package com.softmotions.ncms.asm;

import com.google.inject.Inject;
import com.softmotions.ncms.NcmsEnvironment;
import com.softmotions.web.security.WSRole;
import com.softmotions.web.security.WSUser;
import com.softmotions.web.security.WSUserDatabase;
import com.softmotions.weboot.mb.MBDAOSupport;
import com.softmotions.weboot.mb.MBSqlSessionListenerSupport;
import com.softmotions.weboot.mb.MBSqlSessionManager;
import com.softmotions.weboot.security.WBSecurityContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.map.LRUMap;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.ibatis.session.SqlSession;
import org.mybatis.guice.transactional.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/softmotions/ncms/asm/PageSecurityService.class */
public class PageSecurityService extends MBDAOSupport {
    public static final char WRITE = 'w';
    public static final char NEWS = 'n';
    public static final char DELETE = 'd';
    public static final char OWNER = 'o';
    public static final String ALL_RIGHTS_STR = "ownd";
    private final WSUserDatabase userdb;
    private final LRUMap<String, Object> aclCache;
    private final MBSqlSessionManager sessionManager;
    private final WBSecurityContext sctx;
    private static final Logger log = LoggerFactory.getLogger(PageSecurityService.class);
    public static final char[] ALL_RIGHTS = {'o', 'w', 'n', 'd'};

    /* loaded from: input_file:com/softmotions/ncms/asm/PageSecurityService$AclEntity.class */
    public static class AclEntity {
        private String user;
        private String userFullName;
        private String rights;
        private boolean recursive;

        public AclEntity(String str, String str2, String str3, boolean z) {
            this.user = str;
            this.userFullName = str2;
            this.rights = str3;
            this.recursive = z;
        }

        public String getUser() {
            return this.user;
        }

        public String getUserFullName() {
            return this.userFullName;
        }

        public String getRights() {
            return this.rights;
        }

        public boolean isRecursive() {
            return this.recursive;
        }
    }

    /* loaded from: input_file:com/softmotions/ncms/asm/PageSecurityService$UpdateMode.class */
    public enum UpdateMode {
        ADD,
        REMOVE,
        REPLACE
    }

    @Inject
    public PageSecurityService(SqlSession sqlSession, WSUserDatabase wSUserDatabase, NcmsEnvironment ncmsEnvironment, MBSqlSessionManager mBSqlSessionManager, WBSecurityContext wBSecurityContext) {
        super(PageSecurityService.class, sqlSession);
        this.userdb = wSUserDatabase;
        this.aclCache = new LRUMap<>(ncmsEnvironment.xcfg().getInt("security.acl-lru-cache-size", 1024));
        this.sessionManager = mBSqlSessionManager;
        this.sctx = wBSecurityContext;
    }

    @Nonnull
    private WSUser toWSUser(HttpServletRequest httpServletRequest) {
        return this.sctx.getWSUser(httpServletRequest);
    }

    @Nonnull
    public WSUser getCurrentWSUserSafe(HttpServletRequest httpServletRequest) {
        return toWSUser(httpServletRequest);
    }

    public boolean isPreviewPageRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getUserPrincipal() != null && "1".equals(httpServletRequest.getParameter("preview"));
    }

    public Collection<AclEntity> getAcl(long j) {
        return getAcl(j, null);
    }

    public String getAllRights() {
        return ALL_RIGHTS_STR;
    }

    private String getCachedRights(String str, long j) {
        String str2;
        synchronized (this.aclCache) {
            str2 = (String) this.aclCache.get(str + ':' + j);
        }
        return str2;
    }

    private void cacheRights(String str, long j, String str2) {
        synchronized (this.aclCache) {
            this.aclCache.put(str + ':' + j, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearUserRights(String str, long j) {
        synchronized (this.aclCache) {
            this.aclCache.remove(str + ':' + j);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearUserRights(String str) {
        synchronized (this.aclCache) {
            String str2 = str + ':';
            for (String str3 : (String[]) this.aclCache.keySet().toArray(new String[this.aclCache.keySet().size()])) {
                if (str3.startsWith(str2)) {
                    this.aclCache.remove(str3);
                }
            }
        }
    }

    public Collection<AclEntity> getAcl(long j, @Nullable Boolean bool) {
        List<Map> select = select(bool == null ? "selectAllUserRights" : bool.booleanValue() ? "selectRecursiveUserRights" : "selectLocalUserRights", new Object[]{"pid", Long.valueOf(j)});
        if (bool == null) {
            Collections.sort(select, (map, map2) -> {
                int intValue = ((Integer) map.get("recursive")).intValue() - ((Integer) map2.get("recursive")).intValue();
                return intValue != 0 ? intValue : ((Comparable) map.get("user")).compareTo((String) map2.get("user"));
            });
        }
        ArrayList arrayList = new ArrayList(select.size());
        for (Map map3 : select) {
            WSUser findUser = this.userdb.findUser((String) map3.get("user"));
            if (findUser != null) {
                arrayList.add(new AclEntity(findUser.getName(), findUser.getFullName(), (String) map3.get("rights"), bool == null ? ((Integer) map3.get("recursive")).intValue() == 1 : bool.booleanValue()));
            }
        }
        return arrayList;
    }

    public void addUserRights(long j, String str, boolean z) {
        Map map = (Map) selectOne("selectPageAclInfo", new Object[]{"pid", Long.valueOf(j)});
        if (map == null) {
            return;
        }
        Number number = (Number) map.get(z ? "recursive_acl" : "local_acl");
        String str2 = number == null ? "" : (String) selectOne("selectUserRightsByAcl", new Object[]{"user", str, "acl", number});
        if (!z && StringUtils.equals(str, (CharSequence) map.get("owner"))) {
            str2 = getAllRights();
        }
        updateUserRights(j, str, str2, UpdateMode.ADD, z);
    }

    public void setUserRights(long j, String str, String str2, boolean z) {
        updateUserRights(j, str, str2, UpdateMode.REPLACE, z);
    }

    public void addUserRights(long j, String str, String str2, boolean z) {
        updateUserRights(j, str, str2, UpdateMode.ADD, z);
    }

    public void removeUserRights(long j, String str, String str2, boolean z) {
        updateUserRights(j, str, str2, UpdateMode.REMOVE, z);
    }

    @Transactional
    public void updateUserRights(long j, @Nonnull String str, @Nullable String str2, @Nonnull UpdateMode updateMode, boolean z) {
        if (z) {
            updateRecursiveAclUser(j, str, str2, updateMode);
        } else {
            updateLocalAclUser(j, str, str2, updateMode);
        }
    }

    @Transactional
    public void deleteUserRights(long j, final String str, boolean z) {
        Map map = (Map) selectOne("selectPageAclInfo", new Object[]{"pid", Long.valueOf(j)});
        Object obj = map != null ? (Number) map.get("local_acl") : null;
        Object obj2 = map != null ? (Number) map.get("recursive_acl") : null;
        if (!z && obj != null) {
            delete("deleteAclUser", new Object[]{"user", str, "acl", obj});
        } else if (z && obj2 != null) {
            String str2 = (String) selectOne("selectNavPagePath", new Object[]{"pid", Long.valueOf(j)});
            Number number = (Number) selectOne("checkUserInParentRecursiveAcl", new Object[]{"nav_path", str2, "user", str});
            if (number != null && number.intValue() > 0) {
                return;
            }
            Object obj3 = (Number) selectOne("newAclId", new Object[0]);
            update("copyAcl", new Object[]{"prev_acl", obj2, "new_acl", obj3});
            update("updateChildRecursiveAcl", new Object[]{"pid", Long.valueOf(j), "nav_path", str2 + j + "/%", "prev_acl", obj2, "new_acl", obj3});
            delete("deleteAclUser", new Object[]{"acl", obj3, "user", str});
            for (Object obj4 : select("childRecursiveAcls", new Object[]{"nav_path", str2 + j + "/%", "exclude_acl", obj3, "with_user", str})) {
                Object obj5 = (Number) selectOne("newAclId", new Object[0]);
                update("copyAcl", new Object[]{"prev_acl", obj4, "new_acl", obj5});
                update("updateChildRecursiveAcl", new Object[]{"nav_path", str2 + j + "/%", "prev_acl", obj4, "new_acl", obj5});
                delete("deleteAclUser", new Object[]{"acl", obj5, "user", str});
            }
        }
        this.sessionManager.registerNextEventSessionListener(new MBSqlSessionListenerSupport() { // from class: com.softmotions.ncms.asm.PageSecurityService.1
            public void commit(boolean z2) {
                PageSecurityService.this.clearUserRights(str);
            }
        });
    }

    @Transactional
    public void deleteUserRecursive(long j, String str) {
        deleteUserRights(j, str, true);
        delete("deleteLocalAclUserRecursive", new Object[]{"user", str, "pid", Long.valueOf(j), "nav_path", ((String) selectOne("selectNavPagePath", new Object[]{"pid", Long.valueOf(j)})) + j + "/%"});
    }

    public String getAccessRights(long j, HttpServletRequest httpServletRequest) {
        return getAccessRights(j, toWSUser(httpServletRequest));
    }

    public String getAccessRights(long j, WSUser wSUser) {
        if (wSUser == null) {
            return "";
        }
        String cachedRights = getCachedRights(wSUser.getName(), j);
        return cachedRights != null ? cachedRights : getAccessRightsDB(j, wSUser);
    }

    @Transactional
    protected String getAccessRightsDB(long j, WSUser wSUser) {
        String str = "";
        Map map = (Map) selectOne("selectPageAclInfo", new Object[]{"pid", Long.valueOf(j)});
        if (wSUser.getName().equals(map != null ? (String) map.get("owner") : null) || wSUser.isHasAnyRole(new String[]{"admin", "admin.structure"})) {
            return getAllRights();
        }
        Iterator it = select("selectUserRightsForPage", new Object[]{"pid", Long.valueOf(j), "user", wSUser.getName()}).iterator();
        while (it.hasNext()) {
            str = mergeRights(str, (String) it.next());
        }
        cacheRights(wSUser.getName(), j, str);
        return str;
    }

    public boolean checkAccess(long j, WSUser wSUser, char c) {
        return (wSUser == null || !ArrayUtils.contains(ALL_RIGHTS, c) || getAccessRights(j, wSUser).indexOf(c) == -1) ? false : true;
    }

    public boolean checkAccess(long j, HttpServletRequest httpServletRequest, char c) {
        return checkAccess(j, toWSUser(httpServletRequest), c);
    }

    public boolean checkAccessAll(long j, HttpServletRequest httpServletRequest, String str) {
        String accessRights = getAccessRights(j, httpServletRequest);
        int length = str.length();
        for (int i = 0; i < length; i++) {
            if (accessRights.indexOf(str.charAt(i)) == -1) {
                return false;
            }
        }
        return true;
    }

    public boolean checkAccessAny(long j, HttpServletRequest httpServletRequest, String str) {
        String accessRights = getAccessRights(j, httpServletRequest);
        int length = str.length();
        for (int i = 0; i < length; i++) {
            if (accessRights.indexOf(str.charAt(i)) != -1) {
                return true;
            }
        }
        return false;
    }

    public boolean canEdit2(@Nullable Asm asm, HttpServletRequest httpServletRequest) {
        return checkAccessAny2(asm, httpServletRequest, "ow");
    }

    public boolean isOwner2(@Nullable Asm asm, HttpServletRequest httpServletRequest) {
        return checkAccessAll2(asm, httpServletRequest, "o");
    }

    public boolean checkAccessAll2(@Nullable Asm asm, HttpServletRequest httpServletRequest, String str) {
        if (asm == null || asm.getId() == null) {
            return false;
        }
        return "news.page".equals(asm.getType()) ? checkAccessAll(asm.getId().longValue(), httpServletRequest, str) || (asm.getNavParentId() != null && canNewsEdit(asm.getNavParentId().longValue(), httpServletRequest)) : checkAccessAll(asm.getId().longValue(), httpServletRequest, str);
    }

    public boolean checkAccessAny2(@Nullable Asm asm, HttpServletRequest httpServletRequest, String str) {
        if (asm == null || asm.getId() == null) {
            return false;
        }
        return "news.page".equals(asm.getType()) ? checkAccessAny(asm.getId().longValue(), httpServletRequest, str) || (asm.getNavParentId() != null && canNewsEdit(asm.getNavParentId().longValue(), httpServletRequest)) : checkAccessAny(asm.getId().longValue(), httpServletRequest, str);
    }

    public String getAccessRights2(@Nullable Asm asm, HttpServletRequest httpServletRequest) {
        if (asm == null || asm.getId() == null) {
            return "";
        }
        if ("news.page".equals(asm.getType())) {
            return mergeRights(getAccessRights(asm.getId().longValue(), httpServletRequest), (asm.getNavParentId() == null || !canNewsEdit(asm.getNavParentId().longValue(), httpServletRequest)) ? "" : String.valueOf('w'));
        }
        return getAccessRights(asm.getId().longValue(), httpServletRequest);
    }

    public boolean isOwner(long j, HttpServletRequest httpServletRequest) {
        return checkAccess(j, httpServletRequest, 'o');
    }

    public boolean canEdit(long j, HttpServletRequest httpServletRequest) {
        return checkAccessAny(j, httpServletRequest, "ow");
    }

    public boolean canDelete(long j, HttpServletRequest httpServletRequest) {
        return checkAccess(j, httpServletRequest, 'd');
    }

    public boolean canNewsEdit(long j, HttpServletRequest httpServletRequest) {
        return checkAccess(j, httpServletRequest, 'n');
    }

    public String mergeRights(@Nullable String str, @Nullable String str2) {
        String str3 = str != null ? str : "";
        for (char c : (str2 != null ? str2 : "").toCharArray()) {
            if (!StringUtils.contains(str3, c)) {
                str3 = str3 + c;
            }
        }
        return str3;
    }

    private String unsetRights(@Nullable String str, @Nullable String str2) {
        String str3 = str != null ? str : "";
        return StringUtils.isBlank(str2) ? str3 : str3.replaceAll("[" + str2 + "]", "");
    }

    private void updateLocalAclUser(final long j, final String str, @Nullable String str2, UpdateMode updateMode) {
        String str3 = "";
        Number number = (Number) selectOne("getLocalAcl", new Object[]{"pid", Long.valueOf(j)});
        if (number == null) {
            number = (Number) selectOne("newAclId", new Object[0]);
            update("setLocalAcl", new Object[]{"pid", Long.valueOf(j), "acl", number});
        } else {
            str3 = (String) selectOne("selectUserRightsByAcl", new Object[]{"user", str, "acl", number});
        }
        update("updateAclUserRights", new Object[]{"acl", number, "user", str, "rights", calcRights(updateMode, str3, str2)});
        this.sessionManager.registerNextEventSessionListener(new MBSqlSessionListenerSupport() { // from class: com.softmotions.ncms.asm.PageSecurityService.2
            public void commit(boolean z) {
                PageSecurityService.this.clearUserRights(str, j);
            }
        });
    }

    private void updateRecursiveAclUser(long j, final String str, @Nullable String str2, UpdateMode updateMode) {
        String str3 = (String) selectOne("selectNavPagePath", new Object[]{"pid", Long.valueOf(j)});
        Number number = (Number) selectOne("getRecursiveAcl", new Object[]{"pid", Long.valueOf(j)});
        String str4 = "";
        Number number2 = (Number) selectOne("newAclId", new Object[0]);
        if (number != null) {
            update("copyAcl", new Object[]{"prev_acl", number, "new_acl", number2});
            str4 = (String) selectOne("selectUserRightsByAcl", new Object[]{"user", str, "acl", number});
        }
        update("updateChildRecursiveAcl", new Object[]{"pid", Long.valueOf(j), "nav_path", str3 + j + "/%", "prev_acl", number, "new_acl", number2});
        update("updateAclUserRights", new Object[]{"acl", number2, "user", str, "rights", calcRights(updateMode, str4, str2)});
        for (Number number3 : select("childRecursiveAcls", new Object[]{"nav_path", str3 + j + "/%", "exclude_acl", number2})) {
            String str5 = (String) selectOne("selectUserRightsByAcl", new Object[]{"user", str, "acl", number3});
            Number number4 = (Number) selectOne("newAclId", new Object[0]);
            update("copyAcl", new Object[]{"prev_acl", number3, "new_acl", number4});
            update("updateChildRecursiveAcl", new Object[]{"nav_path", str3 + j + "/%", "prev_acl", number3, "new_acl", number4});
            update("updateAclUserRights", new Object[]{"acl", number4, "user", str, "rights", calcRights(updateMode, str5, str2)});
        }
        this.sessionManager.registerNextEventSessionListener(new MBSqlSessionListenerSupport() { // from class: com.softmotions.ncms.asm.PageSecurityService.3
            public void commit(boolean z) {
                PageSecurityService.this.clearUserRights(str);
            }
        });
    }

    @Nullable
    private String calcRights(UpdateMode updateMode, @Nullable String str, @Nullable String str2) {
        switch (updateMode) {
            case REPLACE:
                return str2;
            case ADD:
                return mergeRights(str, str2);
            case REMOVE:
                return unsetRights(str, str2);
            default:
                return "";
        }
    }

    public Collection<Long> getAccessibleTemplates(HttpServletRequest httpServletRequest) {
        return getAccessibleTemplates(toWSUser(httpServletRequest));
    }

    @Transactional
    public Collection<Long> getAccessibleTemplates(WSUser wSUser) {
        if (wSUser.isHasAnyRole(new String[]{"admin", "admin.asm"})) {
            return select("accessibleAsmsForRoles", new Object[]{"template", true});
        }
        Iterator roles = wSUser.getRoles();
        ArrayList arrayList = new ArrayList(32);
        while (roles.hasNext()) {
            arrayList.add(((WSRole) roles.next()).getName());
        }
        return select("accessibleAsmsForRoles", new Object[]{"template", true, "roles", arrayList});
    }
}
