package org.opencastproject.authorization.xacml.manager.impl;

import java.util.List;
import java.util.Optional;
import org.opencastproject.authorization.xacml.manager.api.AclService;
import org.opencastproject.authorization.xacml.manager.api.AclServiceException;
import org.opencastproject.authorization.xacml.manager.api.ManagedAcl;
import org.opencastproject.elasticsearch.api.SearchIndexException;
import org.opencastproject.elasticsearch.api.SearchResultItem;
import org.opencastproject.elasticsearch.index.AbstractSearchIndex;
import org.opencastproject.elasticsearch.index.event.Event;
import org.opencastproject.elasticsearch.index.event.EventSearchQuery;
import org.opencastproject.elasticsearch.index.series.Series;
import org.opencastproject.elasticsearch.index.series.SeriesSearchQuery;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.data.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/authorization/xacml/manager/impl/AclServiceImpl.class */
public final class AclServiceImpl implements AclService {
    private static final Logger logger = LoggerFactory.getLogger(AclServiceImpl.class);
    private final Organization organization;
    private final AclDb aclDb;
    private final SecurityService securityService;
    protected AbstractSearchIndex adminUiIndex;
    protected AbstractSearchIndex externalApiIndex;

    public AclServiceImpl(Organization organization, AclDb aclDb, AbstractSearchIndex abstractSearchIndex, AbstractSearchIndex abstractSearchIndex2, SecurityService securityService) {
        this.organization = organization;
        this.aclDb = aclDb;
        this.adminUiIndex = abstractSearchIndex;
        this.externalApiIndex = abstractSearchIndex2;
        this.securityService = securityService;
    }

    @Override // org.opencastproject.authorization.xacml.manager.api.AclService
    public List<ManagedAcl> getAcls() {
        return this.aclDb.getAcls(this.organization);
    }

    @Override // org.opencastproject.authorization.xacml.manager.api.AclService
    public Option<ManagedAcl> getAcl(long j) {
        return this.aclDb.getAcl(this.organization, j);
    }

    @Override // org.opencastproject.authorization.xacml.manager.api.AclService
    public boolean updateAcl(ManagedAcl managedAcl) {
        Option<ManagedAcl> acl = getAcl(managedAcl.getId().longValue());
        boolean updateAcl = this.aclDb.updateAcl(managedAcl);
        if (updateAcl && acl.isSome() && !((ManagedAcl) acl.get()).getName().equals(managedAcl.getName())) {
            User user = this.securityService.getUser();
            updateAclInIndex(((ManagedAcl) acl.get()).getName(), managedAcl.getName(), this.adminUiIndex, this.organization.getId(), user);
            updateAclInIndex(((ManagedAcl) acl.get()).getName(), managedAcl.getName(), this.externalApiIndex, this.organization.getId(), user);
        }
        return updateAcl;
    }

    @Override // org.opencastproject.authorization.xacml.manager.api.AclService
    public Option<ManagedAcl> createAcl(AccessControlList accessControlList, String str) {
        return this.aclDb.createAcl(this.organization, accessControlList, str);
    }

    @Override // org.opencastproject.authorization.xacml.manager.api.AclService
    public boolean deleteAcl(long j) throws AclServiceException, NotFoundException {
        Option<ManagedAcl> acl = getAcl(j);
        if (!this.aclDb.deleteAcl(this.organization, j)) {
            throw new NotFoundException("Managed acl with id " + j + " not found.");
        }
        if (!acl.isSome()) {
            return true;
        }
        User user = this.securityService.getUser();
        removeAclFromIndex(((ManagedAcl) acl.get()).getName(), this.adminUiIndex, this.organization.getId(), user);
        removeAclFromIndex(((ManagedAcl) acl.get()).getName(), this.externalApiIndex, this.organization.getId(), user);
        return true;
    }

    private void updateAclInIndex(String str, String str2, AbstractSearchIndex abstractSearchIndex, String str3, User user) {
        logger.debug("Update the events to change the managed acl name from '{}' to '{}'.", str, str2);
        updateManagedAclForEvents(str, Optional.of(str2), abstractSearchIndex, str3, user);
        logger.debug("Update the series to change the managed acl name from '{}' to '{}'.", str, str2);
        updateManagedAclForSeries(str, Optional.of(str2), abstractSearchIndex, str3, user);
    }

    private void removeAclFromIndex(String str, AbstractSearchIndex abstractSearchIndex, String str2, User user) {
        logger.debug("Update the events to remove the managed acl name '{}'.", str);
        updateManagedAclForEvents(str, Optional.empty(), abstractSearchIndex, str2, user);
        logger.debug("Update the series to remove the managed acl name '{}'.", str);
        updateManagedAclForSeries(str, Optional.empty(), abstractSearchIndex, str2, user);
    }

    private void updateManagedAclForSeries(String str, Optional<String> optional, AbstractSearchIndex abstractSearchIndex, String str2, User user) {
        try {
            for (SearchResultItem searchResultItem : abstractSearchIndex.getByQuery(new SeriesSearchQuery(str2, user).withoutActions().withManagedAcl(str)).getItems()) {
                String identifier = ((Series) searchResultItem.getSource()).getIdentifier();
                try {
                    abstractSearchIndex.addOrUpdateSeries(identifier, optional2 -> {
                        if (!optional2.isPresent() || !((Series) optional2.get()).getManagedAcl().equals(str)) {
                            return Optional.empty();
                        }
                        Series series = (Series) optional2.get();
                        series.setManagedAcl((String) optional.orElse(null));
                        return Optional.of(series);
                    }, str2, user);
                } catch (SearchIndexException e) {
                    if (optional.isPresent()) {
                        logger.warn("Unable to update series'{}' from current managed acl '{}' to new managed acl name '{}'", new Object[]{identifier, str, optional.get(), e});
                    } else {
                        logger.warn("Unable to update series '{}' to remove managed acl '{}'", new Object[]{identifier, str, e});
                    }
                }
            }
        } catch (SearchIndexException e2) {
            logger.error("Unable to find the series in org '{}' with current managed acl name '{}'", new Object[]{str2, str, e2});
        }
    }

    private void updateManagedAclForEvents(String str, Optional<String> optional, AbstractSearchIndex abstractSearchIndex, String str2, User user) {
        try {
            for (SearchResultItem searchResultItem : abstractSearchIndex.getByQuery(new EventSearchQuery(str2, user).withoutActions().withManagedAcl(str)).getItems()) {
                String identifier = ((Event) searchResultItem.getSource()).getIdentifier();
                try {
                    abstractSearchIndex.addOrUpdateEvent(identifier, optional2 -> {
                        if (!optional2.isPresent() || !((Event) optional2.get()).getManagedAcl().equals(str)) {
                            return Optional.empty();
                        }
                        Event event = (Event) optional2.get();
                        event.setManagedAcl((String) optional.orElse(null));
                        return Optional.of(event);
                    }, str2, user);
                } catch (SearchIndexException e) {
                    if (optional.isPresent()) {
                        logger.warn("Unable to update event '{}' from current managed acl '{}' to new managed acl name '{}'", new Object[]{identifier, str, optional.get(), e});
                    } else {
                        logger.warn("Unable to update event '{}' to remove managed acl '{}'", new Object[]{identifier, str, e});
                    }
                }
            }
        } catch (SearchIndexException e2) {
            logger.error("Unable to find the events in org '{}' with current managed acl name '{}' for event", new Object[]{str2, str, e2});
        }
    }
}
