package org.alfresco.module.org_alfresco_module_rm.capability;

import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.security.RMMethodSecurityInterceptor;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.service.cmr.repository.AssociationRef;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;

/* loaded from: input_file:org/alfresco/module/org_alfresco_module_rm/capability/RMSecurityCommon.class */
public class RMSecurityCommon implements ApplicationContextAware {
    protected static final int NOSET_VALUE = -100;
    private static Log logger = LogFactory.getLog(RMSecurityCommon.class);
    protected NodeService nodeService;
    protected PermissionService permissionService;
    protected RMCaveatConfigComponent caveatConfigComponent;
    private FilePlanService filePlanService;
    protected ApplicationContext applicationContext;

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public void setCaveatConfigComponent(RMCaveatConfigComponent rMCaveatConfigComponent) {
        this.caveatConfigComponent = rMCaveatConfigComponent;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FilePlanService getFilePlanService() {
        if (this.filePlanService == null) {
            this.filePlanService = (FilePlanService) this.applicationContext.getBean("filePlanService");
        }
        return this.filePlanService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int setTransactionCache(String str, NodeRef nodeRef, int i) {
        AlfrescoTransactionSupport.bindResource(str + nodeRef.toString() + AuthenticationUtil.getRunAsUser(), Integer.valueOf(i));
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getTransactionCache(String str, NodeRef nodeRef) {
        int i = NOSET_VALUE;
        Integer num = (Integer) AlfrescoTransactionSupport.getResource(str + nodeRef.toString() + AuthenticationUtil.getRunAsUser());
        if (num != null) {
            i = num.intValue();
        }
        return i;
    }

    public int checkRead(NodeRef nodeRef) {
        int i = 0;
        if (nodeRef != null) {
            i = checkRead(nodeRef, false);
        }
        return i;
    }

    public int checkRead(NodeRef nodeRef, boolean z) {
        int i = 0;
        if (this.nodeService.hasAspect(nodeRef, RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT)) {
            i = checkRmRead(nodeRef);
        } else if (z) {
            if (this.permissionService.hasPermission(nodeRef, "Read") == AccessStatus.DENIED) {
                if (logger.isDebugEnabled()) {
                    logger.debug("\t\tPermission is denied");
                    Thread.dumpStack();
                }
                i = -1;
            } else {
                i = 1;
            }
        }
        return i;
    }

    public int checkRmRead(NodeRef nodeRef) {
        int transactionCache = getTransactionCache("checkRmRead", nodeRef);
        if (transactionCache != NOSET_VALUE) {
            return transactionCache;
        }
        if (this.permissionService.hasPermission(nodeRef, RMPermissionModel.READ_RECORDS) == AccessStatus.DENIED) {
            RMMethodSecurityInterceptor.addMessage("User does not have read record permission on node, access denied. (nodeRef={0}, user={1})", nodeRef, AuthenticationUtil.getRunAsUser());
            if (logger.isDebugEnabled()) {
                logger.debug("\t\tUser does not have read record permission on node, access denied.  (nodeRef=" + nodeRef.toString() + ", user=" + AuthenticationUtil.getRunAsUser() + ")");
            }
            return setTransactionCache("checkRmRead", nodeRef, -1);
        }
        NodeRef filePlan = getFilePlanService().getFilePlan(nodeRef);
        if (this.permissionService.hasPermission(filePlan, "ViewRecords") != AccessStatus.DENIED) {
            return this.caveatConfigComponent.hasAccess(nodeRef) ? setTransactionCache("checkRmRead", nodeRef, 1) : setTransactionCache("checkRmRead", nodeRef, -1);
        }
        RMMethodSecurityInterceptor.reportCapabilityStatus("ViewRecords", -1);
        if (logger.isDebugEnabled()) {
            logger.debug("\t\tUser does not have view records capability permission on node, access denied. (filePlan=" + filePlan.toString() + ", user=" + AuthenticationUtil.getRunAsUser() + ")");
        }
        return setTransactionCache("checkRmRead", nodeRef, -1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NodeRef getTestNode(MethodInvocation methodInvocation, Class[] clsArr, int i, boolean z) {
        NodeRef nodeRef = null;
        if (i < 0) {
            if (logger.isDebugEnabled()) {
                logger.debug("\tNothing to test permission against.");
            }
            nodeRef = null;
        } else if (StoreRef.class.isAssignableFrom(clsArr[i])) {
            if (methodInvocation.getArguments()[i] != null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("\tPermission test against the store - using permissions on the root node");
                }
                StoreRef storeRef = (StoreRef) methodInvocation.getArguments()[i];
                if (this.nodeService.exists(storeRef)) {
                    nodeRef = this.nodeService.getRootNode(storeRef);
                }
            }
        } else if (NodeRef.class.isAssignableFrom(clsArr[i])) {
            nodeRef = (NodeRef) methodInvocation.getArguments()[i];
            if (z) {
                nodeRef = this.nodeService.getPrimaryParent(nodeRef).getParentRef();
                if (logger.isDebugEnabled()) {
                    if (this.nodeService.exists(nodeRef)) {
                        logger.debug("\tPermission test for parent on node " + this.nodeService.getPath(nodeRef));
                    } else {
                        logger.debug("\tPermission test for parent on non-existing node " + nodeRef);
                    }
                    logger.debug("\tPermission test for parent on node " + this.nodeService.getPath(nodeRef));
                }
            } else if (logger.isDebugEnabled()) {
                if (this.nodeService.exists(nodeRef)) {
                    logger.debug("\tPermission test on node " + this.nodeService.getPath(nodeRef));
                } else {
                    logger.debug("\tPermission test on non-existing node " + nodeRef);
                }
            }
        } else if (ChildAssociationRef.class.isAssignableFrom(clsArr[i])) {
            if (methodInvocation.getArguments()[i] != null) {
                nodeRef = z ? ((ChildAssociationRef) methodInvocation.getArguments()[i]).getParentRef() : ((ChildAssociationRef) methodInvocation.getArguments()[i]).getChildRef();
                if (logger.isDebugEnabled()) {
                    if (this.nodeService.exists(nodeRef)) {
                        logger.debug("\tPermission test on node " + this.nodeService.getPath(nodeRef));
                    } else {
                        logger.debug("\tPermission test on non-existing node " + nodeRef);
                    }
                }
            }
        } else if (AssociationRef.class.isAssignableFrom(clsArr[i]) && methodInvocation.getArguments()[i] != null) {
            nodeRef = z ? ((AssociationRef) methodInvocation.getArguments()[i]).getSourceRef() : ((AssociationRef) methodInvocation.getArguments()[i]).getTargetRef();
            if (logger.isDebugEnabled()) {
                if (this.nodeService.exists(nodeRef)) {
                    logger.debug("\tPermission test on node " + this.nodeService.getPath(nodeRef));
                } else {
                    logger.debug("\tPermission test on non-existing node " + nodeRef);
                }
            }
        }
        return nodeRef;
    }
}
