package org.alfresco.repo.search.impl.querymodel.impl.db;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.cache.lookup.EntityLookupCache;
import org.alfresco.repo.domain.node.Node;
import org.alfresco.repo.domain.permissions.Authority;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.util.EqualsHelper;

/* loaded from: input_file:org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessor.class */
public class NodePermissionAssessor {
    private final boolean isSystemReading;
    private final boolean isAdminReading;
    private final boolean isNullReading;
    private final Authority authority;
    private long startTime;
    private EntityLookupCache<Long, Node, NodeRef> nodesCache;
    private NodeService nodeService;
    private PermissionService permissionService;
    private final Map<Long, Boolean> aclReadCache = new HashMap();
    private int checksPerformed = 0;
    private int maxPermissionChecks = Integer.MAX_VALUE;
    private long maxPermissionCheckTimeMillis = Long.MAX_VALUE;

    public NodePermissionAssessor(NodeService nodeService, PermissionService permissionService, Authority authority, EntityLookupCache<Long, Node, NodeRef> entityLookupCache) {
        this.permissionService = permissionService;
        this.nodesCache = entityLookupCache;
        this.nodeService = nodeService;
        Set authorisations = permissionService.getAuthorisations();
        this.isSystemReading = AuthenticationUtil.isRunAsUserTheSystemUser();
        this.isAdminReading = authorisations.contains(AuthenticationUtil.getAdminRoleName());
        this.isNullReading = AuthenticationUtil.getRunAsUser() == null;
        this.authority = authority;
    }

    public boolean isIncluded(Node node) {
        if (isFirstRecord()) {
            this.startTime = System.currentTimeMillis();
        }
        this.checksPerformed++;
        return isReallyIncluded(node);
    }

    public boolean isFirstRecord() {
        return this.checksPerformed == 0;
    }

    protected boolean isOwnerReading(Node node, Authority authority) {
        DBStats.aclOwnerStopWatch().start();
        try {
            if (authority == null) {
                DBStats.aclOwnerStopWatch().stop();
                return false;
            }
            boolean nullSafeEquals = EqualsHelper.nullSafeEquals(authority.getAuthority(), getOwner(node));
            DBStats.aclOwnerStopWatch().stop();
            return nullSafeEquals;
        } catch (Throwable th) {
            DBStats.aclOwnerStopWatch().stop();
            throw th;
        }
    }

    private String getOwner(Node node) {
        this.nodesCache.setValue(node.getId(), node);
        Set aspects = this.nodeService.getAspects(node.getNodeRef());
        String str = null;
        if (aspects.contains(ContentModel.ASPECT_AUDITABLE)) {
            str = node.getAuditableProperties().getAuditCreator();
        } else if (aspects.contains(ContentModel.ASPECT_OWNABLE)) {
            str = (String) DefaultTypeConverter.INSTANCE.convert(String.class, this.nodeService.getProperty(node.getNodeRef(), ContentModel.PROP_OWNER));
        }
        return str;
    }

    boolean isReallyIncluded(Node node) {
        if (this.isNullReading) {
            return false;
        }
        return this.isSystemReading || this.isAdminReading || canRead(node.getAclId()) || isOwnerReading(node, this.authority);
    }

    public void setMaxPermissionChecks(int i) {
        this.maxPermissionChecks = i;
    }

    public boolean shouldQuitChecks() {
        boolean z = false;
        if (this.checksPerformed >= this.maxPermissionChecks) {
            z = true;
        }
        if (System.currentTimeMillis() - this.startTime >= this.maxPermissionCheckTimeMillis) {
            z = true;
        }
        return z;
    }

    public void setMaxPermissionCheckTimeMillis(long j) {
        this.maxPermissionCheckTimeMillis = j;
    }

    protected boolean canRead(Long l) {
        DBStats.aclReadStopWatch().start();
        try {
            Boolean bool = this.aclReadCache.get(l);
            if (bool == null) {
                bool = Boolean.valueOf(canCurrentUserRead(l));
                this.aclReadCache.put(l, bool);
            }
            boolean booleanValue = bool.booleanValue();
            DBStats.aclReadStopWatch().stop();
            return booleanValue;
        } catch (Throwable th) {
            DBStats.aclReadStopWatch().stop();
            throw th;
        }
    }

    protected boolean canCurrentUserRead(Long l) {
        Set authorisations = this.permissionService.getAuthorisations();
        Iterator it = this.permissionService.getReadersDenied(l).iterator();
        while (it.hasNext()) {
            if (authorisations.contains((String) it.next())) {
                return false;
            }
        }
        Iterator it2 = this.permissionService.getReaders(l).iterator();
        while (it2.hasNext()) {
            if (authorisations.contains((String) it2.next())) {
                return true;
            }
        }
        return false;
    }
}
