package org.unitedinternet.cosmo.security.aop;

import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.unitedinternet.cosmo.aop.OrderedAdvice;
import org.unitedinternet.cosmo.dao.ContentDao;
import org.unitedinternet.cosmo.dao.UserDao;
import org.unitedinternet.cosmo.model.CollectionItem;
import org.unitedinternet.cosmo.model.ContentItem;
import org.unitedinternet.cosmo.model.Item;
import org.unitedinternet.cosmo.model.NoteItem;
import org.unitedinternet.cosmo.model.Ticket;
import org.unitedinternet.cosmo.model.User;
import org.unitedinternet.cosmo.model.filter.ItemFilter;
import org.unitedinternet.cosmo.security.CosmoSecurityContext;
import org.unitedinternet.cosmo.security.CosmoSecurityException;
import org.unitedinternet.cosmo.security.CosmoSecurityManager;
import org.unitedinternet.cosmo.security.ItemSecurityException;
import org.unitedinternet.cosmo.security.Permission;
import org.unitedinternet.cosmo.security.util.SecurityHelper;
import org.unitedinternet.cosmo.service.triage.TriageStatusQueryContext;

@Aspect
/* loaded from: input_file:org/unitedinternet/cosmo/security/aop/SecurityAdvice.class */
public class SecurityAdvice extends OrderedAdvice {
    private boolean enabled = true;
    private CosmoSecurityManager securityManager = null;
    private ContentDao contentDao = null;
    private UserDao userDao = null;
    private SecurityHelper securityHelper = null;
    private static final Log LOG = LogFactory.getLog(SecurityAdvice.class);

    public void init() {
        if (this.contentDao == null) {
            throw new IllegalStateException("contentDao must not be null");
        }
        if (this.userDao == null) {
            throw new IllegalStateException("userDao must not be null");
        }
        this.securityHelper = new SecurityHelper(this.contentDao, this.userDao);
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.getRootItem(..)) &&args(user)")
    public Object checkGetRootItem(ProceedingJoinPoint proceedingJoinPoint, User user) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkGetRootItem(user)");
        }
        if (this.enabled && !this.securityHelper.hasUserAccess(this.securityManager.getSecurityContext(), user)) {
            throw new CosmoSecurityException("principal does not have access to user " + user.getUid());
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findItemByUid(..)) &&args(uid)")
    public Object checkFindItemByUid(ProceedingJoinPoint proceedingJoinPoint, String str) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindItemByUid(uid)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        Item item = (Item) proceedingJoinPoint.proceed();
        if (item != null && !this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, 100);
        }
        return item;
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findItemByPath(..)) &&args(path)")
    public Object checkFindItemByPath(ProceedingJoinPoint proceedingJoinPoint, String str) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindItemByPath(path)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        Item item = (Item) proceedingJoinPoint.proceed();
        if (item != null && !this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, 100);
        }
        return item;
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findItemByPath(..)) &&args(path, parentUid)")
    public Object checkFindItemByPathAndParent(ProceedingJoinPoint proceedingJoinPoint, String str, String str2) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindItemByPathAndParent(path,parentUid)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        Item item = (Item) proceedingJoinPoint.proceed();
        if (item != null && !this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, 100);
        }
        return item;
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findItemParentByPath(..)) &&args(path)")
    public Object checkFindItemParentByPath(ProceedingJoinPoint proceedingJoinPoint, String str) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindItemParentByPath(path)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        Item item = (Item) proceedingJoinPoint.proceed();
        if (item != null && !this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, 100);
        }
        return item;
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.addItemToCollection(..)) &&args(item, collection)")
    public Object checkAddItemToCollection(ProceedingJoinPoint proceedingJoinPoint, Item item, CollectionItem collectionItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkAddItemToCollection(item, collection)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeItem(..)) &&args(item)")
    public Object checkRemoveItem(ProceedingJoinPoint proceedingJoinPoint, Item item) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveItem(item)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeItemFromCollection(..)) &&args(item, collection)")
    public Object checkRemoveItemFromCollection(ProceedingJoinPoint proceedingJoinPoint, Item item, CollectionItem collectionItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveItemFromCollection(item, collection)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.loadChildren(..)) &&args(collection, date)")
    public Object checkLoadChildren(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, Date date) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkLoadChildren(collection, date)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, 100);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.createCollection(..)) &&args(parent, collection)")
    public Object checkCreateCollection(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, CollectionItem collectionItem2) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCreateCollection(parent, collection)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.createCollection(..)) &&args(parent, collection, children)")
    public Object checkCreateCollection(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, CollectionItem collectionItem2, Set<Item> set) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCreateCollection(parent, collection, children)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        for (Item item : set) {
            if (item.getCreationDate() != null && !this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
                throwItemSecurityException(item, Permission.WRITE);
            }
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.updateCollection(..)) &&args(collection, children)")
    public Object checkUpdateCollection(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, Set<Item> set) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkUpdateCollection(collection, children)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        for (Item item : set) {
            if (item.getCreationDate() != null && !this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
                throwItemSecurityException(item, Permission.WRITE);
            }
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeCollection(..)) &&args(collection)")
    public Object checkRemoveCollection(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveCollection(collection)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.updateCollection(..)) &&args(collection)")
    public Object checkUpdateCollection(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkUpdateCollection(collection)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.copyItem(..)) &&args(item, targetParent, path, deepCopy)")
    public Object checkCopyItem(ProceedingJoinPoint proceedingJoinPoint, Item item, CollectionItem collectionItem, String str, boolean z) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCopyItem(item, targetParent, path, deepCopy)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.moveItem(..)) &&args(item, oldParent, newParent)")
    public Object checkMoveItem(ProceedingJoinPoint proceedingJoinPoint, Item item, CollectionItem collectionItem, CollectionItem collectionItem2) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkMoveItem(item, oldParent, newParent)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), item)) {
            throwItemSecurityException(item, Permission.WRITE);
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem2)) {
            throwItemSecurityException(collectionItem2, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.createContent(..)) &&args(parent, content)")
    public Object checkCreateContent(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, ContentItem contentItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCreateContent(parent, content)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.createContentItems(..)) &&args(parent, contentItems)")
    public Object checkCreateContentItems(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, Set<ContentItem> set) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCreateContent(parent, contentItems)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.updateContent(..)) &&args(content)")
    public Object checkUpdateContent(ProceedingJoinPoint proceedingJoinPoint, ContentItem contentItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkUpdateContent(content)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) contentItem)) {
            throwItemSecurityException(contentItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.updateContentItems(..)) &&args(parents, contentItems)")
    public Object checkUpdateContentItems(ProceedingJoinPoint proceedingJoinPoint, Set<CollectionItem> set, Set<ContentItem> set2) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkUpdateContentItems(parents, contentItems)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        CosmoSecurityContext securityContext = this.securityManager.getSecurityContext();
        Iterator<ContentItem> it = set2.iterator();
        while (it.hasNext()) {
            NoteItem noteItem = (ContentItem) it.next();
            if (noteItem.getCreationDate() != null) {
                if (!this.securityHelper.hasWriteAccess(securityContext, (Item) noteItem)) {
                    throwItemSecurityException(noteItem, Permission.WRITE);
                }
            } else if (isNoteMod(noteItem)) {
                Item modifies = noteItem.getModifies();
                if (!set2.contains(modifies) && !this.securityHelper.hasWriteAccess(securityContext, modifies)) {
                    throwItemSecurityException(modifies, Permission.WRITE);
                }
            } else {
                Iterator<CollectionItem> it2 = set.iterator();
                while (it2.hasNext()) {
                    Item item = (CollectionItem) it2.next();
                    if (!this.securityHelper.hasWriteAccess(securityContext, item)) {
                        throwItemSecurityException(item, Permission.WRITE);
                    }
                }
            }
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeContent(..)) &&args(content)")
    public Object checkRemoveContent(ProceedingJoinPoint proceedingJoinPoint, ContentItem contentItem) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveContent(content)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasWriteAccess(this.securityManager.getSecurityContext(), (Item) contentItem)) {
            throwItemSecurityException(contentItem, Permission.WRITE);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findItems(..)) &&args(filter)")
    public Object checkFindItems(ProceedingJoinPoint proceedingJoinPoint, ItemFilter itemFilter) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindItems(filter)");
        }
        if (this.enabled && !this.securityHelper.hasAccessToFilter(this.securityManager.getSecurityContext(), itemFilter)) {
            throw new CosmoSecurityException("principal does not have access to use filter " + itemFilter.toString());
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findNotesByTriageStatus(..)) &&args(collection, context)")
    public Object checkFindNotesByTriageStatus(ProceedingJoinPoint proceedingJoinPoint, CollectionItem collectionItem, TriageStatusQueryContext triageStatusQueryContext) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindNotesByTriageStatus(collection, context)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), (Item) collectionItem)) {
            throwItemSecurityException(collectionItem, 100);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.findNotesByTriageStatus(..)) &&args(note, context)")
    public Object checkFindNotesByTriageStatus(ProceedingJoinPoint proceedingJoinPoint, NoteItem noteItem, TriageStatusQueryContext triageStatusQueryContext) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkFindNotesByTriageStatus(note, context)");
        }
        if (!this.enabled) {
            return proceedingJoinPoint.proceed();
        }
        if (!this.securityHelper.hasReadAccess(this.securityManager.getSecurityContext(), (Item) noteItem)) {
            throwItemSecurityException(noteItem, 100);
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.createTicket(..)) &&args(item, ticket)")
    public Object checkCreatTicket(ProceedingJoinPoint proceedingJoinPoint, Item item, Ticket ticket) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkCreatTicket(item, ticket)");
        }
        if (this.enabled && !this.securityHelper.hasWriteTicketAccess(this.securityManager.getSecurityContext(), item)) {
            throw new CosmoSecurityException("principal does not have access to add tickets to item " + item.getUid());
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeTicket(..)) &&args(item, ticket)")
    public Object checkRemoveTicket(ProceedingJoinPoint proceedingJoinPoint, Item item, Ticket ticket) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveTicket(item, ticket)");
        }
        if (this.enabled && !this.securityHelper.hasWriteTicketAccess(this.securityManager.getSecurityContext(), item)) {
            throw new CosmoSecurityException("principal does not have access to remove tickets from item " + item.getUid());
        }
        return proceedingJoinPoint.proceed();
    }

    @Around("execution(* org.unitedinternet.cosmo.service.ContentService.removeTicket(..)) &&args(item, key)")
    public Object checkRemoveTicketKey(ProceedingJoinPoint proceedingJoinPoint, Item item, String str) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("in checkRemoveTicketKey(item, key)");
        }
        if (this.enabled && !this.securityHelper.hasWriteTicketAccess(this.securityManager.getSecurityContext(), item)) {
            throw new CosmoSecurityException("principal does not have access to remove tickets from item " + item.getUid());
        }
        return proceedingJoinPoint.proceed();
    }

    public CosmoSecurityManager getSecurityManager() {
        return this.securityManager;
    }

    public void setContentDao(ContentDao contentDao) {
        this.contentDao = contentDao;
    }

    public void setSecurityManager(CosmoSecurityManager cosmoSecurityManager) {
        this.securityManager = cosmoSecurityManager;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    private boolean isNoteMod(Item item) {
        return (item instanceof NoteItem) && ((NoteItem) item).getModifies() != null;
    }

    private void throwItemSecurityException(Item item, int i) {
        throw new ItemSecurityException(item, "principal does not have access to item " + item.getUid(), i);
    }

    public void setUserDao(UserDao userDao) {
        this.userDao = userDao;
    }
}
