package org.ametys.plugins.workspaces.project.rights.accesscontroller;

import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.jcr.RepositoryException;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.AccessExplanation;
import org.ametys.core.right.ProfileAssignmentStorage;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.impl.right.AbstractRightBasedAccessController;
import org.ametys.plugins.explorer.resources.ModifiableResourceCollection;
import org.ametys.plugins.explorer.resources.ResourceCollection;
import org.ametys.plugins.repository.AmetysObject;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.workspaces.dav.WebdavPropfindGenerator;
import org.ametys.plugins.workspaces.project.ProjectManager;
import org.ametys.plugins.workspaces.project.modules.WorkspaceModule;
import org.ametys.plugins.workspaces.project.modules.WorkspaceModuleExtensionPoint;
import org.ametys.plugins.workspaces.project.objects.Project;
import org.ametys.plugins.workspaces.project.rights.ProjectRightHelper;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.web.WebHelper;
import org.ametys.web.repository.site.Site;
import org.ametys.web.repository.site.SiteManager;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.cocoon.components.ContextHelper;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:org/ametys/plugins/workspaces/project/rights/accesscontroller/ModuleAccessController.class */
public class ModuleAccessController extends AbstractRightBasedAccessController implements Serviceable {
    private static Pattern __MODULE_ROOT_PATH_PATTERN = Pattern.compile("^(/ametys:plugins/workspaces/projects/(?:[^/]+)/ametys-internal:resources/(?:[^/]+)).*$");
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected ProjectRightHelper _projectRightHelper;
    protected AmetysObjectResolver _resolver;
    protected WorkspaceModuleExtensionPoint _moduleEP;
    protected ProjectManager _projectManager;
    protected RightProfilesDAO _profileDAO;
    protected SiteManager _siteManager;

    /* renamed from: org.ametys.plugins.workspaces.project.rights.accesscontroller.ModuleAccessController$1, reason: invalid class name */
    /* loaded from: input_file:org/ametys/plugins/workspaces/project/rights/accesscontroller/ModuleAccessController$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$ametys$core$right$AccessController$AccessResult = new int[AccessController.AccessResult.values().length];

        static {
            try {
                $SwitchMap$org$ametys$core$right$AccessController$AccessResult[AccessController.AccessResult.UNKNOWN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._profileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
        this._projectRightHelper = (ProjectRightHelper) serviceManager.lookup(ProjectRightHelper.ROLE);
        this._resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        this._moduleEP = (WorkspaceModuleExtensionPoint) serviceManager.lookup(WorkspaceModuleExtensionPoint.ROLE);
        this._projectManager = (ProjectManager) serviceManager.lookup(ProjectManager.ROLE);
        this._siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
    }

    public boolean isSupported(Object obj) {
        if (!(obj instanceof AmetysObject)) {
            return false;
        }
        String path = ((AmetysObject) obj).getPath();
        return path.startsWith("/ametys:plugins/workspaces/projects/") && path.contains("/ametys-internal:resources/");
    }

    private boolean _isModuleActivated(ResourceCollection resourceCollection) {
        Project parent = resourceCollection.getParent().getParent();
        WorkspaceModule moduleByName = this._moduleEP.getModuleByName(resourceCollection.getName());
        if (moduleByName == null) {
            throw new IllegalStateException("Can not find module from the module root name '" + resourceCollection.getName() + "'");
        }
        return this._projectManager.isModuleActivated(parent, moduleByName.getId());
    }

    private ModifiableResourceCollection _getModuleRoot(Object obj) {
        ModifiableResourceCollection modifiableResourceCollection = (AmetysObject) obj;
        Matcher matcher = __MODULE_ROOT_PATH_PATTERN.matcher(modifiableResourceCollection.getPath());
        if (!matcher.matches()) {
            throw new IllegalArgumentException("Node " + modifiableResourceCollection.getPath() + " is not a module path");
        }
        String group = matcher.group(1);
        return modifiableResourceCollection.getPath().equals(group) ? modifiableResourceCollection : this._resolver.resolveByPath(group);
    }

    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        if (_isModuleActivated(_getModuleRoot) && this._profileAssignmentStorageEP.getPermissions(userIdentity, set, this._projectRightHelper.getProfilesIds(), _getModuleRoot).values().stream().anyMatch(accessResult -> {
            return accessResult.toRightResult() == RightManager.RightResult.RIGHT_ALLOW;
        })) {
            return AccessController.AccessResult.USER_ALLOWED;
        }
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessExplanation explainReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return _explain(_getModuleRoot(obj), AccessController.AccessResult.USER_ALLOWED, AccessController.AccessResult.UNKNOWN, modifiableResourceCollection -> {
            return Pair.of((Set) this._profileAssignmentStorageEP.getPermissions(userIdentity, set, this._projectRightHelper.getProfilesIds(), modifiableResourceCollection).entrySet().stream().filter(entry -> {
                return ((AccessController.AccessResult) entry.getValue()).toRightResult() == RightManager.RightResult.RIGHT_ALLOW;
            }).map((v0) -> {
                return v0.getKey();
            }).collect(Collectors.toSet()), Set.of());
        });
    }

    private AccessExplanation _explain(ModifiableResourceCollection modifiableResourceCollection, AccessController.AccessResult accessResult, AccessController.AccessResult accessResult2, Function<ModifiableResourceCollection, Pair<Set<String>, Set<String>>> function) {
        AccessController.AccessResult accessResult3;
        String str;
        HashMap hashMap = new HashMap();
        hashMap.put("module", this._moduleEP.getModuleByName(modifiableResourceCollection.getName()).getModuleTitle());
        if (_isModuleActivated(modifiableResourceCollection)) {
            Pair<Set<String>, Set<String>> apply = function.apply(modifiableResourceCollection);
            if (!((Set) apply.getRight()).isEmpty()) {
                accessResult3 = accessResult2;
                str = "PLUGINS_WORKSPACES_MODULE_ACCESS_CONTROLLER_" + accessResult2.name() + "_EXPLANATION";
                Stream stream = ((Set) apply.getRight()).stream();
                RightProfilesDAO rightProfilesDAO = this._profileDAO;
                Objects.requireNonNull(rightProfilesDAO);
                hashMap.put("profiles", AccessExplanation.profilesToI18nizableText((Set) stream.map(rightProfilesDAO::getProfile).collect(Collectors.toSet())));
            } else if (((Set) apply.getLeft()).isEmpty()) {
                accessResult3 = AccessController.AccessResult.UNKNOWN;
                str = "PLUGINS_WORKSPACES_MODULE_ACCESS_CONTROLLER_UNKNOWN_EXPLANATION";
            } else {
                accessResult3 = accessResult;
                str = "PLUGINS_WORKSPACES_MODULE_ACCESS_CONTROLLER_" + accessResult.name() + "_EXPLANATION";
                Stream stream2 = ((Set) apply.getLeft()).stream();
                RightProfilesDAO rightProfilesDAO2 = this._profileDAO;
                Objects.requireNonNull(rightProfilesDAO2);
                hashMap.put("profiles", AccessExplanation.profilesToI18nizableText((Set) stream2.map(rightProfilesDAO2::getProfile).collect(Collectors.toSet())));
            }
        } else {
            accessResult3 = AccessController.AccessResult.UNKNOWN;
            str = "PLUGINS_WORKSPACES_MODULE_ACCESS_CONTROLLER_DISABLED_MODULE_EXPLANATION";
        }
        return new AccessExplanation(getId(), accessResult3, new I18nizableText("plugin.workspaces", str, hashMap));
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return Map.of();
    }

    public AccessController.AccessResult getPermissionForAnonymous(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? AccessController.AccessResult.UNKNOWN : this._profileAssignmentStorageEP.getPermissionForAnonymous(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public AccessExplanation explainReadAccessPermissionForAnonymous(Object obj) {
        return _explain(_getModuleRoot(obj), AccessController.AccessResult.ANONYMOUS_ALLOWED, AccessController.AccessResult.ANONYMOUS_DENIED, modifiableResourceCollection -> {
            Map profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(modifiableResourceCollection);
            Set<String> profilesIds = this._projectRightHelper.getProfilesIds();
            return Pair.of((Set) ((Set) profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED)).stream().filter(str -> {
                return profilesIds.contains(str);
            }).collect(Collectors.toSet()), (Set) ((Set) profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED)).stream().filter(str2 -> {
                return profilesIds.contains(str2);
            }).collect(Collectors.toSet()));
        });
    }

    public AccessController.AccessResult getPermissionForAnyConnectedUser(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? AccessController.AccessResult.UNKNOWN : this._profileAssignmentStorageEP.getPermissionForAnyConnectedUser(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public AccessExplanation explainReadAccessPermissionForAnyConnectedUser(Object obj) {
        return _explain(_getModuleRoot(obj), AccessController.AccessResult.ANY_CONNECTED_ALLOWED, AccessController.AccessResult.ANY_CONNECTED_DENIED, modifiableResourceCollection -> {
            Map profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(modifiableResourceCollection);
            Set<String> profilesIds = this._projectRightHelper.getProfilesIds();
            return Pair.of((Set) ((Set) profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED)).stream().filter(str -> {
                return profilesIds.contains(str);
            }).collect(Collectors.toSet()), (Set) ((Set) profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED)).stream().filter(str2 -> {
                return profilesIds.contains(str2);
            }).collect(Collectors.toSet()));
        });
    }

    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        return Map.of();
    }

    public Map<UserIdentity, AccessController.AccessResult> getReadAccessPermissionByUser(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? Map.of() : this._profileAssignmentStorageEP.getPermissionsByUser(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public Map<GroupIdentity, AccessController.AccessResult> getPermissionByGroup(String str, Object obj) {
        return Map.of();
    }

    public Map<GroupIdentity, AccessController.AccessResult> getReadAccessPermissionByGroup(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? Map.of() : this._profileAssignmentStorageEP.getPermissionsByGroup(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        return false;
    }

    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2) {
        return false;
    }

    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }

    protected AccessExplanation _getAccessExplanation(AccessController.AccessResult accessResult, Object obj, UserIdentity userIdentity, Set<GroupIdentity> set, String str) {
        switch (AnonymousClass1.$SwitchMap$org$ametys$core$right$AccessController$AccessResult[accessResult.ordinal()]) {
            case WebdavPropfindGenerator.DEFAULT_DEPTH_ALLPROP /* 1 */:
                return new AccessExplanation(getId(), accessResult, new I18nizableText("plugin.workspaces", "PLUGINS_WORKSPACES_MODULE_ACCESS_CONTROLLER_UNKNOWN_EXPLANATION", Map.of("module", getObjectLabel(obj))));
            default:
                return AccessController.getDefaultAccessExplanation(getId(), accessResult);
        }
    }

    public I18nizableText getObjectLabel(Object obj) {
        return this._moduleEP.getModuleByName(_getModuleRoot(obj).getName()).getModuleTitle();
    }

    public I18nizableText getObjectCategory(Object obj) {
        return ProjectAccessController.WORKSPACE_CONTEXT_CATEGORY;
    }

    protected Iterable<? extends Object> getHandledObjects(UserIdentity userIdentity, Set<GroupIdentity> set) {
        Site site = this._siteManager.getSite(WebHelper.getSiteName(ContextHelper.getRequest(this._context)));
        if (site != null) {
            List<Project> projectsForSite = this._projectManager.getProjectsForSite(site);
            if (!projectsForSite.isEmpty()) {
                try {
                    return this._resolver.query("/jcr:root" + projectsForSite.get(0).getNode().getPath() + "/ametys-internal:resources/*");
                } catch (RepositoryException e) {
                    getLogger().warn("Failed to list project modules", e);
                }
            }
        }
        return List.of();
    }

    protected Collection<String> getHandledRights() {
        return List.of();
    }
}
