package org.alfresco.an2.server.security;

import java.util.Set;
import java.util.regex.Pattern;
import org.alfresco.an2.api.paging.PageData;
import org.alfresco.an2.api.paging.PageRequest;
import org.alfresco.an2.api.security.GroupMemberExistsException;
import org.alfresco.an2.api.security.GroupService;
import org.alfresco.an2.api.security.NoSuchGroupException;
import org.alfresco.an2.api.security.NoSuchUserException;
import org.alfresco.an2.log.ServiceLogger;
import org.alfresco.an2.security.SecurityConstants;
import org.alfresco.an2.spi.security.GroupServiceSPI;
import org.alfresco.an2.spi.security.UserServiceSPI;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.lang3.Validate;
import org.apache.commons.logging.Log;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.prepost.PreAuthorize;

/* loaded from: input_file:org/alfresco/an2/server/security/GroupServiceImpl.class */
public class GroupServiceImpl implements GroupService, InitializingBean, SecurityConstants {
    private static Log loggerWrite = ServiceLogger.getWriteLogger(GroupServiceImpl.class);
    private static Log loggerRead = ServiceLogger.getReadLogger(GroupServiceImpl.class);
    private final UserServiceSPI userServiceSPI;
    private final GroupServiceSPI groupServiceSPI;
    private final Pattern groupPattern = Pattern.compile(".[a-zA-Z0-9\\ \\.\\-]{1,256}$");

    public GroupServiceImpl(UserServiceSPI userServiceSPI, GroupServiceSPI groupServiceSPI) {
        this.userServiceSPI = userServiceSPI;
        this.groupServiceSPI = groupServiceSPI;
    }

    public void afterPropertiesSet() throws Exception {
        PropertyCheck.mandatory(this, "groupServiceSPI", this.groupServiceSPI);
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void createGroup(String str, Set<String> set) {
        Validate.notBlank(str, "username is blank", new Object[0]);
        Validate.notNull(set, "roles are null", new Object[0]);
        if (!this.groupPattern.matcher(str).matches()) {
            throw new IllegalArgumentException("Group name does not match regular expression: " + this.groupPattern);
        }
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        if (set.contains("ROLE_SYS_ADMIN")) {
            throw new IllegalArgumentException("Groups may not have the system administrator role.");
        }
        String tenant = serviceCallContext.getTenant();
        if ("-system-".equals(tenant)) {
            throw new IllegalArgumentException("Groups cannot be created in the -system- tenant.");
        }
        this.groupServiceSPI.createGroup(serviceCallContext, str, set);
        if (loggerWrite.isDebugEnabled()) {
            ServiceLogger.log(loggerWrite, "Created group %s in tenant %s", str, tenant);
        }
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void addUserToGroup(String str, String str2) {
        Validate.notBlank(str, "group is blank", new Object[0]);
        Validate.notBlank(str2, "username is blank", new Object[0]);
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        String groupId = this.groupServiceSPI.getGroupId(serviceCallContext, str);
        if (groupId == null) {
            throw new NoSuchGroupException(serviceCallContext.getTenant(), str);
        }
        String userId = this.userServiceSPI.getUserId(serviceCallContext, str2);
        if (userId == null) {
            throw new NoSuchUserException(serviceCallContext.getTenant(), str2);
        }
        try {
            this.groupServiceSPI.addUserToGroup(serviceCallContext, groupId, userId);
            if (loggerWrite.isDebugEnabled()) {
                ServiceLogger.log(loggerWrite, "Added user %s (%s) to group %s (%s) in tenant %s", str2, userId, str, groupId, serviceCallContext.getTenant());
            }
        } catch (GroupMemberExistsException e) {
            throw new GroupMemberExistsException(serviceCallContext.getTenant(), str, str2);
        }
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public void removeUserFromGroup(String str, String str2) {
        Validate.notBlank(str, "group is blank", new Object[0]);
        Validate.notBlank(str2, "username is blank", new Object[0]);
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        String groupId = this.groupServiceSPI.getGroupId(serviceCallContext, str);
        if (groupId == null) {
            throw new NoSuchGroupException(serviceCallContext.getTenant(), str);
        }
        String userId = this.userServiceSPI.getUserId(serviceCallContext, str2);
        if (userId == null) {
            throw new NoSuchUserException(serviceCallContext.getTenant(), str2);
        }
        this.groupServiceSPI.removeUserFromGroup(serviceCallContext, groupId, userId);
        if (loggerWrite.isDebugEnabled()) {
            ServiceLogger.log(loggerWrite, "Removed user %s (%s) from group %s (%s) in tenant %s", str2, userId, str, groupId, serviceCallContext.getTenant());
        }
    }

    @PreAuthorize(SecurityConstants.HAS_ROLE_ADMIN)
    public PageData<GroupService.GroupMembership> getGroupMembers(String str, PageRequest pageRequest) {
        Validate.notBlank(str, "group is blank", new Object[0]);
        Validate.notNull(pageRequest);
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        String groupId = this.groupServiceSPI.getGroupId(serviceCallContext, str);
        if (groupId == null) {
            throw new NoSuchGroupException(serviceCallContext.getTenant(), str);
        }
        PageData<GroupService.GroupMembership> groupMembers = this.groupServiceSPI.getGroupMembers(serviceCallContext, groupId, pageRequest);
        if (loggerRead.isDebugEnabled()) {
            ServiceLogger.log(loggerRead, "Retrieved %d members of group %s (%s) in tenant %s " + (groupMembers.getNextPageState() == null ? "without further page details" : "including further page details"), Integer.valueOf(groupMembers.size()), str, groupId, serviceCallContext.getTenant());
        }
        return groupMembers;
    }
}
