package org.ametys.runtime.maintenance;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import org.ametys.core.captcha.CaptchaHelper;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.runtime.exception.ServiceUnavailableException;
import org.ametys.runtime.servlet.RuntimeServlet;
import org.ametys.runtime.workspace.WorkspaceMatcher;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/runtime/maintenance/MaintenanceAction.class */
public class MaintenanceAction extends ServiceableAction {
    protected static final Collection<Pattern> ACCEPTED_URL_PATTERNS = Arrays.asList(Pattern.compile("^plugins/core-ui/current-user/image_[0-9]+$"), Pattern.compile("^plugins/core-ui/user/[^/]+/[^/]+/image_[0-9]+$"));
    private CurrentUserProvider _currentUserProvider;
    private RightManager _rightManager;

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        UserIdentity user;
        if (RuntimeServlet.getMaintenanceStatus() == RuntimeServlet.MaintenanceStatus.NONE || acceptedUrl(ObjectModelHelper.getRequest(map)) || (((user = this._currentUserProvider.getUser()) != null && (user.getPopulationId() == UserPopulationDAO.ADMIN_POPULATION_ID || this._rightManager.hasRight(user, "Runtime_Rights_Admin_Maintenance_Access", "/admin") == RightManager.RightResult.RIGHT_ALLOW)) || _isACaptchaUrl((String) ObjectModelHelper.getRequest(map).getAttribute(WorkspaceMatcher.IN_WORKSPACE_URL)))) {
            return EMPTY_MAP;
        }
        throw new ServiceUnavailableException("User " + (user != null ? UserIdentity.userIdentityToString(user) : "[anonymous]") + " cannot access during maintenance");
    }

    private boolean _isACaptchaUrl(String str) {
        Iterator<Pattern> it = CaptchaHelper.getUsedUrlPatterns().iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    public static boolean acceptedUrl(Request request) {
        String str = (String) request.getAttribute(WorkspaceMatcher.IN_WORKSPACE_URL);
        Iterator<Pattern> it = ACCEPTED_URL_PATTERNS.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }
}
