package org.ametys.plugins.workspaces.project.rights;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.right.AccessController;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController;
import org.ametys.plugins.workspaces.project.ProjectManager;
import org.ametys.plugins.workspaces.project.objects.Project;
import org.ametys.web.repository.site.SiteManager;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Request;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;

/* loaded from: input_file:org/ametys/plugins/workspaces/project/rights/ProjectAccessController.class */
public class ProjectAccessController extends AbstractProfileStorageBasedAccessController implements Contextualizable {
    private static final String __RIGHT_PROJECT_FO_EDIT = "Plugins_Workspaces_Rights_Project_FO_Edit";
    protected Context _context;
    protected SiteManager _siteManager;
    protected ProjectManager _projectManager;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
        this._projectManager = (ProjectManager) serviceManager.lookup(ProjectManager.ROLE);
    }

    public boolean isSupported(Object obj) {
        return obj instanceof Project;
    }

    protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> set) {
        if (!set.contains("/web")) {
            return null;
        }
        Request request = ContextHelper.getRequest(this._context);
        String parameter = request.getParameter("siteName");
        if (parameter == null) {
            parameter = (String) request.getAttribute("siteName");
        }
        if (parameter == null) {
            parameter = (String) request.getAttribute("site");
        }
        if (parameter != null) {
            List<String> projectsForSite = this._projectManager.getProjectsForSite(parameter);
            if (!projectsForSite.isEmpty()) {
                return Collections.singleton(projectsForSite.get(0));
            }
        }
        getLogger().warn("Could not determine current project to obtain all permissions");
        return null;
    }

    public AccessController.AccessResult getPermission(UserIdentity userIdentity, Set<GroupIdentity> set, String str, Object obj) {
        AccessController.AccessResult permission = super.getPermission(userIdentity, set, str, obj);
        if ((obj instanceof Project) && __RIGHT_PROJECT_FO_EDIT.equals(str) && ArrayUtils.contains(((Project) obj).getManagers(), userIdentity)) {
            permission = AccessController.AccessResult.merge(new AccessController.AccessResult[]{permission, AccessController.AccessResult.USER_ALLOWED});
        }
        return permission;
    }

    public Map<String, AccessController.AccessResult> getPermissionByRight(UserIdentity userIdentity, Set<GroupIdentity> set, Object obj) {
        Map<String, AccessController.AccessResult> permissionByRight = super.getPermissionByRight(userIdentity, set, obj);
        if ((obj instanceof Project) && ArrayUtils.contains(((Project) obj).getManagers(), userIdentity) && permissionByRight.containsKey(__RIGHT_PROJECT_FO_EDIT)) {
            permissionByRight.put(__RIGHT_PROJECT_FO_EDIT, AccessController.AccessResult.merge(new AccessController.AccessResult[]{permissionByRight.get(__RIGHT_PROJECT_FO_EDIT), AccessController.AccessResult.USER_ALLOWED}));
        }
        return permissionByRight;
    }

    public Map<UserIdentity, AccessController.AccessResult> getPermissionByUser(String str, Object obj) {
        Map<UserIdentity, AccessController.AccessResult> permissionByUser = super.getPermissionByUser(str, obj);
        if ((obj instanceof Project) && __RIGHT_PROJECT_FO_EDIT.equals(str)) {
            for (UserIdentity userIdentity : ((Project) obj).getManagers()) {
                permissionByUser.put(userIdentity, AccessController.AccessResult.merge(new AccessController.AccessResult[]{permissionByUser.containsKey(userIdentity) ? permissionByUser.get(userIdentity) : AccessController.AccessResult.UNKNOWN, AccessController.AccessResult.USER_ALLOWED}));
            }
        }
        return permissionByUser;
    }

    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> set, UserIdentity userIdentity, Set<GroupIdentity> set2, String str) {
        if (__RIGHT_PROJECT_FO_EDIT.equals(str)) {
            Set<? extends Object> _convertWorkspaceToRootRightContexts = _convertWorkspaceToRootRightContexts(set);
            if (!CollectionUtils.isEmpty(_convertWorkspaceToRootRightContexts)) {
                for (Object obj : _convertWorkspaceToRootRightContexts) {
                    if ((obj instanceof String) && this._projectManager.hasProject((String) obj) && ArrayUtils.contains(this._projectManager.getProject((String) obj).getManagers(), userIdentity)) {
                        return true;
                    }
                }
            }
        }
        return super.hasUserAnyPermissionOnWorkspace(set, userIdentity, set2, str);
    }
}
