package org.pentaho.platform.repository2.unified.jcr;

import java.util.EnumSet;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.Callable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.repository2.unified.IAclNodeHelper;
import org.pentaho.platform.api.repository2.unified.IUnifiedRepository;
import org.pentaho.platform.api.repository2.unified.RepositoryFile;
import org.pentaho.platform.api.repository2.unified.RepositoryFileAce;
import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl;
import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;
import org.pentaho.platform.api.repository2.unified.RepositoryFileSid;
import org.pentaho.platform.api.repository2.unified.data.node.DataNode;
import org.pentaho.platform.api.repository2.unified.data.node.DataNodeRef;
import org.pentaho.platform.api.repository2.unified.data.node.NodeRepositoryFileData;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.pentaho.platform.repository.messages.Messages;
import org.pentaho.platform.security.policy.rolebased.actions.AdministerSecurityAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryCreateAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryReadAction;

/* loaded from: input_file:org/pentaho/platform/repository2/unified/jcr/JcrAclNodeHelper.class */
public class JcrAclNodeHelper implements IAclNodeHelper {
    private static final Log logger = LogFactory.getLog(JcrAclNodeHelper.class);
    private static final String IS_ACL_NODE = "IS_ACL_NODE";
    private static final String TARGET = "TARGET";
    private final IUnifiedRepository unifiedRepository;

    public JcrAclNodeHelper(IUnifiedRepository iUnifiedRepository) {
        this.unifiedRepository = iUnifiedRepository;
    }

    protected RepositoryFile getAclNode(final RepositoryFile repositoryFile) {
        try {
            return (RepositoryFile) SecurityHelper.getInstance().runAsSystem(new Callable<RepositoryFile>() { // from class: org.pentaho.platform.repository2.unified.jcr.JcrAclNodeHelper.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public RepositoryFile call() throws Exception {
                    List referrers = JcrAclNodeHelper.this.unifiedRepository.getReferrers(repositoryFile.getId());
                    int size = referrers.size();
                    while (true) {
                        int i = size;
                        size--;
                        if (i <= 0) {
                            return null;
                        }
                        RepositoryFile repositoryFile2 = (RepositoryFile) referrers.get(size);
                        NodeRepositoryFileData dataForRead = JcrAclNodeHelper.this.unifiedRepository.getDataForRead(repositoryFile2.getId(), NodeRepositoryFileData.class);
                        if (dataForRead != null && dataForRead.getNode().hasProperty(JcrAclNodeHelper.IS_ACL_NODE)) {
                            return repositoryFile2;
                        }
                    }
                }
            });
        } catch (Exception e) {
            logger.error("Error retrieving ACL Node", e);
            return null;
        }
    }

    public boolean canAccess(RepositoryFile repositoryFile, EnumSet<RepositoryFilePermission> enumSet) {
        if (repositoryFile == null) {
            return false;
        }
        RepositoryFile aclNode = getAclNode(repositoryFile);
        if (aclNode == null) {
            return true;
        }
        try {
            this.unifiedRepository.getFileById(aclNode.getId());
            return this.unifiedRepository.hasAccess(aclNode.getPath(), enumSet);
        } catch (Exception e) {
            if (!logger.isWarnEnabled()) {
                return false;
            }
            logger.warn("Error checking access for file", e);
            return false;
        }
    }

    public RepositoryFileAcl getAclFor(RepositoryFile repositoryFile) {
        RepositoryFile aclNode = getAclNode(repositoryFile);
        if (aclNode == null) {
            return null;
        }
        try {
            RepositoryFileAcl acl = this.unifiedRepository.getAcl(aclNode.getId());
            RepositoryFileAcl.Builder builder = new RepositoryFileAcl.Builder(acl.getId(), acl.getOwner().getName(), RepositoryFileSid.Type.ROLE);
            builder.aces(acl.getAces());
            if (canAdminister()) {
                builder.ace(new RepositoryFileAce(new RepositoryFileSid((String) PentahoSystem.get(String.class, "singleTenantAdminAuthorityName", PentahoSessionHolder.getSession()), RepositoryFileSid.Type.ROLE), RepositoryFilePermission.ALL, new RepositoryFilePermission[0]));
            }
            return builder.build();
        } catch (Exception e) {
            return null;
        }
    }

    public void setAclFor(final RepositoryFile repositoryFile, final RepositoryFileAcl repositoryFileAcl) {
        try {
            SecurityHelper.getInstance().runAsSystem(new Callable<Void>() { // from class: org.pentaho.platform.repository2.unified.jcr.JcrAclNodeHelper.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    RepositoryFile aclNode = JcrAclNodeHelper.this.getAclNode(repositoryFile);
                    if (repositoryFileAcl == null) {
                        if (aclNode == null) {
                            return null;
                        }
                        JcrAclNodeHelper.this.unifiedRepository.deleteFile(aclNode.getId(), true, Messages.getInstance().getString("AclNodeHelper.WARN_0001_REMOVE_ACL_NODE", new Object[]{aclNode.getPath()}));
                        return null;
                    }
                    if (aclNode == null) {
                        aclNode = JcrAclNodeHelper.this.createAclNode(repositoryFile);
                    }
                    JcrAclNodeHelper.this.unifiedRepository.updateAcl(new RepositoryFileAcl.Builder(JcrAclNodeHelper.this.unifiedRepository.getAcl(aclNode.getId())).aces(repositoryFileAcl.getAces()).build());
                    return null;
                }
            });
        } catch (Exception e) {
            logger.error("Error setting ACL on node: " + repositoryFile.getPath(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RepositoryFile createAclNode(RepositoryFile repositoryFile) {
        DataNode dataNode = new DataNode("acl node");
        dataNode.setProperty(TARGET, new DataNodeRef(repositoryFile.getId()));
        dataNode.setProperty(IS_ACL_NODE, true);
        return this.unifiedRepository.createFile(this.unifiedRepository.getFile("/").getId(), new RepositoryFile.Builder(UUID.randomUUID().toString()).aclNode(true).build(), new NodeRepositoryFileData(dataNode), "");
    }

    public void removeAclFor(RepositoryFile repositoryFile) {
        setAclFor(repositoryFile, null);
    }

    private boolean canAdminister() {
        IAuthorizationPolicy iAuthorizationPolicy = (IAuthorizationPolicy) PentahoSystem.get(IAuthorizationPolicy.class);
        return iAuthorizationPolicy.isAllowed(RepositoryReadAction.NAME) && iAuthorizationPolicy.isAllowed(RepositoryCreateAction.NAME) && iAuthorizationPolicy.isAllowed(AdministerSecurityAction.NAME);
    }
}
