package org.alfresco.repo.admin.patch.impl;

import java.util.Iterator;
import org.alfresco.model.WCMAppModel;
import org.alfresco.repo.admin.patch.AbstractPatch;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.domain.PropertyValue;
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptor;
import org.alfresco.repo.search.AVMSnapShotTriggeredIndexingMethodInterceptorImpl;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.springframework.extensions.surf.util.I18NUtil;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-5.0.a.jar:org/alfresco/repo/admin/patch/impl/MoveWCMToGroupBasedPermissionsPatch.class */
public class MoveWCMToGroupBasedPermissionsPatch extends AbstractPatch {
    public static final String[] PERMISSIONS = {"ContentManager", "ContentPublisher", "ContentContributor", "ContentReviewer"};
    protected static final String WCM_STORE_SEPARATOR = "--";
    private static final String MSG_SUCCESS = "patch.moveWCMToGroupBasedPermissionsPatch.result";
    AVMSnapShotTriggeredIndexingMethodInterceptor avmSnapShotTriggeredIndexingMethodInterceptor;
    AVMService avmService;
    PermissionService permissionService;
    AuthorityService authorityService;
    String replaceAllWith = "ContentManager";

    public void setAvmService(AVMService aVMService) {
        this.avmService = aVMService;
    }

    public void setAvmSnapShotTriggeredIndexingMethodInterceptor(AVMSnapShotTriggeredIndexingMethodInterceptor aVMSnapShotTriggeredIndexingMethodInterceptor) {
        this.avmSnapShotTriggeredIndexingMethodInterceptor = aVMSnapShotTriggeredIndexingMethodInterceptor;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setReplaceAllWith(String str) {
        this.replaceAllWith = str;
    }

    @Override // org.alfresco.repo.admin.patch.AbstractPatch
    protected String applyInternal() throws Exception {
        for (AVMStoreDescriptor aVMStoreDescriptor : this.avmService.getStores()) {
            switch (AVMSnapShotTriggeredIndexingMethodInterceptorImpl.StoreType.getStoreType(aVMStoreDescriptor.getName(), aVMStoreDescriptor, this.avmService.getStoreProperties(aVMStoreDescriptor.getName()))) {
                case STAGING:
                    fixAllPermissions(aVMStoreDescriptor);
                    setStagingAreaPermissions(aVMStoreDescriptor);
                    setStagingAreaMasks(aVMStoreDescriptor);
                    break;
                case AUTHOR:
                case AUTHOR_PREVIEW:
                case AUTHOR_WORKFLOW:
                case AUTHOR_WORKFLOW_PREVIEW:
                    fixAllStagingPermissions(aVMStoreDescriptor);
                    setSandBoxMasks(aVMStoreDescriptor);
                    break;
                case STAGING_PREVIEW:
                    fixAllStagingPermissions(aVMStoreDescriptor);
                    setStagingAreaMasks(aVMStoreDescriptor);
                    break;
            }
        }
        return I18NUtil.getMessage(MSG_SUCCESS);
    }

    private boolean isPermissionSet(NodeRef nodeRef, String str, String str2) {
        for (AccessPermission accessPermission : this.permissionService.getAllSetPermissions(nodeRef)) {
            if (accessPermission.getAuthority().equals(str) && accessPermission.isSetDirectly() && accessPermission.getPermission().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private boolean isMaskSet(StoreRef storeRef, String str, String str2) {
        for (AccessPermission accessPermission : this.permissionService.getAllSetPermissions(storeRef)) {
            if (accessPermission.getAuthority().equals(str) && accessPermission.isSetDirectly() && accessPermission.getPermission().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private void makeGroupsIfRequired(String str, NodeRef nodeRef) {
        for (String str2 : PERMISSIONS) {
            String str3 = str + "-" + str2;
            if (!this.authorityService.authorityExists(this.authorityService.getName(AuthorityType.GROUP, str3))) {
                this.permissionService.setPermission(nodeRef, this.authorityService.createAuthority(AuthorityType.GROUP, str3), str2, true);
            }
        }
    }

    protected void addToGroupIfRequired(String str, String str2, String str3) {
        String name = this.authorityService.getName(AuthorityType.GROUP, str + "-" + str3);
        if (this.authorityService.getContainedAuthorities(AuthorityType.USER, name, true).contains(str2)) {
            return;
        }
        this.authorityService.addAuthority(name, str2);
    }

    private void fixAllPermissions(AVMStoreDescriptor aVMStoreDescriptor) {
        fixAllPermissionsImpl(aVMStoreDescriptor.getName());
    }

    private void fixAllStagingPermissions(AVMStoreDescriptor aVMStoreDescriptor) {
        fixAllPermissionsImpl(extractStagingAreaName(aVMStoreDescriptor.getName()));
    }

    private void fixAllPermissionsImpl(String str) {
        PropertyValue storeProperty = this.avmService.getStoreProperty(str, QName.createQName((String) null, ".web_project.noderef"));
        if (storeProperty != null) {
            Iterator<ChildAssociationRef> it = this.nodeService.getChildAssocs((NodeRef) storeProperty.getValue(DataTypeDefinition.NODE_REF), WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                NodeRef childRef = it.next().getChildRef();
                if (((String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE)).equals("All")) {
                    this.nodeService.setProperty(childRef, WCMAppModel.PROP_WEBUSERROLE, this.replaceAllWith);
                }
            }
        }
    }

    protected void setStagingAreaPermissions(AVMStoreDescriptor aVMStoreDescriptor) throws Exception {
        QName createQName = QName.createQName((String) null, ".web_project.noderef");
        NodeRef ToNodeRef = AVMNodeConverter.ToNodeRef(-1, aVMStoreDescriptor.getName() + ":/www");
        makeGroupsIfRequired(aVMStoreDescriptor.getName(), ToNodeRef);
        if (!isPermissionSet(ToNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ)) {
            this.permissionService.setPermission(ToNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
        }
        for (String str : PERMISSIONS) {
            this.permissionService.setPermission(ToNodeRef, this.authorityService.getName(AuthorityType.GROUP, aVMStoreDescriptor.getName() + "-" + str), str, true);
        }
        PropertyValue storeProperty = this.avmService.getStoreProperty(aVMStoreDescriptor.getName(), createQName);
        if (storeProperty != null) {
            Iterator<ChildAssociationRef> it = this.nodeService.getChildAssocs((NodeRef) storeProperty.getValue(DataTypeDefinition.NODE_REF), WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                NodeRef childRef = it.next().getChildRef();
                String str2 = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME);
                String str3 = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE);
                if (isPermissionSet(ToNodeRef, str2, str3)) {
                    this.permissionService.deletePermission(ToNodeRef, str2, str3);
                }
                addToGroupIfRequired(aVMStoreDescriptor.getName(), str2, str3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStagingAreaMasks(AVMStoreDescriptor aVMStoreDescriptor) {
        NodeRef ToNodeRef = AVMNodeConverter.ToNodeRef(-1, aVMStoreDescriptor.getName() + ":/www");
        if (!isMaskSet(ToNodeRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ)) {
            this.permissionService.setPermission(ToNodeRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
        }
        String name = this.authorityService.getName(AuthorityType.GROUP, aVMStoreDescriptor.getName() + "-ContentManager");
        if (!isMaskSet(ToNodeRef.getStoreRef(), name, PermissionService.CHANGE_PERMISSIONS)) {
            this.permissionService.setPermission(ToNodeRef.getStoreRef(), name, PermissionService.CHANGE_PERMISSIONS, true);
        }
        if (!isMaskSet(ToNodeRef.getStoreRef(), name, PermissionService.READ_PERMISSIONS)) {
            this.permissionService.setPermission(ToNodeRef.getStoreRef(), name, PermissionService.READ_PERMISSIONS, true);
        }
        PropertyValue storeProperty = this.avmService.getStoreProperty(aVMStoreDescriptor.getName(), QName.createQName((String) null, ".web_project.noderef"));
        if (storeProperty != null) {
            Iterator<ChildAssociationRef> it = this.nodeService.getChildAssocs((NodeRef) storeProperty.getValue(DataTypeDefinition.NODE_REF), WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                NodeRef childRef = it.next().getChildRef();
                String str = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME);
                if (((String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE)).equals("ContentManager")) {
                    if (isMaskSet(ToNodeRef.getStoreRef(), str, PermissionService.CHANGE_PERMISSIONS)) {
                        this.permissionService.deletePermission(ToNodeRef.getStoreRef(), str, PermissionService.CHANGE_PERMISSIONS);
                    }
                    if (isMaskSet(ToNodeRef.getStoreRef(), str, PermissionService.READ_PERMISSIONS)) {
                        this.permissionService.deletePermission(ToNodeRef.getStoreRef(), str, PermissionService.READ_PERMISSIONS);
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSandBoxMasks(AVMStoreDescriptor aVMStoreDescriptor) {
        String extractOwner = extractOwner(aVMStoreDescriptor.getName());
        String extractStagingAreaName = extractStagingAreaName(aVMStoreDescriptor.getName());
        QName createQName = QName.createQName((String) null, ".web_project.noderef");
        NodeRef ToNodeRef = AVMNodeConverter.ToNodeRef(-1, aVMStoreDescriptor.getName() + ":/www");
        PropertyValue storeProperty = this.avmService.getStoreProperty(extractStagingAreaName, createQName);
        if (!isMaskSet(ToNodeRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ)) {
            this.permissionService.setPermission(ToNodeRef.getStoreRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
        }
        String name = this.authorityService.getName(AuthorityType.GROUP, extractStagingAreaName + "-ContentManager");
        if (!isMaskSet(ToNodeRef.getStoreRef(), name, "ContentManager")) {
            this.permissionService.setPermission(ToNodeRef.getStoreRef(), name, "ContentManager", true);
        }
        if (storeProperty != null) {
            Iterator<ChildAssociationRef> it = this.nodeService.getChildAssocs((NodeRef) storeProperty.getValue(DataTypeDefinition.NODE_REF), WCMAppModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL).iterator();
            while (it.hasNext()) {
                NodeRef childRef = it.next().getChildRef();
                String str = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERNAME);
                String str2 = (String) this.nodeService.getProperty(childRef, WCMAppModel.PROP_WEBUSERROLE);
                if (str.equals(extractOwner)) {
                    this.permissionService.setPermission(ToNodeRef.getStoreRef(), str, "All", true);
                } else if (str2.equals("ContentManager") && isMaskSet(ToNodeRef.getStoreRef(), str, str2)) {
                    this.permissionService.deletePermission(ToNodeRef.getStoreRef(), str, str2);
                }
            }
        }
    }

    private String extractOwner(String str) {
        int indexOf = str.indexOf("--");
        if (indexOf == -1) {
            throw new UnsupportedOperationException(str);
        }
        int indexOf2 = str.indexOf("--", indexOf + 1);
        return indexOf2 == -1 ? str.substring(indexOf + 2) : str.substring(indexOf + 2, indexOf2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String extractStagingAreaName(String str) {
        int indexOf = str.indexOf("--");
        if (indexOf == -1) {
            throw new UnsupportedOperationException(str);
        }
        return str.substring(0, indexOf);
    }
}
