package org.pentaho.platform.repository2.unified.jcr;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.repository2.unified.RepositoryFile;
import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl;
import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;
import org.pentaho.platform.api.repository2.unified.RepositoryFileSid;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;

/* loaded from: input_file:org/pentaho/platform/repository2/unified/jcr/SharedObjectsDefaultAclHandler.class */
public class SharedObjectsDefaultAclHandler extends InheritDefaultAclHandler {
    String authenticatedRoleName;
    List<String> sharedObjectPaths;

    public SharedObjectsDefaultAclHandler() {
        this.authenticatedRoleName = "Authenticated";
        this.sharedObjectPaths = new ArrayList();
        this.sharedObjectPaths.add("{0}/etc/pdi/databases");
    }

    public SharedObjectsDefaultAclHandler(String str, List<String> list) {
        this.authenticatedRoleName = "Authenticated";
        this.authenticatedRoleName = str;
        this.sharedObjectPaths = list;
    }

    protected boolean applyAuthRule(RepositoryFile repositoryFile) {
        ITenant tenant = JcrTenantUtils.getTenant();
        Iterator<String> it = this.sharedObjectPaths.iterator();
        while (it.hasNext()) {
            String format = MessageFormat.format(it.next(), tenant.getRootFolderAbsolutePath());
            if (repositoryFile.getPath() != null && repositoryFile.getPath().startsWith(format)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.pentaho.platform.repository2.unified.jcr.InheritDefaultAclHandler
    public RepositoryFileAcl createDefaultAcl(RepositoryFile repositoryFile) {
        if (!applyAuthRule(repositoryFile)) {
            return super.createDefaultAcl(repositoryFile);
        }
        if (this.authenticatedRoleName == null || this.authenticatedRoleName.trim().length() == 0) {
            return new RepositoryFileAcl.Builder(PentahoSessionHolder.getSession().getName()).entriesInheriting(false).build();
        }
        return new RepositoryFileAcl.Builder(PentahoSessionHolder.getSession().getName()).entriesInheriting(false).ace(new RepositoryFileSid(this.authenticatedRoleName, RepositoryFileSid.Type.ROLE), EnumSet.of(RepositoryFilePermission.ALL)).build();
    }
}
