package org.alfresco.service.cmr.workflow;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.workflow.WorkflowModel;
import org.alfresco.repo.workflow.activiti.ActivitiConstants;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;

/* loaded from: input_file:org/alfresco/service/cmr/workflow/WorkflowPermissionInterceptor.class */
public class WorkflowPermissionInterceptor implements MethodInterceptor {
    private PersonService personService;
    private AuthorityService authorityService;
    private WorkflowService workflowService;

    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        if (runAsUser != null && (this.authorityService.isAdminAuthority(runAsUser) || AuthenticationUtil.isRunAsUserTheSystemUser())) {
            return methodInvocation.proceed();
        }
        String name = methodInvocation.getMethod().getName();
        if (name.equals("getTaskById")) {
            Object proceed = methodInvocation.proceed();
            WorkflowTask workflowTask = (WorkflowTask) proceed;
            if (isInitiatorOrAssignee(workflowTask, runAsUser) || fromSameParallelReviewWorkflow(workflowTask, runAsUser) || isStartTaskOfProcessInvolvedIn(workflowTask, runAsUser)) {
                return proceed;
            }
            throw new AccessDeniedException("Accessing task with id='" + ((String) methodInvocation.getArguments()[0]) + "' is not allowed for user '" + runAsUser + "'");
        }
        if (name.equals("getStartTask")) {
            Object proceed2 = methodInvocation.proceed();
            WorkflowTask workflowTask2 = (WorkflowTask) proceed2;
            if (isInitiatorOrAssignee(workflowTask2, runAsUser) || isUserPartOfProcess(workflowTask2, runAsUser)) {
                return proceed2;
            }
            throw new AccessDeniedException("Accessing task with id='" + ((String) methodInvocation.getArguments()[0]) + "' is not allowed for user '" + runAsUser + "'");
        }
        if (name.equals("updateTask") || name.equals("endTask")) {
            String str = (String) methodInvocation.getArguments()[0];
            if (isInitiatorOrAssignee(this.workflowService.getTaskById(str), runAsUser)) {
                return methodInvocation.proceed();
            }
            throw new AccessDeniedException("Accessing task with id='" + str + "' is not allowed for user '" + runAsUser + "'");
        }
        if (!name.equals("getTasksForWorkflowPath") && !name.equals("getStartTasks") && !name.equals("queryTasks")) {
            return methodInvocation.proceed();
        }
        List<WorkflowTask> list = (List) methodInvocation.proceed();
        ArrayList arrayList = new ArrayList(list.size());
        for (WorkflowTask workflowTask3 : list) {
            if (isInitiatorOrAssignee(workflowTask3, runAsUser) || fromSameParallelReviewWorkflow(workflowTask3, runAsUser) || isStartTaskOfProcessInvolvedIn(workflowTask3, runAsUser)) {
                arrayList.add(workflowTask3);
            }
        }
        return arrayList;
    }

    private boolean isInitiatorOrAssignee(WorkflowTask workflowTask, String str) {
        if (workflowTask == null) {
            return true;
        }
        NodeRef person = this.personService.getPerson(str);
        Map<QName, Serializable> properties = workflowTask.getProperties();
        String str2 = (String) properties.get(ContentModel.PROP_OWNER);
        if (str != null && str.equalsIgnoreCase(str2)) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(getUserGroupRef(properties.get(WorkflowModel.ASSOC_ASSIGNEE)));
        arrayList.add(getUserGroupRef(properties.get(WorkflowModel.ASSOC_GROUP_ASSIGNEE)));
        arrayList.addAll(getUserGroupRefs(properties.get(WorkflowModel.ASSOC_GROUP_ASSIGNEES)));
        arrayList.addAll(getUserGroupRefs(properties.get(WorkflowModel.ASSOC_ASSIGNEES)));
        arrayList.addAll(getUserGroupRefs(workflowTask.getProperties().get(WorkflowModel.ASSOC_POOLED_ACTORS)));
        arrayList.add(workflowTask.getPath().getInstance().getInitiator());
        if (arrayList.contains(person)) {
            return true;
        }
        Iterator<String> it = this.authorityService.getAuthoritiesForUser(str).iterator();
        while (it.hasNext()) {
            NodeRef authorityNodeRef = this.authorityService.getAuthorityNodeRef(it.next());
            if (authorityNodeRef != null && arrayList.contains(authorityNodeRef)) {
                return true;
            }
        }
        return false;
    }

    private boolean isStartTaskOfProcessInvolvedIn(WorkflowTask workflowTask, String str) {
        return workflowTask.getId().contains(ActivitiConstants.START_TASK_PREFIX) && isUserPartOfProcess(workflowTask, str);
    }

    private boolean fromSameParallelReviewWorkflow(WorkflowTask workflowTask, String str) {
        if (!workflowTask.getPath().getInstance().getDefinition().getName().toLowerCase().contains("parallel")) {
            return false;
        }
        WorkflowTaskQuery workflowTaskQuery = new WorkflowTaskQuery();
        workflowTaskQuery.setTaskState(null);
        workflowTaskQuery.setActive(null);
        workflowTaskQuery.setProcessId(workflowTask.getPath().getInstance().getId());
        Iterator<WorkflowTask> it = this.workflowService.queryTasks(workflowTaskQuery, true).iterator();
        while (it.hasNext()) {
            if (isInitiatorOrAssignee(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private boolean isUserPartOfProcess(WorkflowTask workflowTask, String str) {
        WorkflowTaskQuery workflowTaskQuery = new WorkflowTaskQuery();
        workflowTaskQuery.setTaskState(null);
        workflowTaskQuery.setActive(null);
        workflowTaskQuery.setProcessId(workflowTask.getPath().getInstance().getId());
        Iterator<WorkflowTask> it = this.workflowService.queryTasks(workflowTaskQuery, true).iterator();
        while (it.hasNext()) {
            if (isInitiatorOrAssignee(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private NodeRef getUserGroupRef(Object obj) {
        NodeRef nodeRef = null;
        if (obj == null || (obj instanceof NodeRef)) {
            nodeRef = (NodeRef) obj;
        } else {
            try {
                nodeRef = this.personService.getPerson(obj.toString());
            } catch (Exception e) {
                try {
                    nodeRef = this.authorityService.getAuthorityNodeRef(obj.toString());
                } catch (Exception e2) {
                }
            }
        }
        return nodeRef;
    }

    private Collection<NodeRef> getUserGroupRefs(Object obj) {
        ArrayList arrayList = new ArrayList();
        if (obj != null && (obj instanceof Collection)) {
            Iterator it = ((Collection) obj).iterator();
            while (it.hasNext()) {
                arrayList.add(getUserGroupRef(it.next()));
            }
        }
        return arrayList;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setWorkflowService(WorkflowService workflowService) {
        this.workflowService = workflowService;
    }
}
