package org.alfresco.repo.security.permissions.impl;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.audit.RecordsManagementAuditService;
import org.alfresco.module.org_alfresco_module_rm.audit.event.AuditEvent;
import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.impl.PermissionServiceImpl;
import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor;
import org.alfresco.repo.security.permissions.processor.PermissionPreProcessor;
import org.alfresco.repo.security.permissions.processor.PermissionProcessorRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.util.Pair;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.lang.StringUtils;
import org.springframework.context.ApplicationEvent;

/* loaded from: input_file:org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.class */
public class ExtendedPermissionServiceImpl extends PermissionServiceImpl implements ExtendedPermissionService {
    private static final String AUDIT_ENABLE_INHERIT_PERMISSION = "enable-inherit-permission";
    private static final String AUDIT_DISABLE_INHERIT_PERMISSION = "disable-inherit-permission";
    protected SimpleCache<Serializable, Set<String>> writersCache;
    protected List<String> configuredReadPermissions;
    protected List<String> configuredFilePermissions;
    private FilePlanService filePlanService;
    private PermissionProcessorRegistry permissionProcessorRegistry;
    private RecordsManagementAuditService recordsManagementAuditService;

    public void init() {
        super.init();
        AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>() { // from class: org.alfresco.repo.security.permissions.impl.ExtendedPermissionServiceImpl.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public Void m261doWork() throws Exception {
                ExtendedPermissionServiceImpl.this.recordsManagementAuditService.registerAuditEvent(new AuditEvent(ExtendedPermissionServiceImpl.AUDIT_ENABLE_INHERIT_PERMISSION, "rm.audit.enable-inherit-permission"));
                ExtendedPermissionServiceImpl.this.recordsManagementAuditService.registerAuditEvent(new AuditEvent(ExtendedPermissionServiceImpl.AUDIT_DISABLE_INHERIT_PERMISSION, "rm.audit.disable-inherit-permission"));
                return null;
            }
        });
    }

    public FilePlanService getFilePlanService() {
        return this.filePlanService;
    }

    public void setFilePlanService(FilePlanService filePlanService) {
        this.filePlanService = filePlanService;
    }

    public void setPermissionProcessorRegistry(PermissionProcessorRegistry permissionProcessorRegistry) {
        this.permissionProcessorRegistry = permissionProcessorRegistry;
    }

    public void setRecordsManagementAuditService(RecordsManagementAuditService recordsManagementAuditService) {
        this.recordsManagementAuditService = recordsManagementAuditService;
    }

    public void setAnyDenyDenies(boolean z) {
        super.setAnyDenyDenies(z);
        if (this.writersCache != null) {
            this.writersCache.clear();
        }
    }

    public void setWritersCache(SimpleCache<Serializable, Set<String>> simpleCache) {
        this.writersCache = simpleCache;
    }

    public void setConfiguredReadPermissions(String str) {
        this.configuredReadPermissions = Arrays.asList(str.split(","));
    }

    public void setConfiguredFilePermissions(String str) {
        this.configuredFilePermissions = Arrays.asList(str.split(","));
    }

    protected void onBootstrap(ApplicationEvent applicationEvent) {
        super.onBootstrap(applicationEvent);
        PropertyCheck.mandatory(this, "writersCache", this.writersCache);
    }

    public AccessStatus hasPermission(NodeRef nodeRef, String str) {
        AccessStatus accessStatus = AccessStatus.UNDETERMINED;
        if (this.nodeService.exists(nodeRef)) {
            Iterator<PermissionPreProcessor> it = this.permissionProcessorRegistry.getPermissionPreProcessors().iterator();
            while (it.hasNext()) {
                AccessStatus process = it.next().process(nodeRef, str);
                if (AccessStatus.DENIED.equals(process)) {
                    return process;
                }
            }
            accessStatus = hasPermissionImpl(nodeRef, str);
            Iterator<PermissionPostProcessor> it2 = this.permissionProcessorRegistry.getPermissionPostProcessors().iterator();
            while (it2.hasNext()) {
                accessStatus = it2.next().process(accessStatus, nodeRef, str, this.configuredReadPermissions, this.configuredFilePermissions);
            }
        }
        return accessStatus;
    }

    protected AccessStatus hasPermissionImpl(NodeRef nodeRef, String str) {
        return super.hasPermission(nodeRef, str);
    }

    protected AccessStatus canRead(Long l) {
        Set authorisations = getAuthorisations();
        if (this.anyDenyDenies) {
            Iterator<String> it = getReadersDenied(l).iterator();
            while (it.hasNext()) {
                if (authorisations.contains(it.next())) {
                    return AccessStatus.DENIED;
                }
            }
        }
        Iterator<String> it2 = getReaders(l).iterator();
        while (it2.hasNext()) {
            if (authorisations.contains(it2.next())) {
                return AccessStatus.ALLOWED;
            }
        }
        return AccessStatus.DENIED;
    }

    public Set<String> getReaders(Long l) {
        AccessControlList accessControlList = this.aclDaoComponent.getAccessControlList(l);
        if (accessControlList == null) {
            return Collections.emptySet();
        }
        Set<String> set = (Set) this.readersCache.get(accessControlList.getProperties());
        if (set != null) {
            return set;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator it = accessControlList.getEntries().iterator();
        while (it.hasNext()) {
            hashSet.add(((AccessControlEntry) it.next()).getAuthority());
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            PermissionServiceImpl.UnconditionalAclTest unconditionalAclTest = new PermissionServiceImpl.UnconditionalAclTest(this, getPermissionReference("Read"));
            PermissionServiceImpl.UnconditionalAclTest unconditionalAclTest2 = new PermissionServiceImpl.UnconditionalAclTest(this, getPermissionReference(RMPermissionModel.READ_RECORDS));
            if (unconditionalAclTest.evaluate(str, l) || unconditionalAclTest2.evaluate(str, l)) {
                hashSet2.add(str);
            }
        }
        Set<String> unmodifiableSet = Collections.unmodifiableSet(hashSet2);
        this.readersCache.put(accessControlList.getProperties(), unmodifiableSet);
        return unmodifiableSet;
    }

    public Set<String> getReadersDenied(Long l) {
        AccessControlList accessControlList = this.aclDaoComponent.getAccessControlList(l);
        if (accessControlList == null) {
            return Collections.emptySet();
        }
        Set<String> set = (Set) this.readersDeniedCache.get(l);
        if (set != null) {
            return set;
        }
        HashSet hashSet = new HashSet();
        HashSet<String> hashSet2 = new HashSet();
        Iterator it = accessControlList.getEntries().iterator();
        while (it.hasNext()) {
            hashSet2.add(((AccessControlEntry) it.next()).getAuthority());
        }
        for (String str : hashSet2) {
            PermissionServiceImpl.UnconditionalDeniedAclTest unconditionalDeniedAclTest = new PermissionServiceImpl.UnconditionalDeniedAclTest(this, getPermissionReference("Read"));
            PermissionServiceImpl.UnconditionalDeniedAclTest unconditionalDeniedAclTest2 = new PermissionServiceImpl.UnconditionalDeniedAclTest(this, getPermissionReference(RMPermissionModel.READ_RECORDS));
            if (unconditionalDeniedAclTest.evaluate(str, l) || unconditionalDeniedAclTest2.evaluate(str, l)) {
                hashSet.add(str);
            }
        }
        this.readersDeniedCache.put(accessControlList.getProperties(), hashSet);
        return hashSet;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ExtendedPermissionService
    public Set<String> getWriters(Long l) {
        AccessControlList accessControlList = this.aclDaoComponent.getAccessControlList(l);
        if (accessControlList == null) {
            return Collections.emptySet();
        }
        Set<String> set = (Set) this.writersCache.get(accessControlList.getProperties());
        if (set != null) {
            return set;
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator it = accessControlList.getEntries().iterator();
        while (it.hasNext()) {
            hashSet.add(((AccessControlEntry) it.next()).getAuthority());
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            if (new PermissionServiceImpl.UnconditionalAclTest(this, getPermissionReference("Write")).evaluate(str, l)) {
                hashSet2.add(str);
            }
        }
        Set<String> unmodifiableSet = Collections.unmodifiableSet(hashSet2);
        this.writersCache.put(accessControlList.getProperties(), unmodifiableSet);
        return unmodifiableSet;
    }

    public void setInheritParentPermissions(NodeRef nodeRef, boolean z) {
        String adminRole = getAdminRole(nodeRef);
        if (this.nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT) && StringUtils.isNotBlank(adminRole) && !z) {
            setPermission(nodeRef, adminRole, RMPermissionModel.FILING, true);
        }
        if (z != super.getInheritParentPermissions(nodeRef)) {
            super.setInheritParentPermissions(nodeRef, z);
            this.recordsManagementAuditService.auditEvent(nodeRef, z ? AUDIT_ENABLE_INHERIT_PERMISSION : AUDIT_DISABLE_INHERIT_PERMISSION);
        }
    }

    private String getAdminRole(NodeRef nodeRef) {
        String str = null;
        NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
        if (filePlan != null) {
            str = this.authorityService.getName(AuthorityType.GROUP, "Administrator" + filePlan.getId());
        }
        return str;
    }

    @Override // org.alfresco.repo.security.permissions.impl.ExtendedPermissionService
    public Pair<Set<String>, Set<String>> getReadersAndWriters(NodeRef nodeRef) {
        Long nodeAclId = this.nodeService.getNodeAclId(nodeRef);
        Set<String> readers = getReaders(nodeAclId);
        HashSet hashSet = new HashSet(getWriters(nodeAclId));
        String owner = this.ownableService.getOwner(nodeRef);
        if (StringUtils.isNotBlank(owner) && !owner.equals("") && this.authorityService.authorityExists(owner)) {
            hashSet.add(owner);
        }
        return new Pair<>(readers, hashSet);
    }
}
