package org.alfresco.repo.security.authority;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:org/alfresco/repo/security/authority/AuthorityServiceImpl.class */
public class AuthorityServiceImpl implements AuthorityService, InitializingBean {
    private static Log logger = LogFactory.getLog(AuthorityServiceImpl.class);
    private PersonService personService;
    private NodeService nodeService;
    private TenantService tenantService;
    private AuthorityDAO authorityDAO;
    private PermissionServiceSPI permissionServiceSPI;
    private Set<String> adminSet = Collections.singleton(PermissionService.ADMINISTRATOR_AUTHORITY);
    private Set<String> guestSet = Collections.singleton("guest");
    private Set<String> allSet = Collections.singleton(PermissionService.ALL_AUTHORITIES);
    private Set<String> adminUsers = Collections.emptySet();
    private Set<String> adminGroups = Collections.emptySet();

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setAuthorityDAO(AuthorityDAO authorityDAO) {
        this.authorityDAO = authorityDAO;
    }

    public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI) {
        this.permissionServiceSPI = permissionServiceSPI;
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        logger.warn("Bean property 'authenticationService' no longer required on 'AuthorityServiceImpl'.");
    }

    public void setAdminUsers(Set<String> set) {
        this.adminUsers = set;
    }

    public void setAdminGroups(Set<String> set) {
        this.adminGroups = set;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.adminGroups.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet(this.adminGroups.size());
        Iterator<String> it = this.adminGroups.iterator();
        while (it.hasNext()) {
            hashSet.add(getName(AuthorityType.GROUP, it.next()));
        }
        this.adminGroups = hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean hasAdminAuthority() {
        String runAsUser = AuthenticationUtil.getRunAsUser();
        return runAsUser != null && getAuthoritiesForUser(runAsUser).contains(PermissionService.ADMINISTRATOR_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean isAdminAuthority(String str) {
        String userIdentifier = this.personService.getUserIdentifier(str);
        if (userIdentifier == null) {
            userIdentifier = str;
        }
        return getAuthoritiesForUser(userIdentifier).contains(PermissionService.ADMINISTRATOR_AUTHORITY);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthorities() {
        return getAuthoritiesForUser(AuthenticationUtil.getRunAsUser());
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAuthoritiesForUser(String str) {
        HashSet<String> hashSet = new HashSet();
        hashSet.addAll(getContainingAuthorities(null, str, false));
        String baseNameUser = this.tenantService.getBaseNameUser(str);
        boolean z = this.adminUsers.contains(str) || this.adminUsers.contains(baseNameUser);
        if (!z && !this.adminGroups.isEmpty()) {
            for (String str2 : hashSet) {
                if (this.adminGroups.contains(str2) || this.adminGroups.contains(this.tenantService.getBaseNameUser(str2))) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            hashSet.addAll(this.adminSet);
        }
        if (AuthorityType.getAuthorityType(baseNameUser) != AuthorityType.GUEST) {
            hashSet.addAll(this.allSet);
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllAuthorities(AuthorityType authorityType) {
        HashSet hashSet = new HashSet();
        switch (authorityType) {
            case ADMIN:
                hashSet.addAll(this.adminSet);
                break;
            case EVERYONE:
                hashSet.addAll(this.allSet);
                break;
            case GUEST:
                hashSet.addAll(this.guestSet);
                break;
            case GROUP:
                hashSet.addAll(this.authorityDAO.getAllAuthorities(authorityType));
                break;
            case ROLE:
                hashSet.addAll(this.authorityDAO.getAllAuthorities(authorityType));
                break;
            case USER:
                Iterator<NodeRef> it = this.personService.getAllPeople().iterator();
                while (it.hasNext()) {
                    hashSet.add(DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(it.next(), ContentModel.PROP_USERNAME)));
                }
                break;
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void addAuthority(String str, String str2) {
        if (AuthorityType.getAuthorityType(str2).equals(AuthorityType.USER) && !this.personService.personExists(str2)) {
            throw new AuthorityException("The person " + str2 + " does not exist and can not be added to a group");
        }
        this.authorityDAO.addAuthority(str, str2);
    }

    private void checkTypeIsMutable(AuthorityType authorityType) {
        if (authorityType != AuthorityType.GROUP && authorityType != AuthorityType.ROLE) {
            throw new AuthorityException("Trying to modify a fixed authority");
        }
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String createAuthority(AuthorityType authorityType, String str, String str2) {
        checkTypeIsMutable(authorityType);
        String name = getName(authorityType, str2);
        this.authorityDAO.createAuthority(str, name);
        return name;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void deleteAuthority(String str) {
        checkTypeIsMutable(AuthorityType.getAuthorityType(str));
        this.authorityDAO.deleteAuthority(str);
        this.permissionServiceSPI.deletePermissions(str);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getAllRootAuthorities(AuthorityType authorityType) {
        return this.authorityDAO.getAllRootAuthorities(authorityType);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainedAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainedAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public Set<String> getContainingAuthorities(AuthorityType authorityType, String str, boolean z) {
        return this.authorityDAO.getContainingAuthorities(authorityType, str, z);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getName(AuthorityType authorityType, String str) {
        return authorityType.isFixedString() ? authorityType.getFixedString() : authorityType.isPrefixed() ? authorityType.getPrefixString() + str : str;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public String getShortName(String str) {
        AuthorityType authorityType = AuthorityType.getAuthorityType(str);
        return authorityType.isFixedString() ? "" : authorityType.isPrefixed() ? str.substring(authorityType.getPrefixString().length()) : str;
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public void removeAuthority(String str, String str2) {
        this.authorityDAO.removeAuthority(str, str2);
    }

    @Override // org.alfresco.service.cmr.security.AuthorityService
    public boolean authorityExists(String str) {
        return this.authorityDAO.authorityExists(str);
    }
}
