package org.ametys.core.ui;

import java.lang.reflect.Method;
import java.util.List;
import java.util.Map;
import org.ametys.core.cocoon.JSonReader;
import org.ametys.core.right.RightAssignmentContext;
import org.ametys.core.right.RightAssignmentContextExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.ui.Callable;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.schedule.Scheduler;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.plugin.ExtensionPoint;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.reflect.MethodUtils;

/* loaded from: input_file:org/ametys/core/ui/ExecuteClientCallsAction.class */
public class ExecuteClientCallsAction extends ServiceableAction implements ThreadSafe {
    private RightManager _rightManager;
    private CurrentUserProvider _currentUserProvider;
    private RightAssignmentContextExtensionPoint _rightCtxEP;

    private RightManager _getRightManager() {
        if (this._rightManager == null) {
            try {
                this._rightManager = (RightManager) this.manager.lookup(RightManager.ROLE);
            } catch (ServiceException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return this._rightManager;
    }

    private CurrentUserProvider _getCurrentUserProvider() {
        if (this._currentUserProvider == null) {
            try {
                this._currentUserProvider = (CurrentUserProvider) this.manager.lookup(CurrentUserProvider.ROLE);
            } catch (ServiceException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return this._currentUserProvider;
    }

    private RightAssignmentContextExtensionPoint _getRightContextEP() {
        if (this._rightCtxEP == null) {
            try {
                this._rightCtxEP = (RightAssignmentContextExtensionPoint) this.manager.lookup(RightAssignmentContextExtensionPoint.ROLE);
            } catch (ServiceException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return this._rightCtxEP;
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        Object obj;
        Object[] array;
        Class[] clsArr;
        Map map2 = (Map) map.get("parent-context");
        String str2 = (String) map2.get("role");
        if (str2 == null) {
            throw new IllegalArgumentException("Component role should be present.");
        }
        if (!this.manager.hasService(str2)) {
            throw new IllegalArgumentException("The role '" + str2 + "' does not correspond to a valid component.");
        }
        Object lookup = this.manager.lookup(str2);
        if (lookup instanceof ExtensionPoint) {
            ExtensionPoint extensionPoint = (ExtensionPoint) lookup;
            String str3 = (String) map2.get(Scheduler.KEY_RUNNABLE_ID);
            if (str3 == null) {
                obj = lookup;
            } else {
                obj = extensionPoint.getExtension(str3);
                if (obj == null) {
                    throw new IllegalArgumentException("The id '" + str3 + "' does not correspond to a valid extension for point " + str2);
                }
            }
        } else {
            obj = lookup;
        }
        String str4 = (String) map2.get("methodName");
        List list = (List) map2.get("parameters");
        if (str4 == null) {
            throw new IllegalArgumentException("No method name present, cannot execute server side code.");
        }
        if (list == null) {
            clsArr = new Class[0];
            array = new Object[0];
        } else {
            array = list.toArray();
            clsArr = ClassUtils.toClass(array);
        }
        Class<?> cls = obj.getClass();
        Method matchingAccessibleMethod = MethodUtils.getMatchingAccessibleMethod(cls, str4, clsArr);
        if (matchingAccessibleMethod == null) {
            throw new IllegalArgumentException("No method with signature " + str4 + "(" + StringUtils.join(clsArr, ", ").replaceAll("class ", "") + ") present in class " + cls.getName() + ".");
        }
        ObjectModelHelper.getRequest(map).setAttribute(JSonReader.OBJECT_TO_READ, _executeMethod(matchingAccessibleMethod, obj, array));
        return EMPTY_MAP;
    }

    protected Object _executeMethod(Method method, Object obj, Object[] objArr) throws Exception {
        if (!method.isAnnotationPresent(Callable.class)) {
            throw new IllegalArgumentException("Trying to call a non-callable method: " + method.toGenericString() + ".");
        }
        _checkAccess(method, objArr);
        return method.invoke(obj, objArr);
    }

    private void _checkAccess(Method method, Object[] objArr) {
        Callable callable = (Callable) method.getAnnotation(Callable.class);
        UserIdentity user = _getCurrentUserProvider().getUser();
        if (user == null && !callable.allowAnonymous()) {
            throw new AccessDeniedException("Anonymous user tried to access the authenticated callable method [" + method.toGenericString() + "]");
        }
        if (StringUtils.isAllEmpty(callable.rights())) {
            return;
        }
        Object _getRightContext = _getRightContext(method, callable, objArr);
        for (String str : callable.rights()) {
            if (!Callable.READ_ACCESS.equals(str) ? _getRightManager().hasRight(user, str, _getRightContext) != RightManager.RightResult.RIGHT_ALLOW : !_getRightManager().hasReadAccess(user, _getRightContext)) {
                if (callable.rightMode() == Callable.RightMode.AND) {
                    break;
                }
            } else if (callable.rightMode() == Callable.RightMode.OR) {
                return;
            }
        }
        throw new AccessDeniedException("The user " + String.valueOf(user) + " tried to access the callable method [" + method.toGenericString() + "] without sufficient rights");
    }

    private Object _getRightContext(Method method, Callable callable, Object[] objArr) {
        if (!StringUtils.isNotEmpty(callable.rightContext())) {
            return callable.context();
        }
        int paramIndex = callable.paramIndex();
        if (paramIndex < 0 || paramIndex > objArr.length - 1) {
            throw new IllegalArgumentException("Callable method [" + method.toGenericString() + "] refers to a invalid 'paramIndex' " + paramIndex + ".");
        }
        Object obj = objArr[paramIndex];
        String rightContext = callable.rightContext();
        RightAssignmentContext extension = _getRightContextEP().getExtension(rightContext);
        if (extension == null) {
            throw new IllegalArgumentException("Callable method [" + method.toGenericString() + "] refers to a unknown 'rightContext' of id " + rightContext + ".");
        }
        Object convertJSContext = extension.convertJSContext(obj);
        if (convertJSContext == null) {
            throw new IllegalArgumentException("Right object context not found for value " + String.valueOf(obj) + ". Unable to check right for callable method: " + method.toGenericString() + ".");
        }
        return convertJSContext;
    }
}
