package org.alfresco.repo.site;

import java.util.Iterator;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.node.NodeIdAndAclId;
import org.alfresco.repo.domain.permissions.AclDAO;
import org.alfresco.repo.forms.processor.node.FormFieldConstants;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PublicServiceAccessService;
import org.alfresco.service.cmr.site.SiteInfo;

/* loaded from: input_file:org/alfresco/repo/site/SitesPermissionCleaner.class */
public class SitesPermissionCleaner {
    private NodeService nodeService;
    private PermissionService permissionService;
    private PublicServiceAccessService publicServiceAccessService;
    private SiteServiceImpl siteServiceImpl;
    private AclDAO aclDAO;
    private NodeDAO nodeDAO;
    private TenantService tenantService;

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public void setSiteServiceImpl(SiteServiceImpl siteServiceImpl) {
        this.siteServiceImpl = siteServiceImpl;
    }

    public void setPublicServiceAccessService(PublicServiceAccessService publicServiceAccessService) {
        this.publicServiceAccessService = publicServiceAccessService;
    }

    public void setAclDAO(AclDAO aclDAO) {
        this.aclDAO = aclDAO;
    }

    public void setNodeDAO(NodeDAO nodeDAO) {
        this.nodeDAO = nodeDAO;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void cleanSitePermissions(final NodeRef nodeRef, SiteInfo siteInfo) {
        if (this.nodeDAO.exists(nodeRef)) {
            if (siteInfo == null) {
                siteInfo = this.siteServiceImpl.getSite(nodeRef);
            }
            if (siteInfo == null) {
                return;
            }
            Long l = (Long) this.nodeDAO.getNodePair(this.tenantService.getName(nodeRef)).getFirst();
            Long nodeAclId = this.nodeDAO.getNodeAclId(l);
            if (this.aclDAO.getAcl(nodeAclId).getAclType() == ACLType.DEFINING) {
                Iterator<AccessControlEntry> it = this.aclDAO.getAccessControlList(nodeAclId).getEntries().iterator();
                while (it.hasNext()) {
                    String authority = it.next().getAuthority();
                    String siteGroup = this.siteServiceImpl.getSiteGroup(siteInfo.getShortName(), true);
                    if (authority.startsWith("GROUP_") && !authority.startsWith("GROUP_EVERYONE") && !authority.startsWith(siteGroup) && this.publicServiceAccessService.hasAccess("PermissionService", "clearPermission", nodeRef, authority) == AccessStatus.ALLOWED) {
                        this.permissionService.clearPermission(nodeRef, authority);
                    }
                    if (!this.permissionService.getInheritParentPermissions(nodeRef)) {
                        final String str = String.valueOf(siteGroup) + FormFieldConstants.DATA_KEY_SEPARATOR + SiteModel.SITE_MANAGER;
                        AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>() { // from class: org.alfresco.repo.site.SitesPermissionCleaner.1
                            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
                            public Void m928doWork() throws Exception {
                                SitesPermissionCleaner.this.permissionService.setPermission(nodeRef, str, SiteModel.SITE_MANAGER, true);
                                return null;
                            }
                        }, AuthenticationUtil.getSystemUserName());
                    }
                }
            }
            Iterator<NodeIdAndAclId> it2 = this.nodeDAO.getPrimaryChildrenAcls(l).iterator();
            while (it2.hasNext()) {
                cleanSitePermissions((NodeRef) this.nodeDAO.getNodePair(it2.next().getId()).getSecond(), siteInfo);
            }
        }
    }
}
