package org.alfresco.repo.domain.permissions;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.cmis.PropertyFilter;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.filesys.alfresco.DesktopAction;
import org.alfresco.repo.cache.SimpleCache;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.qname.QNameDAO;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.repo.security.permissions.ACLCopyMode;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.AccessControlListProperties;
import org.alfresco.repo.security.permissions.SimpleAccessControlEntry;
import org.alfresco.repo.security.permissions.SimpleAccessControlList;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.TransactionListenerAdapter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.alfresco.util.ParameterCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl.class */
public class AclDAOImpl implements AclDAO {
    private static Log logger = LogFactory.getLog(AclDAOImpl.class);
    private QNameDAO qnameDAO;
    private AclCrudDAO aclCrudDAO;
    private NodeDAO nodeDAO;
    private TenantService tenantService;
    private SimpleCache<Serializable, AccessControlList> aclCache;
    private static final String RESOURCE_KEY_ACL_CHANGE_SET_ID = "acl.change.set.id";
    private UpdateChangeSetListener updateChangeSetListener = new UpdateChangeSetListener(this, null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.alfresco.repo.domain.permissions.AclDAOImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$alfresco$repo$security$permissions$ACLType;
        static final /* synthetic */ int[] $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode;

        static {
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLCopyMode[ACLCopyMode.INHERIT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLCopyMode[ACLCopyMode.COW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLCopyMode[ACLCopyMode.REDIRECT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLCopyMode[ACLCopyMode.COPY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode = new int[WriteMode.values().length];
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.COPY_UPDATE_AND_INHERIT.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.CHANGE_INHERITED.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.ADD_INHERITED.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.TRUNCATE_INHERITED.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.INSERT_INHERITED.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.REMOVE_INHERITED.ordinal()] = 6;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.CREATE_AND_INHERIT.ordinal()] = 7;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[WriteMode.COPY_ONLY.ordinal()] = 8;
            } catch (NoSuchFieldError e12) {
            }
            $SwitchMap$org$alfresco$repo$security$permissions$ACLType = new int[ACLType.values().length];
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.OLD.ordinal()] = 1;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.SHARED.ordinal()] = 2;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.DEFINING.ordinal()] = 3;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.LAYERED.ordinal()] = 4;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.FIXED.ordinal()] = 5;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$alfresco$repo$security$permissions$ACLType[ACLType.GLOBAL.ordinal()] = 6;
            } catch (NoSuchFieldError e18) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl$AcePatternMatcher.class */
    public static class AcePatternMatcher {
        private List<? extends AccessControlEntry> patterns;

        AcePatternMatcher(List<? extends AccessControlEntry> list) {
            this.patterns = list;
        }

        boolean matches(AclCrudDAO aclCrudDAO, Map<String, Object> map, int i) {
            if (this.patterns == null) {
                return true;
            }
            Iterator<? extends AccessControlEntry> it = this.patterns.iterator();
            while (it.hasNext()) {
                if (checkPattern(aclCrudDAO, map, i, it.next())) {
                    return true;
                }
            }
            return false;
        }

        private boolean checkPattern(AclCrudDAO aclCrudDAO, Map<String, Object> map, int i, AccessControlEntry accessControlEntry) {
            Boolean bool = (Boolean) map.get("allowed");
            Integer num = (Integer) map.get("applies");
            String str = (String) map.get("authority");
            Long l = (Long) map.get("permissionId");
            Integer num2 = (Integer) map.get("pos");
            if (accessControlEntry.getAccessStatus() != null) {
                if (accessControlEntry.getAccessStatus() != (bool.booleanValue() ? AccessStatus.ALLOWED : AccessStatus.DENIED)) {
                    return false;
                }
            }
            if (accessControlEntry.getAceType() != null && accessControlEntry.getAceType() != ACEType.getACETypeFromId(num.intValue())) {
                return false;
            }
            if (accessControlEntry.getAuthority() != null && accessControlEntry.getAuthorityType() != AuthorityType.WILDCARD && !accessControlEntry.getAuthority().equals(str)) {
                return false;
            }
            if (accessControlEntry.getContext() != null) {
                throw new IllegalArgumentException("Context not yet supported");
            }
            if (accessControlEntry.getPermission() != null && !aclCrudDAO.getPermission(accessControlEntry.getPermission()).getId().equals(l)) {
                return false;
            }
            if (accessControlEntry.getPosition() != null) {
                return accessControlEntry.getPosition().intValue() >= 0 ? num2.intValue() == i : accessControlEntry.getPosition().intValue() != -1 || num2.intValue() > i;
            }
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl$AclChangeImpl.class */
    public static class AclChangeImpl implements AclChange {
        private Long before;
        private Long after;
        private ACLType typeBefore;
        private ACLType typeAfter;

        public AclChangeImpl(Long l, Long l2, ACLType aCLType, ACLType aCLType2) {
            this.before = l;
            this.after = l2;
            this.typeAfter = aCLType2;
            this.typeBefore = aCLType;
        }

        @Override // org.alfresco.repo.security.permissions.impl.AclChange
        public Long getAfter() {
            return this.after;
        }

        @Override // org.alfresco.repo.security.permissions.impl.AclChange
        public Long getBefore() {
            return this.before;
        }

        public void setAfter(Long l) {
            this.after = l;
        }

        public void setBefore(Long l) {
            this.before = l;
        }

        @Override // org.alfresco.repo.security.permissions.impl.AclChange
        public ACLType getTypeAfter() {
            return this.typeAfter;
        }

        public void setTypeAfter(ACLType aCLType) {
            this.typeAfter = aCLType;
        }

        @Override // org.alfresco.repo.security.permissions.impl.AclChange
        public ACLType getTypeBefore() {
            return this.typeBefore;
        }

        public void setTypeBefore(ACLType aCLType) {
            this.typeBefore = aCLType;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("(").append(getBefore()).append(PropertyFilter.PROPERTY_NAME_TOKENS_DELIMITER).append(getTypeBefore()).append(")");
            sb.append(" - > ");
            sb.append("(").append(getAfter()).append(PropertyFilter.PROPERTY_NAME_TOKENS_DELIMITER).append(getTypeAfter()).append(")");
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl$UpdateChangeSetListener.class */
    public class UpdateChangeSetListener extends TransactionListenerAdapter {
        private UpdateChangeSetListener() {
        }

        @Override // org.alfresco.repo.transaction.TransactionListenerAdapter, org.alfresco.repo.transaction.TransactionListener
        public void beforeCommit(boolean z) {
            Long l;
            if (z || (l = (Long) AlfrescoTransactionSupport.getResource(AclDAOImpl.RESOURCE_KEY_ACL_CHANGE_SET_ID)) == null) {
                return;
            }
            AclDAOImpl.this.aclCrudDAO.updateAclChangeSet(l, System.currentTimeMillis());
        }

        /* synthetic */ UpdateChangeSetListener(AclDAOImpl aclDAOImpl, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/domain/permissions/AclDAOImpl$WriteMode.class */
    public enum WriteMode {
        TRUNCATE_INHERITED,
        ADD_INHERITED,
        CHANGE_INHERITED,
        REMOVE_INHERITED,
        INSERT_INHERITED,
        COPY_UPDATE_AND_INHERIT,
        COPY_ONLY,
        CREATE_AND_INHERIT
    }

    public void setQnameDAO(QNameDAO qNameDAO) {
        this.qnameDAO = qNameDAO;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    public void setAclCrudDAO(AclCrudDAO aclCrudDAO) {
        this.aclCrudDAO = aclCrudDAO;
    }

    public void setNodeDAO(NodeDAO nodeDAO) {
        this.nodeDAO = nodeDAO;
    }

    public void setAclCache(SimpleCache<Serializable, AccessControlList> simpleCache) {
        this.aclCache = simpleCache;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Long createAccessControlList() {
        return createAccessControlList(getDefaultProperties()).getId();
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public AccessControlListProperties getDefaultProperties() {
        SimpleAccessControlListProperties simpleAccessControlListProperties = new SimpleAccessControlListProperties();
        simpleAccessControlListProperties.setAclType(ACLType.DEFINING);
        simpleAccessControlListProperties.setInherits(true);
        simpleAccessControlListProperties.setVersioned(false);
        return simpleAccessControlListProperties;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x002e. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0099  */
    @Override // org.alfresco.repo.domain.permissions.AclDAO
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.alfresco.repo.domain.permissions.Acl createAccessControlList(org.alfresco.repo.security.permissions.AccessControlListProperties r6) {
        /*
            r5 = this;
            r0 = r6
            if (r0 != 0) goto Le
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Properties cannot be null"
            r1.<init>(r2)
            throw r0
        Le:
            r0 = r6
            org.alfresco.repo.security.permissions.ACLType r0 = r0.getAclType()
            if (r0 != 0) goto L21
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "ACL Type must be defined"
            r1.<init>(r2)
            throw r0
        L21:
            int[] r0 = org.alfresco.repo.domain.permissions.AclDAOImpl.AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType
            r1 = r6
            org.alfresco.repo.security.permissions.ACLType r1 = r1.getAclType()
            int r1 = r1.ordinal()
            r0 = r0[r1]
            switch(r0) {
                case 1: goto L54;
                case 2: goto L6a;
                case 3: goto L74;
                case 4: goto L74;
                case 5: goto L77;
                case 6: goto L8d;
                default: goto La3;
            }
        L54:
            r0 = r6
            java.lang.Boolean r0 = r0.isVersioned()
            java.lang.Boolean r1 = java.lang.Boolean.TRUE
            if (r0 != r1) goto La3
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Old acls can not be versioned"
            r1.<init>(r2)
            throw r0
        L6a:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Can not create shared acls direct - use get inherited"
            r1.<init>(r2)
            throw r0
        L74:
            goto La3
        L77:
            r0 = r6
            java.lang.Boolean r0 = r0.getInherits()
            java.lang.Boolean r1 = java.lang.Boolean.TRUE
            if (r0 != r1) goto L8d
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Fixed ACLs can not inherit"
            r1.<init>(r2)
            throw r0
        L8d:
            r0 = r6
            java.lang.Boolean r0 = r0.getInherits()
            java.lang.Boolean r1 = java.lang.Boolean.TRUE
            if (r0 != r1) goto La3
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "Fixed ACLs can not inherit"
            r1.<init>(r2)
            throw r0
        La3:
            r0 = r5
            r1 = r6
            r2 = 0
            r3 = 0
            org.alfresco.repo.domain.permissions.Acl r0 = r0.createAccessControlList(r1, r2, r3)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.domain.permissions.AclDAOImpl.createAccessControlList(org.alfresco.repo.security.permissions.AccessControlListProperties):org.alfresco.repo.domain.permissions.Acl");
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Acl createAccessControlList(AccessControlListProperties accessControlListProperties, List<AccessControlEntry> list, Long l) {
        if (accessControlListProperties == null) {
            throw new IllegalArgumentException("Properties cannot be null");
        }
        AclEntity aclEntity = new AclEntity();
        if (accessControlListProperties.getAclId() != null) {
            aclEntity.setAclId(accessControlListProperties.getAclId());
        } else {
            aclEntity.setAclId(GUID.generate());
        }
        aclEntity.setAclType(accessControlListProperties.getAclType());
        aclEntity.setAclVersion(1L);
        switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[accessControlListProperties.getAclType().ordinal()]) {
            case 5:
            case DesktopAction.StsNoSuchAction /* 6 */:
                aclEntity.setInherits(Boolean.FALSE.booleanValue());
                break;
        }
        if (accessControlListProperties.getInherits() != null) {
            aclEntity.setInherits(accessControlListProperties.getInherits().booleanValue());
        } else {
            aclEntity.setInherits(Boolean.TRUE.booleanValue());
        }
        aclEntity.setLatest(Boolean.TRUE.booleanValue());
        switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[accessControlListProperties.getAclType().ordinal()]) {
            case 1:
                aclEntity.setVersioned(Boolean.FALSE.booleanValue());
                break;
            case 2:
            case 3:
            case 5:
            case DesktopAction.StsNoSuchAction /* 6 */:
            default:
                if (accessControlListProperties.isVersioned() != null) {
                    aclEntity.setVersioned(accessControlListProperties.isVersioned().booleanValue());
                    break;
                } else {
                    aclEntity.setVersioned(Boolean.FALSE.booleanValue());
                    break;
                }
            case 4:
                if (accessControlListProperties.isVersioned() != null) {
                    aclEntity.setVersioned(accessControlListProperties.isVersioned().booleanValue());
                    break;
                } else {
                    aclEntity.setVersioned(Boolean.TRUE.booleanValue());
                    break;
                }
        }
        aclEntity.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
        aclEntity.setRequiresVersion(false);
        long longValue = ((AclEntity) this.aclCrudDAO.createAcl(aclEntity)).getId().longValue();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        if (list != null && list.size() > 0) {
            for (AccessControlEntry accessControlEntry : list) {
                if (accessControlEntry.getPosition() != null && accessControlEntry.getPosition().intValue() != 0) {
                    throw new IllegalArgumentException("Invalid position");
                }
                Authority orCreateAuthority = this.aclCrudDAO.getOrCreateAuthority(accessControlEntry.getAuthority());
                Permission orCreatePermission = this.aclCrudDAO.getOrCreatePermission(accessControlEntry.getPermission());
                if (accessControlEntry.getContext() != null) {
                    throw new UnsupportedOperationException();
                }
                Ace orCreateAce = this.aclCrudDAO.getOrCreateAce(orCreatePermission, orCreateAuthority, accessControlEntry.getAceType(), accessControlEntry.getAccessStatus());
                SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
                simpleAccessControlEntry.setAceType(accessControlEntry.getAceType());
                simpleAccessControlEntry.setAuthority(accessControlEntry.getAuthority());
                simpleAccessControlEntry.setPermission(accessControlEntry.getPermission());
                simpleAccessControlEntry.setPosition(0);
                arrayList.add(orCreateAce);
                arrayList2.add(simpleAccessControlEntry);
            }
        }
        Long inheritedAccessControlList = l != null ? getInheritedAccessControlList(l) : null;
        getWritable(Long.valueOf(longValue), inheritedAccessControlList, arrayList2, arrayList, inheritedAccessControlList, false, arrayList3, WriteMode.CREATE_AND_INHERIT);
        return getAcl(Long.valueOf(longValue));
    }

    private void getWritable(Long l, Long l2, List<? extends AccessControlEntry> list, List<Ace> list2, Long l3, boolean z, List<AclChange> list3, WriteMode writeMode) {
        ArrayList arrayList = null;
        ArrayList arrayList2 = null;
        if (writeMode == WriteMode.ADD_INHERITED || writeMode == WriteMode.INSERT_INHERITED || writeMode == WriteMode.CHANGE_INHERITED || writeMode == WriteMode.CREATE_AND_INHERIT) {
            arrayList = new ArrayList();
            arrayList2 = new ArrayList();
            for (AclMember aclMember : l2 != null ? this.aclCrudDAO.getAclMembersByAcl(l2.longValue()) : Collections.emptyList()) {
                Ace ace = this.aclCrudDAO.getAce(aclMember.getAceId().longValue());
                if (writeMode == WriteMode.INSERT_INHERITED && aclMember.getPos().intValue() == 0) {
                    arrayList.add(ace);
                    arrayList2.add(aclMember.getPos());
                } else {
                    arrayList.add(ace);
                    arrayList2.add(aclMember.getPos());
                }
            }
        }
        getWritable(l, l2, new HashSet(), list, list2, l3, arrayList, arrayList2, z, 0, list3, writeMode, false);
    }

    private void getWritable(Long l, Long l2, Set<Long> set, List<? extends AccessControlEntry> list, List<Ace> list2, Long l3, List<Ace> list3, List<Integer> list4, boolean z, int i, List<AclChange> list5, WriteMode writeMode, boolean z2) {
        AclChange writable = getWritable(l, l2, list, list2, l3, list3, list4, i, writeMode, z2);
        list5.add(writable);
        boolean z3 = z2;
        if (!z3) {
            z3 = !writable.getBefore().equals(writable.getAfter());
        }
        if (z) {
            for (Long l4 : this.aclCrudDAO.getAclsThatInheritFromAcl(l.longValue())) {
                if (!set.contains(l4)) {
                    getWritable(l4, writable.getAfter(), set, list, list2, writable.getAfter(), list3, list4, z, i + 1, list5, writeMode, z3);
                } else if (logger.isWarnEnabled()) {
                    logger.warn("ACL cycle detected! Repeated ALC id = '" + l4 + "', inherited ACL id = '" + l + "', already visited ACLs: '" + set + "'. Skipping processing of the ACL id...");
                }
            }
        }
    }

    private AclChange getWritable(Long l, Long l2, List<? extends AccessControlEntry> list, List<Ace> list2, Long l3, List<Ace> list3, List<Integer> list4, int i, WriteMode writeMode, boolean z) {
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
        if (!aclForUpdate.isLatest().booleanValue()) {
            return new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType());
        }
        ArrayList arrayList = new ArrayList(0);
        if (list2 != null) {
            Iterator<Ace> it = list2.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getId());
            }
        }
        if (!aclForUpdate.isVersioned().booleanValue()) {
            switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[writeMode.ordinal()]) {
                case 1:
                    removeAcesFromAcl(l, list, i);
                    this.aclCrudDAO.addAclMembersToAcl(aclForUpdate.getId().longValue(), arrayList, i);
                    break;
                case 2:
                    replaceInherited(l, aclForUpdate, list3, list4, i);
                    break;
                case 3:
                    addInherited(aclForUpdate, list3, list4, i);
                    break;
                case 4:
                    truncateInherited(l, i);
                    break;
                case 5:
                    insertInherited(l, aclForUpdate, list3, list4, i);
                    break;
                case DesktopAction.StsNoSuchAction /* 6 */:
                    removeInherited(l, i);
                    break;
                case DesktopAction.StsLaunchURL /* 7 */:
                    this.aclCrudDAO.addAclMembersToAcl(aclForUpdate.getId().longValue(), arrayList, i);
                    addInherited(aclForUpdate, list3, list4, i);
                    break;
            }
            if (l3 != null) {
                aclForUpdate.setInheritsFrom(l3);
            }
            aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
            this.aclCrudDAO.updateAcl(aclForUpdate);
            return new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType());
        }
        if (aclForUpdate.getAclChangeSetId().longValue() == getCurrentChangeSetId() && !z && !aclForUpdate.getRequiresVersion().booleanValue()) {
            switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[writeMode.ordinal()]) {
                case 1:
                    removeAcesFromAcl(l, list, i);
                    this.aclCrudDAO.addAclMembersToAcl(aclForUpdate.getId().longValue(), arrayList, i);
                    break;
                case 2:
                    replaceInherited(l, aclForUpdate, list3, list4, i);
                    break;
                case 3:
                    addInherited(aclForUpdate, list3, list4, i);
                    break;
                case 4:
                    truncateInherited(l, i);
                    break;
                case 5:
                    insertInherited(l, aclForUpdate, list3, list4, i);
                    break;
                case DesktopAction.StsNoSuchAction /* 6 */:
                    removeInherited(l, i);
                    break;
                case DesktopAction.StsLaunchURL /* 7 */:
                    this.aclCrudDAO.addAclMembersToAcl(aclForUpdate.getId().longValue(), arrayList, i);
                    addInherited(aclForUpdate, list3, list4, i);
                    break;
            }
            if (l3 != null) {
                aclForUpdate.setInheritsFrom(l3);
            }
            this.aclCrudDAO.updateAcl(aclForUpdate);
            return new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType());
        }
        AclEntity aclEntity = new AclEntity();
        aclEntity.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
        aclEntity.setAclId(aclForUpdate.getAclId());
        aclEntity.setAclType(aclForUpdate.getAclType());
        aclEntity.setAclVersion(Long.valueOf(aclForUpdate.getAclVersion().longValue() + 1));
        aclEntity.setInheritedAcl(-1L);
        aclEntity.setInherits(aclForUpdate.getInherits().booleanValue());
        aclEntity.setInheritsFrom(l3 != null ? l3 : aclForUpdate.getInheritsFrom());
        aclEntity.setLatest(Boolean.TRUE.booleanValue());
        aclEntity.setVersioned(Boolean.TRUE.booleanValue());
        aclEntity.setRequiresVersion(Boolean.FALSE.booleanValue());
        long longValue = ((AclEntity) this.aclCrudDAO.createAcl(aclEntity)).getId().longValue();
        List<AclMember> aclMembersByAcl = this.aclCrudDAO.getAclMembersByAcl(l.longValue());
        if (aclMembersByAcl.size() > 0) {
            ArrayList arrayList2 = new ArrayList(aclMembersByAcl.size());
            for (AclMember aclMember : aclMembersByAcl) {
                arrayList2.add(new Pair(aclMember.getAceId(), aclMember.getPos()));
            }
            this.aclCrudDAO.addAclMembersToAcl(aclEntity.getId().longValue(), arrayList2);
        }
        switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$domain$permissions$AclDAOImpl$WriteMode[writeMode.ordinal()]) {
            case 1:
                removeAcesFromAcl(aclEntity.getId(), list, i);
                this.aclCrudDAO.addAclMembersToAcl(aclEntity.getId().longValue(), arrayList, i);
                break;
            case 2:
                replaceInherited(aclEntity.getId(), aclEntity, list3, list4, i);
                break;
            case 3:
                addInherited(aclEntity, list3, list4, i);
                break;
            case 4:
                truncateInherited(aclEntity.getId(), i);
                break;
            case 5:
                insertInherited(aclEntity.getId(), aclEntity, list3, list4, i);
                break;
            case DesktopAction.StsNoSuchAction /* 6 */:
                removeInherited(aclEntity.getId(), i);
                break;
            case DesktopAction.StsLaunchURL /* 7 */:
                this.aclCrudDAO.addAclMembersToAcl(aclForUpdate.getId().longValue(), arrayList, i);
                addInherited(aclForUpdate, list3, list4, i);
                break;
        }
        if (aclEntity.getAclType() == ACLType.SHARED && l2 != null) {
            AclUpdateEntity aclForUpdate2 = this.aclCrudDAO.getAclForUpdate(getWritable(l2, null, null, null, null, null, null, 0, WriteMode.COPY_ONLY, false).getAfter().longValue());
            aclForUpdate2.setInheritedAcl(Long.valueOf(longValue));
            this.aclCrudDAO.updateAcl(aclForUpdate2);
        }
        aclForUpdate.setLatest(Boolean.FALSE.booleanValue());
        aclForUpdate.setRequiresVersion(Boolean.FALSE.booleanValue());
        this.aclCrudDAO.updateAcl(aclForUpdate);
        return new AclChangeImpl(l, Long.valueOf(longValue), aclForUpdate.getAclType(), aclEntity.getAclType());
    }

    private void removeAcesFromAcl(Long l, List<? extends AccessControlEntry> list, int i) {
        if (list == null) {
            this.aclCrudDAO.deleteAclMembersByAcl(l.longValue());
            return;
        }
        AcePatternMatcher acePatternMatcher = new AcePatternMatcher(list);
        List<Map<String, Object>> acesAndAuthoritiesByAcl = this.aclCrudDAO.getAcesAndAuthoritiesByAcl(l.longValue());
        ArrayList arrayList = new ArrayList(acesAndAuthoritiesByAcl.size());
        for (Map<String, Object> map : acesAndAuthoritiesByAcl) {
            Long l2 = (Long) map.get("aclmemId");
            if (list != null && acePatternMatcher.matches(this.aclCrudDAO, map, i)) {
                arrayList.add(l2);
            }
        }
        this.aclCrudDAO.deleteAclMembers(arrayList);
    }

    private void replaceInherited(Long l, Acl acl, List<Ace> list, List<Integer> list2, int i) {
        truncateInherited(l, i);
        addInherited(acl, list, list2, i);
    }

    private void truncateInherited(Long l, int i) {
        List<AclMember> aclMembersByAcl = this.aclCrudDAO.getAclMembersByAcl(l.longValue());
        ArrayList arrayList = new ArrayList(aclMembersByAcl.size());
        for (AclMember aclMember : aclMembersByAcl) {
            if (aclMember.getPos().intValue() > i) {
                arrayList.add(aclMember.getId());
            }
        }
        if (arrayList.size() > 0) {
            this.aclCrudDAO.deleteAclMembers(arrayList);
        }
    }

    private void removeInherited(Long l, int i) {
        List<AclMemberEntity> aclMembersByAclForUpdate = this.aclCrudDAO.getAclMembersByAclForUpdate(l.longValue());
        ArrayList arrayList = new ArrayList(aclMembersByAclForUpdate.size());
        for (AclMemberEntity aclMemberEntity : aclMembersByAclForUpdate) {
            if (aclMemberEntity.getPos().intValue() == i + 1) {
                arrayList.add(aclMemberEntity.getId());
            } else if (aclMemberEntity.getPos().intValue() > i + 1) {
                aclMemberEntity.setPos(Integer.valueOf(aclMemberEntity.getPos().intValue() - 1));
                this.aclCrudDAO.updateAclMember(aclMemberEntity);
            }
        }
        if (arrayList.size() > 0) {
            this.aclCrudDAO.deleteAclMembers(arrayList);
        }
    }

    private void addInherited(Acl acl, List<Ace> list, List<Integer> list2, int i) {
        if (list == null || list.size() <= 0) {
            return;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (int i2 = 0; i2 < list.size(); i2++) {
            arrayList.add(new Pair(list.get(i2).getId(), Integer.valueOf(list2.get(i2).intValue() + i + 1)));
        }
        this.aclCrudDAO.addAclMembersToAcl(acl.getId().longValue(), arrayList);
    }

    private void insertInherited(Long l, AclEntity aclEntity, List<Ace> list, List<Integer> list2, int i) {
        for (AclMemberEntity aclMemberEntity : this.aclCrudDAO.getAclMembersByAclForUpdate(l.longValue())) {
            if (aclMemberEntity.getPos().intValue() > i) {
                aclMemberEntity.setPos(Integer.valueOf(aclMemberEntity.getPos().intValue() + 1));
                this.aclCrudDAO.updateAclMember(aclMemberEntity);
            }
        }
        addInherited(aclEntity, list, list2, i);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> deleteAccessControlEntries(String str) {
        LinkedList linkedList = new LinkedList();
        Authority authority = this.aclCrudDAO.getAuthority(str);
        if (authority == null) {
            return linkedList;
        }
        ArrayList arrayList = new ArrayList();
        List<AclMember> aclMembersByAuthority = this.aclCrudDAO.getAclMembersByAuthority(str);
        boolean z = false;
        if (aclMembersByAuthority.size() > 0) {
            HashSet<AclUpdateEntity> hashSet = new HashSet(aclMembersByAuthority.size() * 2);
            ArrayList arrayList2 = new ArrayList(aclMembersByAuthority.size());
            for (AclMember aclMember : aclMembersByAuthority) {
                Long id = aclMember.getId();
                Long aclId = aclMember.getAclId();
                Long aceId = aclMember.getAceId();
                boolean z2 = false;
                if (AuthenticationUtil.isMtEnabled()) {
                    List<Long> aDMNodesByAcl = this.aclCrudDAO.getADMNodesByAcl(aclId.longValue(), -1);
                    aDMNodesByAcl.addAll(this.aclCrudDAO.getAVMNodesByAcl(aclId.longValue(), -1));
                    if (aDMNodesByAcl.size() > 0) {
                        for (Long l : aDMNodesByAcl) {
                            Pair<Long, NodeRef> nodePair = this.nodeDAO.getNodePair(l);
                            if (nodePair == null) {
                                logger.warn("Node does not exist: " + l);
                            } else {
                                try {
                                    this.tenantService.checkDomain(((NodeRef) nodePair.getSecond()).getStoreRef().getIdentifier());
                                } catch (AlfrescoRuntimeException e) {
                                    z2 = true;
                                    z = true;
                                }
                            }
                        }
                    }
                }
                if (!z2) {
                    AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(aclId.longValue());
                    linkedList.add(new AclChangeImpl(aclId, aclId, aclForUpdate.getAclType(), aclForUpdate.getAclType()));
                    hashSet.add(aclForUpdate);
                    arrayList2.add(id);
                    arrayList.add(aceId);
                }
            }
            this.aclCrudDAO.deleteAclMembers(arrayList2);
            for (AclUpdateEntity aclUpdateEntity : hashSet) {
                aclUpdateEntity.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                this.aclCrudDAO.updateAcl(aclUpdateEntity);
            }
        }
        if (!z) {
            this.aclCrudDAO.deleteAces(arrayList);
            List<Ace> acesByAuthority = this.aclCrudDAO.getAcesByAuthority(authority.getId().longValue());
            if (acesByAuthority.size() > 0) {
                ArrayList arrayList3 = new ArrayList(acesByAuthority.size());
                Iterator<Ace> it = acesByAuthority.iterator();
                while (it.hasNext()) {
                    arrayList3.add(it.next().getId());
                }
                this.aclCrudDAO.deleteAces(arrayList3);
            }
            if (authority != null) {
                this.aclCrudDAO.deleteAuthority(authority.getId().longValue());
            }
        }
        return linkedList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public void deleteAclForNode(long j, boolean z) {
        Acl acl = getAcl(Long.valueOf(j));
        if (acl.getAclType() == ACLType.DEFINING) {
            this.aclCrudDAO.deleteAclMembersByAcl(j);
            this.aclCrudDAO.deleteAcl(j);
        }
        if (acl.getAclType() == ACLType.SHARED) {
            if (this.aclCrudDAO.getAcl(acl.getInheritsFrom()) == null && !z && getADMNodesByAcl(j, 1).size() == 0) {
                this.aclCrudDAO.deleteAclMembersByAcl(j);
                this.aclCrudDAO.deleteAcl(j);
            }
        }
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> deleteAccessControlList(Long l) {
        if (logger.isDebugEnabled()) {
            Iterator<Long> it = getADMNodesByAcl(l.longValue(), 11).iterator();
            while (it.hasNext()) {
                logger.debug("deleteAccessControlList: Found nodeId=" + it.next() + ", aclId=" + l);
            }
        }
        ArrayList arrayList = new ArrayList();
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
        if (!aclForUpdate.isLatest().booleanValue()) {
            throw new UnsupportedOperationException("Old ACL versions can not be updated");
        }
        if (aclForUpdate.getAclType() == ACLType.SHARED) {
            throw new UnsupportedOperationException("Delete is not supported for shared acls - they are deleted with the defining acl");
        }
        if (aclForUpdate.getAclType() != ACLType.DEFINING && aclForUpdate.getAclType() != ACLType.LAYERED) {
            Iterator<Long> it2 = this.aclCrudDAO.getAclsThatInheritFromAcl(l.longValue()).iterator();
            while (it2.hasNext()) {
                getWritable(it2.next(), aclForUpdate.getInheritsFrom(), null, null, null, true, arrayList, WriteMode.REMOVE_INHERITED);
            }
        } else if (aclForUpdate.getInheritedAcl() != null && aclForUpdate.getInheritedAcl().longValue() != -1) {
            Acl acl = this.aclCrudDAO.getAcl(aclForUpdate.getInheritedAcl());
            getWritable(acl.getId(), aclForUpdate.getInheritsFrom(), null, null, null, true, arrayList, WriteMode.REMOVE_INHERITED);
            Acl acl2 = null;
            for (AclChange aclChange : arrayList) {
                if (aclChange.getBefore() != null && aclChange.getBefore().equals(acl.getId())) {
                    acl2 = this.aclCrudDAO.getAcl(aclChange.getAfter());
                }
            }
            Long id = acl2.getId();
            Iterator<Long> it3 = this.aclCrudDAO.getAclsThatInheritFromAcl(id.longValue()).iterator();
            while (it3.hasNext()) {
                getWritable(it3.next(), aclForUpdate.getInheritsFrom(), null, null, aclForUpdate.getInheritsFrom(), true, arrayList, WriteMode.REMOVE_INHERITED);
            }
            this.aclCrudDAO.deleteAclMembersByAcl(id.longValue());
            this.aclCrudDAO.deleteAcl(acl2.getId().longValue());
            if (acl.isVersioned().booleanValue()) {
                AclUpdateEntity aclForUpdate2 = this.aclCrudDAO.getAclForUpdate(acl.getId().longValue());
                if (aclForUpdate2 != null) {
                    aclForUpdate2.setLatest(Boolean.FALSE.booleanValue());
                    this.aclCrudDAO.updateAcl(aclForUpdate2);
                }
            } else {
                this.aclCrudDAO.deleteAcl(acl.getId().longValue());
            }
        }
        if (aclForUpdate.isVersioned().booleanValue()) {
            aclForUpdate.setLatest(Boolean.FALSE.booleanValue());
            aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
            this.aclCrudDAO.updateAcl(aclForUpdate);
        } else {
            this.aclCrudDAO.deleteAclMembersByAcl(l.longValue());
            this.aclCrudDAO.deleteAcl(aclForUpdate.getId().longValue());
        }
        arrayList.add(new AclChangeImpl(l, null, aclForUpdate.getAclType(), null));
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> deleteLocalAccessControlEntries(Long l) {
        ArrayList arrayList = new ArrayList();
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setPosition(0);
        getWritable(l, null, Collections.singletonList(simpleAccessControlEntry), null, null, true, arrayList, WriteMode.COPY_UPDATE_AND_INHERIT);
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> deleteInheritedAccessControlEntries(Long l) {
        ArrayList arrayList = new ArrayList();
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setPosition(-1);
        getWritable(l, null, Collections.singletonList(simpleAccessControlEntry), null, null, true, arrayList, WriteMode.COPY_UPDATE_AND_INHERIT);
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> deleteAccessControlEntries(Long l, AccessControlEntry accessControlEntry) {
        ArrayList arrayList = new ArrayList();
        getWritable(l, null, Collections.singletonList(accessControlEntry), null, null, true, arrayList, WriteMode.COPY_UPDATE_AND_INHERIT);
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Acl getAcl(Long l) {
        return this.aclCrudDAO.getAcl(l);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public AccessControlListProperties getAccessControlListProperties(Long l) {
        ParameterCheck.mandatory("id", l);
        return this.aclCrudDAO.getAcl(l);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public void setCheckAclConsistency() {
        this.aclCrudDAO.setCheckAclConsistency();
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public AccessControlList getAccessControlList(Long l) {
        AccessControlListProperties accessControlListProperties = getAccessControlListProperties(l);
        if (accessControlListProperties == null) {
            return null;
        }
        AccessControlList accessControlList = (AccessControlList) this.aclCache.get((Serializable) accessControlListProperties);
        if (accessControlList != null) {
            return accessControlList;
        }
        SimpleAccessControlList simpleAccessControlList = new SimpleAccessControlList();
        simpleAccessControlList.setProperties(accessControlListProperties);
        List<Map<String, Object>> acesAndAuthoritiesByAcl = this.aclCrudDAO.getAcesAndAuthoritiesByAcl(l.longValue());
        ArrayList arrayList = new ArrayList(acesAndAuthoritiesByAcl.size());
        for (Map<String, Object> map : acesAndAuthoritiesByAcl) {
            Boolean bool = (Boolean) map.get("allowed");
            Integer num = (Integer) map.get("applies");
            String str = (String) map.get("authority");
            Long l2 = (Long) map.get("permissionId");
            Integer num2 = (Integer) map.get("pos");
            SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
            simpleAccessControlEntry.setAccessStatus(bool.booleanValue() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
            simpleAccessControlEntry.setAceType(ACEType.getACETypeFromId(num.intValue()));
            simpleAccessControlEntry.setAuthority(str);
            Permission permission = this.aclCrudDAO.getPermission(l2.longValue());
            simpleAccessControlEntry.setPermission(SimplePermissionReference.getPermissionReference((QName) this.qnameDAO.getQName(permission.getTypeQNameId()).getSecond(), permission.getName()));
            simpleAccessControlEntry.setPosition(num2);
            arrayList.add(simpleAccessControlEntry);
        }
        Collections.sort(arrayList);
        simpleAccessControlList.setEntries(arrayList);
        this.aclCache.put((Serializable) accessControlListProperties, simpleAccessControlList);
        return simpleAccessControlList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Long getInheritedAccessControlList(Long l) {
        Long l2;
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
        if (aclForUpdate.getAclType() == ACLType.OLD) {
            return null;
        }
        if (aclForUpdate.getInheritedAcl() != null && aclForUpdate.getInheritedAcl().longValue() != -1) {
            return aclForUpdate.getInheritedAcl();
        }
        if (aclForUpdate.getAclType() == ACLType.DEFINING || aclForUpdate.getAclType() == ACLType.LAYERED) {
            List<AclChange> arrayList = new ArrayList<>();
            SimpleAccessControlListProperties simpleAccessControlListProperties = new SimpleAccessControlListProperties();
            simpleAccessControlListProperties.setAclType(ACLType.SHARED);
            simpleAccessControlListProperties.setInherits(Boolean.TRUE.booleanValue());
            simpleAccessControlListProperties.setVersioned(aclForUpdate.isVersioned().booleanValue());
            Long id = createAccessControlList(simpleAccessControlListProperties, null, null).getId();
            getWritable(id, l, null, null, l, true, arrayList, WriteMode.ADD_INHERITED);
            aclForUpdate.setInheritedAcl(id);
            l2 = id;
        } else {
            aclForUpdate.setInheritedAcl(aclForUpdate.getId());
            l2 = aclForUpdate.getId();
        }
        this.aclCrudDAO.updateAcl(aclForUpdate);
        return l2;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> mergeInheritedAccessControlList(Long l, Long l2) {
        Acl acl;
        ArrayList arrayList = new ArrayList();
        Acl acl2 = this.aclCrudDAO.getAcl(l2);
        if (l != null) {
            acl = this.aclCrudDAO.getAcl(l);
        } else {
            if (acl2.getInheritsFrom() == null) {
                return arrayList;
            }
            acl = this.aclCrudDAO.getAcl(acl2.getInheritsFrom());
            if (acl == null) {
                throw new IllegalStateException("No old inheritance definition to use");
            }
            if (!acl.isLatest().booleanValue()) {
                acl = this.aclCrudDAO.getAcl(this.aclCrudDAO.getLatestAclByGuid(acl.getAclId()));
                if (acl == null) {
                    throw new IllegalStateException("No ACL found");
                }
            }
        }
        Acl acl3 = acl;
        HashSet hashSet = new HashSet();
        while (acl3 != null) {
            Long id = acl3.getId();
            if (id != null && id.equals(l2)) {
                throw new IllegalStateException("Cyclical ACL detected");
            }
            if (hashSet.contains(id)) {
                throw new IllegalStateException("Cyclical InheritsFrom detected. AclId: " + id);
            }
            hashSet.add(id);
            Long inheritsFrom = acl3.getInheritsFrom();
            acl3 = (inheritsFrom == null || inheritsFrom.longValue() == -1) ? null : this.aclCrudDAO.getAcl(acl3.getInheritsFrom());
        }
        if (acl2.getAclType() != ACLType.DEFINING && acl2.getAclType() != ACLType.LAYERED) {
            throw new IllegalArgumentException("Only defining ACLs can have their inheritance set");
        }
        if (!acl2.getInherits().booleanValue()) {
            return arrayList;
        }
        Long id2 = acl.getId();
        if (acl.getAclType() == ACLType.DEFINING || acl.getAclType() == ACLType.LAYERED) {
            id2 = getInheritedAccessControlList(id2);
        }
        getWritable(l2, id2, null, null, id2, true, arrayList, WriteMode.CHANGE_INHERITED);
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> setAccessControlEntry(Long l, AccessControlEntry accessControlEntry) {
        if (this.aclCrudDAO.getAcl(l).getAclType() == ACLType.SHARED) {
            throw new IllegalArgumentException("Shared ACLs are immutable");
        }
        ArrayList arrayList = new ArrayList();
        if (accessControlEntry.getPosition() != null && accessControlEntry.getPosition().intValue() != 0) {
            throw new IllegalArgumentException("Invalid position");
        }
        Authority orCreateAuthority = this.aclCrudDAO.getOrCreateAuthority(accessControlEntry.getAuthority());
        Permission orCreatePermission = this.aclCrudDAO.getOrCreatePermission(accessControlEntry.getPermission());
        if (accessControlEntry.getContext() != null) {
            throw new UnsupportedOperationException();
        }
        Ace orCreateAce = this.aclCrudDAO.getOrCreateAce(orCreatePermission, orCreateAuthority, accessControlEntry.getAceType(), accessControlEntry.getAccessStatus());
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setAceType(accessControlEntry.getAceType());
        simpleAccessControlEntry.setAuthority(accessControlEntry.getAuthority());
        simpleAccessControlEntry.setPermission(accessControlEntry.getPermission());
        simpleAccessControlEntry.setPosition(0);
        ArrayList arrayList2 = new ArrayList(1);
        arrayList2.add(orCreateAce);
        getWritable(l, null, Collections.singletonList(simpleAccessControlEntry), arrayList2, null, true, arrayList, WriteMode.COPY_UPDATE_AND_INHERIT);
        return arrayList;
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> enableInheritance(Long l, Long l2) {
        ArrayList arrayList = new ArrayList();
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
        switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[aclForUpdate.getAclType().ordinal()]) {
            case 1:
                aclForUpdate.setInherits(Boolean.TRUE.booleanValue());
                aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                this.aclCrudDAO.updateAcl(aclForUpdate);
                arrayList.add(new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType()));
                return arrayList;
            case 2:
                throw new IllegalArgumentException("Shared acls should be replace by creating a definig ACL, wiring it up for inhertitance, and then applying inheritance to any children. It can not be done by magic ");
            case 3:
            case 4:
            default:
                if (aclForUpdate.getInherits().booleanValue()) {
                    getWritable(l, null, null, null, null, false, arrayList, WriteMode.COPY_ONLY);
                } else {
                    getWritable(l, null, null, null, null, false, arrayList, WriteMode.COPY_ONLY);
                    AclUpdateEntity aclForUpdate2 = this.aclCrudDAO.getAclForUpdate(arrayList.get(0).getAfter().longValue());
                    aclForUpdate2.setInherits(Boolean.TRUE.booleanValue());
                    aclForUpdate2.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                    this.aclCrudDAO.updateAcl(aclForUpdate2);
                }
                arrayList.addAll(mergeInheritedAccessControlList(l2, arrayList.get(0).getAfter()));
                return arrayList;
            case 5:
            case DesktopAction.StsNoSuchAction /* 6 */:
                throw new IllegalArgumentException("Fixed and global permissions can not inherit");
        }
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<AclChange> disableInheritance(Long l, boolean z) {
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
        ArrayList arrayList = new ArrayList(1);
        switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[aclForUpdate.getAclType().ordinal()]) {
            case 1:
                aclForUpdate.setInherits(Boolean.FALSE.booleanValue());
                aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                this.aclCrudDAO.updateAcl(aclForUpdate);
                arrayList.add(new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType()));
                return arrayList;
            case 2:
                throw new IllegalArgumentException("Shared ACL must inherit");
            case 3:
            case 4:
            default:
                return disableInheritanceImpl(l, z, aclForUpdate);
            case 5:
            case DesktopAction.StsNoSuchAction /* 6 */:
                return Collections.singletonList(new AclChangeImpl(l, l, aclForUpdate.getAclType(), aclForUpdate.getAclType()));
        }
    }

    private Long getCopy(Long l, Long l2, ACLCopyMode aCLCopyMode) {
        switch (aCLCopyMode) {
            case INHERIT:
                if (l.equals(l2)) {
                    return getInheritedAccessControlList(l);
                }
                throw new UnsupportedOperationException();
            case COW:
                AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(l.longValue());
                aclForUpdate.setRequiresVersion(true);
                aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                this.aclCrudDAO.updateAcl(aclForUpdate);
                Long inheritedAccessControlList = getInheritedAccessControlList(l);
                if (inheritedAccessControlList != null && !inheritedAccessControlList.equals(l)) {
                    AclUpdateEntity aclForUpdate2 = this.aclCrudDAO.getAclForUpdate(inheritedAccessControlList.longValue());
                    aclForUpdate2.setRequiresVersion(true);
                    aclForUpdate2.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
                    this.aclCrudDAO.updateAcl(aclForUpdate2);
                }
                return l;
            case REDIRECT:
                if (l2 != null && l2.equals(l)) {
                    return getInheritedAccessControlList(l2);
                }
                AclUpdateEntity aclForUpdate3 = this.aclCrudDAO.getAclForUpdate(l.longValue());
                Acl acl = l2 != null ? this.aclCrudDAO.getAcl(l2) : null;
                switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[aclForUpdate3.getAclType().ordinal()]) {
                    case 1:
                    case 5:
                    case DesktopAction.StsNoSuchAction /* 6 */:
                        return l;
                    case 2:
                        if (acl != null) {
                            return getInheritedAccessControlList(l2);
                        }
                        throw new UnsupportedOperationException();
                    case 3:
                    case 4:
                        if (l2 == null) {
                            return l;
                        }
                        for (AclChange aclChange : mergeInheritedAccessControlList(l2, l)) {
                            if (aclChange.getBefore().equals(l)) {
                                return aclChange.getAfter();
                            }
                        }
                        throw new UnsupportedOperationException();
                    default:
                        throw new UnsupportedOperationException();
                }
            case COPY:
                AclUpdateEntity aclForUpdate4 = this.aclCrudDAO.getAclForUpdate(l.longValue());
                Acl acl2 = l2 != null ? this.aclCrudDAO.getAcl(l2) : null;
                switch (AnonymousClass1.$SwitchMap$org$alfresco$repo$security$permissions$ACLType[aclForUpdate4.getAclType().ordinal()]) {
                    case 1:
                    case 4:
                    case 5:
                    case DesktopAction.StsNoSuchAction /* 6 */:
                        return l;
                    case 2:
                        if (acl2 != null) {
                            return getInheritedAccessControlList(l2);
                        }
                        return null;
                    case 3:
                        SimpleAccessControlListProperties simpleAccessControlListProperties = new SimpleAccessControlListProperties();
                        simpleAccessControlListProperties.setAclType(ACLType.DEFINING);
                        simpleAccessControlListProperties.setInherits(aclForUpdate4.getInherits().booleanValue());
                        simpleAccessControlListProperties.setVersioned(true);
                        Long id = createAccessControlList(simpleAccessControlListProperties).getId();
                        for (AccessControlEntry accessControlEntry : getAccessControlList(l).getEntries()) {
                            if (accessControlEntry.getPosition().intValue() == 0) {
                                setAccessControlEntry(id, accessControlEntry);
                            }
                        }
                        if (acl2 != null) {
                            mergeInheritedAccessControlList(l2, id);
                        }
                        return id;
                    default:
                        throw new UnsupportedOperationException();
                }
            default:
                throw new UnsupportedOperationException();
        }
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Acl getAclCopy(Long l, Long l2, ACLCopyMode aCLCopyMode) {
        return getAclEntityCopy(l, l2, aCLCopyMode);
    }

    private Acl getAclEntityCopy(Long l, Long l2, ACLCopyMode aCLCopyMode) {
        Long copy = getCopy(l, l2, aCLCopyMode);
        if (copy == null) {
            return null;
        }
        return this.aclCrudDAO.getAcl(copy);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<Long> getAVMNodesByAcl(long j, int i) {
        return this.aclCrudDAO.getAVMNodesByAcl(j, i);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public List<Long> getADMNodesByAcl(long j, int i) {
        return this.aclCrudDAO.getADMNodesByAcl(j, i);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Acl createLayeredAcl(Long l) {
        SimpleAccessControlListProperties simpleAccessControlListProperties = new SimpleAccessControlListProperties();
        simpleAccessControlListProperties.setAclType(ACLType.LAYERED);
        Acl createAccessControlList = createAccessControlList(simpleAccessControlListProperties);
        long longValue = createAccessControlList.getId().longValue();
        if (l != null) {
            mergeInheritedAccessControlList(l, Long.valueOf(longValue));
        }
        return createAccessControlList;
    }

    private List<AclChange> disableInheritanceImpl(Long l, boolean z, AclEntity aclEntity) {
        List<AclChange> arrayList = new ArrayList<>();
        if (!aclEntity.getInherits().booleanValue()) {
            return Collections.emptyList();
        }
        getWritable(l, null, null, null, null, false, arrayList, WriteMode.COPY_ONLY);
        AclUpdateEntity aclForUpdate = this.aclCrudDAO.getAclForUpdate(arrayList.get(0).getAfter().longValue());
        Long inheritsFrom = aclForUpdate.getInheritsFrom();
        aclForUpdate.setInherits(Boolean.FALSE.booleanValue());
        aclForUpdate.setAclChangeSetId(Long.valueOf(getCurrentChangeSetId()));
        this.aclCrudDAO.updateAcl(aclForUpdate);
        getWritable(aclForUpdate.getId(), null, null, null, null, true, arrayList, WriteMode.TRUNCATE_INHERITED);
        if (inheritsFrom != null && inheritsFrom.longValue() != -1 && z) {
            Iterator<AclMember> it = this.aclCrudDAO.getAclMembersByAcl(inheritsFrom.longValue()).iterator();
            while (it.hasNext()) {
                Ace ace = this.aclCrudDAO.getAce(it.next().getAceId().longValue());
                Authority authority = this.aclCrudDAO.getAuthority(ace.getAuthorityId().longValue());
                SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
                simpleAccessControlEntry.setAccessStatus(ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
                simpleAccessControlEntry.setAceType(ace.getAceType());
                simpleAccessControlEntry.setAuthority(authority.getAuthority());
                Permission permission = this.aclCrudDAO.getPermission(ace.getPermissionId().longValue());
                simpleAccessControlEntry.setPermission(SimplePermissionReference.getPermissionReference((QName) this.qnameDAO.getQName(permission.getTypeQNameId()).getSecond(), permission.getName()));
                simpleAccessControlEntry.setPosition(0);
                setAccessControlEntry(l, simpleAccessControlEntry);
            }
        }
        return arrayList;
    }

    private long getCurrentChangeSetId() {
        Long l = (Long) AlfrescoTransactionSupport.getResource(RESOURCE_KEY_ACL_CHANGE_SET_ID);
        if (l == null) {
            l = this.aclCrudDAO.createAclChangeSet();
            AlfrescoTransactionSupport.bindResource(RESOURCE_KEY_ACL_CHANGE_SET_ID, l);
            AlfrescoTransactionSupport.bindListener(this.updateChangeSetListener);
            if (logger.isDebugEnabled()) {
                logger.debug("New change set = " + l);
            }
        }
        return l.longValue();
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public void renameAuthority(String str, String str2) {
        this.aclCrudDAO.renameAuthority(str, str2);
        this.aclCache.clear();
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public void fixSharedAcl(Long l, Long l2) {
        if (l2 == null) {
            throw new IllegalArgumentException("Null defining acl");
        }
        if (l == null) {
            throw new IllegalArgumentException("Null shared acl");
        }
        getWritable(l, l2, null, null, l2, true, new ArrayList(), WriteMode.CHANGE_INHERITED);
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Long getMaxChangeSetCommitTime() {
        return this.aclCrudDAO.getMaxChangeSetCommitTime();
    }

    @Override // org.alfresco.repo.domain.permissions.AclDAO
    public Long getMaxChangeSetIdByCommitTime(long j) {
        return this.aclCrudDAO.getMaxChangeSetIdByCommitTime(j);
    }
}
