package org.ametys.web.pageaccess;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.ametys.core.group.GroupsManager;
import org.ametys.core.observation.Event;
import org.ametys.core.observation.ObservationManager;
import org.ametys.core.ui.Callable;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.plugins.repository.AmetysObject;
import org.ametys.plugins.repository.UnknownAmetysObjectException;
import org.ametys.plugins.repository.metadata.CompositeMetadata;
import org.ametys.plugins.repository.metadata.ModifiableCompositeMetadata;
import org.ametys.web.ObservationConstants;
import org.ametys.web.WebConstants;
import org.ametys.web.repository.page.MetadataAwarePagesContainer;
import org.ametys.web.repository.page.ModifiablePage;
import org.ametys.web.repository.page.Page;
import org.ametys.web.repository.site.SiteManager;
import org.ametys.web.repository.sitemap.Sitemap;
import org.ametys.web.usermanagement.UserSignupManager;
import org.ametys.web.userpref.FOUserPreferencesConstants;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.cocoon.ProcessingException;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Request;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:org/ametys/web/pageaccess/PageAccessManager.class */
public class PageAccessManager extends AbstractLogEnabled implements Serviceable, Component, Contextualizable {
    public static final String ROLE = PageAccessManager.class.getName();
    public static final Pattern __PAGE_PATH = Pattern.compile("([^/]+)(/(.+))?");
    public static final String GRANTED_USERS_METADATA = "granted-users";
    public static final String GRANTED_GROUPS_METADATA = "granted-groups";
    public static final String EXCLUDED_USERS_METADATA = "excluded-users";
    public static final String EXCLUDED_GROUPS_METADATA = "excluded-groups";
    public static final String GRANT_ANY_USER_METADATA = "grant-any-user";
    private GroupsManager _groupsManager;
    private Context _context;
    private CurrentUserProvider _currentUserProvider;
    private ObservationManager _observationManager;
    private SiteManager _siteManager;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._groupsManager = (GroupsManager) serviceManager.lookup(GroupsManager.ROLE + ".FO");
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
        this._observationManager = (ObservationManager) serviceManager.lookup(ObservationManager.ROLE);
        this._siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
    }

    public PageAccessInfo getAccessInfo(MetadataAwarePagesContainer metadataAwarePagesContainer) {
        Request request = ContextHelper.getRequest(this._context);
        Map<String, PageAccessInfo> map = (Map) request.getAttribute("PageAccessInfo.cache");
        if (map == null) {
            map = new HashMap();
            request.setAttribute("PageAccessInfo.cache", map);
        }
        return _getAccessInfo(metadataAwarePagesContainer, false, map);
    }

    private PageAccessInfo _getAccessInfo(MetadataAwarePagesContainer metadataAwarePagesContainer, boolean z, Map<String, PageAccessInfo> map) {
        String id = metadataAwarePagesContainer.getId();
        if (map.containsKey(id)) {
            return map.get(id);
        }
        PageAccessInfo _getPageAccessInfo = _getPageAccessInfo(metadataAwarePagesContainer, z);
        if (!_getPageAccessInfo.hasPositiveRestriction()) {
            AmetysObject parent = metadataAwarePagesContainer.getParent();
            if (parent instanceof MetadataAwarePagesContainer) {
                PageAccessInfo _getAccessInfo = _getAccessInfo((MetadataAwarePagesContainer) parent, true, map);
                if (_getAccessInfo.hasPositiveRestriction()) {
                    _getPageAccessInfo.setInherited(true);
                    _getPageAccessInfo.setAllowAnyConnectedUser(_getAccessInfo.allowAnyConnectedUser());
                    _getPageAccessInfo.setGrantedUsers(_getAccessInfo.getGrantedUsers());
                    _getPageAccessInfo.setGrantedGroups(_getAccessInfo.getGrantedGroups());
                }
                if (_getAccessInfo.hasNegativeRestriction()) {
                    _getPageAccessInfo.setInherited(true);
                    _getPageAccessInfo.addExcludedUsers(_getAccessInfo.getExcludedUsers());
                    _getPageAccessInfo.addExcludedGroups(_getAccessInfo.getExcludedGroups());
                }
            }
        }
        map.put(id, _getPageAccessInfo);
        return _getPageAccessInfo;
    }

    private PageAccessInfo _getPageAccessInfo(MetadataAwarePagesContainer metadataAwarePagesContainer, boolean z) {
        PageAccessInfo pageAccessInfo = new PageAccessInfo();
        pageAccessInfo.setInherited(z);
        pageAccessInfo.setPageForPositiveRestriction(metadataAwarePagesContainer);
        CompositeMetadata metadataHolder = metadataAwarePagesContainer.getMetadataHolder();
        String[] stringArray = metadataHolder.getStringArray(GRANTED_USERS_METADATA, new String[0]);
        String[] stringArray2 = metadataHolder.getStringArray(GRANTED_GROUPS_METADATA, new String[0]);
        String[] stringArray3 = metadataHolder.getStringArray(EXCLUDED_USERS_METADATA, new String[0]);
        String[] stringArray4 = metadataHolder.getStringArray(EXCLUDED_GROUPS_METADATA, new String[0]);
        boolean z2 = metadataHolder.getBoolean(GRANT_ANY_USER_METADATA, false);
        pageAccessInfo.setAllowAnyConnectedUser(z2);
        if (!z2) {
            if (stringArray != null && stringArray.length > 0) {
                for (String str : stringArray) {
                    pageAccessInfo.getGrantedUsers().add(str);
                }
            }
            if (stringArray2 != null && stringArray2.length > 0) {
                for (String str2 : stringArray2) {
                    pageAccessInfo.getGrantedGroups().add(str2);
                }
            }
        }
        if (stringArray3 != null && stringArray3.length > 0) {
            for (String str3 : stringArray3) {
                pageAccessInfo.getExcludedUsers().put(str3, metadataAwarePagesContainer);
            }
        }
        if (stringArray4 != null && stringArray4.length > 0) {
            for (String str4 : stringArray4) {
                pageAccessInfo.getExcludedGroups().put(str4, metadataAwarePagesContainer);
            }
        }
        return pageAccessInfo;
    }

    public boolean hasRight(MetadataAwarePagesContainer metadataAwarePagesContainer) {
        return hasRight(metadataAwarePagesContainer, (String) ContextHelper.getRequest(this._context).getAttribute(WebConstants.FO_LOGIN));
    }

    public boolean hasRight(MetadataAwarePagesContainer metadataAwarePagesContainer, String str) {
        if (accept(metadataAwarePagesContainer)) {
            return true;
        }
        return _hasRight(metadataAwarePagesContainer, str);
    }

    protected boolean accept(MetadataAwarePagesContainer metadataAwarePagesContainer) {
        if (!(metadataAwarePagesContainer instanceof Page)) {
            return false;
        }
        Set tags = ((Page) metadataAwarePagesContainer).getTags();
        return tags.contains("USER_SIGNUP") || tags.contains("USER_PASSWORD_CHANGE");
    }

    private boolean _hasRight(MetadataAwarePagesContainer metadataAwarePagesContainer, String str) {
        PageAccessInfo accessInfo = getAccessInfo(metadataAwarePagesContainer);
        Set<String> keySet = accessInfo.getExcludedUsers().keySet();
        Set<String> keySet2 = accessInfo.getExcludedGroups().keySet();
        Set<String> grantedUsers = accessInfo.getGrantedUsers();
        Set<String> grantedGroups = accessInfo.getGrantedGroups();
        Set userGroups = this._groupsManager.getUserGroups(str);
        if (!accessInfo.hasNegativeRestriction()) {
            return accessInfo.hasGrantedUsersOrGroups() ? _isGrantedAccess(str, grantedUsers, grantedGroups) : (accessInfo.allowAnyConnectedUser() && str == null) ? false : true;
        }
        if (str == null || keySet.contains(str)) {
            return false;
        }
        Iterator<String> it = keySet2.iterator();
        while (it.hasNext()) {
            if (userGroups.contains(it.next())) {
                return false;
            }
        }
        return accessInfo.hasGrantedUsersOrGroups() ? _isGrantedAccess(str, grantedUsers, grantedGroups) : accessInfo.allowAnyConnectedUser();
    }

    private boolean _isGrantedAccess(String str, Set<String> set, Set<String> set2) {
        Set userGroups = this._groupsManager.getUserGroups(str);
        if (set.contains(str)) {
            return true;
        }
        Iterator<String> it = set2.iterator();
        while (it.hasNext()) {
            if (userGroups.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Callable
    public void setPageAccess(Map<String, Object> map, String str, String str2) throws ProcessingException {
        String str3 = (String) ContextHelper.getRequest(this._context).getAttribute(FOUserPreferencesConstants.CONTEXT_VAR_SITENAME);
        HashSet hashSet = new HashSet();
        if (map.get("grantedUsers") != null) {
            hashSet.addAll((List) map.get("grantedUsers"));
        }
        HashSet hashSet2 = new HashSet();
        if (map.get("grantedGroups") != null) {
            hashSet2.addAll((List) map.get("grantedGroups"));
        }
        HashSet hashSet3 = new HashSet();
        if (map.get("excludedUsers") != null) {
            hashSet3.addAll((List) map.get("excludedUsers"));
        }
        HashSet hashSet4 = new HashSet();
        if (map.get("excludedGroups") != null) {
            hashSet4.addAll((List) map.get("excludedGroups"));
        }
        boolean z = false;
        if (map.get("set-any-user") != null) {
            z = ((Boolean) map.get("set-any-user")).booleanValue();
        }
        try {
            Matcher matcher = __PAGE_PATH.matcher(str2);
            if (matcher.matches()) {
                Sitemap sitemap = this._siteManager.getSite(str3).getSitemap(matcher.group(1));
                String group = matcher.group(3);
                if (StringUtils.isNotEmpty(group)) {
                    ModifiablePage modifiablePage = (ModifiablePage) sitemap.getChild(group);
                    _setLimitedAccess(str, modifiablePage.getMetadataHolder(), hashSet, hashSet2, hashSet3, hashSet4, z);
                    if (modifiablePage.needsSave()) {
                        modifiablePage.saveChanges();
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put("page", modifiablePage);
                    this._observationManager.notify(new Event(ObservationConstants.EVENT_PAGE_ACCESS_UPDATED, this._currentUserProvider.getUser(), hashMap));
                } else {
                    _setLimitedAccess(str, sitemap.getMetadataHolder(), hashSet, hashSet2, hashSet3, hashSet4, z);
                    if (sitemap.needsSave()) {
                        sitemap.saveChanges();
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("sitemap", sitemap);
                    this._observationManager.notify(new Event(ObservationConstants.EVENT_SITEMAP_ACCESS_UPDATED, this._currentUserProvider.getUser(), hashMap2));
                }
            }
        } catch (UnknownAmetysObjectException e) {
            throw new ProcessingException("Unable to set access on unknown page path : " + str2, e);
        }
    }

    private void _setLimitedAccess(String str, ModifiableCompositeMetadata modifiableCompositeMetadata, Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, boolean z) {
        boolean z2 = -1;
        switch (str.hashCode()) {
            case -1321148966:
                if (str.equals("exclude")) {
                    z2 = true;
                    break;
                }
                break;
            case -934610812:
                if (str.equals("remove")) {
                    z2 = 2;
                    break;
                }
                break;
            case -591299561:
                if (str.equals("set-any-user")) {
                    z2 = 3;
                    break;
                }
                break;
            case 96417:
                if (str.equals("add")) {
                    z2 = false;
                    break;
                }
                break;
        }
        switch (z2) {
            case UserSignupManager.SIGNUP_NO_ERROR /* 0 */:
                _add(modifiableCompositeMetadata, GRANTED_USERS_METADATA, set);
                _add(modifiableCompositeMetadata, GRANTED_GROUPS_METADATA, set2);
                return;
            case UserSignupManager.SIGNUP_ERROR_TEMP_EMAIL_ALREADY_EXISTS /* 1 */:
                _add(modifiableCompositeMetadata, EXCLUDED_USERS_METADATA, set3);
                _add(modifiableCompositeMetadata, EXCLUDED_GROUPS_METADATA, set4);
                return;
            case UserSignupManager.SIGNUP_ERROR_USER_ALREADY_EXISTS /* 2 */:
                _remove(modifiableCompositeMetadata, GRANTED_USERS_METADATA, set);
                _remove(modifiableCompositeMetadata, GRANTED_GROUPS_METADATA, set2);
                _remove(modifiableCompositeMetadata, EXCLUDED_USERS_METADATA, set3);
                _remove(modifiableCompositeMetadata, EXCLUDED_GROUPS_METADATA, set4);
                return;
            case UserSignupManager.SIGNUP_TOKEN_UNKNOWN /* 3 */:
                modifiableCompositeMetadata.setMetadata(GRANT_ANY_USER_METADATA, z);
                return;
            default:
                _set(modifiableCompositeMetadata, GRANTED_USERS_METADATA, set);
                _set(modifiableCompositeMetadata, GRANTED_GROUPS_METADATA, set2);
                _set(modifiableCompositeMetadata, EXCLUDED_USERS_METADATA, set3);
                _set(modifiableCompositeMetadata, EXCLUDED_GROUPS_METADATA, set4);
                return;
        }
    }

    private void _add(ModifiableCompositeMetadata modifiableCompositeMetadata, String str, Set<String> set) {
        if (CollectionUtils.isNotEmpty(set)) {
            HashSet hashSet = new HashSet(Arrays.asList(modifiableCompositeMetadata.getStringArray(str, new String[0])));
            hashSet.addAll(set);
            if (modifiableCompositeMetadata.hasMetadata(str)) {
                modifiableCompositeMetadata.removeMetadata(str);
            }
            modifiableCompositeMetadata.setMetadata(str, (String[]) hashSet.toArray(new String[hashSet.size()]));
        }
    }

    private void _remove(ModifiableCompositeMetadata modifiableCompositeMetadata, String str, Set<String> set) {
        if (CollectionUtils.isNotEmpty(set)) {
            HashSet hashSet = new HashSet(Arrays.asList(modifiableCompositeMetadata.getStringArray(str, new String[0])));
            hashSet.removeAll(set);
            if (modifiableCompositeMetadata.hasMetadata(str)) {
                modifiableCompositeMetadata.removeMetadata(str);
            }
            modifiableCompositeMetadata.setMetadata(str, (String[]) hashSet.toArray(new String[hashSet.size()]));
        }
    }

    private void _set(ModifiableCompositeMetadata modifiableCompositeMetadata, String str, Set<String> set) {
        modifiableCompositeMetadata.removeMetadata(str);
        if (CollectionUtils.isNotEmpty(set)) {
            modifiableCompositeMetadata.setMetadata(str, (String[]) set.toArray(new String[set.size()]));
        }
    }
}
