package org.xwiki.security.authorization.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin;
import com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin;
import com.xpn.xwiki.user.api.XWikiRightService;
import com.xpn.xwiki.user.api.XWikiUser;
import com.xpn.xwiki.web.DownloadAction;
import com.xpn.xwiki.web.SaveAction;
import com.xpn.xwiki.web.Utils;
import java.util.HashMap;
import java.util.List;
import org.apache.solr.common.cloud.PlainIdRouter;
import org.aspectj.lang.JoinPoint;
import org.osgi.framework.PackagePermission;
import org.osgi.framework.ServicePermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xwiki.extension.distribution.internal.DistributionAction;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.WikiReference;
import org.xwiki.rendering.internal.parser.xwiki20.XWiki20LinkReferenceParser;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-5.4.5.jar:org/xwiki/security/authorization/internal/XWikiCachingRightService.class */
public class XWikiCachingRightService implements XWikiRightService {
    private static final String DELETE_ACTION = "delete";
    private static final String LOGIN_ACTION = "login";
    private DocumentReferenceResolver<String> documentReferenceResolver = (DocumentReferenceResolver) Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "currentmixed");
    private DocumentReferenceResolver<String> userAndGroupReferenceResolver = (DocumentReferenceResolver) Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "user");
    private final AuthorizationManager authorizationManager = (AuthorizationManager) Utils.getComponent(AuthorizationManager.class);
    private static final Logger LOGGER = LoggerFactory.getLogger(XWikiCachingRightService.class);
    private static final ActionMap ACTION_MAP = new ActionMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-5.4.5.jar:org/xwiki/security/authorization/internal/XWikiCachingRightService$ActionMap.class */
    public static class ActionMap extends HashMap<String, Right> {
        private static final long serialVersionUID = 1;

        private ActionMap() {
        }

        public ActionMap putAction(String str, Right right) {
            put(str, right);
            return this;
        }
    }

    public static Right actionToRight(String str) {
        Right right = ACTION_MAP.get(str);
        return right == null ? Right.ILLEGAL : right;
    }

    private DocumentReference resolveUserName(String str, WikiReference wikiReference) {
        return this.userAndGroupReferenceResolver.resolve(str, wikiReference);
    }

    private DocumentReference resolveDocumentName(String str, WikiReference wikiReference) {
        return this.documentReferenceResolver.resolve(str, wikiReference);
    }

    private void showLogin(XWikiContext xWikiContext) {
        try {
            if (xWikiContext.getRequest() != null && !LOGIN_ACTION.equals(xWikiContext.getAction()) && !xWikiContext.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) {
                xWikiContext.getWiki().getAuthService().showLogin(xWikiContext);
            }
        } catch (XWikiException e) {
            LOGGER.error("Failed to show login page.", (Throwable) e);
        }
    }

    private DocumentReference getCurrentUser(XWikiContext xWikiContext) {
        DocumentReference userReference = xWikiContext.getUserReference();
        DocumentReference documentReference = userReference;
        if (documentReference == null && xWikiContext.getMode() != 2) {
            try {
                XWikiUser checkAuth = xWikiContext.getWiki().checkAuth(xWikiContext);
                if (checkAuth != null) {
                    documentReference = resolveUserName(checkAuth.getUser(), new WikiReference(xWikiContext.getDatabase()));
                }
            } catch (XWikiException e) {
                LOGGER.error("Caught exception while authenticating user.", (Throwable) e);
            }
        }
        if (documentReference != null && "XWikiGuest".equals(documentReference.getName())) {
            documentReference = null;
        }
        if (documentReference != userReference && (documentReference == null || !documentReference.equals(userReference))) {
            xWikiContext.setUserReference(documentReference);
        }
        return documentReference;
    }

    private Boolean checkNeedsAuthValue(String str) {
        if (str == null || str.equals("")) {
            return null;
        }
        if (str.toLowerCase().equals("yes")) {
            return true;
        }
        try {
            return Integer.parseInt(str) > 0 ? true : null;
        } catch (NumberFormatException e) {
            LOGGER.warn("Failed to parse the authenticate_* preference value [{}]", str);
            return null;
        }
    }

    private boolean needsAuth(Right right, XWikiContext xWikiContext) {
        String str = "authenticate_" + right.getName();
        Boolean checkNeedsAuthValue = checkNeedsAuthValue(xWikiContext.getWiki().getXWikiPreference(str, "", xWikiContext));
        if (checkNeedsAuthValue != null) {
            return checkNeedsAuthValue.booleanValue();
        }
        Boolean checkNeedsAuthValue2 = checkNeedsAuthValue(xWikiContext.getWiki().getSpacePreference(str, "", xWikiContext).toLowerCase());
        if (checkNeedsAuthValue2 != null) {
            return checkNeedsAuthValue2.booleanValue();
        }
        return false;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean checkAccess(String str, XWikiDocument xWikiDocument, XWikiContext xWikiContext) throws XWikiException {
        Right actionToRight = actionToRight(str);
        DocumentReference documentReference = xWikiDocument.getDocumentReference();
        LOGGER.debug("checkAccess for action [{}] on entity [{}].", actionToRight, documentReference);
        DocumentReference currentUser = getCurrentUser(xWikiContext);
        if (currentUser == null && needsAuth(actionToRight, xWikiContext)) {
            showLogin(xWikiContext);
            return false;
        }
        if (this.authorizationManager.hasAccess(actionToRight, currentUser, documentReference)) {
            return true;
        }
        if (currentUser != null || "delete".equals(str) || LOGIN_ACTION.equals(str)) {
            return false;
        }
        LOGGER.debug("Redirecting unauthenticated user to login, since it have been denied [{}] on [{}].", actionToRight, documentReference);
        showLogin(xWikiContext);
        return false;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasAccessLevel(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        WikiReference wikiReference = new WikiReference(xWikiContext.getDatabase());
        DocumentReference resolveDocumentName = resolveDocumentName(str3, wikiReference);
        LOGGER.debug("hasAccessLevel() resolved document named [{}] into reference [{}]", str3, resolveDocumentName);
        DocumentReference resolveUserName = resolveUserName(str2, wikiReference);
        if ("XWikiGuest".equals(resolveUserName.getName())) {
            resolveUserName = null;
        }
        Right right = Right.toRight(str);
        return !(resolveUserName == null && needsAuth(right, xWikiContext)) && this.authorizationManager.hasAccess(right, resolveUserName, resolveDocumentName);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasProgrammingRights(XWikiContext xWikiContext) {
        if (xWikiContext.hasDroppedPermissions()) {
            return false;
        }
        XWikiDocument xWikiDocument = (XWikiDocument) xWikiContext.get("sdoc");
        return hasProgrammingRights(xWikiDocument != null ? xWikiDocument : xWikiContext.getDoc(), xWikiContext);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasProgrammingRights(XWikiDocument xWikiDocument, XWikiContext xWikiContext) {
        DocumentReference userReference;
        WikiReference wikiReference;
        if (xWikiDocument != null) {
            userReference = xWikiDocument.getContentAuthorReference();
            wikiReference = xWikiDocument.getDocumentReference().getWikiReference();
        } else {
            userReference = xWikiContext.getUserReference();
            wikiReference = new WikiReference(xWikiContext.getDatabase());
        }
        if (userReference != null && "XWikiGuest".equals(userReference.getName())) {
            userReference = null;
        }
        return this.authorizationManager.hasAccess(Right.PROGRAM, userReference, wikiReference);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasAdminRights(XWikiContext xWikiContext) {
        XWikiDocument doc = xWikiContext.getDoc();
        if (doc == null) {
            return hasWikiAdminRights(xWikiContext);
        }
        DocumentReference userReference = xWikiContext.getUserReference();
        DocumentReference documentReference = doc.getDocumentReference();
        if (userReference != null && "XWikiGuest".equals(userReference.getName())) {
            userReference = null;
        }
        return this.authorizationManager.hasAccess(Right.ADMIN, userReference, documentReference);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasWikiAdminRights(XWikiContext xWikiContext) {
        DocumentReference userReference = xWikiContext.getUserReference();
        WikiReference wikiReference = new WikiReference(xWikiContext.getDatabase());
        if (userReference != null && "XWikiGuest".equals(userReference.getName())) {
            userReference = null;
        }
        return this.authorizationManager.hasAccess(Right.ADMIN, userReference, wikiReference);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public List<String> listAllLevels(XWikiContext xWikiContext) throws XWikiException {
        return Right.getAllRightsAsString();
    }

    static {
        ACTION_MAP.putAction(LOGIN_ACTION, Right.LOGIN).putAction("imagecaptcha", Right.LOGIN).putAction("view", Right.VIEW).putAction("delete", Right.DELETE).putAction(DistributionAction.DISTRIBUTION_ACTION, Right.VIEW).putAction("admin", Right.ADMIN).putAction("programing", Right.PROGRAM).putAction("edit", Right.EDIT).putAction(ServicePermission.REGISTER, Right.REGISTER).putAction("logout", Right.LOGIN).putAction("loginerror", Right.LOGIN).putAction("loginsubmit", Right.LOGIN).putAction("viewrev", Right.VIEW).putAction("viewattachrev", Right.VIEW).putAction("get", Right.VIEW).putAction("downloadrev", Right.VIEW).putAction(PlainIdRouter.NAME, Right.VIEW).putAction("raw", Right.VIEW).putAction(XWiki20LinkReferenceParser.ATTACH_SCHEME, Right.VIEW).putAction("charting", Right.VIEW).putAction("skin", Right.VIEW).putAction(DownloadAction.ACTION_NAME, Right.VIEW).putAction("dot", Right.VIEW).putAction("svg", Right.VIEW).putAction("pdf", Right.VIEW).putAction("undelete", Right.EDIT).putAction("reset", Right.DELETE).putAction("commentadd", Right.COMMENT).putAction("redirect", Right.VIEW).putAction(PackagePermission.EXPORT, Right.VIEW).putAction("import", Right.ADMIN).putAction(JsSkinExtensionPlugin.PLUGIN_NAME, Right.VIEW).putAction(CssSkinExtensionPlugin.PLUGIN_NAME, Right.VIEW).putAction("tex", Right.VIEW).putAction("unknown", Right.VIEW).putAction(SaveAction.ACTION_NAME, Right.EDIT).putAction("preview", Right.EDIT).putAction(JoinPoint.SYNCHRONIZATION_LOCK, Right.EDIT).putAction("cancel", Right.EDIT).putAction("delattachment", Right.EDIT).putAction("inline", Right.EDIT).putAction("propadd", Right.EDIT).putAction("propupdate", Right.EDIT).putAction("propdelete", Right.EDIT).putAction("propdisable", Right.EDIT).putAction("propenable", Right.EDIT).putAction("objectadd", Right.EDIT).putAction("objectremove", Right.EDIT).putAction("objectsync", Right.EDIT).putAction("rollback", Right.EDIT).putAction("upload", Right.EDIT).putAction("create", Right.VIEW).putAction("deleteversions", Right.ADMIN).putAction("deletespace", Right.ADMIN).putAction("temp", Right.VIEW);
    }
}
