package org.alfresco.repo.domain.hibernate;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.repo.domain.DbPermissionKey;
import org.alfresco.repo.domain.Node;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
import org.alfresco.repo.security.permissions.impl.PermissionReferenceImpl;
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.transaction.TransactionalDao;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.web.config.ActionsElementReader;
import org.hibernate.Query;
import org.hibernate.ScrollMode;
import org.hibernate.ScrollableResults;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository.jar:org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.class */
public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent, TransactionalDao {
    private static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
    public static final String QUERY_GET_PERMISSION = "permission.GetPermission";
    public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority";
    public static final String QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAllAccessControlEntriesForAuthority";
    public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission";
    public static final String QUERY_FIND_NODES_BY_PERMISSION = "permission.FindNodesByPermission";
    private Map<String, AccessControlListDAO> fProtocolToACLDAO;
    private AccessControlListDAO fDefaultACLDAO;
    private String uuid = GUID.generate();

    public boolean equals(Object obj) {
        if (obj != null && (obj instanceof PermissionsDaoComponentImpl)) {
            return this.uuid.equals(((PermissionsDaoComponentImpl) obj).uuid);
        }
        return false;
    }

    public int hashCode() {
        return this.uuid.hashCode();
    }

    @Override // org.alfresco.repo.transaction.TransactionalDao
    public boolean isDirty() {
        return ((Boolean) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl.1
            @Override // org.springframework.orm.hibernate3.HibernateCallback
            public Object doInHibernate(Session session) {
                return Boolean.valueOf(session.isDirty());
            }
        })).booleanValue();
    }

    @Override // org.alfresco.repo.transaction.TransactionalDao
    public void flush() {
        getSession().flush();
    }

    public void setProtocolToACLDAO(Map<String, AccessControlListDAO> map) {
        this.fProtocolToACLDAO = map;
    }

    public void setDefaultACLDAO(AccessControlListDAO accessControlListDAO) {
        this.fDefaultACLDAO = accessControlListDAO;
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public NodePermissionEntry getPermissions(NodeRef nodeRef) {
        DbAccessControlList dbAccessControlList = null;
        try {
            dbAccessControlList = getAccessControlList(nodeRef, false);
        } catch (InvalidNodeRefException e) {
        }
        SimpleNodePermissionEntry simpleNodePermissionEntry = dbAccessControlList == null ? new SimpleNodePermissionEntry(nodeRef, true, Collections.emptySet()) : createSimpleNodePermissionEntry(nodeRef);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Created access control list for node: \n   node: " + nodeRef + "\n   acl: " + simpleNodePermissionEntry);
        }
        return simpleNodePermissionEntry;
    }

    private DbAccessControlList getAccessControlList(NodeRef nodeRef, boolean z) {
        DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
        if (accessControlList == null && z) {
            accessControlList = createAccessControlList(nodeRef);
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Retrieved access control list: \n   node: " + nodeRef + "\n   list: " + accessControlList);
        }
        return accessControlList;
    }

    private DbAccessControlList createAccessControlList(NodeRef nodeRef) {
        DbAccessControlListImpl dbAccessControlListImpl = new DbAccessControlListImpl();
        dbAccessControlListImpl.setInherits(true);
        getHibernateTemplate().save(dbAccessControlListImpl);
        getACLDAO(nodeRef).setAccessControlList(nodeRef, dbAccessControlListImpl);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Created Access Control List: \n   node: " + nodeRef + "\n   list: " + dbAccessControlListImpl);
        }
        return dbAccessControlListImpl;
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(NodeRef nodeRef) {
        try {
            DbAccessControlList accessControlList = getAccessControlList(nodeRef, false);
            if (accessControlList != null) {
                getACLDAO(nodeRef).setAccessControlList(nodeRef, null);
                getHibernateTemplate().delete(accessControlList);
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(final String str) {
        Integer num = (Integer) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl.2
            @Override // org.springframework.orm.hibernate3.HibernateCallback
            public Object doInHibernate(Session session) {
                return Integer.valueOf(HibernateHelper.deleteDbAccessControlEntries(session, session.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_AUTHORITY).setString("authorityRecipient", str)));
            }
        });
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Deleted " + num + " entries for authority " + str);
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(NodeRef nodeRef, String str) {
        try {
            DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
            int i = 0;
            if (accessControlList != null) {
                i = accessControlList.deleteEntriesForAuthority(str);
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Deleted " + i + "entries for criteria: \n   node: " + nodeRef + "\n   authority: " + str);
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermission(NodeRef nodeRef, String str, PermissionReference permissionReference) {
        try {
            DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
            int i = 0;
            if (accessControlList != null) {
                i = accessControlList.deleteEntry(str, new DbPermissionKey(permissionReference.getQName(), permissionReference.getName()));
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Deleted " + i + "entries for criteria: \n   node: " + nodeRef + "\n   permission: " + permissionReference + "\n   authority: " + str);
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(NodeRef nodeRef, String str, PermissionReference permissionReference, boolean z) {
        DbAccessControlEntry accessControlEntry = getAccessControlEntry(nodeRef, str, permissionReference);
        if (accessControlEntry == null) {
            DbAccessControlEntryImpl newEntry = getAccessControlList(nodeRef, true).newEntry(getPermission(permissionReference, true), getAuthority(str, true), z);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Created new access control entry: " + newEntry);
                return;
            }
            return;
        }
        accessControlEntry.setAllowed(z);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Updated access control entry: " + accessControlEntry);
        }
    }

    private DbAccessControlEntry getAccessControlEntry(NodeRef nodeRef, String str, PermissionReference permissionReference) {
        DbAccessControlList accessControlList = getAccessControlList(nodeRef, false);
        DbAccessControlEntry dbAccessControlEntry = null;
        if (accessControlList != null) {
            dbAccessControlEntry = accessControlList.getEntry(str, new DbPermissionKey(permissionReference.getQName(), permissionReference.getName()));
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("" + (dbAccessControlEntry == null ? "Did not find" : "Found") + " entry for criteria: \n   node: " + nodeRef + "\n   authority: " + str + "\n   permission: " + permissionReference);
        }
        return dbAccessControlEntry;
    }

    private DbAuthority getAuthority(String str, boolean z) {
        DbAuthority dbAuthority = (DbAuthority) getHibernateTemplate().get(DbAuthorityImpl.class, str);
        if (dbAuthority != null || !z) {
            return dbAuthority;
        }
        DbAuthorityImpl dbAuthorityImpl = new DbAuthorityImpl();
        dbAuthorityImpl.setRecipient(str);
        getHibernateTemplate().save(dbAuthorityImpl);
        return dbAuthorityImpl;
    }

    private DbPermission getPermission(PermissionReference permissionReference, boolean z) {
        QName qName = permissionReference.getQName();
        String name = permissionReference.getName();
        DbPermission find = DbPermissionImpl.find(getSession(), qName, name);
        if (find == null && z) {
            find = new DbPermissionImpl();
            find.setTypeQname(qName);
            find.setName(name);
            getHibernateTemplate().save(find);
        }
        return find;
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(PermissionEntry permissionEntry) {
        setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry.getPermissionReference(), permissionEntry.isAllowed());
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(NodePermissionEntry nodePermissionEntry) {
        NodeRef nodeRef = nodePermissionEntry.getNodeRef();
        DbAccessControlList accessControlList = getAccessControlList(nodeRef, false);
        if (accessControlList != null) {
            getACLDAO(nodeRef).setAccessControlList(nodeRef, null);
            getHibernateTemplate().delete(accessControlList);
        }
        DbAccessControlList createAccessControlList = createAccessControlList(nodeRef);
        createAccessControlList.setInherits(nodePermissionEntry.inheritPermissions());
        for (PermissionEntry permissionEntry : nodePermissionEntry.getPermissionEntries()) {
            PermissionReference permissionReference = permissionEntry.getPermissionReference();
            String authority = permissionEntry.getAuthority();
            createAccessControlList.newEntry(getPermission(permissionReference, true), getAuthority(authority, true), permissionEntry.isAllowed());
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setInheritParentPermissions(NodeRef nodeRef, boolean z) {
        if (!z) {
            getAccessControlList(nodeRef, true).setInherits(false);
            return;
        }
        DbAccessControlList accessControlList = getAccessControlList(nodeRef, false);
        if (accessControlList != null) {
            accessControlList.setInherits(true);
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public boolean getInheritParentPermissions(NodeRef nodeRef) {
        try {
            DbAccessControlList accessControlList = getAccessControlList(nodeRef, false);
            if (accessControlList == null) {
                return true;
            }
            return accessControlList.getInherits();
        } catch (InvalidNodeRefException e) {
            return true;
        }
    }

    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef) {
        DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
        if (accessControlList == null) {
            return new SimpleNodePermissionEntry(nodeRef, true, Collections.emptySet());
        }
        return new SimpleNodePermissionEntry(nodeRef, accessControlList.getInherits(), createSimplePermissionEntries(nodeRef, accessControlList.getEntries()));
    }

    private Set<SimplePermissionEntry> createSimplePermissionEntries(NodeRef nodeRef, Collection<DbAccessControlEntry> collection) {
        if (collection == null) {
            return null;
        }
        HashSet hashSet = new HashSet(collection.size(), 1.0f);
        if (collection.size() != 0) {
            Iterator<DbAccessControlEntry> it = collection.iterator();
            while (it.hasNext()) {
                hashSet.add(createSimplePermissionEntry(nodeRef, it.next()));
            }
        }
        return hashSet;
    }

    private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, DbAccessControlEntry dbAccessControlEntry) {
        if (dbAccessControlEntry == null) {
            return null;
        }
        return new SimplePermissionEntry(nodeRef, createSimplePermissionReference(dbAccessControlEntry.getPermission()), dbAccessControlEntry.getAuthority().getRecipient(), dbAccessControlEntry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
    }

    private static SimplePermissionReference createSimplePermissionReference(DbPermission dbPermission) {
        if (dbPermission == null) {
            return null;
        }
        return new SimplePermissionReference(dbPermission.getTypeQname(), dbPermission.getName());
    }

    private AccessControlListDAO getACLDAO(NodeRef nodeRef) {
        AccessControlListDAO accessControlListDAO = this.fProtocolToACLDAO.get(nodeRef.getStoreRef().getProtocol());
        return accessControlListDAO == null ? this.fDefaultACLDAO : accessControlListDAO;
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(final String str) {
        return (Map) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl.3
            @Override // org.springframework.orm.hibernate3.HibernateCallback
            public Object doInHibernate(Session session) {
                Query string = session.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY).setString("authorityRecipient", str);
                HashMap hashMap = new HashMap();
                ScrollableResults scroll = string.scroll(ScrollMode.FORWARD_ONLY);
                while (scroll.next()) {
                    DbAccessControlEntry dbAccessControlEntry = (DbAccessControlEntry) scroll.get(0);
                    Node node = (Node) scroll.get(2);
                    DbPermission permission = dbAccessControlEntry.getPermission();
                    PermissionReferenceImpl permissionReferenceImpl = new PermissionReferenceImpl(permission.getTypeQname(), permission.getName());
                    AccessPermissionImpl accessPermissionImpl = new AccessPermissionImpl(permissionReferenceImpl.toString(), dbAccessControlEntry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED, dbAccessControlEntry.getAuthority().getRecipient());
                    NodeRef nodeRef = node.getNodeRef();
                    Set set = (Set) hashMap.get(nodeRef);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(nodeRef, set);
                    }
                    set.add(accessPermissionImpl);
                }
                return hashMap;
            }
        });
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public Set<NodeRef> findNodeByPermission(final String str, final PermissionReference permissionReference, final boolean z) {
        return (Set) getHibernateTemplate().execute(new HibernateCallback() { // from class: org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl.4
            @Override // org.springframework.orm.hibernate3.HibernateCallback
            public Object doInHibernate(Session session) {
                Query string = session.getNamedQuery(PermissionsDaoComponentImpl.QUERY_FIND_NODES_BY_PERMISSION).setString("authorityRecipient", str).setBoolean(ActionsElementReader.ATTRIBUTE_ALLOW, z).setString("permissionName", permissionReference.getName()).setString("permissionTypeQname", permissionReference.getQName().toString());
                HashSet hashSet = new HashSet();
                ScrollableResults scroll = string.scroll(ScrollMode.FORWARD_ONLY);
                while (scroll.next()) {
                    DbAccessControlEntry dbAccessControlEntry = (DbAccessControlEntry) scroll.get(0);
                    Node node = (Node) scroll.get(2);
                    DbPermission permission = dbAccessControlEntry.getPermission();
                    PermissionReferenceImpl permissionReferenceImpl = new PermissionReferenceImpl(permission.getTypeQname(), permission.getName());
                    new AccessPermissionImpl(permissionReferenceImpl.toString(), dbAccessControlEntry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED, dbAccessControlEntry.getAuthority().getRecipient());
                    hashSet.add(node.getNodeRef());
                }
                return hashSet;
            }
        });
    }
}
