package org.alfresco.repo.domain.hibernate;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.AccessControlListProperties;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.SimpleAccessControlEntry;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.repo.security.permissions.impl.AclDaoComponent;
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
import org.alfresco.repo.transaction.TransactionalDao;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.util.GUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2r.jar:org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.class */
public abstract class AbstractPermissionsDaoComponentImpl implements PermissionsDaoComponent, TransactionalDao {
    private static Log logger = LogFactory.getLog(AbstractPermissionsDaoComponentImpl.class);
    protected static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
    protected AclDaoComponent aclDaoComponent;
    private Map<String, AccessControlListDAO> fProtocolToACLDAO;
    private AccessControlListDAO fDefaultACLDAO;
    private String uuid = GUID.generate();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.2r.jar:org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl$CreationReport.class */
    public static class CreationReport {
        DbAccessControlList created;
        List<AclChange> changes;

        /* JADX INFO: Access modifiers changed from: package-private */
        public CreationReport(DbAccessControlList dbAccessControlList, List<AclChange> list) {
            this.created = dbAccessControlList;
            this.changes = list;
        }

        public void setChanges(List<AclChange> list) {
            this.changes = list;
        }

        public void setCreated(DbAccessControlList dbAccessControlList) {
            this.created = dbAccessControlList;
        }

        public List<AclChange> getChanges() {
            return this.changes;
        }

        public DbAccessControlList getCreated() {
            return this.created;
        }
    }

    public AclDaoComponent getAclDaoComponent() {
        return this.aclDaoComponent;
    }

    public void setAclDaoComponent(AclDaoComponent aclDaoComponent) {
        this.aclDaoComponent = aclDaoComponent;
    }

    public boolean equals(Object obj) {
        if (obj != null && (obj instanceof AbstractPermissionsDaoComponentImpl)) {
            return this.uuid.equals(((AbstractPermissionsDaoComponentImpl) obj).uuid);
        }
        return false;
    }

    public int hashCode() {
        return this.uuid.hashCode();
    }

    @Override // org.alfresco.repo.transaction.TransactionalDao
    public boolean isDirty() {
        return this.aclDaoComponent.isDirty();
    }

    @Override // org.alfresco.repo.transaction.TransactionalDao
    public void flush() {
        this.aclDaoComponent.flush();
    }

    @Override // org.alfresco.repo.transaction.TransactionalDao
    public void beforeCommit() {
        this.aclDaoComponent.beforeCommit();
    }

    public void setProtocolToACLDAO(Map<String, AccessControlListDAO> map) {
        this.fProtocolToACLDAO = map;
    }

    public void setDefaultACLDAO(AccessControlListDAO accessControlListDAO) {
        this.fDefaultACLDAO = accessControlListDAO;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessControlListDAO getACLDAO(NodeRef nodeRef) {
        AccessControlListDAO accessControlListDAO = this.fProtocolToACLDAO.get(nodeRef.getStoreRef().getProtocol());
        return accessControlListDAO == null ? this.fDefaultACLDAO : accessControlListDAO;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DbAccessControlList getAccessControlList(NodeRef nodeRef) {
        return getACLDAO(nodeRef).getAccessControlList(nodeRef);
    }

    protected CreationReport getMutableAccessControlList(NodeRef nodeRef) {
        DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
        if (accessControlList == null) {
            return createAccessControlList(nodeRef, true, null);
        }
        switch (accessControlList.getAclType()) {
            case FIXED:
            case GLOBAL:
            case SHARED:
            case LAYERED:
                return createAccessControlList(nodeRef, true, accessControlList);
            case DEFINING:
            case OLD:
            default:
                getACLDAO(nodeRef).forceCopy(nodeRef);
                return new CreationReport(getACLDAO(nodeRef).getAccessControlList(nodeRef), Collections.emptyList());
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public NodePermissionEntry getPermissions(NodeRef nodeRef) {
        DbAccessControlList dbAccessControlList = null;
        try {
            dbAccessControlList = getAccessControlList(nodeRef);
        } catch (InvalidNodeRefException e) {
        }
        SimpleNodePermissionEntry simpleNodePermissionEntry = dbAccessControlList == null ? new SimpleNodePermissionEntry(nodeRef, true, Collections.emptyList()) : createSimpleNodePermissionEntry(nodeRef);
        if (logger.isDebugEnabled()) {
            logger.debug("Got NodePermissionEntry for node: \n   node: " + nodeRef + "\n   acl: " + simpleNodePermissionEntry);
        }
        return simpleNodePermissionEntry;
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public Set<NodeRef> findNodeByPermission(String str, PermissionReference permissionReference, boolean z) {
        throw new UnsupportedOperationException();
    }

    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef) {
        DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
        if (accessControlList == null) {
            return new SimpleNodePermissionEntry(nodeRef, true, Collections.emptyList());
        }
        AccessControlList accessControlList2 = this.aclDaoComponent.getAccessControlList(accessControlList.getId());
        SimpleNodePermissionEntry cachedSimpleNodePermissionEntry = accessControlList2.getCachedSimpleNodePermissionEntry();
        if (cachedSimpleNodePermissionEntry != null) {
            return cachedSimpleNodePermissionEntry;
        }
        ArrayList arrayList = new ArrayList(accessControlList2.getEntries().size());
        for (AccessControlEntry accessControlEntry : accessControlList2.getEntries()) {
            arrayList.add(new SimplePermissionEntry(nodeRef, accessControlEntry.getPermission(), accessControlEntry.getAuthority(), accessControlEntry.getAccessStatus(), accessControlEntry.getPosition().intValue()));
        }
        SimpleNodePermissionEntry simpleNodePermissionEntry = new SimpleNodePermissionEntry(nodeRef, accessControlList.getInherits(), arrayList);
        accessControlList2.setCachedSimpleNodePermissionEntry(simpleNodePermissionEntry);
        return simpleNodePermissionEntry;
    }

    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef) {
        DbAccessControlList accessControlList = getACLDAO(storeRef).getAccessControlList(storeRef);
        if (accessControlList == null) {
            return new SimpleNodePermissionEntry(null, true, Collections.emptyList());
        }
        AccessControlList accessControlList2 = this.aclDaoComponent.getAccessControlList(accessControlList.getId());
        ArrayList arrayList = new ArrayList(accessControlList2.getEntries().size());
        for (AccessControlEntry accessControlEntry : accessControlList2.getEntries()) {
            arrayList.add(new SimplePermissionEntry(null, accessControlEntry.getPermission(), accessControlEntry.getAuthority(), accessControlEntry.getAccessStatus(), accessControlEntry.getPosition().intValue()));
        }
        return new SimpleNodePermissionEntry(null, accessControlList.getInherits(), arrayList);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public boolean getInheritParentPermissions(NodeRef nodeRef) {
        try {
            DbAccessControlList accessControlList = getAccessControlList(nodeRef);
            if (accessControlList == null) {
                return true;
            }
            return this.aclDaoComponent.getAccessControlListProperties(accessControlList.getId()).getInherits().booleanValue();
        } catch (InvalidNodeRefException e) {
            return true;
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(String str) {
        this.aclDaoComponent.deleteAccessControlEntries(str);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(NodeRef nodeRef, String str) {
        try {
            AccessControlListDAO acldao = getACLDAO(nodeRef);
            if (acldao == null) {
                return;
            }
            DbAccessControlList accessControlList = acldao.getAccessControlList(nodeRef);
            if (accessControlList == null) {
                return;
            }
            switch (accessControlList.getAclType()) {
                case FIXED:
                case GLOBAL:
                    throw new IllegalStateException("Can not delete from this acl in a node context " + accessControlList.getAclType());
                case SHARED:
                    return;
                case LAYERED:
                case DEFINING:
                case OLD:
                default:
                    CreationReport mutableAccessControlList = getMutableAccessControlList(nodeRef);
                    SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
                    simpleAccessControlEntry.setAuthority(str);
                    simpleAccessControlEntry.setPosition(0);
                    getACLDAO(nodeRef).updateChangedAcls(nodeRef, this.aclDaoComponent.deleteAccessControlEntries(mutableAccessControlList.getCreated().getId(), simpleAccessControlEntry));
                    return;
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermission(NodeRef nodeRef, String str, PermissionReference permissionReference) {
        try {
            AccessControlListDAO acldao = getACLDAO(nodeRef);
            if (acldao == null) {
                return;
            }
            DbAccessControlList accessControlList = acldao.getAccessControlList(nodeRef);
            if (accessControlList == null || accessControlList == null) {
                return;
            }
            switch (accessControlList.getAclType()) {
                case FIXED:
                case GLOBAL:
                case SHARED:
                    throw new IllegalStateException("Can not delete from this acl in a node context " + accessControlList.getAclType());
                case LAYERED:
                case DEFINING:
                case OLD:
                default:
                    CreationReport mutableAccessControlList = getMutableAccessControlList(nodeRef);
                    SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
                    simpleAccessControlEntry.setAuthority(str);
                    simpleAccessControlEntry.setPermission(permissionReference);
                    simpleAccessControlEntry.setPosition(0);
                    getACLDAO(nodeRef).updateChangedAcls(nodeRef, this.aclDaoComponent.deleteAccessControlEntries(mutableAccessControlList.getCreated().getId(), simpleAccessControlEntry));
                    return;
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(NodeRef nodeRef, String str, PermissionReference permissionReference, boolean z) {
        try {
            CreationReport mutableAccessControlList = getMutableAccessControlList(nodeRef);
            if (mutableAccessControlList.getCreated() != null) {
                SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
                simpleAccessControlEntry.setAuthority(str);
                simpleAccessControlEntry.setPermission(permissionReference);
                simpleAccessControlEntry.setAccessStatus(z ? AccessStatus.ALLOWED : AccessStatus.DENIED);
                simpleAccessControlEntry.setAceType(ACEType.ALL);
                simpleAccessControlEntry.setPosition(0);
                List<AclChange> accessControlEntry = this.aclDaoComponent.setAccessControlEntry(mutableAccessControlList.getCreated().getId(), simpleAccessControlEntry);
                ArrayList arrayList = new ArrayList(accessControlEntry.size() + mutableAccessControlList.getChanges().size());
                arrayList.addAll(mutableAccessControlList.getChanges());
                arrayList.addAll(accessControlEntry);
                getACLDAO(nodeRef).updateChangedAcls(nodeRef, arrayList);
            }
        } catch (InvalidNodeRefException e) {
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(PermissionEntry permissionEntry) {
        setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry.getPermissionReference(), permissionEntry.isAllowed());
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(NodePermissionEntry nodePermissionEntry) {
        NodeRef nodeRef = nodePermissionEntry.getNodeRef();
        if (getAccessControlList(nodeRef) != null) {
            deletePermissions(nodeRef);
        }
        CreationReport createAccessControlList = createAccessControlList(nodeRef, nodePermissionEntry.inheritPermissions(), getAccessControlList(nodeRef));
        for (PermissionEntry permissionEntry : nodePermissionEntry.getPermissionEntries()) {
            SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
            simpleAccessControlEntry.setAuthority(permissionEntry.getAuthority());
            simpleAccessControlEntry.setPermission(permissionEntry.getPermissionReference());
            simpleAccessControlEntry.setAccessStatus(permissionEntry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
            simpleAccessControlEntry.setAceType(ACEType.ALL);
            simpleAccessControlEntry.setPosition(0);
            List<AclChange> accessControlEntry = this.aclDaoComponent.setAccessControlEntry(createAccessControlList.getCreated().getId(), simpleAccessControlEntry);
            ArrayList arrayList = new ArrayList(accessControlEntry.size() + createAccessControlList.getChanges().size());
            arrayList.addAll(createAccessControlList.getChanges());
            arrayList.addAll(accessControlEntry);
            getACLDAO(nodeRef).updateChangedAcls(nodeRef, arrayList);
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setInheritParentPermissions(NodeRef nodeRef, boolean z) {
        DbAccessControlList accessControlList = getAccessControlList(nodeRef);
        if (accessControlList == null && z) {
            return;
        }
        if (accessControlList == null || accessControlList.getInherits() != z) {
            CreationReport mutableAccessControlList = getMutableAccessControlList(nodeRef);
            List<AclChange> disableInheritance = !z ? this.aclDaoComponent.disableInheritance(mutableAccessControlList.getCreated().getId(), false) : this.aclDaoComponent.enableInheritance(mutableAccessControlList.getCreated().getId(), null);
            ArrayList arrayList = new ArrayList(disableInheritance.size() + mutableAccessControlList.getChanges().size());
            arrayList.addAll(mutableAccessControlList.getChanges());
            arrayList.addAll(disableInheritance);
            getACLDAO(nodeRef).updateChangedAcls(nodeRef, arrayList);
        }
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermission(StoreRef storeRef, String str, PermissionReference permissionReference) {
        if (getAccessControlList(storeRef) == null) {
            return;
        }
        DbAccessControlList mutableAccessControlList = getMutableAccessControlList(storeRef);
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setAuthority(str);
        simpleAccessControlEntry.setPermission(permissionReference);
        simpleAccessControlEntry.setPosition(0);
        this.aclDaoComponent.deleteAccessControlEntries(mutableAccessControlList.getId(), simpleAccessControlEntry);
    }

    private DbAccessControlList getMutableAccessControlList(StoreRef storeRef) {
        DbAccessControlList accessControlList = getACLDAO(storeRef).getAccessControlList(storeRef);
        if (accessControlList == null) {
            SimpleAccessControlListProperties simpleAccessControlListProperties = new SimpleAccessControlListProperties();
            simpleAccessControlListProperties.setAclType(ACLType.DEFINING);
            simpleAccessControlListProperties.setVersioned(false);
            simpleAccessControlListProperties.setInherits(false);
            accessControlList = this.aclDaoComponent.getDbAccessControlList(this.aclDaoComponent.createAccessControlList(simpleAccessControlListProperties));
            getACLDAO(storeRef).setAccessControlList(storeRef, accessControlList);
        }
        return accessControlList;
    }

    private AccessControlListDAO getACLDAO(StoreRef storeRef) {
        AccessControlListDAO accessControlListDAO = this.fProtocolToACLDAO.get(storeRef.getProtocol());
        return accessControlListDAO == null ? this.fDefaultACLDAO : accessControlListDAO;
    }

    private DbAccessControlList getAccessControlList(StoreRef storeRef) {
        return getACLDAO(storeRef).getAccessControlList(storeRef);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(StoreRef storeRef, String str) {
        if (getAccessControlList(storeRef) == null) {
            return;
        }
        DbAccessControlList mutableAccessControlList = getMutableAccessControlList(storeRef);
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setAuthority(str);
        simpleAccessControlEntry.setPosition(0);
        this.aclDaoComponent.deleteAccessControlEntries(mutableAccessControlList.getId(), simpleAccessControlEntry);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void deletePermissions(StoreRef storeRef) {
        getACLDAO(storeRef).setAccessControlList(storeRef, (DbAccessControlList) null);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public void setPermission(StoreRef storeRef, String str, PermissionReference permissionReference, boolean z) {
        DbAccessControlList mutableAccessControlList = getMutableAccessControlList(storeRef);
        SimpleAccessControlEntry simpleAccessControlEntry = new SimpleAccessControlEntry();
        simpleAccessControlEntry.setAuthority(str);
        simpleAccessControlEntry.setPermission(permissionReference);
        simpleAccessControlEntry.setAccessStatus(z ? AccessStatus.ALLOWED : AccessStatus.DENIED);
        simpleAccessControlEntry.setAceType(ACEType.ALL);
        simpleAccessControlEntry.setPosition(0);
        this.aclDaoComponent.setAccessControlEntry(mutableAccessControlList.getId(), simpleAccessControlEntry);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public NodePermissionEntry getPermissions(StoreRef storeRef) {
        DbAccessControlList dbAccessControlList = null;
        try {
            dbAccessControlList = getAccessControlList(storeRef);
        } catch (InvalidNodeRefException e) {
        }
        return dbAccessControlList == null ? new SimpleNodePermissionEntry(null, true, Collections.emptyList()) : createSimpleNodePermissionEntry(storeRef);
    }

    @Override // org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent
    public AccessControlListProperties getAccessControlListProperties(NodeRef nodeRef) {
        DbAccessControlList accessControlList = getACLDAO(nodeRef).getAccessControlList(nodeRef);
        if (accessControlList == null) {
            return null;
        }
        return this.aclDaoComponent.getAccessControlListProperties(accessControlList.getId());
    }

    protected abstract CreationReport createAccessControlList(NodeRef nodeRef, boolean z, DbAccessControlList dbAccessControlList);
}
