package org.craftercms.social.services.impl;

import clover.retrotranslator.edu.emory.mathcs.backport.java.util.Arrays;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bson.types.ObjectId;
import org.craftercms.profile.impl.domain.Profile;
import org.craftercms.security.api.RequestContext;
import org.craftercms.security.api.UserProfile;
import org.craftercms.security.utils.spring.el.AccessRestrictionExpressionRoot;
import org.craftercms.social.domain.Action;
import org.craftercms.social.domain.UGC;
import org.craftercms.social.services.PermissionService;
import org.craftercms.social.services.TenantService;
import org.craftercms.social.services.UGCService;
import org.craftercms.social.util.UGCConstants;
import org.craftercms.social.util.action.ActionEnum;
import org.craftercms.social.util.support.CrafterProfileService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/craftercms/social/services/impl/UgcSecurityExpressionRoot.class */
public class UgcSecurityExpressionRoot extends AccessRestrictionExpressionRoot {
    private static final String ADMIN = "ADMIN";
    private static final String AUDITOR = "AUDITOR";
    private final Logger log;
    private PermissionService permissionService;
    private UGCService ugcService;
    private TenantService tenantService;
    private static final String APPLICATION_JSON = "application/json";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String UPDATE_URI = "update";

    @Autowired
    private CrafterProfileService crafterProfileService;

    public UgcSecurityExpressionRoot(UserProfile userProfile) {
        super(userProfile);
        this.log = LoggerFactory.getLogger(UgcSecurityExpressionRoot.class);
    }

    public boolean hasCreatePermission() {
        UGC ugc;
        String[] strArr = (String[]) RequestContext.getCurrent().getRequest().getParameterMap().get(UGCConstants.PARENT_ID);
        if (strArr == null || strArr.length == 0) {
            List<String> rootCreateRoles = this.tenantService.getRootCreateRoles(getTenantName());
            ArrayList arrayList = new ArrayList();
            arrayList.add(new Action(ActionEnum.CREATE.toString(), rootCreateRoles));
            ugc = new UGC();
            ugc.setActions(arrayList);
        } else {
            ugc = this.ugcService.findById(new ObjectId(strArr[0]));
        }
        try {
            if (this.permissionService.allowed(ActionEnum.CREATE, ugc, getProfileId())) {
                return true;
            }
            this.log.error("Create UGC permission not granted", ugc);
            return false;
        } catch (Exception e) {
            this.log.error("Error when was checking for permissions: " + e.getMessage(), ugc);
            return false;
        }
    }

    public boolean hasUpdatePermission() {
        String parameter = RequestContext.getCurrent().getRequest().getParameter("ugcId");
        if (parameter == null || parameter.isEmpty()) {
            parameter = getUgcIdFromUpdateUri();
            if (parameter == null || parameter.isEmpty()) {
                this.log.error("Parameter ugcId is mandory and has to have a valid value", parameter);
                return false;
            }
        }
        try {
            if (this.permissionService.allowed(ActionEnum.UPDATE, new ObjectId(parameter), getProfileId())) {
                return true;
            }
            this.log.error("UPDATE UGC permission not granted", parameter);
            return false;
        } catch (Exception e) {
            this.log.error("Error when was checking for permissions: " + e.getMessage(), parameter);
            return false;
        }
    }

    public boolean hasModeratorPermission() {
        if (RequestContext.getCurrent().getRequest().getMethod().toLowerCase().equals("get")) {
            return true;
        }
        if (isUpdateStatusList()) {
            return hasModeratorPermissionUpdateStatusList();
        }
        String ugcIdFromModerationUri = getUgcIdFromModerationUri();
        if (ugcIdFromModerationUri == null || ugcIdFromModerationUri.length() == 0) {
            return true;
        }
        try {
            if (this.permissionService.allowed(ActionEnum.MODERATE, new ObjectId(ugcIdFromModerationUri), getProfileId())) {
                return true;
            }
            this.log.error("MODERATOR permission not granted", ugcIdFromModerationUri);
            return false;
        } catch (Exception e) {
            this.log.error("Error when was checking for permissions: " + e.getMessage(), ugcIdFromModerationUri);
            return false;
        }
    }

    private boolean hasModeratorPermissionUpdateStatusList() {
        for (String str : getUgcIdFromParamList("ids")) {
            if (str == null || str.length() == 0) {
                return false;
            }
            try {
                if (!this.permissionService.allowed(ActionEnum.MODERATE, new ObjectId(str), getProfileId())) {
                    this.log.error("MODERATOR permission not granted", str);
                    return false;
                }
            } catch (Exception e) {
                this.log.error("Error when was checking for permissions: " + e.getMessage(), str);
                return false;
            }
        }
        return true;
    }

    public boolean hasDeletePermissions() {
        String ugcIdFromDeleteUri = getUgcIdFromDeleteUri();
        String profileId = getProfileId();
        return (ugcIdFromDeleteUri == null || ugcIdFromDeleteUri.length() <= 0) ? hasDeletePermissions(getUgcIdFromParamList("ugcIds"), profileId) : hasDeletePermissions(new ObjectId(ugcIdFromDeleteUri), profileId);
    }

    private boolean hasDeletePermissions(ObjectId objectId, String str) {
        if (!this.permissionService.allowed(ActionEnum.DELETE, objectId, str)) {
            this.log.error("Delete permission not granted", objectId);
            return false;
        }
        boolean z = true;
        Iterator<UGC> it = this.ugcService.findByParentId(objectId).iterator();
        while (it.hasNext()) {
            z = hasDeletePermissions(it.next().getId(), str);
            if (!z) {
                break;
            }
        }
        return z;
    }

    private boolean hasDeletePermissions(List<String> list, String str) {
        if (list == null || list.size() == 0) {
            return false;
        }
        boolean z = true;
        for (String str2 : list) {
            if (str2 == null || str2.length() == 0) {
                z = false;
                break;
            }
            try {
                z = hasDeletePermissions(new ObjectId(str2), str);
            } catch (Exception e) {
                this.log.error("Error when was checking for Delete permissions: " + e.getMessage(), str2);
                z = false;
            }
            if (!z) {
                break;
            }
        }
        return z;
    }

    private List<String> getUgcIdFromParamList(String str) {
        String[] strArr = (String[]) RequestContext.getCurrent().getRequest().getParameterMap().get(str);
        return strArr == null ? new ArrayList() : Arrays.asList(strArr);
    }

    private boolean isUpdateStatusList() {
        boolean z = false;
        String middleModerationUri = getMiddleModerationUri();
        if (middleModerationUri != null && middleModerationUri.equalsIgnoreCase(UPDATE_URI)) {
            z = true;
        }
        return z;
    }

    public boolean hasActOnPermission() {
        String ugcIdFromActOnUri = getUgcIdFromActOnUri();
        if (ugcIdFromActOnUri == null || ugcIdFromActOnUri.length() == 0) {
            return true;
        }
        try {
            if (this.permissionService.allowed(ActionEnum.ACT_ON, new ObjectId(ugcIdFromActOnUri), getProfileId())) {
                return true;
            }
            this.log.error("ACT_ON permission not granted", ugcIdFromActOnUri);
            return false;
        } catch (Exception e) {
            this.log.error("Error when was checking for permissions: " + e.getMessage(), ugcIdFromActOnUri);
            return false;
        }
    }

    public boolean hasAdminRole() {
        List roles;
        boolean z = false;
        String profileId = getProfileId();
        try {
            Profile profile = this.crafterProfileService.getProfile(profileId);
            if (profile == null || (roles = profile.getRoles()) == null) {
                return false;
            }
            Iterator it = roles.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (((String) it.next()).toUpperCase().endsWith(ADMIN)) {
                    z = true;
                    break;
                }
            }
            return z;
        } catch (Exception e) {
            this.log.error("Error when was getting profile: " + e.getMessage(), profileId);
            return false;
        }
    }

    public boolean hasAuditorRole() {
        List roles;
        boolean z = false;
        String profileId = getProfileId();
        try {
            Profile profile = this.crafterProfileService.getProfile(profileId);
            if (profile == null || (roles = profile.getRoles()) == null) {
                return false;
            }
            Iterator it = roles.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (((String) it.next()).toUpperCase().endsWith(AUDITOR)) {
                    z = true;
                    break;
                }
            }
            return z;
        } catch (Exception e) {
            this.log.error("Error when was getting profile: " + e.getMessage(), profileId);
            return false;
        }
    }

    private String getProfileId() {
        return RequestContext.getCurrent().getAuthenticationToken().getProfile().getId();
    }

    public PermissionService getPermissionService() {
        return this.permissionService;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public UGCService getUgcService() {
        return this.ugcService;
    }

    public void setUgcService(UGCService uGCService) {
        this.ugcService = uGCService;
    }

    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    private String getUgcIdFromUpdateUri() {
        String replaceAll = RequestContext.getCurrent().getRequest().getRequestURI().replaceAll(".*api/2/ugc/([^\\/\\.]*).*", "$1");
        if (replaceAll.equals(RequestContext.getCurrent().getRequest().getRequestURI())) {
            return null;
        }
        return replaceAll;
    }

    private String getUgcIdFromActOnUri() {
        String replaceAll = RequestContext.getCurrent().getRequest().getRequestURI().replaceAll(".*api/2/ugc/[^\\/]*/([^\\/\\.]*).*", "$1");
        if (replaceAll.equals(RequestContext.getCurrent().getRequest().getRequestURI())) {
            return null;
        }
        return replaceAll;
    }

    private String getUgcIdFromDeleteUri() {
        String replaceAll = RequestContext.getCurrent().getRequest().getRequestURI().replaceAll(".*api/2/ugc/[^\\/]*/([^\\/\\.]*).*", "$1");
        if (replaceAll.equals(RequestContext.getCurrent().getRequest().getRequestURI())) {
            return null;
        }
        return replaceAll;
    }

    private String getUgcIdFromModerationUri() {
        String substring = RequestContext.getCurrent().getRequest().getRequestURI().substring(RequestContext.getCurrent().getRequest().getRequestURI().indexOf("moderation/") + "moderation/".length());
        if (substring.contains("/status")) {
            return substring.substring(0, substring.indexOf("/status"));
        }
        return null;
    }

    private String getMiddleModerationUri() {
        String substring = RequestContext.getCurrent().getRequest().getRequestURI().substring(RequestContext.getCurrent().getRequest().getRequestURI().indexOf("moderation/") + "moderation/".length());
        if (substring.contains("/status")) {
            return substring.substring(0, substring.indexOf("/status"));
        }
        return null;
    }

    public void setCrafterProfileService(CrafterProfileService crafterProfileService) {
        this.crafterProfileService = crafterProfileService;
    }

    private String getTenantName() {
        String[] strArr = (String[]) RequestContext.getCurrent().getRequest().getParameterMap().get(UGCConstants.TENANT);
        String str = null;
        if (strArr != null && strArr.length > 0) {
            str = strArr[0];
        }
        return str;
    }
}
