package ca.sickkids.ccm.lfs.permissions.internal;

import ca.sickkids.ccm.lfs.permissions.spi.PermissionsManager;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.servlets.annotations.SlingServletResourceTypes;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SlingServletResourceTypes(resourceTypes = {"lfs/FormsHomepage", "lfs/Form", "lfs/Answer"}, selectors = {"permissions"}, methods = {"POST"})
@Component(service = {Servlet.class})
/* loaded from: input_file:ca/sickkids/ccm/lfs/permissions/internal/PermissionsManagerServlet.class */
public class PermissionsManagerServlet extends SlingAllMethodsServlet {
    private static final long serialVersionUID = -677311195300436475L;
    private static final Logger LOGGER = LoggerFactory.getLogger(PermissionsManagerServlet.class);

    @Reference
    private PermissionsManager permissionsChangeServiceHandler;

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException {
        String parameter = slingHttpServletRequest.getParameter(":rule");
        String parameter2 = slingHttpServletRequest.getParameter(":privileges");
        String parameter3 = slingHttpServletRequest.getParameter(":principal");
        String requestURI = slingHttpServletRequest.getRequestURI();
        String substring = requestURI.substring(0, requestURI.indexOf("."));
        String parameter4 = slingHttpServletRequest.getParameter(":restriction");
        String parameter5 = slingHttpServletRequest.getParameter(":remove");
        Session session = (JackrabbitSession) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
        try {
            boolean parseRule = parseRule(parameter);
            Privilege[] parsePrivileges = parsePrivileges(parameter2, session.getAccessControlManager());
            Map<String, Value> parseRestriction = parseRestriction(parameter4, session.getValueFactory());
            Principal principal = session.getPrincipalManager().getPrincipal(parameter3);
            if (parameter5 == null) {
                this.permissionsChangeServiceHandler.addAccessControlEntry(substring, parseRule, principal, parsePrivileges, parseRestriction, session);
            } else {
                this.permissionsChangeServiceHandler.removeAccessControlEntry(substring, parseRule, principal, parsePrivileges, parseRestriction, session);
            }
            session.save();
        } catch (RepositoryException e) {
            LOGGER.error("Failed to change permissions: {}", e.getMessage(), e);
        }
    }

    private boolean parseRule(String str) throws RepositoryException {
        if (str == null) {
            throw new IllegalArgumentException("Required parameter \":rule\" missing");
        }
        if ("allow".equals(str)) {
            return true;
        }
        if ("deny".equals(str)) {
            return false;
        }
        throw new IllegalArgumentException("\":rule\" must be either 'allow' or 'deny'");
    }

    private static Privilege[] parsePrivileges(String str, AccessControlManager accessControlManager) throws AccessControlException, RepositoryException {
        if (str == null) {
            throw new IllegalArgumentException("Required parameter \":privileges\" missing");
        }
        String[] split = str.split(",");
        Privilege[] privilegeArr = new Privilege[split.length];
        for (int i = 0; i < split.length; i++) {
            privilegeArr[i] = accessControlManager.privilegeFromName(split[i]);
        }
        return privilegeArr;
    }

    private static Map<String, Value> parseRestriction(String str, ValueFactory valueFactory) throws RepositoryException {
        if (str == null) {
            throw new IllegalArgumentException("Required parameter \":restriction\" missing");
        }
        HashMap hashMap = new HashMap();
        int indexOf = str.indexOf("=");
        hashMap.put(str.substring(0, indexOf), valueFactory.createValue(str.substring(indexOf + 1)));
        return hashMap;
    }
}
