package org.ametys.plugins.workspaces.project.rights.accesscontroller;

import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.explorer.resources.ModifiableResourceCollection;
import org.ametys.plugins.explorer.resources.ResourceCollection;
import org.ametys.plugins.repository.AmetysObject;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.workspaces.project.ProjectManager;
import org.ametys.plugins.workspaces.project.modules.WorkspaceModule;
import org.ametys.plugins.workspaces.project.modules.WorkspaceModuleExtensionPoint;
import org.ametys.plugins.workspaces.project.objects.Project;
import org.ametys.plugins.workspaces.project.rights.ProjectRightHelper;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;

/* loaded from: input_file:org/ametys/plugins/workspaces/project/rights/accesscontroller/ModuleAccessController.class */
public class ModuleAccessController implements AccessController, Serviceable {
    private static Pattern __MODULE_ROOT_PATH_PATTERN = Pattern.compile("^(/ametys:plugins/workspaces/projects/(?:[^/]+)/ametys-internal:resources/(?:[^/]+)).*$");
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected ProjectRightHelper _projectRightHelper;
    protected AmetysObjectResolver _resolver;
    protected WorkspaceModuleExtensionPoint _moduleEP;
    protected ProjectManager _projectManager;

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._projectRightHelper = (ProjectRightHelper) serviceManager.lookup(ProjectRightHelper.ROLE);
        this._resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        this._moduleEP = (WorkspaceModuleExtensionPoint) serviceManager.lookup(WorkspaceModuleExtensionPoint.ROLE);
        this._projectManager = (ProjectManager) serviceManager.lookup(ProjectManager.ROLE);
    }

    public boolean isSupported(Object obj) {
        if (!(obj instanceof AmetysObject)) {
            return false;
        }
        String path = ((AmetysObject) obj).getPath();
        return path.startsWith("/ametys:plugins/workspaces/projects/") && path.contains("/ametys-internal:resources/");
    }

    private boolean _isModuleActivated(ResourceCollection resourceCollection) {
        Project parent = resourceCollection.getParent().getParent();
        WorkspaceModule moduleByName = this._moduleEP.getModuleByName(resourceCollection.getName());
        if (moduleByName == null) {
            throw new IllegalStateException("Can not find module from the module root name '" + resourceCollection.getName() + "'");
        }
        return this._projectManager.isModuleActivated(parent, moduleByName.getId());
    }

    private ModifiableResourceCollection _getModuleRoot(Object obj) {
        ModifiableResourceCollection modifiableResourceCollection = (AmetysObject) obj;
        Matcher matcher = __MODULE_ROOT_PATH_PATTERN.matcher(modifiableResourceCollection.getPath());
        if (!matcher.matches()) {
            throw new IllegalArgumentException("Node " + modifiableResourceCollection.getPath() + " is not a module path");
        }
        String group = matcher.group(1);
        return modifiableResourceCollection.getPath().equals(group) ? modifiableResourceCollection : this._resolver.resolveByPath(group);
    }

    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        if (_isModuleActivated(_getModuleRoot) && this._profileAssignmentStorageEP.getPermissions(userIdentity, set, this._projectRightHelper.getProfilesIds(), _getModuleRoot).values().stream().anyMatch(accessResult -> {
            return accessResult.toRightResult() == RightManager.RightResult.RIGHT_ALLOW;
        })) {
            return AccessController.AccessResult.USER_ALLOWED;
        }
        return AccessController.AccessResult.UNKNOWN;
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return Map.of();
    }

    public AccessController.AccessResult getPermissionForAnonymous(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? AccessController.AccessResult.UNKNOWN : this._profileAssignmentStorageEP.getPermissionForAnonymous(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public AccessController.AccessResult getPermissionForAnyConnectedUser(String str, Object obj) {
        return AccessController.AccessResult.UNKNOWN;
    }

    public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object obj) {
        return !_isModuleActivated(_getModuleRoot(obj)) ? AccessController.AccessResult.UNKNOWN : this._profileAssignmentStorageEP.getPermissionForAnyConnectedUser(this._projectRightHelper.getProfilesIds(), _getModuleRoot(obj));
    }

    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        return Map.of();
    }

    public Map<UserIdentity, AccessController.AccessResult> getReadAccessPermissionByUser(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? Map.of() : this._profileAssignmentStorageEP.getPermissionsByUser(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public Map<GroupIdentity, AccessController.AccessResult> getPermissionByGroup(String str, Object obj) {
        return Map.of();
    }

    public Map<GroupIdentity, AccessController.AccessResult> getReadAccessPermissionByGroup(Object obj) {
        ModifiableResourceCollection _getModuleRoot = _getModuleRoot(obj);
        return !_isModuleActivated(_getModuleRoot) ? Map.of() : this._profileAssignmentStorageEP.getPermissionsByGroup(this._projectRightHelper.getProfilesIds(), _getModuleRoot);
    }

    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        return false;
    }

    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2) {
        return false;
    }

    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return false;
    }

    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return false;
    }
}
