PRINCIPAL_OBJECT_KEY = "principals";
    public static final String SINGLE_FORM_ACCESSOR_ROLE = "single-form-accessor";
    public static final String SINGLE_FORM_RESULTS_ACCESSOR_ROLE = "single-form-results-accessor";
    private static final String SINGLE_FORM_EDITOR_ROLE = "single-form-editor";
    private static final String SINGLE_FORM_RESULTS_VIEWER_ROLE = "single-form-results-viewer";
    private static final String ACCESS_CONTROLLED = "jmix:accessControlled";
    private static final String ACL_NODE = "j:acl";
    private static final String J_ROLES = "j:roles";
    private JCRNodeWrapper currentForm;
    private JCRNodeWrapper currentSite;

    public FormRoleManager(JCRTemplate jCRTemplate) {
        super(jCRTemplate, logger);
    }

    public void grantEditRoles(JSONArray jSONArray, String str, String str2) throws RepositoryException, JSONException {
        hasEditorPermission(str2, str);
        grantRoles(jSONArray, str, str2, SINGLE_FORM_EDITOR_ROLE, SINGLE_FORM_ACCESSOR_ROLE);
    }

    public void grantResultsRoles(JSONArray jSONArray, String str, String str2) throws RepositoryException, JSONException {
        hasEditorOrResultsPermission(str2, str);
        grantRoles(jSONArray, str, str2, SINGLE_FORM_RESULTS_VIEWER_ROLE, SINGLE_FORM_RESULTS_ACCESSOR_ROLE);
    }

    public void revokeEditRoles(JSONArray jSONArray, String str, String str2) throws RepositoryException, JSONException {
        hasEditorPermission(str2, str);
        revokeRoles(jSONArray, str, str2, SINGLE_FORM_EDITOR_ROLE, SINGLE_FORM_ACCESSOR_ROLE);
    }

    public void revokeResultsRoles(JSONArray jSONArray, String str, String str2) throws RepositoryException, JSONException {
        hasEditorPermission(str2, str);
        revokeRoles(jSONArray, str, str2, SINGLE_FORM_RESULTS_VIEWER_ROLE, SINGLE_FORM_RESULTS_ACCESSOR_ROLE);
    }

    public static void updateACLs(JCRSessionWrapper jCRSessionWrapper, JCRNodeWrapper jCRNodeWrapper, JCRNodeWrapper jCRNodeWrapper2) throws RepositoryException {
        synchronized (FormSubmission.logger) {
            addAclMixinIfNeedBe(jCRNodeWrapper);
            Iterator it = JCRContentUtils.getChildrenOfType(jCRNodeWrapper2, "jnt:acl").iterator();
            while (it.hasNext()) {
                copy((JCRNodeWrapper) it.next(), jCRNodeWrapper);
            }
            jCRSessionWrapper.save();
        }
    }

    private static void addAclMixinIfNeedBe(JCRNodeWrapper jCRNodeWrapper) throws RepositoryException {
        if (JCRContentUtils.isNodeType(jCRNodeWrapper, ACCESS_CONTROLLED)) {
            return;
        }
        jCRNodeWrapper.addMixin(ACCESS_CONTROLLED);
    }

    private static void copy(JCRNodeWrapper jCRNodeWrapper, JCRNodeWrapper jCRNodeWrapper2) throws RepositoryException {
        if (jCRNodeWrapper2.hasNode(jCRNodeWrapper.getName())) {
            jCRNodeWrapper2.getNode(jCRNodeWrapper.getName()).remove();
        }
        JCRNodeWrapper addNode = jCRNodeWrapper2.addNode(jCRNodeWrapper.getName(), jCRNodeWrapper.getPrimaryNodeType().getName());
        if (jCRNodeWrapper.getPrimaryNodeType().getName().equals("jnt:ace")) {
            PropertyIterator properties = jCRNodeWrapper.getProperties();
            while (properties.hasNext()) {
                Property nextProperty = properties.nextProperty();
                if (!nextProperty.getName().equals("jcr:primaryType") && !nextProperty.getName().equals("jcr:uuid")) {
                    if (nextProperty.isMultiple()) {
                        addNode.setProperty(nextProperty.getName(), nextProperty.getValues());
                    } else {
                        addNode.setProperty(nextProperty.getName(), nextProperty.getValue());
                    }
                }
            }
        }
        Iterator it = JCRContentUtils.getChildrenOfType(jCRNodeWrapper, "jnt:ace").iterator();
        while (it.hasNext()) {
            copy((JCRNodeWrapper) it.next(), addNode);
        }
    }

    private void grantRoles(JSONArray jSONArray, String str, String str2, final String str3, String str4) throws RepositoryException, JSONException {
        JCRSessionWrapper defaultSession = getDefaultSession(str2);
        assignCurrentNodes(defaultSession, str);
        addAclMixinIfNeedBe(this.currentForm);
        for (int i = 0; i < jSONArray.length(); i++) {
            final String string = jSONArray.getString(i);
            if (str3 != null) {
                if (this.currentSite.hasPermission("jcr:all_live")) {
                    this.currentSite.grantRoles(string, Collections.singleton(str3));
                } else if (this.currentSite.hasPermission(AbstractResource.FORM_FACTORY_RESULTS)) {
                    this.jcrTemplate.doExecuteWithSystemSessionAsUser(defaultSession.getUser(), FormLive.MAPPING, defaultSession.getLocale(), new JCRCallback<Object>() { // from class: org.jahia.modules.forms.api.impl.builder.FormRoleManager.1
                        public Object doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                            jCRSessionWrapper.getNode(FormRoleManager.this.currentSite.getPath()).grantRoles(string, Collections.singleton(str3));
                            return null;
                        }
                    });
                }
            }
            if (str4 != null) {
                this.currentForm.grantRoles(string, Collections.singleton(str4));
            }
        }
        defaultSession.save();
        updateResultsNode(str, str2);
    }

    private void revokeRoles(JSONArray jSONArray, String str, String str2, String str3, String str4) throws RepositoryException, JSONException {
        JCRSessionWrapper defaultSession = getDefaultSession(str2);
        assignCurrentNodes(defaultSession, str);
        for (int i = 0; i < jSONArray.length(); i++) {
            if (str3 != null && numberOfFormsAccessibleWithRole(defaultSession, jSONArray.getString(i), str4) <= 1) {
                revokeRole(this.currentSite, jSONArray.getString(i), str3);
            }
            if (str4 != null) {
                revokeRole(this.currentForm, jSONArray.getString(i), str4);
            }
        }
        defaultSession.save();
        updateResultsNode(str, str2);
    }

    private void revokeRole(JCRNodeWrapper jCRNodeWrapper, String str, String str2) throws RepositoryException {
        if (jCRNodeWrapper.hasNode(ACL_NODE)) {
            for (JCRNodeWrapper jCRNodeWrapper2 : (List) JCRContentUtils.getChildrenOfType(jCRNodeWrapper.getNode(ACL_NODE), "jnt:ace").stream().filter(jCRNodeWrapper3 -> {
                return str.equals(jCRNodeWrapper3.getPropertyAsString("j:principal"));
            }).collect(Collectors.toList())) {
                if (jCRNodeWrapper2.hasProperty(J_ROLES)) {
                    Value[] valueArr = (Value[]) Arrays.stream(jCRNodeWrapper2.getProperty(J_ROLES).getValues()).filter(jCRValueWrapper -> {
                        try {
                            return !str2.equals(jCRValueWrapper.getString());
                        } catch (RepositoryException e) {
                            logger.error("Error reading value from j:roles", e);
                            return false;
                        }
                    }).toArray(i -> {
                        return new Value[i];
                    });
                    if (valueArr.length == 0) {
                        jCRNodeWrapper2.remove();
                    } else {
                        jCRNodeWrapper2.setProperty(J_ROLES, valueArr);
                    }
                }
            }
        }
    }

    private void assignCurrentNodes(JCRSessionWrapper jCRSessionWrapper, String str) throws RepositoryException {
        this.currentForm = jCRSessionWrapper.getNodeByIdentifier(str);
        this.currentSite = jCRSessionWrapper.getNode("/sites/" + JCRContentUtils.getSiteKey(this.currentForm.getPath()));
    }

    private void updateResultsNode(String str, String str2) throws RepositoryException {
        JCRSessionWrapper liveSession = getLiveSession(str2);
        NodeIterator nodes = liveSession.getWorkspace().getQueryManager().createQuery("SELECT * FROM [fcnt:formResults] AS child WHERE child.[parentForm] = '" + str + "'", "JCR-SQL2").execute().getNodes();
        if (nodes.hasNext()) {
            updateACLs(liveSession, nodes.nextNode(), this.currentForm);
        }
    }

    private int numberOfFormsAccessibleWithRole(JCRSessionWrapper jCRSessionWrapper, String str, String str2) throws RepositoryException {
        NodeIterator nodes = jCRSessionWrapper.getWorkspace().getQueryManager().createQuery("SELECT * FROM [jnt:ace] as ace WHERE ISDESCENDANTNODE(ace, '" + this.currentSite.getPath() + "/formFactory/forms') AND ace.[j:principal] = '" + str + "'", "JCR-SQL2").execute().getNodes();
        int i = 0;
        while (nodes.hasNext()) {
            if (Arrays.stream(nodes.nextNode().getProperty(J_ROLES).getValues()).anyMatch(jCRValueWrapper -> {
                try {
                    return str2.equals(jCRValueWrapper.getString());
                } catch (RepositoryException e) {
                    logger.error("Error reading value from j:roles", e);
                    return false;
                }
            })) {
                i++;
            }
        }
        return i;
    }
}
