package org.xwiki.security.authorization.internal;

import com.xpn.xwiki.user.api.XWikiRightService;
import java.util.Collection;
import java.util.Deque;
import java.util.Map;
import java.util.Set;
import javax.inject.Named;
import javax.inject.Singleton;
import org.xwiki.component.annotation.Component;
import org.xwiki.security.GroupSecurityReference;
import org.xwiki.security.SecurityReference;
import org.xwiki.security.UserSecurityReference;
import org.xwiki.security.authorization.Right;
import org.xwiki.security.authorization.RightMap;
import org.xwiki.security.authorization.RuleState;
import org.xwiki.security.authorization.SecurityAccessEntry;
import org.xwiki.security.authorization.SecurityRule;
import org.xwiki.security.authorization.SecurityRuleEntry;
import org.xwiki.security.authorization.internal.AbstractAuthorizationSettler;

@Singleton
@Component
@Named("priority")
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-api-5.0.3.jar:org/xwiki/security/authorization/internal/PrioritizingAuthorizationSettler.class */
public class PrioritizingAuthorizationSettler extends AbstractAuthorizationSettler {
    private static final int USER_PRIORITY = Integer.MAX_VALUE;
    private static final int ALL_GROUP_PRIORITY = 0;

    @Override // org.xwiki.security.authorization.internal.AbstractAuthorizationSettler
    protected XWikiSecurityAccess settle(UserSecurityReference userSecurityReference, Collection<GroupSecurityReference> collection, SecurityRuleEntry securityRuleEntry, AbstractAuthorizationSettler.Policies policies) {
        XWikiSecurityAccess xWikiSecurityAccess = new XWikiSecurityAccess();
        RightMap rightMap = new RightMap();
        SecurityReference reference = securityRuleEntry.getReference();
        for (Right right : Right.getEnabledRights(reference.getSecurityType())) {
            for (SecurityRule securityRule : securityRuleEntry.getRules()) {
                if (securityRule.match(right)) {
                    resolveLevel(right, userSecurityReference, collection, securityRule, xWikiSecurityAccess, policies, rightMap);
                    if (xWikiSecurityAccess.get(right) == RuleState.ALLOW) {
                        implyRights(right, xWikiSecurityAccess, reference, policies, rightMap);
                    }
                }
            }
        }
        return xWikiSecurityAccess;
    }

    private void implyRights(Right right, XWikiSecurityAccess xWikiSecurityAccess, SecurityReference securityReference, AbstractAuthorizationSettler.Policies policies, Map<Right, Integer> map) {
        Set<Right> impliedRights = right.getImpliedRights();
        if (impliedRights != null) {
            for (Right right2 : Right.getEnabledRights(securityReference.getSecurityType())) {
                if (impliedRights.contains(right2)) {
                    policies.set(right2, right);
                    resolveConflict(RuleState.ALLOW, right2, xWikiSecurityAccess, policies, map.get(right).intValue(), map);
                }
            }
        }
    }

    private void resolveLevel(Right right, UserSecurityReference userSecurityReference, Collection<GroupSecurityReference> collection, SecurityRule securityRule, XWikiSecurityAccess xWikiSecurityAccess, AbstractAuthorizationSettler.Policies policies, Map<Right, Integer> map) {
        RuleState state = securityRule.getState();
        if (state == RuleState.UNDETERMINED) {
            return;
        }
        if (securityRule.match(userSecurityReference)) {
            resolveConflict(state, right, xWikiSecurityAccess, policies, Integer.MAX_VALUE, map);
            return;
        }
        for (GroupSecurityReference groupSecurityReference : collection) {
            if (securityRule.match(groupSecurityReference)) {
                resolveConflict(state, right, xWikiSecurityAccess, policies, getPriority(groupSecurityReference), map);
                return;
            }
        }
    }

    private void resolveConflict(RuleState ruleState, Right right, XWikiSecurityAccess xWikiSecurityAccess, AbstractAuthorizationSettler.Policies policies, int i, Map<Right, Integer> map) {
        if (xWikiSecurityAccess.get(right) == RuleState.UNDETERMINED) {
            xWikiSecurityAccess.set(right, ruleState);
            map.put(right, Integer.valueOf(i));
        } else if (xWikiSecurityAccess.get(right) != ruleState) {
            if (i <= map.get(right).intValue()) {
                xWikiSecurityAccess.set(right, policies.getTieResolutionPolicy(right));
            } else {
                xWikiSecurityAccess.set(right, ruleState);
                map.put(right, Integer.valueOf(i));
            }
        }
    }

    private int getPriority(GroupSecurityReference groupSecurityReference) {
        return groupSecurityReference.getName().equals(XWikiRightService.ALLGROUP_GROUP) ? 0 : 1;
    }

    @Override // org.xwiki.security.authorization.internal.AbstractAuthorizationSettler, org.xwiki.security.authorization.AuthorizationSettler
    public /* bridge */ /* synthetic */ SecurityAccessEntry settle(UserSecurityReference userSecurityReference, Collection collection, Deque deque) {
        return super.settle(userSecurityReference, collection, deque);
    }
}
