package org.jboss.portal.cms.impl.jcr.command;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.jboss.portal.cms.CMSException;
import org.jboss.portal.cms.impl.jcr.JCRCommand;
import org.jboss.portal.cms.impl.jcr.composite.NewFileCommand;
import org.jboss.portal.cms.impl.jcr.composite.UpdateFileCommand;
import org.jboss.portal.cms.security.AuthorizationManager;
import org.jboss.portal.cms.security.Criteria;
import org.jboss.portal.cms.security.Permission;
import org.jboss.portal.cms.security.PortalCMSSecurityContext;
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.cms.workflow.ApprovePublish;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.User;

/* loaded from: input_file:org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.class */
public class ACLEnforcer {
    private Map<Type, List<String>> aclCommands = new HashMap();
    private AuthorizationManager authorizationManager;

    /* renamed from: org.jboss.portal.cms.impl.jcr.command.ACLEnforcer$1, reason: invalid class name */
    /* loaded from: input_file:org/jboss/portal/cms/impl/jcr/command/ACLEnforcer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$jboss$portal$cms$impl$jcr$command$ACLEnforcer$Type = new int[Type.values().length];

        static {
            try {
                $SwitchMap$org$jboss$portal$cms$impl$jcr$command$ACLEnforcer$Type[Type.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jboss$portal$cms$impl$jcr$command$ACLEnforcer$Type[Type.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$jboss$portal$cms$impl$jcr$command$ACLEnforcer$Type[Type.MANAGE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/jboss/portal/cms/impl/jcr/command/ACLEnforcer$Type.class */
    public enum Type {
        READ,
        WRITE,
        MANAGE,
        UNKNOWN
    }

    public ACLEnforcer(AuthorizationManager authorizationManager) {
        this.authorizationManager = null;
        this.authorizationManager = authorizationManager;
        addACLCommand(Type.READ, "org.jboss.portal.cms.impl.jcr.command.FolderGetListCommand");
        addACLCommand(Type.READ, "org.jboss.portal.cms.impl.jcr.command.FolderGetCommand");
        addACLCommand(Type.READ, "org.jboss.portal.cms.impl.jcr.command.FileGetListCommand");
        addACLCommand(Type.READ, "org.jboss.portal.cms.impl.jcr.command.FileGetCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.command.ContentCreateCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.command.FileCreateCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.command.FolderCreateCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.command.FileUpdateCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.command.StoreArchiveCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.composite.NewFileCommand");
        addACLCommand(Type.WRITE, "org.jboss.portal.cms.impl.jcr.composite.UpdateFileCommand");
        addACLCommand(Type.MANAGE, "org.jboss.portal.cms.impl.jcr.command.CopyCommand");
        addACLCommand(Type.MANAGE, "org.jboss.portal.cms.impl.jcr.command.DeleteCommand");
        addACLCommand(Type.MANAGE, "org.jboss.portal.cms.impl.jcr.command.MoveCommand");
    }

    protected void addACLCommand(Type type, String str) {
        if (type == null || type == Type.UNKNOWN) {
            throw new IllegalArgumentException("Type cannot be null or of type UNKNOWN");
        }
        List<String> list = this.aclCommands.get(type);
        if (list == null) {
            list = new ArrayList();
        }
        list.add(str);
        this.aclCommands.put(type, list);
    }

    public boolean hasAccess(PortalCMSSecurityContext portalCMSSecurityContext) {
        boolean z = true;
        User user = (User) portalCMSSecurityContext.getIdentity();
        JCRCommand jCRCommand = (JCRCommand) portalCMSSecurityContext.getAttribute("command");
        Type type = Type.UNKNOWN;
        if (jCRCommand != null) {
            type = getActionType(jCRCommand);
        }
        switch (AnonymousClass1.$SwitchMap$org$jboss$portal$cms$impl$jcr$command$ACLEnforcer$Type[type.ordinal()]) {
            case CMSException.INVALID_ARCHIVE /* 1 */:
                z = hasReadAccess(user, jCRCommand);
                break;
            case 2:
                z = hasWriteAccess(user, jCRCommand);
                break;
            case 3:
                z = hasManageAccess(user, jCRCommand);
                break;
            default:
                if (portalCMSSecurityContext.getAttribute("applyFilter") == null) {
                    if (portalCMSSecurityContext.getAttribute("path") == null) {
                        if (portalCMSSecurityContext.getAttribute("manageWorkflow") != null) {
                            z = computeWorkflowManagementAccess(user, ((ApprovePublish) portalCMSSecurityContext.getAttribute("approvePublish")).getManagers());
                            break;
                        }
                    } else {
                        z = computeAccess(user, (String) portalCMSSecurityContext.getAttribute("path"), "read");
                        break;
                    }
                } else {
                    String str = (String) portalCMSSecurityContext.getAttribute("applyFilter");
                    if (!((Boolean) portalCMSSecurityContext.getAttribute("isFolder")).booleanValue()) {
                        z = hasWriteAccess(user, str);
                        break;
                    } else {
                        z = hasReadAccess(user, str);
                        break;
                    }
                }
                break;
        }
        return z;
    }

    private Type getActionType(JCRCommand jCRCommand) {
        for (Type type : Type.values()) {
            List<String> list = this.aclCommands.get(type);
            if (list != null && list.contains(jCRCommand.getClass().getName())) {
                return type;
            }
        }
        return Type.UNKNOWN;
    }

    protected boolean hasReadAccess(User user, JCRCommand jCRCommand) {
        boolean z = false;
        String str = null;
        if (jCRCommand instanceof FolderGetListCommand) {
            str = ((FolderGetListCommand) jCRCommand).sFolderPath;
        } else if (jCRCommand instanceof FolderGetCommand) {
            str = ((FolderGetCommand) jCRCommand).msPath;
        } else if (jCRCommand instanceof FileGetCommand) {
            str = ((FileGetCommand) jCRCommand).path;
        } else if (jCRCommand instanceof FileGetListCommand) {
            str = ((FileGetListCommand) jCRCommand).sFilePath;
        }
        if (str != null) {
            z = hasReadAccess(user, str);
        }
        return z;
    }

    protected boolean hasReadAccess(User user, String str) {
        boolean computeAccess = computeAccess(user, str, "read");
        if (!computeAccess) {
            computeAccess = computeAccess(user, str, "write");
            if (!computeAccess) {
                computeAccess = computeAccess(user, str, "manage");
            }
        }
        return computeAccess;
    }

    protected boolean hasWriteAccess(User user, JCRCommand jCRCommand) {
        boolean z = false;
        String str = null;
        if (jCRCommand instanceof ContentCreateCommand) {
            str = ((ContentCreateCommand) jCRCommand).mFile.getBasePath();
        } else if (jCRCommand instanceof FileCreateCommand) {
            str = ((FileCreateCommand) jCRCommand).mFile.getBasePath();
        } else if (jCRCommand instanceof FolderCreateCommand) {
            try {
                str = NodeUtil.getParentPath(((FolderCreateCommand) jCRCommand).mFolder.getBasePath());
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else if (jCRCommand instanceof FileUpdateCommand) {
            str = ((FileUpdateCommand) jCRCommand).mFile.getBasePath();
        } else if (jCRCommand instanceof StoreArchiveCommand) {
            str = ((StoreArchiveCommand) jCRCommand).msRootPath;
        } else if (jCRCommand instanceof NewFileCommand) {
            try {
                str = NodeUtil.getParentPath(((NewFileCommand) jCRCommand).getPath());
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        } else if (jCRCommand instanceof UpdateFileCommand) {
            str = ((UpdateFileCommand) jCRCommand).getPath();
        }
        if (str != null) {
            z = computeAccess(user, str, "write");
            if (!z) {
                z = computeAccess(user, str, "manage");
            }
        }
        return z;
    }

    protected boolean hasWriteAccess(User user, String str) {
        boolean computeAccess = computeAccess(user, str, "write");
        if (!computeAccess) {
            computeAccess = computeAccess(user, str, "manage");
        }
        return computeAccess;
    }

    protected boolean hasManageAccess(User user, JCRCommand jCRCommand) {
        boolean z = false;
        if (jCRCommand instanceof CopyCommand) {
            z = computeAccess(user, ((CopyCommand) jCRCommand).msFromPath, "manage");
            if (z) {
                z = computeAccess(user, ((CopyCommand) jCRCommand).msToPath, "manage");
            }
        } else if (jCRCommand instanceof DeleteCommand) {
            z = computeAccess(user, ((DeleteCommand) jCRCommand).msPath, "manage");
        } else if (jCRCommand instanceof MoveCommand) {
            z = computeAccess(user, ((MoveCommand) jCRCommand).msFromPath, "manage");
            if (z) {
                z = computeAccess(user, ((MoveCommand) jCRCommand).msToPath, "manage");
            }
        }
        return z;
    }

    protected boolean computeAccess(User user, String str, String str2) {
        boolean z = false;
        User root = this.authorizationManager.getProvider().getRoot();
        if (user != null && user.getUserName() != null && user.getUserName().equals(root.getUserName())) {
            return true;
        }
        Collection<Permission> permissions = getPermissions(user);
        Collection<Permission> permissions2 = getPermissions(str);
        for (Permission permission : permissions2) {
            if (permission.getService().equals("cms") && permission.getAction().equals(str2)) {
                for (Permission permission2 : permissions) {
                    if (permission2.getService().equals("cms") && permission2.getAction().equals(str2) && permission2.findCriteriaValue("path").equals(str)) {
                        z = true;
                    }
                }
            }
        }
        if (permissions2 != null && !permissions2.isEmpty()) {
            return z;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, NodeUtil.PATH_SEPARATOR);
        StringBuffer stringBuffer = new StringBuffer(NodeUtil.PATH_SEPARATOR);
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add(new String(stringBuffer.toString()));
        while (stringTokenizer.hasMoreTokens()) {
            stringBuffer.append(stringTokenizer.nextToken());
            arrayList.add(stringBuffer.toString());
            if (stringTokenizer.hasMoreTokens()) {
                stringBuffer.append(NodeUtil.PATH_SEPARATOR);
            }
        }
        boolean z2 = false;
        for (String str3 : arrayList) {
            Collection<Permission> permissions3 = getPermissions(str3);
            if (permissions3 != null && !permissions3.isEmpty()) {
                z2 = true;
                boolean z3 = false;
                for (Permission permission3 : permissions3) {
                    if (permission3.getService().equals("cms") && permission3.getAction().equals(str2)) {
                        for (Permission permission4 : permissions) {
                            if (permission4.getService().equals("cms") && isActionImplied(permission4.getAction(), str2) && permission4.findCriteriaValue("path").equals(str3)) {
                                z3 = true;
                            }
                        }
                    }
                    if (z3) {
                        break;
                    }
                }
                if (!z3) {
                    return false;
                }
            }
        }
        return z2;
    }

    private boolean computeWorkflowManagementAccess(User user, Set set) {
        if (set == null || set.isEmpty()) {
            return false;
        }
        try {
            boolean z = false;
            Set roles = this.authorizationManager.getProvider().getMembershipModule().getRoles(user);
            if (roles != null) {
                Iterator it = roles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (set.contains(((Role) it.next()).getName())) {
                        z = true;
                        break;
                    }
                }
            }
            return z;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Collection getPermissions(User user) {
        Set securityBindings;
        if (user != null) {
            securityBindings = this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getUserURI(user.getUserName()));
        } else {
            securityBindings = this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getRoleURI(AuthorizationManager.Anonymous));
        }
        return securityBindings;
    }

    private Collection getPermissions(String str) {
        Criteria criteria = new Criteria("path", str);
        return this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getCriteriaURI(criteria.getName(), criteria.getValue()));
    }

    private boolean isActionImplied(String str, String str2) {
        boolean z = false;
        if (str2.equalsIgnoreCase("read")) {
            if (str.equalsIgnoreCase("read") || str.equalsIgnoreCase("write") || str.equalsIgnoreCase("manage")) {
                z = true;
            }
        } else if (str2.equalsIgnoreCase("write")) {
            if (str.equalsIgnoreCase("write") || str.equalsIgnoreCase("manage")) {
                z = true;
            }
        } else if (str2.equalsIgnoreCase("manage") && str.equalsIgnoreCase("manage")) {
            z = true;
        }
        return z;
    }
}
