package org.ametys.odf.rights;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.ametys.cms.repository.Content;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.AccessExplanation;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.right.RightsException;
import org.ametys.core.user.UserIdentity;
import org.ametys.odf.ProgramItem;
import org.ametys.odf.data.EducationalPath;
import org.ametys.odf.orgunit.OrgUnit;
import org.ametys.odf.rights.ODFRightHelper;
import org.ametys.odf.tree.ODFContentsTreeHelper;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.plugin.component.PluginAware;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:org/ametys/odf/rights/AbstractODFRoleForContextualizedContentAccessController.class */
public abstract class AbstractODFRoleForContextualizedContentAccessController implements AccessController, Serviceable, PluginAware {
    protected RightProfilesDAO _rightProfileDAO;
    protected ODFContentsTreeHelper _odfContentsTreeHelper;
    protected AmetysObjectResolver _resolver;
    protected ODFRightHelper _odfRightHelper;
    private String _id;

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._rightProfileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
        this._odfContentsTreeHelper = (ODFContentsTreeHelper) serviceManager.lookup(ODFContentsTreeHelper.ROLE);
        this._resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        this._odfRightHelper = (ODFRightHelper) serviceManager.lookup(ODFRightHelper.ROLE);
    }

    public void setPluginInfo(String str, String str2, String str3) {
        this._id = str3;
    }

    public String getId() {
        return this._id;
    }

    public boolean supports(Object obj) {
        return obj instanceof ODFRightHelper.ContextualizedContent;
    }

    protected Set<Content> getParents(Content content, ODFRightHelper.ContextualizedPermissionContext contextualizedPermissionContext) {
        OrgUnit parentOrgUnit;
        if (!(content instanceof ProgramItem)) {
            return (!(content instanceof OrgUnit) || (parentOrgUnit = ((OrgUnit) content).getParentOrgUnit()) == null) ? Set.of() : Set.of(parentOrgUnit);
        }
        ProgramItem programItem = (ProgramItem) content;
        EducationalPath educationalPath = contextualizedPermissionContext.getEducationalPath();
        if (educationalPath == null) {
            return Set.of();
        }
        Content content2 = (ProgramItem) educationalPath.getProgramItems(this._resolver).getLast();
        contextualizedPermissionContext.withEducationalPath(_removeLast(educationalPath));
        HashSet hashSet = new HashSet();
        hashSet.add(content2);
        Stream<String> filter = programItem.getOrgUnits().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        });
        AmetysObjectResolver ametysObjectResolver = this._resolver;
        Objects.requireNonNull(ametysObjectResolver);
        Stream<String> filter2 = filter.filter(ametysObjectResolver::hasAmetysObjectForId);
        AmetysObjectResolver ametysObjectResolver2 = this._resolver;
        Objects.requireNonNull(ametysObjectResolver2);
        Stream<R> map = filter2.map(ametysObjectResolver2::resolveById);
        Class<OrgUnit> cls = OrgUnit.class;
        Objects.requireNonNull(OrgUnit.class);
        hashSet.addAll((Collection) map.map(cls::cast).collect(Collectors.toSet()));
        return hashSet;
    }

    protected ODFRightHelper.ContextualizedPermissionContext getPermissionContext(ODFRightHelper.ContextualizedContent contextualizedContent) {
        EducationalPath path = contextualizedContent.path();
        Content content = contextualizedContent.content();
        if (((ProgramItem) path.getProgramItems(this._resolver).getLast()).getId().equals(content.getId())) {
            path = _removeLast(path);
        }
        return new ODFRightHelper.ContextualizedPermissionContext(content, path);
    }

    private EducationalPath _removeLast(EducationalPath educationalPath) {
        List<ProgramItem> programItems = educationalPath.getProgramItems(this._resolver);
        List<ProgramItem> subList = programItems.subList(0, programItems.size() - 1);
        if (subList.isEmpty()) {
            return null;
        }
        return EducationalPath.of((ProgramItem[]) subList.toArray(i -> {
            return new ProgramItem[i];
        }));
    }

    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        if (!(obj instanceof ODFRightHelper.ContextualizedContent)) {
            return AccessController.AccessResult.UNKNOWN;
        }
        ODFRightHelper.ContextualizedContent contextualizedContent = (ODFRightHelper.ContextualizedContent) obj;
        return _getPermission(userIdentity, set, str, contextualizedContent.content(), getPermissionContext(contextualizedContent));
    }

    private AccessController.AccessResult _getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Content content, ODFRightHelper.ContextualizedPermissionContext contextualizedPermissionContext) {
        if (getRightsInTargetProfile().contains(str) && getLocalAllowedUsers(content).contains(userIdentity)) {
            return AccessController.AccessResult.USER_ALLOWED;
        }
        AccessController.AccessResult accessResult = AccessController.AccessResult.UNKNOWN;
        Set<Content> parents = getParents(content, contextualizedPermissionContext);
        if (parents != null) {
            Iterator<Content> it = parents.iterator();
            while (it.hasNext()) {
                accessResult = AccessController.AccessResult.merge(new AccessController.AccessResult[]{accessResult, _getPermission(userIdentity, set, str, it.next(), contextualizedPermissionContext)});
            }
        }
        return accessResult;
    }

    protected synchronized List<String> getRightsInTargetProfile() {
        String targetProfileId = getTargetProfileId();
        return StringUtils.isNotBlank(targetProfileId) ? this._rightProfileDAO.getRights(targetProfileId) : List.of();
    }

    protected abstract String getTargetProfileId();

    protected Set<UserIdentity> getAllowedUsers(Content content, ODFRightHelper.ContextualizedPermissionContext contextualizedPermissionContext) {
        Set<UserIdentity> localAllowedUsers = getLocalAllowedUsers(content);
        Set<Content> parents = getParents(content, contextualizedPermissionContext);
        if (parents != null) {
            Iterator<Content> it = parents.iterator();
            while (it.hasNext()) {
                localAllowedUsers.addAll(getAllowedUsers(it.next(), contextualizedPermissionContext));
            }
        }
        return localAllowedUsers;
    }

    protected abstract Set<UserIdentity> getLocalAllowedUsers(Content content);

    public AccessController.AccessResult getReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return ((obj instanceof ODFRightHelper.ContextualizedContent) && getAllowedUsers((Content) obj, getPermissionContext((ODFRightHelper.ContextualizedContent) obj)).contains(userIdentity)) ? (Map) getRightsInTargetProfile().stream().collect(Collectors.toMap(str -> {
            return str;
        }, str2 -> {
            return AccessController.AccessResult.USER_ALLOWED;
        })) : Map.of();
    }

    protected abstract String getRoleAttributePath();

    public AccessController.AccessResult getPermissionForAnonymous(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getPermissionForAnyConnectedUser(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        Set<UserIdentity> allowedUsers;
        if (obj instanceof ODFRightHelper.ContextualizedContent) {
            ODFRightHelper.ContextualizedContent contextualizedContent = (ODFRightHelper.ContextualizedContent) obj;
            if (getRightsInTargetProfile().contains(str) && (allowedUsers = getAllowedUsers((Content) obj, getPermissionContext(contextualizedContent))) != null) {
                return (Map) allowedUsers.stream().collect(Collectors.toMap(userIdentity -> {
                    return userIdentity;
                }, userIdentity2 -> {
                    return AccessController.AccessResult.USER_ALLOWED;
                }));
            }
        }
        return Map.of();
    }

    public Map<UserIdentity, AccessController.AccessResult> getReadAccessPermissionByUser(Object obj) {
        return Map.of();
    }

    public Map<GroupIdentity, AccessController.AccessResult> getPermissionByGroup(String str, Object obj) {
        return Map.of();
    }

    public Map<GroupIdentity, AccessController.AccessResult> getReadAccessPermissionByGroup(Object obj) {
        return Map.of();
    }

    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        return false;
    }

    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2) {
        return false;
    }

    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }

    public AccessExplanation explainPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        return AccessController.getDefaultAccessExplanation(getId(), AccessController.AccessResult.UNKNOWN);
    }

    public Map<AccessController.ExplanationObject, Map<AccessController.Permission, AccessExplanation>> explainAllPermissions(UserIdentity userIdentity, Set<GroupIdentity> set, Set<Object> set2) {
        return Map.of();
    }

    public I18nizableText getObjectLabel(Object obj) {
        if (obj instanceof Content) {
            return ODFContentHierarchicalAccessController.getContentObjectLabel((Content) obj, this._odfContentsTreeHelper);
        }
        throw new RightsException("Unsupported object: " + obj.toString());
    }

    public I18nizableText getObjectCategory(Object obj) {
        return ODFContentHierarchicalAccessController.ODF_CONTEXT_CATEGORY;
    }

    public Map<AccessController.Permission, AccessExplanation> explainAllPermissionsForAnonymous(Object obj) {
        return Map.of();
    }

    public Map<AccessController.Permission, AccessExplanation> explainAllPermissionsForAnyConnected(Object obj) {
        return Map.of();
    }

    public Map<UserIdentity, Map<AccessController.Permission, AccessExplanation>> explainAllPermissionsByUser(Object obj) {
        return Map.of();
    }

    public Map<GroupIdentity, Map<AccessController.Permission, AccessExplanation>> explainAllPermissionsByGroup(Object obj) {
        return Map.of();
    }
}
