package org.exoplatform.portal.config;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ValueParam;
import org.exoplatform.container.xml.ValuesParam;
import org.exoplatform.portal.config.model.Page;
import org.exoplatform.portal.config.model.PageNavigation;
import org.exoplatform.portal.config.model.PortalConfig;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.IdentityConstants;
import org.exoplatform.services.security.MembershipEntry;

/* loaded from: input_file:org/exoplatform/portal/config/UserACL.class */
public class UserACL {
    public static final String EVERYONE = "Everyone";
    protected static Log log = ExoLogger.getLogger("organization:UserACL");
    private final Collection<MembershipEntry> NO_MEMBERSHIP = Collections.emptyList();
    private final Collection<String> NO_ROLES = Collections.emptyList();
    private final Identity guest = new Identity((String) null, this.NO_MEMBERSHIP, this.NO_ROLES);
    private String superUser_;
    private String guestGroup_;
    private List<String> portalCreatorGroups_;
    private String navigationCreatorMembershipType_;
    private List<String> mandatoryGroups_;
    private List<String> mandatoryMSTypes_;
    private PortalACLPlugin portalACLPlugin;
    private String adminGroups;
    private String adminMSType;

    /* loaded from: input_file:org/exoplatform/portal/config/UserACL$Permission.class */
    public static class Permission implements Serializable {
        private String name_;
        private String expression;
        private String groupId_ = "";
        private String membership_ = "";
        private boolean selected_ = false;

        public void setPermissionExpression(String str) {
            if (str == null || str.length() == 0) {
                return;
            }
            String[] split = str.split(":");
            if (split.length < 2) {
                return;
            }
            this.expression = str;
            this.membership_ = split[0].trim();
            this.groupId_ = split[1].trim();
        }

        public String getGroupId() {
            return this.groupId_;
        }

        public void setGroupId(String str) {
            this.groupId_ = str;
        }

        public String getName() {
            return this.name_;
        }

        public void setName(String str) {
            this.name_ = str;
        }

        public String getValue() {
            if (this.membership_.length() == 0 || this.groupId_.length() == 0) {
                return null;
            }
            return this.membership_ + ":" + this.groupId_;
        }

        public String getMembership() {
            return this.membership_;
        }

        public void setMembership(String str) {
            this.membership_ = str;
        }

        public boolean isSelected() {
            return this.selected_;
        }

        public void setSelected(boolean z) {
            this.selected_ = z;
        }

        public String getExpression() {
            return this.expression;
        }

        public void setExpression(String str) {
            this.expression = str;
        }
    }

    public UserACL(InitParams initParams) {
        UserACLMetaData userACLMetaData = new UserACLMetaData(initParams);
        ValuesParam valuesParam = initParams.getValuesParam("mandatory.groups");
        if (valuesParam != null) {
            this.mandatoryGroups_ = valuesParam.getValues();
        } else {
            this.mandatoryGroups_ = new ArrayList();
        }
        ValuesParam valuesParam2 = initParams.getValuesParam("mandatory.mstypes");
        if (valuesParam2 != null) {
            this.mandatoryMSTypes_ = valuesParam2.getValues();
        } else {
            this.mandatoryMSTypes_ = new ArrayList();
        }
        ValueParam valueParam = initParams.getValueParam("portal.administrator.groups");
        if (valueParam != null) {
            setAdminGroups(valueParam.getValue());
        }
        ValueParam valueParam2 = initParams.getValueParam("portal.administrator.mstype");
        if (valueParam2 != null) {
            setAdminMSType(valueParam2.getValue());
        }
        init(userACLMetaData);
    }

    public UserACL(UserACLMetaData userACLMetaData) {
        if (userACLMetaData == null) {
            throw new NullPointerException("No meta data provided");
        }
        init(userACLMetaData);
    }

    private void init(UserACLMetaData userACLMetaData) {
        if (userACLMetaData.getSuperUser() != null) {
            this.superUser_ = userACLMetaData.getSuperUser();
        }
        if (this.superUser_ == null || this.superUser_.trim().length() == 0) {
            this.superUser_ = "root";
        }
        if (userACLMetaData.getGuestsGroups() != null) {
            this.guestGroup_ = userACLMetaData.getGuestsGroups();
        }
        if (this.guestGroup_ == null || this.guestGroup_.trim().length() < 1) {
            this.guestGroup_ = "/platform/guests";
        }
        if (userACLMetaData.getNavigationCreatorMembershipType() != null) {
            this.navigationCreatorMembershipType_ = userACLMetaData.getNavigationCreatorMembershipType();
        }
        if (this.navigationCreatorMembershipType_ == null || this.navigationCreatorMembershipType_.trim().length() == 0) {
            this.navigationCreatorMembershipType_ = "owner";
        }
        this.portalCreatorGroups_ = defragmentPermission(userACLMetaData.getPortalCreateGroups() != null ? userACLMetaData.getPortalCreateGroups() : "");
    }

    public void addPortalACLPlugin(PortalACLPlugin portalACLPlugin) {
        this.portalACLPlugin = portalACLPlugin;
        String superUser = this.portalACLPlugin.getSuperUser();
        if (superUser != null) {
            log.info("Overidden SuperUser by PortalACLPlugin");
            this.superUser_ = superUser;
        }
        List<String> portalCreationRoles = this.portalACLPlugin.getPortalCreationRoles();
        if (portalCreationRoles != null) {
            log.info("Overidden PortalCreatorGroup by PortalACLPlugin");
            this.portalCreatorGroups_ = portalCreationRoles;
        }
    }

    public String getMakableMT() {
        return this.navigationCreatorMembershipType_;
    }

    public List<String> getPortalCreatorGroups() {
        return this.portalCreatorGroups_;
    }

    public String getSuperUser() {
        return this.superUser_;
    }

    public String getGuestsGroup() {
        return this.guestGroup_;
    }

    public List<String> getMandatoryGroups() {
        return this.mandatoryGroups_;
    }

    public List<String> getMandatoryMSTypes() {
        return this.mandatoryMSTypes_;
    }

    public void setAdminGroups(String str) {
        this.adminGroups = str;
    }

    public String getAdminGroups() {
        return this.adminGroups;
    }

    public void setAdminMSType(String str) {
        this.adminMSType = str;
    }

    public String getAdminMSType() {
        return this.adminMSType;
    }

    public boolean hasPermission(PortalConfig portalConfig) {
        Identity identity = getIdentity();
        if (hasPermission(identity, portalConfig.getEditPermission())) {
            portalConfig.setModifiable(true);
            return true;
        }
        portalConfig.setModifiable(false);
        for (String str : portalConfig.getAccessPermissions()) {
            if (hasPermission(identity, str)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasEditPermission(PortalConfig portalConfig) {
        return hasPermission(getIdentity(), portalConfig.getEditPermission());
    }

    public boolean hasEditPermissionOnPortal(String str, String str2, String str3) {
        Identity identity = getIdentity();
        if (this.superUser_.equals(identity.getUserId())) {
            return true;
        }
        return "user".equals(str) ? identity.getUserId().equals(str2) : hasPermission(identity, str3);
    }

    public boolean hasCreatePortalPermission() {
        Identity identity = getIdentity();
        if (this.superUser_.equals(identity.getUserId())) {
            return true;
        }
        if (this.portalCreatorGroups_ == null || this.portalCreatorGroups_.size() < 1) {
            return false;
        }
        Iterator<String> it = this.portalCreatorGroups_.iterator();
        while (it.hasNext()) {
            if (hasPermission(identity, it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean hasEditPermission(PageNavigation pageNavigation) {
        Identity identity = getIdentity();
        if (this.superUser_.equals(identity.getUserId())) {
            pageNavigation.setModifiable(true);
            return true;
        }
        String ownerType = pageNavigation.getOwnerType();
        if (!"group".equals(ownerType)) {
            if ("user".equals(ownerType)) {
                return pageNavigation.getOwnerId().equals(identity.getUserId());
            }
            return false;
        }
        String trim = pageNavigation.getOwnerId().trim();
        String adminGroups = getAdminGroups();
        if (adminGroups != null) {
            String str = adminGroups.startsWith("/") ? adminGroups : "/" + adminGroups;
            if (isUserInGroup(trim.startsWith("/") ? trim : "/" + trim) && isUserInGroup(str)) {
                return true;
            }
        }
        return hasPermission(identity, this.navigationCreatorMembershipType_ + (trim.startsWith("/") ? ":" + trim : ":/" + trim));
    }

    public boolean hasPermission(Page page) {
        Identity identity = getIdentity();
        if ("user".equals(page.getOwnerType()) && page.getOwnerId().equals(identity.getUserId())) {
            page.setModifiable(true);
            return true;
        }
        if (this.superUser_.equals(identity.getUserId())) {
            page.setModifiable(true);
            return true;
        }
        if (hasEditPermission(page)) {
            page.setModifiable(true);
            return true;
        }
        page.setModifiable(false);
        String[] accessPermissions = page.getAccessPermissions();
        if (accessPermissions == null) {
            return false;
        }
        for (String str : accessPermissions) {
            if (hasPermission(identity, str)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasEditPermission(Page page) {
        Identity identity = getIdentity();
        if ("user".equals(page.getOwnerType())) {
            if (!page.getOwnerId().equals(identity.getUserId())) {
                return false;
            }
            page.setModifiable(true);
            return true;
        }
        if (hasPermission(identity, page.getEditPermission())) {
            page.setModifiable(true);
            return true;
        }
        page.setModifiable(false);
        return false;
    }

    public boolean hasEditPermissionOnPage(String str, String str2, String str3) {
        Identity identity = getIdentity();
        return "user".equals(str) ? str2.equals(identity.getUserId()) : hasPermission(identity, str3);
    }

    public boolean hasPermission(String str) {
        return hasPermission(getIdentity(), str);
    }

    public boolean isUserInGroup(String str) {
        ConversationState current = ConversationState.getCurrent();
        Identity identity = null;
        if (current != null) {
            identity = current.getIdentity();
        }
        if (identity == null) {
            return false;
        }
        Iterator it = identity.getGroups().iterator();
        while (it.hasNext()) {
            if (((String) it.next()).equals(str)) {
                return true;
            }
        }
        return false;
    }

    private Identity getIdentity() {
        Identity identity;
        ConversationState current = ConversationState.getCurrent();
        if (current != null && (identity = current.getIdentity()) != null) {
            return identity;
        }
        return this.guest;
    }

    public boolean hasPermission(Identity identity, String str) {
        String userId = identity.getUserId();
        if (this.superUser_.equals(userId)) {
            return true;
        }
        if (str == null) {
            return false;
        }
        if (EVERYONE.equals(str)) {
            return true;
        }
        Permission permission = new Permission();
        permission.setPermissionExpression(str);
        String groupId = permission.getGroupId();
        if ((userId == null || userId.equals(IdentityConstants.ANONIM)) && groupId.equals(this.guestGroup_)) {
            return true;
        }
        return identity.isMemberOf(groupId, permission.getMembership());
    }

    private List<String> defragmentPermission(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            if (str.contains(",")) {
                for (String str2 : str.split(",")) {
                    arrayList.add(str2.trim());
                }
            } else {
                arrayList.add(str);
            }
        }
        return arrayList;
    }
}
