package org.codehaus.plexus.redback.struts2.action.admin;

import com.opensymphony.xwork2.Action;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringEscapeUtils;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.struts2.action.AbstractUserCredentialsAction;
import org.codehaus.plexus.redback.struts2.action.AuditEvent;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;

@Scope("prototype")
@Controller("redback-role-edit")
/* loaded from: input_file:WEB-INF/lib/redback-struts2-integration-1.4.jar:org/codehaus/plexus/redback/struts2/action/admin/EditRoleAction.class */
public class EditRoleAction extends AbstractUserCredentialsAction {
    private String name;
    private String description;
    private String newDescription;
    private List<String> childRoleNames = new ArrayList();
    private List<String> parentRoleNames = new ArrayList();
    private List<Permission> permissions = new ArrayList();
    private List<User> users = new ArrayList();
    private List<User> parentUsers = new ArrayList();
    private List<User> allUsers = new ArrayList();
    private List<String> usersList = new ArrayList();
    private List<String> availableUsers = new ArrayList();
    private List<String> currentUsers = new ArrayList();

    @Override // com.opensymphony.xwork2.ActionSupport
    public String input() {
        List<UserAssignment> userAssignmentsForRoles;
        if (this.name == null) {
            addActionError(getText("cannot.edit.null.role"));
            return Action.ERROR;
        }
        if (StringUtils.isEmpty(this.name)) {
            addActionError(getText("cannot.edit.empty.role"));
            return Action.ERROR;
        }
        this.name = StringEscapeUtils.escapeXml(this.name);
        if (!getManager().roleExists(this.name)) {
            return Action.INPUT;
        }
        try {
            if (!isAuthorized()) {
                this.log.warn(getCurrentUser() + " isn't authorized to access to the role '" + this.name + "'");
                addActionError(getText("alert.message"));
                return Action.ERROR;
            }
            Role role = getManager().getRole(this.name);
            if (role == null) {
                addActionError(getText("cannot.operate.null.role"));
                return Action.ERROR;
            }
            this.description = role.getDescription();
            this.childRoleNames = role.getChildRoleNames();
            Map<String, Role> parentRoles = getManager().getParentRoles(role);
            Iterator<String> it = parentRoles.keySet().iterator();
            while (it.hasNext()) {
                this.parentRoleNames.add(it.next());
            }
            this.permissions = role.getPermissions();
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.name);
            List<UserAssignment> userAssignmentsForRoles2 = getManager().getUserAssignmentsForRoles(arrayList);
            this.users = new ArrayList();
            if (userAssignmentsForRoles2 != null) {
                for (UserAssignment userAssignment : userAssignmentsForRoles2) {
                    try {
                        this.users.add(getUserManager().findUser(userAssignment.getPrincipal()));
                    } catch (UserNotFoundException e) {
                        this.log.warn("User '" + userAssignment.getPrincipal() + "' doesn't exist.", (Throwable) e);
                    }
                }
            }
            this.parentUsers = new ArrayList();
            if (!parentRoles.isEmpty() && (userAssignmentsForRoles = getManager().getUserAssignmentsForRoles(parentRoles.keySet())) != null) {
                for (UserAssignment userAssignment2 : userAssignmentsForRoles) {
                    try {
                        this.parentUsers.add(getUserManager().findUser(userAssignment2.getPrincipal()));
                    } catch (UserNotFoundException e2) {
                        this.log.warn("User '" + userAssignment2.getPrincipal() + "' doesn't exist.", (Throwable) e2);
                    }
                }
            }
            return Action.INPUT;
        } catch (RbacManagerException e3) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(this.name);
            arrayList2.add(e3.getMessage());
            addActionError(getText("cannot.get.role", arrayList2));
            return Action.ERROR;
        }
    }

    private boolean isAuthorized() throws RbacManagerException {
        boolean z = false;
        Iterator<Role> it = getFilteredRolesForCurrentUserAccess().iterator();
        while (it.hasNext()) {
            if (it.next().getName().equalsIgnoreCase(this.name)) {
                z = true;
            }
        }
        return z;
    }

    public String edit() {
        String input = input();
        if (Action.ERROR.equals(input)) {
            return input;
        }
        this.newDescription = this.description;
        this.allUsers = getUserManager().getUsers();
        for (User user : this.users) {
            if (this.allUsers.contains(user)) {
                this.allUsers.remove(user);
            }
        }
        for (User user2 : this.parentUsers) {
            if (this.allUsers.contains(user2)) {
                this.allUsers.remove(user2);
            }
        }
        return input;
    }

    public String save() {
        String input = input();
        if (Action.ERROR.equals(input)) {
            return input;
        }
        if (this.name == null) {
            addActionError(getText("cannot.edit.null.role"));
            return Action.ERROR;
        }
        if (StringUtils.isEmpty(this.name)) {
            addActionError(getText("cannot.edit.empty.role"));
            return Action.ERROR;
        }
        try {
            Role role = getManager().roleExists(this.name) ? getManager().getRole(this.name) : getManager().createRole(this.name);
            role.setDescription(this.newDescription);
            getManager().saveRole(role);
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.name);
            String currentUser = getCurrentUser();
            AuditEvent auditEvent = new AuditEvent(getText("log.role.edit"));
            auditEvent.setRole(this.name);
            auditEvent.setCurrentUser(currentUser);
            auditEvent.log();
            addActionMessage(getText("save.role.success", arrayList));
            return Action.SUCCESS;
        } catch (RbacManagerException e) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(this.name);
            arrayList2.add(e.getMessage());
            addActionError(getText("cannot.get.role", arrayList2));
            return Action.ERROR;
        }
    }

    public String addUsers() {
        if (this.availableUsers == null || this.availableUsers.isEmpty()) {
            return Action.INPUT;
        }
        for (String str : this.availableUsers) {
            if (!getUserManager().userExists(str)) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str);
                addActionError(getText("user.does.not.exist", arrayList));
                return Action.ERROR;
            }
            try {
                UserAssignment userAssignment = getManager().userAssignmentExists(str) ? getManager().getUserAssignment(str) : getManager().createUserAssignment(str);
                userAssignment.addRoleName(this.name);
                getManager().saveUserAssignment(userAssignment);
                this.log.info("{} role assigned to {}", this.name, str);
            } catch (RbacManagerException e) {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(str);
                arrayList2.add(e.getMessage());
                addActionError(getText("cannot.assign.role", arrayList2));
                return Action.ERROR;
            }
        }
        edit();
        return Action.SUCCESS;
    }

    public String removeUsers() {
        if (this.currentUsers == null || this.currentUsers.isEmpty()) {
            return Action.INPUT;
        }
        for (String str : this.currentUsers) {
            if (!getUserManager().userExists(str)) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str);
                addActionError(getText("user.does.not.exist", arrayList));
                return Action.ERROR;
            }
            try {
                UserAssignment userAssignment = getManager().userAssignmentExists(str) ? getManager().getUserAssignment(str) : getManager().createUserAssignment(str);
                userAssignment.removeRoleName(this.name);
                getManager().saveUserAssignment(userAssignment);
                this.log.info("{} role unassigned to {}", this.name, str);
            } catch (RbacManagerException e) {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(str);
                arrayList2.add(e.getMessage());
                addActionError(getText("cannot.assign.role", arrayList2));
                return Action.ERROR;
            }
        }
        edit();
        return Action.SUCCESS;
    }

    private UserManager getUserManager() {
        return this.securitySystem.getUserManager();
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public List<String> getChildRoleNames() {
        return this.childRoleNames;
    }

    public void setChildRoleNames(List<String> list) {
        this.childRoleNames = list;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public String getNewDescription() {
        return this.newDescription;
    }

    public void setNewDescription(String str) {
        this.newDescription = str;
    }

    public List<Permission> getPermissions() {
        return this.permissions;
    }

    public void setPermissions(List<Permission> list) {
        this.permissions = list;
    }

    public List<User> getUsers() {
        return this.users;
    }

    public void setUsers(List<User> list) {
        this.users = list;
    }

    public List<User> getAllUsers() {
        return this.allUsers;
    }

    public void setAllUsers(List<User> list) {
        this.allUsers = list;
    }

    public List<String> getUsersList() {
        return this.usersList;
    }

    public void setUsersList(List<String> list) {
        this.usersList = list;
    }

    public List<String> getAvailableUsers() {
        return this.availableUsers;
    }

    public void setAvailableUsers(List<String> list) {
        this.availableUsers = list;
    }

    public List<String> getCurrentUsers() {
        return this.currentUsers;
    }

    public void setCurrentUsers(List<String> list) {
        this.currentUsers = list;
    }

    public List<String> getParentRoleNames() {
        return this.parentRoleNames;
    }

    public void setParentRoleNames(List<String> list) {
        this.parentRoleNames = list;
    }

    public List<User> getParentUsers() {
        return this.parentUsers;
    }

    public void setParentUsers(List<User> list) {
        this.parentUsers = list;
    }

    @Override // org.codehaus.plexus.redback.struts2.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        SecureActionBundle secureActionBundle = new SecureActionBundle();
        secureActionBundle.setRequiresAuthentication(true);
        secureActionBundle.addRequiredAuthorization("user-management-user-edit", "*");
        secureActionBundle.addRequiredAuthorization("user-management-rbac-admin", "*");
        secureActionBundle.addRequiredAuthorization("user-management-role-grant", "*");
        secureActionBundle.addRequiredAuthorization("user-management-role-drop", "*");
        secureActionBundle.addRequiredAuthorization("user-management-user-role", "*");
        return secureActionBundle;
    }
}
