package org.craftercms.engine.security;

import java.io.File;
import java.util.List;
import java.util.stream.Collectors;
import org.craftercms.commons.file.blob.BlobStoreResolver;
import org.craftercms.commons.file.blob.BlobUrlResolver;
import org.craftercms.core.exception.ForbiddenPathException;
import org.craftercms.core.exception.InvalidContextException;
import org.craftercms.core.exception.ItemProcessingException;
import org.craftercms.core.exception.StoreException;
import org.craftercms.core.exception.XmlFileParseException;
import org.craftercms.core.exception.XmlMergeException;
import org.craftercms.core.processors.ItemProcessor;
import org.craftercms.core.processors.ItemProcessorResolver;
import org.craftercms.core.service.CachingOptions;
import org.craftercms.core.service.Context;
import org.craftercms.core.service.Item;
import org.craftercms.core.service.impl.ContentStoreServiceImpl;
import org.craftercms.core.store.ContentStoreAdapterRegistry;
import org.craftercms.core.util.cache.CacheTemplate;
import org.craftercms.core.xml.mergers.DescriptorMergeStrategyResolver;
import org.craftercms.core.xml.mergers.DescriptorMerger;
import org.craftercms.engine.util.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:WEB-INF/classes/org/craftercms/engine/security/AuthorizedRolesAwareContentStoreService.class */
public class AuthorizedRolesAwareContentStoreService extends ContentStoreServiceImpl {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizedRolesAwareContentStoreService.class);
    private static final String ROOT_ELEMENT_XPATH_PREFIX = "*/";
    private final String authorizedRolesXPathQuery;

    public AuthorizedRolesAwareContentStoreService(CacheTemplate cacheTemplate, ContentStoreAdapterRegistry contentStoreAdapterRegistry, DescriptorMergeStrategyResolver descriptorMergeStrategyResolver, DescriptorMerger descriptorMerger, ItemProcessorResolver itemProcessorResolver, BlobUrlResolver blobUrlResolver, BlobStoreResolver blobStoreResolver, String str, String str2, String str3, String str4) {
        super(cacheTemplate, contentStoreAdapterRegistry, descriptorMergeStrategyResolver, descriptorMerger, itemProcessorResolver, blobUrlResolver, blobStoreResolver, str, str2, str3);
        this.authorizedRolesXPathQuery = "*/" + str4;
    }

    @Override // org.craftercms.core.service.impl.AbstractCachedContentStoreService, org.craftercms.core.service.ContentStoreService
    public Item findItem(Context context, CachingOptions cachingOptions, String str, ItemProcessor itemProcessor, boolean z) throws InvalidContextException, XmlFileParseException, XmlMergeException, ItemProcessingException, StoreException {
        Item findItem = super.findItem(context, cachingOptions, str, itemProcessor, z);
        if (findItem == null) {
            return null;
        }
        checkAccess(findItem, context, cachingOptions, itemProcessor, z);
        return findItem;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.craftercms.core.service.impl.ContentStoreServiceImpl
    public List<Item> getChildrenInternal(Context context, CachingOptions cachingOptions, String str, ItemProcessor itemProcessor, boolean z) {
        List<Item> childrenInternal = super.getChildrenInternal(context, cachingOptions, str, itemProcessor, z);
        if (childrenInternal == null) {
            return null;
        }
        return (List) childrenInternal.stream().filter(item -> {
            try {
                checkAccess(item, context, cachingOptions, itemProcessor, z);
                return true;
            } catch (Exception e) {
                return false;
            }
        }).collect(Collectors.toList());
    }

    protected void checkAccess(Item item, Context context, CachingOptions cachingOptions, ItemProcessor itemProcessor, boolean z) {
        Item findItem;
        Item item2 = item;
        if (item.isFolder() && (findItem = super.findItem(context, cachingOptions, item.getUrl() + File.separator + "index.xml", itemProcessor, z)) != null) {
            item2 = findItem;
        }
        try {
            SecurityUtils.checkAccess(item2.queryDescriptorValues(this.authorizedRolesXPathQuery), item2.getUrl());
        } catch (AccessDeniedException e) {
            logger.debug("Access denied for item: '{}': '{}'", item.getUrl(), e.getMessage());
            throw new ForbiddenPathException(e.getMessage());
        } catch (AuthenticationException e2) {
            logger.debug("Authentication failed for item: '{}': '{}'", item.getUrl(), e2.getMessage());
            throw new org.craftercms.core.exception.AuthenticationException(e2.getMessage(), e2);
        }
    }
}
