package org.pentaho.platform.engine.security.acls;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.dom4j.Element;
import org.dom4j.Node;
import org.pentaho.platform.api.engine.IAclPublisher;
import org.pentaho.platform.api.engine.IAclSolutionFile;
import org.pentaho.platform.api.engine.IPermissionMask;
import org.pentaho.platform.api.engine.IPermissionRecipient;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.security.SimplePermissionMask;
import org.pentaho.platform.engine.security.SimpleRole;
import org.pentaho.platform.engine.security.SimpleUser;
import org.pentaho.platform.engine.security.SpringSecurityPermissionMgr;
import org.pentaho.platform.engine.security.messages.Messages;
import org.pentaho.platform.util.xml.dom4j.XmlDom4JHelper;

/* loaded from: input_file:org/pentaho/platform/engine/security/acls/AclPublisher.class */
public class AclPublisher implements IAclPublisher {
    private static final String NOTHING = "NOTHING";
    private static final String ADMINISTRATION = "ADMINISTRATION";
    private static final String EXECUTE = "EXECUTE";
    private static final String EXECUTE_ADMINISTRATION = "EXECUTE_ADMINISTRATION";
    private static final String SUBSCRIBE = "SUBSCRIBE";
    private static final String CREATE = "CREATE";
    private static final String UPDATE = "UPDATE";
    private static final String DELETE = "DELETE";
    private static final String SUBSCRIBE_ADMINISTRATION = "SUBSCRIBE_ADMINISTRATION";
    private static final String EXECUTE_SUBSCRIBE = "EXECUTE_SUBSCRIBE";

    @Deprecated
    private static final String ADMIN_ALL = "ADMIN_ALL";
    private static final String FULL_CONTROL = "FULL_CONTROL";
    private Map<IPermissionRecipient, IPermissionMask> defaultAcls;

    public AclPublisher(Map<IPermissionRecipient, IPermissionMask> map) {
        this.defaultAcls = Collections.EMPTY_MAP;
        this.defaultAcls = new LinkedHashMap(map);
    }

    public AclPublisher() {
        this.defaultAcls = Collections.EMPTY_MAP;
        this.defaultAcls = aclFromNodeList(PentahoSystem.getSystemSettings().getSystemSettings("default-acls/*"));
    }

    private Map<IPermissionRecipient, IPermissionMask> aclFromNodeList(List list) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (int i = 0; i < list.size(); i++) {
            Element element = (Element) list.get(i);
            String nodeText = XmlDom4JHelper.getNodeText("@role", (Node) element, (String) null);
            String nodeText2 = XmlDom4JHelper.getNodeText("@user", (Node) element, (String) null);
            String nodeText3 = XmlDom4JHelper.getNodeText("@acl", (Node) element, (String) null);
            if (nodeText == null && nodeText2 == null) {
                throw new IllegalArgumentException(Messages.getInstance().getErrorString("AclPublisher.ERROR_0001_DEFAULT_ACL_REQUIRES_USER_OR_ROLE"));
            }
            if (nodeText != null && nodeText2 != null) {
                throw new IllegalArgumentException(Messages.getInstance().getErrorString("AclPublisher.ERROR_0002_DEFAULT_ACL_HAS_BOTH"));
            }
            int i2 = -1;
            if (nodeText3 != null) {
                if (NOTHING.equalsIgnoreCase(nodeText3)) {
                    i2 = 0;
                } else if (EXECUTE.equalsIgnoreCase(nodeText3)) {
                    i2 = 1;
                } else if (SUBSCRIBE.equalsIgnoreCase(nodeText3)) {
                    i2 = 2;
                } else if (EXECUTE_SUBSCRIBE.equalsIgnoreCase(nodeText3)) {
                    i2 = 3;
                } else if (CREATE.equalsIgnoreCase(nodeText3)) {
                    i2 = 4;
                } else if (UPDATE.equalsIgnoreCase(nodeText3)) {
                    i2 = 8;
                } else if (DELETE.equalsIgnoreCase(nodeText3)) {
                    i2 = 16;
                } else if (ADMINISTRATION.equalsIgnoreCase(nodeText3)) {
                    i2 = 60;
                } else if (EXECUTE_ADMINISTRATION.equalsIgnoreCase(nodeText3)) {
                    i2 = 61;
                } else if (SUBSCRIBE_ADMINISTRATION.equalsIgnoreCase(nodeText3)) {
                    i2 = 62;
                } else if (ADMIN_ALL.equalsIgnoreCase(nodeText3)) {
                    i2 = 31;
                } else if (FULL_CONTROL.equalsIgnoreCase(nodeText3)) {
                    i2 = -1;
                } else {
                    try {
                        i2 = Integer.parseInt(nodeText3);
                    } catch (Exception e) {
                    }
                }
            }
            if (nodeText2 != null) {
                linkedHashMap.put(new SimpleUser(nodeText2), new SimplePermissionMask(i2));
            } else {
                linkedHashMap.put(new SimpleRole(nodeText), new SimplePermissionMask(i2));
            }
        }
        return linkedHashMap;
    }

    public void publishDefaultAcls(IAclSolutionFile iAclSolutionFile) {
        publishDefaultFolderAcls(iAclSolutionFile);
        publishOverrideAcls(iAclSolutionFile);
    }

    private void publishDefaultFolderAcls(IAclSolutionFile iAclSolutionFile) {
        if (iAclSolutionFile == null || !iAclSolutionFile.isDirectory()) {
            return;
        }
        if (iAclSolutionFile.getAccessControls().size() == 0) {
            SpringSecurityPermissionMgr.instance().setPermissions(this.defaultAcls, iAclSolutionFile);
        }
        Set<IAclSolutionFile> childrenFiles = iAclSolutionFile.getChildrenFiles();
        if (childrenFiles != null) {
            for (IAclSolutionFile iAclSolutionFile2 : childrenFiles) {
                if (iAclSolutionFile2.isDirectory()) {
                    publishDefaultFolderAcls(iAclSolutionFile2);
                }
            }
        }
    }

    private void publishOverrideAcls(IAclSolutionFile iAclSolutionFile) {
        Map<IPermissionRecipient, IPermissionMask> overrideAclList = getOverrideAclList(iAclSolutionFile.getFullPath());
        if (overrideAclList.size() > 0) {
            Map<IPermissionRecipient, IPermissionMask> permissions = SpringSecurityPermissionMgr.instance().getPermissions(iAclSolutionFile);
            if (permissions.size() == 0 || (permissions.size() == this.defaultAcls.size() && permissions.entrySet().containsAll(this.defaultAcls.entrySet()))) {
                SpringSecurityPermissionMgr.instance().setPermissions(overrideAclList, iAclSolutionFile);
            }
        }
        if (iAclSolutionFile.isDirectory()) {
            Iterator it = iAclSolutionFile.getChildrenFiles().iterator();
            while (it.hasNext()) {
                publishOverrideAcls((IAclSolutionFile) it.next());
            }
        }
    }

    private Map<IPermissionRecipient, IPermissionMask> getOverrideAclList(String str) {
        return aclFromNodeList(PentahoSystem.getSystemSettings().getSystemSettings("overrides/file[@path=\"" + str + "\"]/*"));
    }

    public Map<IPermissionRecipient, IPermissionMask> getDefaultAclList() {
        return Collections.unmodifiableMap(this.defaultAcls);
    }
}
