package org.ametys.plugins.core.impl.right;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.user.UserIdentity;
import org.ametys.runtime.plugin.component.AbstractLogEnabled;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.collections.CollectionUtils;

/* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController.class */
public abstract class AbstractProfileStorageBasedAccessController extends AbstractLogEnabled implements AccessController, Component, Serviceable {
    protected static final UserIdentity __ANONYMOUS_USER_IDENTITY = null;
    protected static final UserIdentity __ANY_CONTECTED_USER_IDENTITY = new UserIdentity(null, null);
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected RightProfilesDAO _rightProfileDAO;
    protected RightManager _rightManager;
    private final String _cache1 = getClass().getName() + "$Cache-1";
    private final String _cache2 = getClass().getName() + "$Cache-2";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/ametys/plugins/core/impl/right/AbstractProfileStorageBasedAccessController$CacheKind.class */
    public enum CacheKind {
        ANONYMOUS,
        ANY_CONNECTED_USER,
        USERS,
        USER,
        GROUPS
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
        this._rightProfileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        HashMap hashMap = new HashMap();
        Map<String, AccessController.AccessResult> permissionsByProfile = this._profileAssignmentStorageEP.getPermissionsByProfile(userIdentity, set, _convertContext(obj));
        for (String str : permissionsByProfile.keySet()) {
            for (String str2 : this._rightProfileDAO.getRights(str)) {
                hashMap.put(str2, AccessController.AccessResult.merge(permissionsByProfile.get(str), (AccessController.AccessResult) hashMap.get(str2)));
            }
        }
        return hashMap;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermission(userIdentity, set, profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        return _getPermission(userIdentity, set, Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, Set<String> set2, Object obj, Object obj2) {
        Map map = (Map) _hasRightResultInSecondCache(obj2, set2, CacheKind.USER);
        if (map != null && map.containsKey(userIdentity)) {
            return (AccessController.AccessResult) map.get(userIdentity);
        }
        AccessController.AccessResult merge = AccessController.AccessResult.merge(this._profileAssignmentStorageEP.getPermissions(userIdentity, set, set2, obj2).values());
        Map hashMap = map == null ? new HashMap() : map;
        hashMap.put(userIdentity, merge);
        _putInSecondCache(set2, obj2, hashMap, CacheKind.USER);
        return merge;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermissionForAnonymous(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermissionForAnonymous(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object obj) {
        return _getPermissionForAnonymous(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermissionForAnonymous(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult accessResult = (AccessController.AccessResult) _hasRightResultInSecondCache(obj2, set, CacheKind.ANONYMOUS);
        if (accessResult != null) {
            return accessResult;
        }
        AccessController.AccessResult permissionForAnonymous = this._profileAssignmentStorageEP.getPermissionForAnonymous(set, obj2);
        _putInSecondCache(set, obj2, permissionForAnonymous, CacheKind.ANONYMOUS);
        return permissionForAnonymous;
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getPermissionForAnyConnectedUser(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? AccessController.AccessResult.UNKNOWN : _getPermissionForAnyConnectedUser(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object obj) {
        return _getPermissionForAnyConnectedUser(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessController.AccessResult _getPermissionForAnyConnectedUser(Set<String> set, Object obj, Object obj2) {
        AccessController.AccessResult accessResult = (AccessController.AccessResult) _hasRightResultInSecondCache(obj2, set, CacheKind.ANY_CONNECTED_USER);
        if (accessResult != null) {
            return accessResult;
        }
        AccessController.AccessResult permissionForAnyConnectedUser = this._profileAssignmentStorageEP.getPermissionForAnyConnectedUser(set, obj2);
        _putInSecondCache(set, obj2, permissionForAnyConnectedUser, CacheKind.ANY_CONNECTED_USER);
        return permissionForAnyConnectedUser;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? Collections.EMPTY_MAP : _getPermissionByUser(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public Map<UserIdentity, AccessController.AccessResult> getReadAccessPermissionByUser(Object obj) {
        return _getPermissionByUser(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<UserIdentity, AccessController.AccessResult> _getPermissionByUser(Set<String> set, Object obj, Object obj2) {
        Map<UserIdentity, AccessController.AccessResult> map = (Map) _hasRightResultInSecondCache(obj2, set, CacheKind.USERS);
        if (map != null) {
            return map;
        }
        Map<UserIdentity, AccessController.AccessResult> permissionsByUser = this._profileAssignmentStorageEP.getPermissionsByUser(set, obj2);
        _putInSecondCache(set, obj2, permissionsByUser, CacheKind.USERS);
        return permissionsByUser;
    }

    @Override // org.ametys.core.right.AccessController
    public Map<GroupIdentity, AccessController.AccessResult> getPermissionByGroup(String str, Object obj) {
        Set<String> profilesWithRight = this._rightProfileDAO.getProfilesWithRight(str);
        return (profilesWithRight == null || profilesWithRight.isEmpty()) ? Collections.EMPTY_MAP : _getPermissionByGroup(profilesWithRight, obj, _convertContext(obj));
    }

    @Override // org.ametys.core.right.AccessController
    public Map<GroupIdentity, AccessController.AccessResult> getReadAccessPermissionByGroup(Object obj) {
        return _getPermissionByGroup(Collections.singleton(RightManager.READER_PROFILE_ID), obj, _convertContext(obj));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<GroupIdentity, AccessController.AccessResult> _getPermissionByGroup(Set<String> set, Object obj, Object obj2) {
        Map<GroupIdentity, AccessController.AccessResult> map = (Map) _hasRightResultInSecondCache(obj2, set, CacheKind.GROUPS);
        if (map != null) {
            return map;
        }
        Map<GroupIdentity, AccessController.AccessResult> permissionsByGroup = this._profileAssignmentStorageEP.getPermissionsByGroup(set, obj2);
        _putInSecondCache(set, obj2, permissionsByGroup, CacheKind.GROUPS);
        return permissionsByGroup;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object _convertContext(Object obj) {
        return obj;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return _hasAnonymousAnyPermissionOnWorkspace(set, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return _hasAnonymousAnyPermissionOnWorkspace(set, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasAnonymousAnyPermissionOnWorkspace(Set<Object> set, Set<String> set2) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(__ANONYMOUS_USER_IDENTITY, set2, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        boolean hasAnonymousAnyPermission = CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts) ? this._profileAssignmentStorageEP.hasAnonymousAnyPermission(_convertWorkspaceToRootRightContexts, set2) : false;
        _putInFirstCache(__ANONYMOUS_USER_IDENTITY, set2, set, hasAnonymousAnyPermission);
        return hasAnonymousAnyPermission;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> set) {
        return _hasAnyConnectedUserAnyPermissionOnWorkspace(set, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, String str) {
        return _hasAnyConnectedUserAnyPermissionOnWorkspace(set, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> set, Set<String> set2) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(__ANY_CONTECTED_USER_IDENTITY, set2, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        boolean hasAnyConnectedUserAnyPermission = CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts) ? this._profileAssignmentStorageEP.hasAnyConnectedUserAnyPermission(_convertWorkspaceToRootRightContexts, set2) : false;
        _putInFirstCache(__ANY_CONTECTED_USER_IDENTITY, set2, set, hasAnyConnectedUserAnyPermission);
        return hasAnyConnectedUserAnyPermission;
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2) {
        return _hasUserAnyPermissionOnWorkspace(set, userIdentity, set2, Collections.singleton(RightManager.READER_PROFILE_ID));
    }

    @Override // org.ametys.core.right.AccessController
    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        return _hasUserAnyPermissionOnWorkspace(set, userIdentity, set2, this._rightProfileDAO.getProfilesWithRight(str));
    }

    private boolean _hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, Set<String> set3) {
        Boolean _hasRightResultInFirstCache = _hasRightResultInFirstCache(userIdentity, set3, set);
        if (_hasRightResultInFirstCache != null) {
            return _hasRightResultInFirstCache.booleanValue();
        }
        Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
        boolean hasUserAnyPermission = CollectionUtils.isNotEmpty(_convertWorkspaceToRootRightContexts) ? this._profileAssignmentStorageEP.hasUserAnyPermission(_convertWorkspaceToRootRightContexts, userIdentity, set2, set3) : false;
        _putInFirstCache(userIdentity, set3, set, hasUserAnyPermission);
        return hasUserAnyPermission;
    }

    protected abstract Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> set);

    protected Boolean _hasRightResultInFirstCache(UserIdentity userIdentity, Set<String> set, Object obj) {
        if (set == null || set.isEmpty()) {
            return false;
        }
        Map cache = this._rightManager.getCache(this._cache1, false);
        if (cache != null && cache.containsKey(userIdentity)) {
            int i = 0;
            Map map = (Map) cache.get(userIdentity);
            if (map.containsKey(set)) {
                Map map2 = (Map) map.get(set);
                if (map2.containsKey(obj)) {
                    if (((Boolean) map2.get(obj)).booleanValue()) {
                        getLogger().debug("Find entry in cache for [{}, {}, {}] => true", new Object[]{userIdentity, set, obj});
                        return true;
                    }
                    i = 0 + 1;
                }
            }
            if (i == set.size()) {
                return false;
            }
        }
        getLogger().debug("Did not find entry in cache for [{}, {}, {}]", new Object[]{userIdentity, set, obj});
        return null;
    }

    protected void _putInFirstCache(UserIdentity userIdentity, Set<String> set, Object obj, boolean z) {
        Map cache = this._rightManager.getCache(this._cache1, true);
        if (cache != null) {
            if (!cache.containsKey(userIdentity)) {
                cache.put(userIdentity, new HashMap());
            }
            Map map = (Map) cache.get(userIdentity);
            if (!map.containsKey(set)) {
                map.put(set, new HashMap());
            }
            ((Map) map.get(set)).put(obj, Boolean.valueOf(z));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object _hasRightResultInSecondCache(Object obj, Set<String> set, CacheKind cacheKind) {
        Object obj2;
        Map cache = this._rightManager.getCache(this._cache2, false);
        if (cache != null && cache.containsKey(set)) {
            Map map = (Map) cache.get(set);
            if (map.containsKey(obj) && (obj2 = ((Map) map.get(obj)).get(cacheKind)) != null) {
                getLogger().debug("Find entry in cache for [{}, {}, {}] => {}", new Object[]{set, obj, cacheKind, obj2});
                return obj2;
            }
        }
        getLogger().debug("Did not find entry in cache for [{}, {}, {}]", new Object[]{set, obj, cacheKind});
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void _putInSecondCache(Set<String> set, Object obj, Object obj2, CacheKind cacheKind) {
        Map cache = this._rightManager.getCache(this._cache2, true);
        if (cache != null) {
            if (!cache.containsKey(set)) {
                cache.put(set, new HashMap());
            }
            Map map = (Map) cache.get(set);
            if (!map.containsKey(obj)) {
                map.put(obj, new HashMap());
            }
            ((Map) map.get(obj)).put(cacheKind, obj2);
        }
    }
}
