package fr.edu.lyon.nuxeo.operation;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.automation.OperationContext;
import org.nuxeo.ecm.automation.core.annotations.Context;
import org.nuxeo.ecm.automation.core.annotations.Operation;
import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
import org.nuxeo.ecm.automation.core.annotations.Param;
import org.nuxeo.ecm.automation.core.collectors.DocumentModelListCollector;
import org.nuxeo.ecm.automation.core.util.StringList;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.DocumentRef;
import org.nuxeo.ecm.core.api.DocumentSecurityException;
import org.nuxeo.ecm.core.api.UnrestrictedSessionRunner;
import org.nuxeo.ecm.core.api.impl.DocumentModelListImpl;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;

@Operation(id = UnrestrictedDiffusion.ID, category = "Document", label = "Diffuse document", description = "Publie le(s) document(s) du contexte d'entrée dans un ensemble de sections. le 'diffuseur' doit posséder une permission (passée en paramètre) sur le(s) document(s) source(s) ; les cibles peuvent être renseignées de le même façon que dans l'opération MultiPublishDocument... L'opération retourne tous les proxies du document en entrée")
/* loaded from: input_file:fr/edu/lyon/nuxeo/operation/UnrestrictedDiffusion.class */
public class UnrestrictedDiffusion {
    public static final String ID = "Document.UnrestrictedDiffusion";
    private static Log log = LogFactory.getLog(UnrestrictedDiffusion.class);

    @Context
    private CoreSession session;

    @Param(name = "operationPermissions", required = true)
    private StringList operationPermissions;

    @Param(name = "target")
    protected DocumentModelList targets;

    @Param(name = "override", required = false, values = {"true"})
    protected boolean override = true;

    @Param(name = "rightGroups", required = false)
    protected StringList rightGroups;

    @Context
    protected OperationContext ctx;

    /* loaded from: input_file:fr/edu/lyon/nuxeo/operation/UnrestrictedDiffusion$UnrestrictedPublisher.class */
    private class UnrestrictedPublisher extends UnrestrictedSessionRunner {
        DocumentModel docToPublish;
        Principal principal;
        DocumentModelList proxies;
        List<String> errors;

        public UnrestrictedPublisher(CoreSession coreSession, Principal principal, DocumentModel documentModel, DocumentModelList documentModelList) {
            super(coreSession);
            this.docToPublish = documentModel;
            this.principal = principal;
        }

        public void run() throws ClientException {
            checkPermission(this.docToPublish, "Read");
            this.errors = new ArrayList();
            this.proxies = new DocumentModelListImpl();
            for (DocumentModel documentModel : UnrestrictedDiffusion.this.targets) {
                if (checkOperationPermissions()) {
                    publishDocumentIn(documentModel);
                }
            }
            if (!this.errors.isEmpty()) {
                StringBuilder sb = new StringBuilder();
                sb.append("La diffusion dans les sections");
                Iterator<String> it = this.errors.iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    sb.append(", ");
                }
                sb.append("n'a pas été possible : privilèges insuffisant");
                UnrestrictedDiffusion.this.ctx.put("Seam.AddInfoMessage", sb.toString());
            }
            this.proxies = this.session.getProxies(this.docToPublish.getRef(), (DocumentRef) null);
            if (UnrestrictedDiffusion.this.rightGroups == null || UnrestrictedDiffusion.this.rightGroups.size() <= 0) {
                return;
            }
            setACE(this.proxies);
        }

        private final boolean checkOperationPermissions() throws ClientException {
            Iterator it = UnrestrictedDiffusion.this.operationPermissions.iterator();
            while (it.hasNext()) {
                if (this.session.hasPermission(this.docToPublish.getRef(), (String) it.next())) {
                    return true;
                }
            }
            return false;
        }

        private final void publishDocumentIn(DocumentModel documentModel) throws ClientException {
            DocumentRef ref = documentModel.getRef();
            if (this.session.hasPermission(this.principal, ref, "AddChildren")) {
                this.session.publishDocument(this.docToPublish, documentModel, UnrestrictedDiffusion.this.override);
                UnrestrictedDiffusion.log.debug("Publication de " + this.docToPublish.getPathAsString() + " dans " + documentModel.getPathAsString());
                return;
            }
            boolean z = false;
            for (DocumentModel documentModel2 : this.session.getProxies(this.docToPublish.getRef(), documentModel.getRef())) {
                if (!z && ref.equals(documentModel2.getParentRef())) {
                    z = true;
                    this.session.publishDocument(this.docToPublish, documentModel, UnrestrictedDiffusion.this.override);
                    UnrestrictedDiffusion.log.debug("Maj de la publication de " + this.docToPublish.getPathAsString() + " dans " + documentModel.getPathAsString());
                }
            }
            if (z) {
                return;
            }
            UnrestrictedDiffusion.log.warn("Le privilege 'AddChildren' n'est pas accordé à '" + this.principal.getName() + "' sur " + documentModel.getPathAsString());
            this.errors.add(documentModel.getPathAsString());
        }

        private final void checkPermission(DocumentModel documentModel, String str) throws ClientException {
            if (this.session.hasPermission(this.principal, documentModel.getRef(), str)) {
                return;
            }
            UnrestrictedDiffusion.log.error("Le privilege '" + str + "' n'est pas accordé à '" + this.principal.getName() + "' sur " + documentModel.getPathAsString());
            throw new DocumentSecurityException(String.valueOf(this.principal.getName()) + "' n'a pas les privilèges requis sur " + documentModel.getPathAsString() + " pour publier " + this.docToPublish.getPathAsString());
        }

        private final void setACE(DocumentModel documentModel, String str) throws ClientException {
            ACPImpl aCPImpl = new ACPImpl();
            ACLImpl aCLImpl = new ACLImpl("local");
            aCPImpl.addACL(aCLImpl);
            UnrestrictedDiffusion.log.debug("définition de la permission Read sur le document " + documentModel + " pour le groupe " + str);
            aCLImpl.add(new ACE(str, "Read", true));
            this.session.setACP(documentModel.getRef(), aCPImpl, false);
        }

        private final void setACE(DocumentModel documentModel) throws ClientException {
            Iterator it = UnrestrictedDiffusion.this.rightGroups.iterator();
            while (it.hasNext()) {
                setACE(documentModel, (String) it.next());
            }
        }

        private final void setACE(DocumentModelList documentModelList) throws ClientException {
            Iterator it = documentModelList.iterator();
            while (it.hasNext()) {
                setACE((DocumentModel) it.next());
            }
        }
    }

    @OperationMethod(collector = DocumentModelListCollector.class)
    public DocumentModelList run(DocumentModel documentModel) throws Exception {
        UnrestrictedPublisher unrestrictedPublisher = new UnrestrictedPublisher(this.session, this.session.getPrincipal(), documentModel, this.targets);
        unrestrictedPublisher.runUnrestricted();
        return unrestrictedPublisher.proxies;
    }
}
