package fr.toutatice.ecm.platform.automation;

import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.automation.core.annotations.Context;
import org.nuxeo.ecm.automation.core.annotations.Operation;
import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
import org.nuxeo.ecm.automation.core.annotations.Param;
import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;

@Operation(id = SetDocumentACL.ID, category = "Document", label = "Set complete ACL", description = "Set the complete Acces Control List on the input document(s). Parameters: 'acl' is the name of the access control list to set ('local' as default). Set 'break' to true if you want to break rights inheritance. 'entries' must respect the format '<principal>:<permission>:<grant>,<principal>:<permission>:<grant>,...'. . As default, the ACL list is overwritten. Returns the document(s).")
/* loaded from: input_file:fr/toutatice/ecm/platform/automation/SetDocumentACL.class */
public class SetDocumentACL {
    private static final Log log = LogFactory.getLog(SetDocumentACL.class);
    public static final String ID = "Document.SetACL";
    public static final String ACE_DELIMITER = ",";
    public static final String VALUE_DELIMITER = ":";

    @Context
    protected CoreSession session;

    @Param(name = "entries")
    protected String entries;

    @Param(name = "acl", required = false, values = {"local"})
    String aclName = "local";

    @Param(name = "overwrite", required = false, values = {"false,true"})
    boolean doOverwrite = true;

    @Param(name = "break", required = false, values = {"false,true"})
    boolean doBreakInheritance = false;

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentModel documentModel) throws Exception {
        setACE(documentModel.getRef());
        return this.session.getDocument(documentModel.getRef());
    }

    @OperationMethod(collector = DocumentModelCollector.class)
    public DocumentModel run(DocumentRef documentRef) throws Exception {
        setACE(documentRef);
        return this.session.getDocument(documentRef);
    }

    protected void setACE(DocumentRef documentRef) throws ClientException {
        List<ACE>[] slurpACEs = slurpACEs(this.entries);
        ACP acp = this.session.getACP(documentRef);
        ACL acl = (ACLImpl) acp.getACL(this.aclName);
        if (acl == null || this.doOverwrite) {
            acl = new ACLImpl(this.aclName);
            acl.addAll(slurpACEs[0]);
        } else {
            for (ACE ace : slurpACEs[0]) {
                if (!acl.contains(ace)) {
                    acl.add(0, ace);
                }
            }
        }
        acl.removeAll(slurpACEs[1]);
        acp.addACL(acl);
        this.session.setACP(documentRef, acp, this.doOverwrite);
    }

    private List<ACE>[] slurpACEs(String str) {
        ArrayList[] arrayListArr = new ArrayList[2];
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ACE_DELIMITER);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            Matcher matcher = Pattern.compile("^(.+?):(.+?):(.+?)$").matcher(nextToken);
            if (matcher.find()) {
                String group = matcher.group(1);
                String group2 = matcher.group(2);
                boolean parseBoolean = Boolean.parseBoolean(matcher.group(3));
                ACE ace = new ACE(group, group2, true);
                if (parseBoolean) {
                    arrayList.add(ace);
                } else {
                    arrayList2.add(ace);
                }
            } else {
                log.warn("ACE doesn't respect the format <principal>:<permission>:<grant>, entry='" + nextToken + "'");
            }
        }
        if (this.doBreakInheritance) {
            arrayList.add(new ACE("Everyone", "Everything", false));
        }
        arrayListArr[0] = arrayList;
        arrayListArr[1] = arrayList2;
        return arrayListArr;
    }
}
