package org.phenotips.data.permissions.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.user.api.XWikiGroupService;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.TreeSet;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.lang3.StringUtils;
import org.phenotips.data.permissions.AccessLevel;
import org.phenotips.data.permissions.Collaborator;
import org.phenotips.data.permissions.Owner;
import org.phenotips.entities.PrimaryEntity;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.component.manager.ComponentLookupException;
import org.xwiki.component.manager.ComponentManager;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/entity-access-rules-api-1.4-rc-1.jar:org/phenotips/data/permissions/internal/DefaultEntityAccessManager.class */
public class DefaultEntityAccessManager implements EntityAccessManager {
    private static final String OWNER = "owner";
    private static final String NONE = "none";
    private static final String NULL_STR = "null";
    private static final String MANAGE = "manage";
    private static final String COLLABORATOR = "collaborator";
    private static final String ACCESS = "access";

    @Inject
    private Logger logger;

    @Inject
    private EntityAccessHelper helper;

    @Inject
    private Provider<XWikiContext> xcontextProvider;

    @Inject
    private EntityReferenceSerializer<String> entitySerializer;

    @Inject
    @Named("context")
    private Provider<ComponentManager> componentManager;

    @Inject
    @Named("currentmixed")
    private DocumentReferenceResolver<EntityReference> partialEntityResolver;

    @Inject
    @Named("currentmixed")
    private DocumentReferenceResolver<String> stringEntityResolver;

    @Inject
    private AuthorizationManager rights;

    @Inject
    @Named("none")
    private AccessLevel noAccess;

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nonnull
    public Collection<AccessLevel> listAccessLevels() {
        Collection<AccessLevel> listAllAccessLevels = listAllAccessLevels();
        listAllAccessLevels.removeIf(accessLevel -> {
            return !accessLevel.isAssignable();
        });
        return listAllAccessLevels;
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nonnull
    public Collection<AccessLevel> listAllAccessLevels() {
        try {
            return new TreeSet(this.componentManager.get().getInstanceList(AccessLevel.class));
        } catch (ComponentLookupException e) {
            return Collections.emptyList();
        }
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nonnull
    public AccessLevel resolveAccessLevel(@Nullable String str) {
        try {
            if (StringUtils.isNotBlank(str)) {
                AccessLevel accessLevel = (AccessLevel) this.componentManager.get().getInstance(AccessLevel.class, str);
                return accessLevel == null ? this.noAccess : accessLevel;
            }
        } catch (ComponentLookupException e) {
            this.logger.warn("Invalid entity access level requested: {}", str);
        }
        return this.noAccess;
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nonnull
    public AccessLevel getAccessLevel(@Nullable PrimaryEntity primaryEntity, @Nullable EntityReference entityReference) {
        AccessLevel resolveAccessLevel = resolveAccessLevel("none");
        if (primaryEntity == null || entityReference == null) {
            return resolveAccessLevel;
        }
        try {
            Owner owner = getOwner(primaryEntity);
            EntityReference user = owner == null ? null : owner.getUser();
            Collection<Collaborator> collaborators = getCollaborators(primaryEntity);
            HashSet hashSet = new HashSet();
            LinkedList linkedList = new LinkedList();
            linkedList.add((DocumentReference) entityReference);
            XWikiContext xWikiContext = this.xcontextProvider.get();
            XWikiGroupService groupService = xWikiContext.getWiki().getGroupService(xWikiContext);
            while (!linkedList.isEmpty()) {
                DocumentReference documentReference = (DocumentReference) linkedList.poll();
                AccessLevel accessLevel = getAccessLevel(documentReference, user, collaborators);
                if (accessLevel.compareTo(resolveAccessLevel) > 0) {
                    resolveAccessLevel = accessLevel;
                }
                hashSet.add(documentReference);
                Collection<DocumentReference> allGroupsReferencesForMember = groupService.getAllGroupsReferencesForMember(documentReference, 0, 0, xWikiContext);
                allGroupsReferencesForMember.removeAll(hashSet);
                linkedList.addAll(allGroupsReferencesForMember);
            }
        } catch (XWikiException e) {
            this.logger.warn("Failed to compute access level for [{}] on [{}]: {}", entityReference, primaryEntity.getId(), e.getMessage());
        }
        return resolveAccessLevel;
    }

    private AccessLevel getAccessLevel(@Nonnull EntityReference entityReference, @Nullable EntityReference entityReference2, @Nonnull Collection<Collaborator> collection) {
        return entityReference.equals(entityReference2) ? resolveAccessLevel("owner") : (AccessLevel) collection.stream().filter(collaborator -> {
            return collaborator.getUser().equals(entityReference);
        }).map((v0) -> {
            return v0.getAccessLevel();
        }).findFirst().orElseGet(() -> {
            return resolveAccessLevel("none");
        });
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean isAdministrator(@Nullable PrimaryEntity primaryEntity) {
        return isAdministrator(primaryEntity, this.helper.getCurrentUser());
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean isAdministrator(@Nullable PrimaryEntity primaryEntity, @Nullable DocumentReference documentReference) {
        return (this.helper.isGroup(documentReference) || primaryEntity == null || primaryEntity.getDocumentReference() == null || !this.rights.hasAccess(Right.ADMIN, documentReference, primaryEntity.getDocumentReference())) ? false : true;
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nullable
    public Owner getOwner(@Nullable PrimaryEntity primaryEntity) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null) {
            return null;
        }
        DocumentReference documentReference = primaryEntity.getDocumentReference();
        String stringProperty = this.helper.getStringProperty(primaryEntity.getXDocument(), this.partialEntityResolver.resolve(Owner.CLASS_REFERENCE, documentReference), "owner");
        return (!StringUtils.isNotBlank(stringProperty) || "null".equals(stringProperty)) ? new DefaultOwner(null, this.helper) : new DefaultOwner(this.stringEntityResolver.resolve(stringProperty, documentReference), this.helper);
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean setOwner(@Nullable PrimaryEntity primaryEntity, @Nullable EntityReference entityReference) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null) {
            return false;
        }
        DocumentReference resolve = this.partialEntityResolver.resolve(Owner.CLASS_REFERENCE, primaryEntity.getDocumentReference());
        try {
            Owner owner = getOwner(primaryEntity);
            if (resolve != null) {
                if (changeOwnership(primaryEntity, resolve, owner == null ? null : owner.getUser(), entityReference)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean changeOwnership(@Nonnull PrimaryEntity primaryEntity, @Nonnull DocumentReference documentReference, @Nullable EntityReference entityReference, @Nullable EntityReference entityReference2) throws Exception {
        String serialize = entityReference2 != null ? this.entitySerializer.serialize(this.partialEntityResolver.resolve(entityReference2, new Object[0]), new Object[0]) : "";
        XWikiDocument xDocument = primaryEntity.getXDocument();
        this.helper.setProperty(xDocument, documentReference, "owner", serialize);
        if (entityReference != null && !entityReference.equals(entityReference2)) {
            addCollaborator(primaryEntity, new DefaultCollaborator(entityReference, resolveAccessLevel(MANAGE), null), false);
        }
        removeCollaborator(primaryEntity, new DefaultCollaborator(entityReference2, null, null), false);
        XWikiContext xWikiContext = this.xcontextProvider.get();
        xWikiContext.getWiki().saveDocument(xDocument, "Set owner: " + serialize, true, xWikiContext);
        return true;
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    @Nonnull
    public Collection<Collaborator> getCollaborators(@Nullable PrimaryEntity primaryEntity) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null) {
            return Collections.emptySet();
        }
        DocumentReference documentReference = primaryEntity.getDocumentReference();
        try {
            List<BaseObject> xObjects = primaryEntity.getXDocument().getXObjects(this.partialEntityResolver.resolve(Collaborator.CLASS_REFERENCE, documentReference));
            return (xObjects == null ? Collections.emptyMap() : (Map) xObjects.stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(TreeMap::new, (treeMap, baseObject) -> {
                collectCollaborator(treeMap, baseObject, documentReference);
            }, (v0, v1) -> {
                v0.putAll(v1);
            })).values();
        } catch (Exception e) {
            this.logger.error("Unexpected exception occurred when retrieving collaborators for entity [{}]", primaryEntity);
            return Collections.emptySet();
        }
    }

    private void collectCollaborator(@Nonnull Map<EntityReference, Collaborator> map, @Nonnull BaseObject baseObject, @Nonnull DocumentReference documentReference) {
        String stringValue = baseObject.getStringValue(COLLABORATOR);
        String stringValue2 = baseObject.getStringValue(ACCESS);
        if (StringUtils.isNotBlank(stringValue) && StringUtils.isNotBlank(stringValue2)) {
            DocumentReference resolve = this.stringEntityResolver.resolve(stringValue, documentReference);
            AccessLevel resolveAccessLevel = resolveAccessLevel(stringValue2);
            if (!map.containsKey(resolve)) {
                map.put(resolve, new DefaultCollaborator(resolve, resolveAccessLevel, this.helper));
            } else if (resolveAccessLevel.compareTo(map.get(resolve).getAccessLevel()) > 0) {
                map.put(resolve, new DefaultCollaborator(resolve, resolveAccessLevel, this.helper));
            }
        }
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean setCollaborators(@Nullable PrimaryEntity primaryEntity, @Nullable Collection<Collaborator> collection) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null) {
            return false;
        }
        try {
            XWikiDocument xDocument = primaryEntity.getXDocument();
            DocumentReference resolve = this.partialEntityResolver.resolve(Collaborator.CLASS_REFERENCE, primaryEntity.getDocumentReference());
            XWikiContext xWikiContext = this.xcontextProvider.get();
            xDocument.removeXObjects(resolve);
            if (collection != null) {
                collection.stream().filter((v0) -> {
                    return Objects.nonNull(v0);
                }).filter(collaborator -> {
                    return collaborator.getUser() != null;
                }).forEach(collaborator2 -> {
                    saveCollaboratorData(collaborator2, xDocument, resolve, xWikiContext);
                });
            }
            xDocument.setAuthorReference(this.helper.getCurrentUser());
            xDocument.setMetaDataDirty(true);
            xWikiContext.getWiki().saveDocument(xDocument, "Updated collaborators", true, xWikiContext);
            return true;
        } catch (Exception e) {
            this.logger.error("Unexpected exception occurred when setting collaborators [{}] for entity [{}]", collection, primaryEntity);
            return false;
        }
    }

    private void saveCollaboratorData(@Nonnull Collaborator collaborator, @Nonnull XWikiDocument xWikiDocument, @Nonnull DocumentReference documentReference, @Nonnull XWikiContext xWikiContext) {
        try {
            BaseObject newXObject = xWikiDocument.newXObject(documentReference, xWikiContext);
            newXObject.setStringValue(COLLABORATOR, this.entitySerializer.serialize(collaborator.getUser(), new Object[0]));
            AccessLevel accessLevel = collaborator.getAccessLevel();
            newXObject.setStringValue(ACCESS, (accessLevel != null ? accessLevel : this.noAccess).getName());
        } catch (XWikiException e) {
            this.logger.error("Unexpected exception occurred when setting properties for collaborator [{}]", collaborator);
        }
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean addCollaborator(@Nullable PrimaryEntity primaryEntity, @Nullable Collaborator collaborator) {
        return addCollaborator(primaryEntity, collaborator, true);
    }

    private boolean addCollaborator(@Nullable PrimaryEntity primaryEntity, @Nullable Collaborator collaborator, boolean z) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null || collaborator == null) {
            return false;
        }
        try {
            XWikiDocument xDocument = primaryEntity.getXDocument();
            XWikiContext xWikiContext = this.xcontextProvider.get();
            String serialize = collaborator.getUser() != null ? this.entitySerializer.serialize(this.partialEntityResolver.resolve(collaborator.getUser(), new Object[0]), new Object[0]) : "";
            BaseObject orCreateCollaboratorObj = getOrCreateCollaboratorObj(primaryEntity.getDocumentReference(), xDocument, serialize, xWikiContext);
            orCreateCollaboratorObj.setStringValue(COLLABORATOR, StringUtils.defaultString(serialize));
            orCreateCollaboratorObj.setStringValue(ACCESS, collaborator.getAccessLevel().getName());
            if (!z) {
                return true;
            }
            xDocument.setAuthorReference(this.helper.getCurrentUser());
            xDocument.setMetaDataDirty(true);
            xWikiContext.getWiki().saveDocument(xDocument, "Added collaborator: " + serialize, true, xWikiContext);
            return true;
        } catch (Exception e) {
            this.logger.error("Unexpected exception occurred when adding a collaborator [{}]", collaborator);
            return false;
        }
    }

    private BaseObject getOrCreateCollaboratorObj(@Nonnull DocumentReference documentReference, @Nonnull XWikiDocument xWikiDocument, @Nonnull String str, @Nonnull XWikiContext xWikiContext) throws XWikiException {
        DocumentReference resolve = this.partialEntityResolver.resolve(Collaborator.CLASS_REFERENCE, documentReference);
        BaseObject xObject = xWikiDocument.getXObject(resolve, COLLABORATOR, str, false);
        return xObject == null ? xWikiDocument.newXObject(resolve, xWikiContext) : xObject;
    }

    @Override // org.phenotips.data.permissions.internal.EntityAccessManager
    public boolean removeCollaborator(@Nullable PrimaryEntity primaryEntity, @Nullable Collaborator collaborator) {
        return removeCollaborator(primaryEntity, collaborator, true);
    }

    private boolean removeCollaborator(@Nullable PrimaryEntity primaryEntity, @Nullable Collaborator collaborator, boolean z) {
        if (primaryEntity == null || primaryEntity.getDocumentReference() == null || collaborator == null) {
            return false;
        }
        try {
            XWikiDocument xDocument = primaryEntity.getXDocument();
            DocumentReference resolve = this.partialEntityResolver.resolve(Collaborator.CLASS_REFERENCE, primaryEntity.getDocumentReference());
            XWikiContext xWikiContext = this.xcontextProvider.get();
            String serialize = collaborator.getUser() != null ? this.entitySerializer.serialize(this.partialEntityResolver.resolve(collaborator.getUser(), new Object[0]), new Object[0]) : "";
            BaseObject xObject = xDocument.getXObject(resolve, COLLABORATOR, serialize, false);
            if (xObject == null) {
                return false;
            }
            xDocument.removeXObject(xObject);
            if (!z) {
                return true;
            }
            xWikiContext.getWiki().saveDocument(xDocument, "Removed collaborator: " + serialize, true, xWikiContext);
            return true;
        } catch (Exception e) {
            this.logger.error("Unexpected exception occurred when removing a collaborator [{}]", collaborator);
            return false;
        }
    }
}
