package org.ametys.web.pageaccess;

import java.util.Collection;
import java.util.Set;
import org.ametys.cms.repository.Content;
import org.ametys.core.right.AllowedUsers;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.web.repository.content.WebContent;
import org.ametys.web.repository.page.Page;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;

/* loaded from: input_file:org/ametys/web/pageaccess/ContentAccessManager.class */
public class ContentAccessManager extends AbstractLogEnabled implements Component, Serviceable {
    public static final String ROLE = ContentAccessManager.class.getName();
    protected RightManager _rightManager;
    protected CurrentUserProvider _currentUserProvider;
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;

    /* loaded from: input_file:org/ametys/web/pageaccess/ContentAccessManager$ContentAccess.class */
    public enum ContentAccess {
        UNRESTRICTED,
        ALLOWED,
        FORBIDDEN
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
    }

    public ContentAccess getAccess(Content content) {
        return getAccess(content, true);
    }

    public ContentAccess getAccess(Content content, boolean z) {
        return getAccess(content, this._currentUserProvider.getUser(), z);
    }

    public ContentAccess getAccess(Content content, UserIdentity userIdentity) {
        return getAccess(content, userIdentity, true);
    }

    public ContentAccess getAccess(Content content, UserIdentity userIdentity, boolean z) {
        if (!(content instanceof WebContent)) {
            return _getContentAccess(content, userIdentity, z);
        }
        Collection<Page> referencingPages = ((WebContent) content).getReferencingPages();
        if (referencingPages.isEmpty()) {
            return _getContentAccess(content, userIdentity, z);
        }
        for (Page page : referencingPages) {
            if (this._rightManager.hasAnonymousReadAccess(page)) {
                return ContentAccess.UNRESTRICTED;
            }
            if (z && this._rightManager.hasReadAccess(userIdentity, page)) {
                return ContentAccess.ALLOWED;
            }
        }
        return ContentAccess.FORBIDDEN;
    }

    private ContentAccess _getContentAccess(Content content, UserIdentity userIdentity, boolean z) {
        return this._rightManager.hasAnonymousReadAccess(content) ? ContentAccess.UNRESTRICTED : (z && this._rightManager.hasReadAccess(userIdentity, content)) ? ContentAccess.ALLOWED : ContentAccess.FORBIDDEN;
    }

    public boolean isAccessibleByPage(WebContent webContent, Page page) {
        if (this._rightManager.hasAnonymousReadAccess(page)) {
            return getAccess(webContent, null, false) == ContentAccess.UNRESTRICTED;
        }
        AllowedUsers readAccessAllowedUsers = this._rightManager.getReadAccessAllowedUsers(page);
        boolean isAnyConnectedUserAllowed = readAccessAllowedUsers.isAnyConnectedUserAllowed();
        Set allowedUsers = readAccessAllowedUsers.getAllowedUsers();
        Set allowedGroups = readAccessAllowedUsers.getAllowedGroups();
        Set deniedUsers = readAccessAllowedUsers.getDeniedUsers();
        Set deniedGroups = readAccessAllowedUsers.getDeniedGroups();
        for (Page page2 : webContent.getReferencingPages()) {
            if (this._rightManager.hasAnonymousReadAccess(page2)) {
                return true;
            }
            AllowedUsers readAccessAllowedUsers2 = this._rightManager.getReadAccessAllowedUsers(page2);
            boolean isAnyConnectedUserAllowed2 = readAccessAllowedUsers2.isAnyConnectedUserAllowed();
            Set allowedUsers2 = readAccessAllowedUsers2.getAllowedUsers();
            Set allowedGroups2 = readAccessAllowedUsers2.getAllowedGroups();
            Set deniedUsers2 = readAccessAllowedUsers2.getDeniedUsers();
            Set deniedGroups2 = readAccessAllowedUsers2.getDeniedGroups();
            if (isAnyConnectedUserAllowed2 || (!isAnyConnectedUserAllowed && allowedUsers2.containsAll(allowedUsers) && allowedGroups2.containsAll(allowedGroups))) {
                if (deniedUsers.containsAll(deniedUsers2) && deniedGroups.containsAll(deniedGroups2)) {
                    return true;
                }
            }
        }
        return false;
    }
}
