package org.alfresco.repo.security.permissions.impl;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.providers.dao.User;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.policy.Behaviour;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.permissions.DynamicAuthority;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.security.permissions.impl.RequiredPermission;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EqualsHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionServiceSPI, InitializingBean {
    static SimplePermissionReference OLD_ALL_PERMISSIONS_REFERENCE = new SimplePermissionReference(QName.createQName("", PermissionService.ALL_PERMISSIONS), PermissionService.ALL_PERMISSIONS);
    private static Log log = LogFactory.getLog(PermissionServiceImpl.class);
    private SimpleCache<Serializable, AccessStatus> accessCache;
    private ModelDAO modelDAO;
    private PermissionsDaoComponent permissionsDaoComponent;
    private NodeService nodeService;
    private DictionaryService dictionaryService;
    private AuthenticationComponent authenticationComponent;
    private AuthorityService authorityService;
    private List<DynamicAuthority> dynamicAuthorities;
    private PolicyComponent policyComponent;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/security/permissions/impl/PermissionServiceImpl$CacheType.class */
    public enum CacheType {
        HAS_PERMISSION,
        SINGLE_PERMISSION,
        SINGLE_PERMISSION_GLOBAL
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/permissions/impl/PermissionServiceImpl$MutableBoolean.class */
    public static class MutableBoolean {
        private boolean value;

        MutableBoolean(boolean z) {
            this.value = z;
        }

        void setValue(boolean z) {
            this.value = z;
        }

        boolean getValue() {
            return this.value;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/permissions/impl/PermissionServiceImpl$NodeTest.class */
    public class NodeTest {
        PermissionReference required;
        Set<PermissionReference> granters;
        Set<PermissionReference> nodeRequirements;
        Set<PermissionReference> parentRequirements;
        Set<PermissionReference> childrenRequirements;
        QName typeQName;
        Set<QName> aspectQNames;

        NodeTest(PermissionReference permissionReference, QName qName, Set<QName> set) {
            this.nodeRequirements = new HashSet();
            this.parentRequirements = new HashSet();
            this.childrenRequirements = new HashSet();
            this.required = permissionReference;
            this.typeQName = qName;
            this.aspectQNames = set;
            if (permissionReference.equals(PermissionServiceImpl.this.getPermissionReference(PermissionService.ALL_PERMISSIONS))) {
                this.nodeRequirements = PermissionServiceImpl.this.modelDAO.getRequiredPermissions(PermissionServiceImpl.this.getPermissionReference(PermissionService.FULL_CONTROL), qName, set, RequiredPermission.On.NODE);
            } else {
                this.nodeRequirements = PermissionServiceImpl.this.modelDAO.getRequiredPermissions(permissionReference, qName, set, RequiredPermission.On.NODE);
            }
            this.parentRequirements = PermissionServiceImpl.this.modelDAO.getRequiredPermissions(permissionReference, qName, set, RequiredPermission.On.PARENT);
            this.childrenRequirements = PermissionServiceImpl.this.modelDAO.getRequiredPermissions(permissionReference, qName, set, RequiredPermission.On.CHILDREN);
            this.granters = new LinkedHashSet(128, 1.0f);
            this.granters.addAll(PermissionServiceImpl.this.modelDAO.getGrantingPermissions(permissionReference));
            this.granters.add(PermissionServiceImpl.this.getAllPermissionReference());
            this.granters.add(PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE);
        }

        boolean evaluate(Set<String> set, NodeRef nodeRef) {
            return evaluate(set, nodeRef, new HashSet(), null);
        }

        boolean evaluate(Set<String> set, NodeRef nodeRef, Set<Pair<String, PermissionReference>> set2, MutableBoolean mutableBoolean) {
            NodePermissionEntry permissions;
            MutableBoolean mutableBoolean2 = null;
            HashSet hashSet = new HashSet();
            hashSet.addAll(set2);
            hashSet.addAll(getDenied(nodeRef));
            boolean z = true;
            if (PermissionServiceImpl.this.modelDAO.checkPermission(this.required)) {
                if (!this.parentRequirements.contains(this.required)) {
                    z = true & hasSinglePermission(set, nodeRef);
                } else if (checkGlobalPermissions(set) || checkRequired(set, nodeRef, hashSet)) {
                    mutableBoolean2 = null;
                    if (mutableBoolean != null) {
                        mutableBoolean.setValue(true);
                    }
                } else {
                    mutableBoolean2 = new MutableBoolean(false);
                }
                if (!z) {
                    return false;
                }
            }
            Iterator<PermissionReference> it = this.nodeRequirements.iterator();
            while (it.hasNext()) {
                z &= new NodeTest(it.next(), this.typeQName, this.aspectQNames).evaluate(set, nodeRef, hashSet, null);
                if (!z) {
                    return false;
                }
            }
            if (z) {
                ChildAssociationRef primaryParent = PermissionServiceImpl.this.nodeService.getPrimaryParent(nodeRef);
                if (primaryParent.getParentRef() != null && ((permissions = PermissionServiceImpl.this.permissionsDaoComponent.getPermissions(primaryParent.getChildRef())) == null || permissions.inheritPermissions())) {
                    hashSet.addAll(getDenied(primaryParent.getParentRef()));
                    for (PermissionReference permissionReference : this.parentRequirements) {
                        if (permissionReference.equals(this.required)) {
                            z &= evaluate(set, primaryParent.getParentRef(), hashSet, mutableBoolean2);
                            if (mutableBoolean2 != null && mutableBoolean2.getValue() && mutableBoolean != null) {
                                mutableBoolean.setValue(true);
                            }
                        } else {
                            z &= new NodeTest(permissionReference, this.typeQName, this.aspectQNames).evaluate(set, primaryParent.getParentRef(), hashSet, null);
                        }
                        if (!z) {
                            return false;
                        }
                    }
                }
            }
            if (mutableBoolean2 != null && !mutableBoolean2.getValue()) {
                return false;
            }
            if (this.childrenRequirements.size() > 0) {
                List<ChildAssociationRef> childAssocs = PermissionServiceImpl.this.nodeService.getChildAssocs(nodeRef);
                for (PermissionReference permissionReference2 : this.childrenRequirements) {
                    Iterator<ChildAssociationRef> it2 = childAssocs.iterator();
                    while (it2.hasNext()) {
                        z &= PermissionServiceImpl.this.hasPermission(it2.next().getChildRef(), permissionReference2) == AccessStatus.ALLOWED;
                        if (!z) {
                            return false;
                        }
                    }
                }
            }
            return z;
        }

        public boolean hasSinglePermission(Set<String> set, NodeRef nodeRef) {
            Serializable generateKey = PermissionServiceImpl.generateKey(set, nodeRef, this.required, CacheType.SINGLE_PERMISSION_GLOBAL);
            AccessStatus accessStatus = (AccessStatus) PermissionServiceImpl.this.accessCache.get(generateKey);
            if (accessStatus != null) {
                return accessStatus == AccessStatus.ALLOWED;
            }
            if (!checkGlobalPermissions(set)) {
                return hasSinglePermission(set, nodeRef, new HashSet());
            }
            PermissionServiceImpl.this.accessCache.put(generateKey, AccessStatus.ALLOWED);
            return true;
        }

        public boolean hasSinglePermission(Set<String> set, NodeRef nodeRef, Set<Pair<String, PermissionReference>> set2) {
            AccessStatus accessStatus;
            set2.addAll(getDenied(nodeRef));
            Serializable serializable = null;
            if (set2.size() == 0) {
                serializable = PermissionServiceImpl.generateKey(set, nodeRef, this.required, CacheType.SINGLE_PERMISSION);
            }
            if (serializable != null && (accessStatus = (AccessStatus) PermissionServiceImpl.this.accessCache.get(serializable)) != null) {
                return accessStatus == AccessStatus.ALLOWED;
            }
            if (checkRequired(set, nodeRef, set2)) {
                if (serializable == null) {
                    return true;
                }
                PermissionServiceImpl.this.accessCache.put(serializable, AccessStatus.ALLOWED);
                return true;
            }
            ChildAssociationRef primaryParent = PermissionServiceImpl.this.nodeService.getPrimaryParent(nodeRef);
            if (primaryParent.getParentRef() == null) {
                if (serializable == null) {
                    return false;
                }
                PermissionServiceImpl.this.accessCache.put(serializable, AccessStatus.DENIED);
                return false;
            }
            NodePermissionEntry permissions = PermissionServiceImpl.this.permissionsDaoComponent.getPermissions(nodeRef);
            if (permissions != null && !permissions.inheritPermissions()) {
                if (serializable == null) {
                    return false;
                }
                PermissionServiceImpl.this.accessCache.put(serializable, AccessStatus.DENIED);
                return false;
            }
            if (hasSinglePermission(set, primaryParent.getParentRef(), set2)) {
                if (serializable == null) {
                    return true;
                }
                PermissionServiceImpl.this.accessCache.put(serializable, AccessStatus.ALLOWED);
                return true;
            }
            if (serializable == null) {
                return false;
            }
            PermissionServiceImpl.this.accessCache.put(serializable, AccessStatus.DENIED);
            return false;
        }

        private boolean checkGlobalPermissions(Set<String> set) {
            Iterator<? extends PermissionEntry> it = PermissionServiceImpl.this.modelDAO.getGlobalPermissionEntries().iterator();
            while (it.hasNext()) {
                if (isGranted(it.next(), set, null)) {
                    return true;
                }
            }
            return false;
        }

        Set<Pair<String, PermissionReference>> getDenied(NodeRef nodeRef) {
            HashSet hashSet = new HashSet();
            NodePermissionEntry permissions = PermissionServiceImpl.this.permissionsDaoComponent.getPermissions(nodeRef);
            if (permissions != null) {
                for (PermissionEntry permissionEntry : permissions.getPermissionEntries()) {
                    if (permissionEntry.isDenied()) {
                        Iterator<PermissionReference> it = PermissionServiceImpl.this.modelDAO.getGrantingPermissions(permissionEntry.getPermissionReference()).iterator();
                        while (it.hasNext()) {
                            hashSet.add(new Pair(permissionEntry.getAuthority(), it.next()));
                        }
                        Iterator<PermissionReference> it2 = PermissionServiceImpl.this.modelDAO.getGranteePermissions(permissionEntry.getPermissionReference()).iterator();
                        while (it2.hasNext()) {
                            hashSet.add(new Pair(permissionEntry.getAuthority(), it2.next()));
                        }
                        if (permissionEntry.getPermissionReference().equals(PermissionServiceImpl.this.getAllPermissionReference()) || permissionEntry.getPermissionReference().equals(PermissionServiceImpl.OLD_ALL_PERMISSIONS_REFERENCE)) {
                            Iterator<PermissionReference> it3 = PermissionServiceImpl.this.modelDAO.getAllPermissions(nodeRef).iterator();
                            while (it3.hasNext()) {
                                hashSet.add(new Pair(permissionEntry.getAuthority(), it3.next()));
                            }
                        }
                    }
                }
            }
            return hashSet;
        }

        boolean checkRequired(Set<String> set, NodeRef nodeRef, Set<Pair<String, PermissionReference>> set2) {
            NodePermissionEntry permissions = PermissionServiceImpl.this.permissionsDaoComponent.getPermissions(nodeRef);
            if (permissions == null) {
                return false;
            }
            Iterator<? extends PermissionEntry> it = permissions.getPermissionEntries().iterator();
            while (it.hasNext()) {
                if (isGranted(it.next(), set, set2)) {
                    return true;
                }
            }
            return false;
        }

        private boolean isGranted(PermissionEntry permissionEntry, Set<String> set, Set<Pair<String, PermissionReference>> set2) {
            if (permissionEntry.isDenied()) {
                return false;
            }
            return (set2 == null || !set2.contains(new Pair(permissionEntry.getAuthority(), this.required))) && set.contains(permissionEntry.getAuthority()) && this.granters.contains(permissionEntry.getPermissionReference());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/permissions/impl/PermissionServiceImpl$Pair.class */
    public static class Pair<A, B> {
        A a;
        B b;

        Pair(A a, B b) {
            this.a = a;
            this.b = b;
        }

        A getA() {
            return this.a;
        }

        B getB() {
            return this.b;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(this instanceof Pair)) {
                return false;
            }
            Pair pair = (Pair) obj;
            return EqualsHelper.nullSafeEquals(getA(), pair.getA()) && EqualsHelper.nullSafeEquals(getB(), pair.getB());
        }

        public int hashCode() {
            return ((this.a == null ? 0 : this.a.hashCode()) * 37) + (this.b == null ? 0 : this.b.hashCode());
        }
    }

    public void setDictionaryService(DictionaryService dictionaryService) {
        this.dictionaryService = dictionaryService;
    }

    public void setModelDAO(ModelDAO modelDAO) {
        this.modelDAO = modelDAO;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent) {
        this.permissionsDaoComponent = permissionsDaoComponent;
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        this.authenticationComponent = authenticationComponent;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setDynamicAuthorities(List<DynamicAuthority> list) {
        this.dynamicAuthorities = list;
    }

    public void setAccessCache(SimpleCache<Serializable, AccessStatus> simpleCache) {
        this.accessCache = simpleCache;
    }

    public void setPolicyComponent(PolicyComponent policyComponent) {
        this.policyComponent = policyComponent;
    }

    public void onMoveNode(ChildAssociationRef childAssociationRef, ChildAssociationRef childAssociationRef2) {
        this.accessCache.clear();
    }

    public void afterPropertiesSet() throws Exception {
        if (this.dictionaryService == null) {
            throw new IllegalArgumentException("Property 'dictionaryService' has not been set");
        }
        if (this.modelDAO == null) {
            throw new IllegalArgumentException("Property 'modelDAO' has not been set");
        }
        if (this.nodeService == null) {
            throw new IllegalArgumentException("Property 'nodeService' has not been set");
        }
        if (this.permissionsDaoComponent == null) {
            throw new IllegalArgumentException("Property 'permissionsDAO' has not been set");
        }
        if (this.authenticationComponent == null) {
            throw new IllegalArgumentException("Property 'authenticationComponent' has not been set");
        }
        if (this.authorityService == null) {
            throw new IllegalArgumentException("Property 'authorityService' has not been set");
        }
        if (this.accessCache == null) {
            throw new IllegalArgumentException("Property 'accessCache' has not been set");
        }
        if (this.policyComponent == null) {
            throw new IllegalArgumentException("Property 'policyComponent' has not been set");
        }
        this.policyComponent.bindClassBehaviour(QName.createQName("http://www.alfresco.org", "onMoveNode"), ContentModel.TYPE_BASE, (Behaviour) new JavaBehaviour(this, "onMoveNode"));
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public String getOwnerAuthority() {
        return PermissionService.OWNER_AUTHORITY;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public String getAllAuthorities() {
        return PermissionService.ALL_AUTHORITIES;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public String getAllPermission() {
        return PermissionService.ALL_PERMISSIONS;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<AccessPermission> getPermissions(NodeRef nodeRef) {
        return getAllPermissionsImpl(nodeRef, true, true);
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef) {
        HashSet hashSet = new HashSet();
        for (PermissionEntry permissionEntry : getSetPermissions(nodeRef).getPermissionEntries()) {
            hashSet.add(new AccessPermissionImpl(getPermission(permissionEntry.getPermissionReference()), permissionEntry.getAccessStatus(), permissionEntry.getAuthority()));
        }
        return hashSet;
    }

    private Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean z, boolean z2) {
        String currentUserName = this.authenticationComponent.getCurrentUserName();
        HashSet hashSet = new HashSet();
        for (PermissionReference permissionReference : getSettablePermissionReferences(nodeRef)) {
            if (hasPermission(nodeRef, permissionReference) == AccessStatus.ALLOWED) {
                hashSet.add(new AccessPermissionImpl(getPermission(permissionReference), AccessStatus.ALLOWED, currentUserName));
            } else if (z2) {
                hashSet.add(new AccessPermissionImpl(getPermission(permissionReference), AccessStatus.DENIED, currentUserName));
            }
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<String> getSettablePermissions(NodeRef nodeRef) {
        Set<PermissionReference> settablePermissionReferences = getSettablePermissionReferences(nodeRef);
        HashSet hashSet = new HashSet(settablePermissionReferences.size());
        Iterator<PermissionReference> it = settablePermissionReferences.iterator();
        while (it.hasNext()) {
            hashSet.add(getPermission(it.next()));
        }
        return hashSet;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<String> getSettablePermissions(QName qName) {
        Set<PermissionReference> settablePermissionReferences = getSettablePermissionReferences(qName);
        LinkedHashSet linkedHashSet = new LinkedHashSet(settablePermissionReferences.size());
        Iterator<PermissionReference> it = settablePermissionReferences.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(getPermission(it.next()));
        }
        return linkedHashSet;
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public NodePermissionEntry getSetPermissions(NodeRef nodeRef) {
        return this.permissionsDaoComponent.getPermissions(nodeRef);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference permissionReference) {
        if (nodeRef == null) {
            return AccessStatus.ALLOWED;
        }
        if (permissionReference == null) {
            return AccessStatus.DENIED;
        }
        if (!this.nodeService.exists(nodeRef)) {
            return AccessStatus.ALLOWED;
        }
        Set<String> authorisations = getAuthorisations(this.authenticationComponent.getCurrentAuthentication(), nodeRef);
        Serializable generateKey = generateKey(authorisations, nodeRef, permissionReference, CacheType.HAS_PERMISSION);
        AccessStatus accessStatus = this.accessCache.get(generateKey);
        if (accessStatus != null) {
            return accessStatus;
        }
        Set<PermissionReference> allPermissions = this.modelDAO.getAllPermissions(nodeRef);
        allPermissions.add(getAllPermissionReference());
        allPermissions.add(OLD_ALL_PERMISSIONS_REFERENCE);
        if (!allPermissions.contains(permissionReference)) {
            this.accessCache.put(generateKey, AccessStatus.DENIED);
            return AccessStatus.DENIED;
        }
        if (this.authenticationComponent.getCurrentUserName().equals(this.authenticationComponent.getSystemUserName())) {
            return AccessStatus.ALLOWED;
        }
        QName type = this.nodeService.getType(nodeRef);
        Set<QName> aspects = this.nodeService.getAspects(nodeRef);
        if (permissionReference.equals(OLD_ALL_PERMISSIONS_REFERENCE)) {
            permissionReference = getAllPermissionReference();
        }
        boolean evaluate = new NodeTest(permissionReference, type, aspects).evaluate(authorisations, nodeRef);
        if (log.isDebugEnabled()) {
            log.debug("Permission <" + permissionReference + "> is " + (evaluate ? "allowed" : "denied") + " for " + this.authenticationComponent.getCurrentUserName() + " on node " + this.nodeService.getPath(nodeRef));
        }
        AccessStatus accessStatus2 = evaluate ? AccessStatus.ALLOWED : AccessStatus.DENIED;
        this.accessCache.put(generateKey, accessStatus2);
        return accessStatus2;
    }

    static Serializable generateKey(Set<String> set, NodeRef nodeRef, PermissionReference permissionReference, CacheType cacheType) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(permissionReference.toString());
        linkedHashSet.addAll(set);
        linkedHashSet.add(nodeRef);
        linkedHashSet.add(cacheType);
        return linkedHashSet;
    }

    private Set<String> getAuthorisations(Authentication authentication, NodeRef nodeRef) {
        HashSet hashSet = new HashSet();
        if (authentication == null) {
            return hashSet;
        }
        User user = (User) authentication.getPrincipal();
        hashSet.add(user.getUsername());
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            hashSet.add(grantedAuthority.getAuthority());
        }
        if (nodeRef != null && this.dynamicAuthorities != null) {
            for (DynamicAuthority dynamicAuthority : this.dynamicAuthorities) {
                if (dynamicAuthority.hasAuthority(nodeRef, user.getUsername())) {
                    hashSet.add(dynamicAuthority.getAuthority());
                }
            }
        }
        hashSet.addAll(this.authorityService.getAuthorities());
        return hashSet;
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public NodePermissionEntry explainPermission(NodeRef nodeRef, PermissionReference permissionReference) {
        return null;
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public void deletePermissions(NodeRef nodeRef) {
        this.permissionsDaoComponent.deletePermissions(nodeRef);
        this.accessCache.clear();
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public void deletePermissions(NodePermissionEntry nodePermissionEntry) {
        this.permissionsDaoComponent.deletePermissions(nodePermissionEntry.getNodeRef());
        this.accessCache.clear();
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public void deletePermission(PermissionEntry permissionEntry) {
        deletePermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry.getPermissionReference());
    }

    public void deletePermission(NodeRef nodeRef, String str, PermissionReference permissionReference) {
        this.permissionsDaoComponent.deletePermission(nodeRef, str, permissionReference);
        this.accessCache.clear();
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public void clearPermission(NodeRef nodeRef, String str) {
        this.permissionsDaoComponent.deletePermissions(nodeRef, str);
        this.accessCache.clear();
    }

    public void setPermission(NodeRef nodeRef, String str, PermissionReference permissionReference, boolean z) {
        this.permissionsDaoComponent.setPermission(nodeRef, str, permissionReference, z);
        this.accessCache.clear();
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public void setPermission(PermissionEntry permissionEntry) {
        this.permissionsDaoComponent.setPermission(permissionEntry);
        this.accessCache.clear();
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public void setPermission(NodePermissionEntry nodePermissionEntry) {
        this.permissionsDaoComponent.setPermission(nodePermissionEntry);
        this.accessCache.clear();
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public void setInheritParentPermissions(NodeRef nodeRef, boolean z) {
        this.permissionsDaoComponent.setInheritParentPermissions(nodeRef, z);
        this.accessCache.clear();
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public boolean getInheritParentPermissions(NodeRef nodeRef) {
        return this.permissionsDaoComponent.getInheritParentPermissions(nodeRef);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public PermissionReference getPermissionReference(QName qName, String str) {
        return this.modelDAO.getPermissionReference(qName, str);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public PermissionReference getAllPermissionReference() {
        return getPermissionReference(PermissionService.ALL_PERMISSIONS);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public String getPermission(PermissionReference permissionReference) {
        return this.modelDAO.isUnique(permissionReference) ? permissionReference.getName() : permissionReference.toString();
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public PermissionReference getPermissionReference(String str) {
        return this.modelDAO.getPermissionReference(null, str);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public Set<PermissionReference> getSettablePermissionReferences(QName qName) {
        return this.modelDAO.getExposedPermissions(qName);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public Set<PermissionReference> getSettablePermissionReferences(NodeRef nodeRef) {
        return this.modelDAO.getExposedPermissions(nodeRef);
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public void deletePermission(NodeRef nodeRef, String str, String str2) {
        deletePermission(nodeRef, str, getPermissionReference(str2));
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public AccessStatus hasPermission(NodeRef nodeRef, String str) {
        return hasPermission(nodeRef, getPermissionReference(str));
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public void setPermission(NodeRef nodeRef, String str, String str2, boolean z) {
        setPermission(nodeRef, str, getPermissionReference(str2), z);
    }

    @Override // org.alfresco.repo.security.permissions.PermissionServiceSPI
    public void deletePermissions(String str) {
        this.permissionsDaoComponent.deletePermissions(str);
        this.accessCache.clear();
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Map<NodeRef, Set<AccessPermission>> getAllSetPermissionsForCurrentUser() {
        return getAllSetPermissionsForAuthority(this.authenticationComponent.getCurrentUserName());
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Map<NodeRef, Set<AccessPermission>> getAllSetPermissionsForAuthority(String str) {
        return this.permissionsDaoComponent.getAllSetPermissions(str);
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<NodeRef> findNodesByAssignedPermissionForCurrentUser(String str, boolean z, boolean z2, boolean z3) {
        return findNodesByAssignedPermission(this.authenticationComponent.getCurrentUserName(), str, z, z2, z3);
    }

    @Override // org.alfresco.service.cmr.security.PermissionService
    public Set<NodeRef> findNodesByAssignedPermission(String str, String str2, boolean z, boolean z2, boolean z3) {
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        if (z2) {
            hashSet.addAll(this.authorityService.getAuthoritiesForUser(str));
        }
        HashSet hashSet2 = new HashSet();
        PermissionReference permissionReference = getPermissionReference(str2);
        HashSet<PermissionReference> hashSet3 = new HashSet();
        hashSet3.add(permissionReference);
        if (z3) {
            hashSet3.addAll(this.modelDAO.getGrantingPermissions(permissionReference));
        }
        for (PermissionReference permissionReference2 : hashSet3) {
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                hashSet2.addAll(this.permissionsDaoComponent.findNodeByPermission((String) it.next(), permissionReference2, z));
            }
        }
        return hashSet2;
    }
}
