package org.ametys.plugins.serverdirectory;

import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.util.URIUtils;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.repository.AmetysRepositoryException;
import org.ametys.plugins.repository.data.holder.ModelAwareDataHolder;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.authentication.AuthorizationRequiredException;
import org.ametys.web.repository.page.SitemapElement;
import org.ametys.web.repository.page.ZoneItem;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.excalibur.source.SourceResolver;

/* loaded from: input_file:org/ametys/plugins/serverdirectory/CheckPathAccessAction.class */
public class CheckPathAccessAction extends ServiceableAction {
    private SourceResolver _srcResolver;
    private AmetysObjectResolver _resolver;
    private CurrentUserProvider _currentUserProvider;
    private RightManager _rightManager;

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._srcResolver = (SourceResolver) serviceManager.lookup(SourceResolver.ROLE);
        this._resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
    }

    public Map act(Redirector redirector, org.apache.cocoon.environment.SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        HashMap hashMap = new HashMap();
        Request request = ObjectModelHelper.getRequest(map);
        String parameter = request.getParameter("path");
        String parameter2 = request.getParameter("name");
        if (StringUtils.isBlank(parameter)) {
            throw new IllegalArgumentException("Missing server directory's path");
        }
        if (StringUtils.isBlank(parameter2)) {
            throw new IllegalArgumentException("Missing server file's name");
        }
        String normalize = ServerDirectoryHelper.normalize(URIUtils.decode(parameter));
        ZoneItem zoneItem = (ZoneItem) this._resolver.resolveById(new String(Base64.getUrlDecoder().decode(parameters.getParameter("zoneItem").getBytes("UTF-8"))));
        _checkPageAccess(zoneItem);
        ModelAwareDataHolder serviceParameters = zoneItem.getServiceParameters();
        boolean booleanValue = ((Boolean) serviceParameters.getValue("enableDynamicPaths", false, false)).booleanValue();
        String normalize2 = ServerDirectoryHelper.normalize((String) serviceParameters.getValue("folder"));
        if (booleanValue) {
            normalize2 = ServerDirectoryHelper.evaluateDynamicPath(normalize2, (String) request.getAttribute("site"), (String) request.getAttribute("sitemapLanguage"), this._currentUserProvider.getUser());
            if (!normalize2.startsWith("file:/")) {
                normalize2 = "file:/" + normalize2;
            }
        }
        if (!ServerDirectoryHelper.isValidPath(normalize, ServerDirectoryHelper.getRootServerSources(this._srcResolver))) {
            throw new AccessDeniedException("You are not allowed to access to server directory file " + normalize);
        }
        if (!normalize.startsWith(normalize2)) {
            throw new IllegalStateException("The server directory file '" + normalize + "' is not part of the current service : " + normalize2);
        }
        hashMap.put("path", parameter);
        _setHeader(ServerDirectoryHelper.normalize(URIUtils.decode(parameter2)), ObjectModelHelper.getResponse(map));
        return hashMap;
    }

    private void _checkPageAccess(ZoneItem zoneItem) throws AuthorizationRequiredException, AmetysRepositoryException, AccessDeniedException {
        SitemapElement sitemapElement = zoneItem.getZone().getSitemapElement();
        if (this._rightManager.hasAnonymousReadAccess(sitemapElement)) {
            return;
        }
        UserIdentity user = this._currentUserProvider.getUser();
        if (user == null) {
            throw new AuthorizationRequiredException((String) null);
        }
        if (!this._rightManager.hasReadAccess(user, sitemapElement)) {
            throw new AccessDeniedException("Access to page " + sitemapElement.getSiteName() + "/" + sitemapElement.getSitemapName() + "/" + sitemapElement.getPathInSitemap() + " is not allowed for user " + user);
        }
    }

    protected void _setHeader(String str, Response response) {
        String encodeHeader = URIUtils.encodeHeader(str);
        response.setHeader("Content-Disposition", "attachment; filename=\"" + encodeHeader + "\";filename*=UTF-8''" + encodeHeader);
    }
}
