package com.signavio.usermanagement.user.handler;

import com.signavio.platform.annotations.HandlerConfiguration;
import com.signavio.platform.annotations.HandlerMethodActivation;
import com.signavio.platform.core.Platform;
import com.signavio.platform.exceptions.JSONRequestException;
import com.signavio.platform.exceptions.RequestException;
import com.signavio.platform.handler.AbstractHandler;
import com.signavio.platform.security.business.FsAccessToken;
import com.signavio.platform.security.business.FsSecureBusinessObject;
import com.signavio.platform.security.business.FsSecureBusinessSubject;
import com.signavio.platform.security.business.FsSecurityManager;
import com.signavio.usermanagement.user.business.FsUser;
import com.signavio.usermanagement.usergroup.business.FsUserGroup;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletContext;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:jbpm-4.3/install/src/signavio/jbpmeditor.war:WEB-INF/classes/com/signavio/usermanagement/user/handler/AbstractAccessHandler.class */
public abstract class AbstractAccessHandler extends AbstractHandler {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jbpm-4.3/install/src/signavio/jbpmeditor.war:WEB-INF/classes/com/signavio/usermanagement/user/handler/AbstractAccessHandler$InheritedPrivilege.class */
    public class InheritedPrivilege {
        private String privilege;
        private boolean inherited;

        private InheritedPrivilege() {
        }
    }

    public AbstractAccessHandler(ServletContext servletContext) {
        super(servletContext);
    }

    @Override // com.signavio.platform.handler.AbstractHandler
    @HandlerMethodActivation
    public <T extends FsSecureBusinessObject> Object getRepresentation(T t, Object obj, FsAccessToken fsAccessToken) {
        String str = null;
        try {
            str = ((JSONObject) obj).getString("suffix");
        } catch (JSONException e) {
        }
        Map<FsSecureBusinessSubject, Set<InheritedPrivilege>> rolesAndPrivileges = getRolesAndPrivileges(t);
        if (str != null) {
            FsSecureBusinessSubject fsSecureBusinessSubject = (FsSecureBusinessSubject) FsSecurityManager.getInstance().loadObject(str, fsAccessToken);
            return rolesAndPrivileges.containsKey(fsSecureBusinessSubject) ? getPrivilegeRepresentation(fsSecureBusinessSubject, rolesAndPrivileges.get(fsSecureBusinessSubject)) : new JSONObject();
        }
        JSONArray jSONArray = new JSONArray();
        HandlerConfiguration handlerConfiguration = getHandlerConfiguration();
        String rel = handlerConfiguration.rel();
        String uri = Platform.getInstance().getHandlerDirectory().get(handlerConfiguration.context().getName()).getUri();
        for (FsSecureBusinessSubject fsSecureBusinessSubject2 : rolesAndPrivileges.keySet()) {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("rel", rel);
                jSONObject.put("href", uri + "/" + t.getId() + "/" + rel + "/" + fsSecureBusinessSubject2.getId());
                jSONObject.put("rep", getPrivilegeRepresentation(fsSecureBusinessSubject2, rolesAndPrivileges.get(fsSecureBusinessSubject2)));
            } catch (JSONException e2) {
                e2.printStackTrace();
            }
            jSONArray.put(jSONObject);
        }
        return jSONArray;
    }

    @Override // com.signavio.platform.handler.AbstractHandler
    @HandlerMethodActivation
    public <T extends FsSecureBusinessObject> Object putRepresentation(T t, Object obj, FsAccessToken fsAccessToken) {
        JSONObject jSONObject = (JSONObject) obj;
        try {
            String string = jSONObject.getString("suffix");
            HashSet<String> hashSet = new HashSet();
            try {
                for (String str : jSONObject.get("privileges") instanceof String[] ? (String[]) jSONObject.get("privileges") : new String[]{(String) jSONObject.get("privileges")}) {
                    hashSet.add(str);
                }
                if (t == null || string == null) {
                    throw new RequestException("usermanagement.invalidparameters");
                }
                FsSecureBusinessSubject fsSecureBusinessSubject = (FsSecureBusinessSubject) FsSecurityManager.getInstance().loadObject(string, fsAccessToken);
                Set<String> gainedPrivileges = fsSecureBusinessSubject.getGainedPrivileges(t);
                for (String str2 : gainedPrivileges) {
                    if (!hashSet.contains(str2)) {
                        t.denyPrivilege(str2, fsSecureBusinessSubject);
                    }
                }
                for (String str3 : hashSet) {
                    if (!gainedPrivileges.contains(str3) && !str3.equals("none")) {
                        t.grantPrivilege(str3, fsSecureBusinessSubject);
                    }
                }
                fsSecureBusinessSubject.setPrivilegeInheritanceBlocked(hashSet.contains("none"));
                return getRepresentation(t, obj, fsAccessToken);
            } catch (JSONException e) {
                throw new JSONRequestException(e);
            }
        } catch (JSONException e2) {
            throw new JSONRequestException(e2);
        }
    }

    @Override // com.signavio.platform.handler.AbstractHandler
    @HandlerMethodActivation
    public <T extends FsSecureBusinessObject> void deleteRepresentation(T t, Object obj, FsAccessToken fsAccessToken) {
        try {
            String string = ((JSONObject) obj).getString("suffix");
            if (t == null || string == null) {
                throw new RequestException("usermanagement.invalidparameters");
            }
        } catch (JSONException e) {
            throw new JSONRequestException(e);
        }
    }

    private Map<FsSecureBusinessSubject, Set<InheritedPrivilege>> getRolesAndPrivileges(FsSecureBusinessObject fsSecureBusinessObject) {
        return new HashMap();
    }

    private JSONObject getPrivilegeRepresentation(FsSecureBusinessSubject fsSecureBusinessSubject, Set<InheritedPrivilege> set) {
        return fsSecureBusinessSubject instanceof FsUser ? getPrivilegeRepresentation((FsUser) fsSecureBusinessSubject, set) : fsSecureBusinessSubject instanceof FsUserGroup ? getPrivilegeRepresentation((FsUserGroup) fsSecureBusinessSubject, set) : new JSONObject();
    }

    private JSONObject getPrivilegeRepresentation(FsUser fsUser, Set<InheritedPrivilege> set) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("principal", fsUser.getAccount().getPrincipal());
            jSONObject.put("name", fsUser.getFullName());
            jSONObject.put("privileges", new JSONArray());
            return jSONObject;
        } catch (JSONException e) {
            throw new JSONRequestException(e);
        }
    }

    private JSONObject getPrivilegeRepresentation(FsUserGroup fsUserGroup, Set<InheritedPrivilege> set) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("usergroup", "/usergroup/" + fsUserGroup.getId());
            jSONObject.put("title", fsUserGroup.getName());
            jSONObject.put("privileges", new JSONArray());
            return jSONObject;
        } catch (JSONException e) {
            throw new JSONRequestException(e);
        }
    }
}
