package org.genesys.blocks.security.service.impl;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.persistence.EntityManager;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.security.model.AclClass;
import org.genesys.blocks.security.model.AclEntry;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.persistence.AclClassPersistence;
import org.genesys.blocks.security.persistence.AclEntryPersistence;
import org.genesys.blocks.security.persistence.AclObjectIdentityPersistence;
import org.genesys.blocks.security.persistence.AclSidPersistence;
import org.genesys.blocks.security.serialization.Permissions;
import org.genesys.blocks.security.serialization.SidPermissions;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.util.ClassAclOid;
import org.hibernate.proxy.HibernateProxyHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:org/genesys/blocks/security/service/impl/CustomAclServiceImpl.class */
public class CustomAclServiceImpl implements CustomAclService {
    private static final Logger log;
    public static final String CACHE_SID_NAMES = "aclSidNames";
    private static Permission[] basePermissions;

    @Autowired
    private AclObjectIdentityPersistence aclObjectIdentityPersistence;

    @Autowired
    private AclClassPersistence aclClassPersistence;

    @Autowired
    private AclEntryPersistence aclEntryPersistence;

    @Autowired(required = false)
    private CacheManager cacheManager;

    @Autowired
    private AclSidPersistence aclSidPersistence;

    @Autowired
    private EntityManager entityManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public AclSid getSid(Long l) {
        return (AclSid) this.aclSidPersistence.findById(l).orElse(null);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService, org.genesys.blocks.util.JsonSidConverter.SidProvider
    @Transactional(readOnly = true)
    @Cacheable(cacheNames = {CACHE_SID_NAMES}, key = "#id", unless = "#result == null")
    public String getSidName(long j) {
        AclSid aclSid = (AclSid) this.aclSidPersistence.findById(Long.valueOf(j)).orElse(null);
        if (aclSid == null) {
            return null;
        }
        return aclSid.getSid();
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true, propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_UNCOMMITTED)
    @Cacheable(cacheNames = {CACHE_SID_NAMES}, key = "#sid", unless = "#result == null")
    public Long getSidId(String str) {
        return this.aclSidPersistence.getSidId(str);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    public AclSid getAuthoritySid(String str) {
        return this.aclSidPersistence.findBySidAndPrincipal(str, false);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public AclSid ensureAuthoritySid(String str) {
        return ensureSidForAuthority(str);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public AclSid removeAuthoritySid(String str) {
        AclSid findBySidAndPrincipal = this.aclSidPersistence.findBySidAndPrincipal(str, false);
        if (findBySidAndPrincipal == null) {
            log.warn("ACL SID for authority {} does not exist", str);
            return null;
        }
        removePermissionsFor(findBySidAndPrincipal);
        this.aclSidPersistence.delete(findBySidAndPrincipal);
        return findBySidAndPrincipal;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public AclObjectIdentity createOrUpdatePermissions(AclAwareModel aclAwareModel, AclSid aclSid) {
        AclObjectIdentity aclObjectIdentity;
        if (aclAwareModel == null || (aclAwareModel.getId().longValue() <= 0 && !(aclAwareModel instanceof ClassAclOid))) {
            log.warn("No target specified for ACL permissions, bailing out!");
            return null;
        }
        String name = aclAwareModel.getClass().getName();
        if (aclAwareModel instanceof ClassAclOid) {
            name = ((ClassAclOid) aclAwareModel).getClassName();
        }
        AclClass ensureAclClass = ensureAclClass(name);
        AclObjectIdentity findByObjectIdAndClassname = this.aclObjectIdentityPersistence.findByObjectIdAndClassname(aclAwareModel.getId().longValue(), ensureAclClass.getAclClass());
        if (findByObjectIdAndClassname == null) {
            AclObjectIdentity aclObjectIdentity2 = new AclObjectIdentity();
            if (aclSid == null) {
                log.warn("No SID in security context, not assigning creator permissions");
            } else if (aclSid.isNew()) {
                log.warn("Owner SID not persisted, not assigning creator permissions");
            } else {
                aclObjectIdentity2.setOwnerSid(aclSid);
            }
            log.debug("Inserting owner ACL entries for owner={} class={} id={}", new Object[]{aclSid, aclAwareModel.getClass().getName(), aclAwareModel.getId()});
            aclObjectIdentity2.setObjectIdIdentity(aclAwareModel.getId().longValue());
            aclObjectIdentity2.setAclClass(ensureAclClass);
            AclObjectIdentity aclParentObjectIdentity = aclAwareModel.aclParentObjectIdentity();
            if (aclParentObjectIdentity == null && aclAwareModel.aclParentObject() != null) {
                aclParentObjectIdentity = getObjectIdentity(aclAwareModel.aclParentObject());
            }
            if (aclParentObjectIdentity != null) {
                aclObjectIdentity2.setParentObject(aclParentObjectIdentity);
            }
            aclObjectIdentity2.setEntriesInheriting(true);
            aclObjectIdentity = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity2);
            if (aclObjectIdentity.getOwnerSid() != null) {
                addPermissions(aclObjectIdentity, aclObjectIdentity.getOwnerSid(), new Permissions().grantAll());
            }
        } else {
            log.debug("Updating ACL parent object for class={} id={}", aclAwareModel.getClass().getName(), aclAwareModel.getId());
            if (findByObjectIdAndClassname.getOwnerSid() == null) {
                if (aclSid == null || aclSid.isNew()) {
                    log.debug("Owner SID not persisted or is null.");
                } else {
                    findByObjectIdAndClassname.setOwnerSid(aclSid);
                    addPermissions(findByObjectIdAndClassname, findByObjectIdAndClassname.getOwnerSid(), new Permissions().grantAll());
                }
            }
            AclObjectIdentity aclParentObjectIdentity2 = aclAwareModel.aclParentObjectIdentity();
            if (aclParentObjectIdentity2 == null && aclAwareModel.aclParentObject() != null) {
                aclParentObjectIdentity2 = getObjectIdentity(aclAwareModel.aclParentObject());
            }
            if (aclParentObjectIdentity2 != null) {
                log.trace("Updating ACL parent to {}", aclParentObjectIdentity2);
                findByObjectIdAndClassname.setParentObject(aclParentObjectIdentity2);
                findByObjectIdAndClassname.setEntriesInheriting(true);
            } else {
                log.trace("Clearing ACL parent");
                findByObjectIdAndClassname.setParentObject(null);
            }
            aclObjectIdentity = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(findByObjectIdAndClassname);
        }
        clearAclCache();
        return aclObjectIdentity;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public AclObjectIdentity createOrUpdatePermissions(AclAwareModel aclAwareModel) {
        if (aclAwareModel != null && (aclAwareModel.getId().longValue() > 0 || (aclAwareModel instanceof ClassAclOid))) {
            return createOrUpdatePermissions(aclAwareModel, SecurityContextUtil.getCurrentUser());
        }
        log.warn("No target specified for ACL permissions, bailing out!");
        return null;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public AclObjectIdentity updateInheriting(long j, boolean z) {
        AclObjectIdentity aclObjectIdentity = (AclObjectIdentity) this.aclObjectIdentityPersistence.findById(Long.valueOf(j)).orElse(null);
        if (aclObjectIdentity == null) {
            log.warn("ACL object identity not found by id={}", Long.valueOf(j));
            return null;
        }
        if (aclObjectIdentity.isEntriesInheriting() == z) {
            return aclObjectIdentity;
        }
        try {
            log.info("Updating inheriting status for OID={} to {}", aclObjectIdentity, Boolean.valueOf(z));
            aclObjectIdentity.setEntriesInheriting(z);
            AclObjectIdentity aclObjectIdentity2 = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity);
            clearAclCache();
            return aclObjectIdentity2;
        } catch (Throwable th) {
            clearAclCache();
            throw th;
        }
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public AclObjectIdentity setAclParent(AclAwareModel aclAwareModel, AclAwareModel aclAwareModel2) {
        return updateAclParentObject(getObjectIdentity(aclAwareModel), aclAwareModel2 == null ? null : getObjectIdentity(aclAwareModel2));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PreAuthorize("hasRole('ADMINISTRATOR')")
    public AclObjectIdentity updateParentObject(long j, long j2) {
        AclObjectIdentity aclObjectIdentity = (AclObjectIdentity) this.aclObjectIdentityPersistence.findById(Long.valueOf(j)).orElse(null);
        if (aclObjectIdentity == null) {
            log.warn("ACL object identity not found by id={}", Long.valueOf(j));
            return null;
        }
        AclObjectIdentity aclObjectIdentity2 = (AclObjectIdentity) this.aclObjectIdentityPersistence.findById(Long.valueOf(j2)).orElse(null);
        if (aclObjectIdentity2 != null) {
            return updateAclParentObject(aclObjectIdentity, aclObjectIdentity2);
        }
        log.warn("ACL object identity not found by id={}", Long.valueOf(j));
        return null;
    }

    private AclObjectIdentity updateAclParentObject(AclObjectIdentity aclObjectIdentity, AclObjectIdentity aclObjectIdentity2) {
        try {
            log.trace("Updating ACL parent to {}", aclObjectIdentity2);
            aclObjectIdentity.setParentObject(aclObjectIdentity2);
            aclObjectIdentity.setEntriesInheriting(aclObjectIdentity2 != null);
            AclObjectIdentity aclObjectIdentity3 = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity);
            clearAclCache();
            return aclObjectIdentity3;
        } catch (Throwable th) {
            clearAclCache();
            throw th;
        }
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    public void removeAclAwareModel(AclAwareModel aclAwareModel) {
        log.debug("Deleting ACL data for {}", aclAwareModel);
        if (aclAwareModel instanceof AclSid) {
            log.info("Deleting permissions for {}", aclAwareModel);
            removePermissionsFor((AclSid) aclAwareModel);
        }
        AclObjectIdentity objectIdentity = getObjectIdentity(aclAwareModel);
        if (objectIdentity != null) {
            log.debug("OID {}#{} of {}", new Object[]{objectIdentity.getAclClass().getAclClass(), Long.valueOf(objectIdentity.getObjectIdIdentity()), aclAwareModel});
            for (AclObjectIdentity aclObjectIdentity : this.aclObjectIdentityPersistence.findByParentObject(objectIdentity)) {
                log.debug("Has child {}#{}", aclObjectIdentity.getAclClass().getAclClass(), Long.valueOf(aclObjectIdentity.getObjectIdIdentity()));
            }
            log.info("Deleting ACL data of {}", aclAwareModel);
            List<AclEntry> findByObjectIdentity = this.aclEntryPersistence.findByObjectIdentity(objectIdentity);
            if (findByObjectIdentity != null) {
                this.aclEntryPersistence.deleteAll(findByObjectIdentity);
            }
            this.aclObjectIdentityPersistence.delete(objectIdentity);
        }
        clearAclCache();
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED)
    public void removePermissionsFor(AclSid aclSid) {
        int deleteForSid = this.aclEntryPersistence.deleteForSid(aclSid);
        log.debug("Deleting {} permision entries granted to {}", Integer.valueOf(deleteForSid), aclSid);
        if (deleteForSid > 0) {
            clearAclCache();
        }
    }

    /* JADX WARN: Type inference failed for: r0v25, types: [org.genesys.blocks.security.model.AclEntry, long, java.lang.Object] */
    private AclObjectIdentity addPermissions(AclObjectIdentity aclObjectIdentity, AclSid aclSid, Permissions permissions) {
        if (aclObjectIdentity == null) {
            throw new NullPointerException("AclObjectIdentity must be provided, was null.");
        }
        if (aclSid == null) {
            throw new NullPointerException("AclSid must be provided, was null.");
        }
        if (permissions == null) {
            throw new NullPointerException("Permissions must be provided, was null.");
        }
        try {
            ArrayList arrayList = new ArrayList(10);
            long longValue = getAceOrder(aclObjectIdentity.getId().longValue()).longValue();
            for (Permission permission : basePermissions) {
                int mask = permission.getMask();
                ?? aclEntry = new AclEntry();
                aclEntry.setAclObjectIdentity(aclObjectIdentity);
                aclEntry.setAclSid(aclSid);
                longValue++;
                aclEntry.setAceOrder(aclEntry);
                aclEntry.setGranting(permissions.isGranting(mask));
                aclEntry.setAuditSuccess(true);
                aclEntry.setAuditFailure(true);
                aclEntry.setMask(mask);
                arrayList.add(aclEntry);
            }
            this.aclEntryPersistence.saveAll(arrayList);
            AclObjectIdentity objectIdentity = getObjectIdentity(aclObjectIdentity.getId().longValue());
            clearAclCache();
            return objectIdentity;
        } catch (Throwable th) {
            clearAclCache();
            throw th;
        }
    }

    private void clearAclCache() {
        Cache cache;
        if (this.cacheManager == null || (cache = this.cacheManager.getCache("aclCache")) == null) {
            return;
        }
        cache.clear();
    }

    private Long getAceOrder(long j) {
        Long maxAceOrderForObjectEntity = this.aclEntryPersistence.getMaxAceOrderForObjectEntity(j);
        return Long.valueOf(maxAceOrderForObjectEntity != null ? maxAceOrderForObjectEntity.longValue() + 1 : 1L);
    }

    private AclClass ensureAclClass(String str) {
        AclClass findByAclClass = this.aclClassPersistence.findByAclClass(str);
        if (findByAclClass != null) {
            return findByAclClass;
        }
        log.debug("Registering missing AclClass '{}'", str);
        AclClass aclClass = new AclClass();
        aclClass.setAclClass(str);
        return (AclClass) this.aclClassPersistence.save(aclClass);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public CustomAclService.AclObjectIdentityExt loadObjectIdentityExt(AclObjectIdentity aclObjectIdentity) {
        if (aclObjectIdentity == null) {
            return null;
        }
        AclObjectIdentity objectIdentity = getObjectIdentity(aclObjectIdentity.getId().longValue());
        CustomAclService.AclObjectIdentityExt aclObjectIdentityExt = new CustomAclService.AclObjectIdentityExt(objectIdentity);
        if (objectIdentity.getAclEntries() != null) {
            objectIdentity.getAclEntries().forEach(aclEntry -> {
                aclEntry.getAclSid().getId();
            });
        }
        aclObjectIdentityExt.inherited.addAll(inherited(objectIdentity.getParentObject(), new ArrayList(), new HashSet()));
        aclObjectIdentityExt.inherited.forEach(aclEntry2 -> {
            aclEntry2.getAclSid().getId();
        });
        return aclObjectIdentityExt;
    }

    private List<AclEntry> inherited(AclObjectIdentity aclObjectIdentity, List<AclEntry> list, Set<AclObjectIdentity> set) {
        if (aclObjectIdentity == null || set.contains(aclObjectIdentity)) {
            return list;
        }
        aclObjectIdentity.getAclEntries().forEach(aclEntry -> {
            aclEntry.getAclSid().getId();
        });
        list.addAll(aclObjectIdentity.getAclEntries());
        set.add(aclObjectIdentity);
        if (aclObjectIdentity.getParentObject() != null) {
            inherited(aclObjectIdentity.getParentObject(), list, set);
        }
        return list;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @PostAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(returnObject.objectIdIdentity, returnObject.aclClass.aclClass, 'READ')")
    @Transactional(readOnly = true)
    public AclObjectIdentity getObjectIdentity(long j) {
        return (AclObjectIdentity) this.aclObjectIdentityPersistence.findById(Long.valueOf(j)).orElse(null);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
    public AclObjectIdentity getObjectIdentity(long j, String str) {
        return this.aclObjectIdentityPersistence.findByObjectIdAndClassname(j, str);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public AclObjectIdentity getObjectIdentity(AclAwareModel aclAwareModel) {
        if (aclAwareModel == null) {
            log.trace("getObjectIdentity: Entity is null");
            return null;
        }
        String name = HibernateProxyHelper.getClassWithoutInitializingProxy(aclAwareModel).getName();
        if (aclAwareModel instanceof ClassAclOid) {
            name = ((ClassAclOid) aclAwareModel).getClassName();
        }
        AclObjectIdentity findByObjectIdAndClassname = this.aclObjectIdentityPersistence.findByObjectIdAndClassname(aclAwareModel.getId().longValue(), name);
        if (findByObjectIdAndClassname == null) {
            log.warn("ACL object identity not found for class={} id={}", name, aclAwareModel.getId());
        }
        return findByObjectIdAndClassname;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public Permission[] getAvailablePermissions(String str) {
        return basePermissions;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
    public List<SidPermissions> getPermissions(long j, String str) {
        return SidPermissions.fromEntries(getAclEntries(getObjectIdentity(j, str)));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public List<SidPermissions> getPermissions(AclAwareModel aclAwareModel) {
        return getPermissions(aclAwareModel.getId().longValue(), aclAwareModel.getClass().getName());
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public AclObjectIdentity setPermissions(AclAwareModel aclAwareModel, AclSid aclSid, Permissions permissions) {
        if (aclAwareModel == null) {
            throw new NullPointerException("AclAwareModel must be provided, was null.");
        }
        if (aclSid == null) {
            throw new NullPointerException("AclSid must be provided, was null.");
        }
        if (permissions == null) {
            throw new NullPointerException("Permissions must be provided, was null.");
        }
        return setPermissions(ensureObjectIdentity(aclAwareModel), aclSid, permissions);
    }

    private AclObjectIdentity ensureObjectIdentity(AclAwareModel aclAwareModel) {
        String name = aclAwareModel.getClass().getName();
        if (aclAwareModel instanceof ClassAclOid) {
            name = ((ClassAclOid) aclAwareModel).getClassName();
        }
        return ensureObjectIdentity(aclAwareModel.getId().longValue(), name);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
    public AclObjectIdentity setPermissions(AclObjectIdentity aclObjectIdentity, AclSid aclSid, Permissions permissions) {
        if (aclObjectIdentity == null) {
            throw new NullPointerException("AclObjectIdentity must be provided, was null.");
        }
        if (!$assertionsDisabled && aclObjectIdentity.getId() == null) {
            throw new AssertionError();
        }
        if (aclSid == null) {
            throw new NullPointerException("AclSid must be provided, was null.");
        }
        if (permissions == null) {
            throw new NullPointerException("Permissions must be provided, was null.");
        }
        try {
            List<AclEntry> findBySidAndObjectIdentity = this.aclEntryPersistence.findBySidAndObjectIdentity(aclSid, aclObjectIdentity);
            if (findBySidAndObjectIdentity.isEmpty()) {
                AclObjectIdentity addPermissions = addPermissions(aclObjectIdentity, aclSid, permissions);
                clearAclCache();
                return addPermissions;
            }
            for (AclEntry aclEntry : findBySidAndObjectIdentity) {
                aclEntry.setGranting(permissions.isGranting(aclEntry.getMask()));
            }
            log.info("Saving " + findBySidAndObjectIdentity);
            this.aclEntryPersistence.saveAll(findBySidAndObjectIdentity);
            AclObjectIdentity objectIdentity = getObjectIdentity(aclObjectIdentity.getId().longValue());
            clearAclCache();
            return objectIdentity;
        } catch (Throwable th) {
            clearAclCache();
            throw th;
        }
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    public AclObjectIdentity removePermissions(AclObjectIdentity aclObjectIdentity, AclSid aclSid) {
        if (aclObjectIdentity == null) {
            throw new NullPointerException("AclObjectIdentity must be provided, was null.");
        }
        if (aclSid == null) {
            throw new NullPointerException("AclSid must be provided, was null.");
        }
        try {
            List<AclEntry> findBySidAndObjectIdentity = this.aclEntryPersistence.findBySidAndObjectIdentity(aclSid, aclObjectIdentity);
            log.debug("Deleting {} AclEntries for {}", Integer.valueOf(findBySidAndObjectIdentity.size()), aclSid);
            this.aclEntryPersistence.deleteAll(findBySidAndObjectIdentity);
            AclObjectIdentity objectIdentity = getObjectIdentity(aclObjectIdentity.getId().longValue());
            clearAclCache();
            return objectIdentity;
        } catch (Throwable th) {
            clearAclCache();
            throw th;
        }
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
    public List<AclEntry> getAclEntries(AclObjectIdentity aclObjectIdentity) {
        return this.aclEntryPersistence.findByObjectIdentity(aclObjectIdentity);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public List<AclEntry> getAclEntries(AclAwareModel aclAwareModel) {
        return this.aclEntryPersistence.findByObjectIdentity(getObjectIdentity(aclAwareModel));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
    public List<AclSid> getSids(long j, String str) {
        return this.aclEntryPersistence.getSids(getObjectIdentity(j, str));
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public List<AclSid> getSids(AclAwareModel aclAwareModel) {
        return this.aclEntryPersistence.getSids(getObjectIdentity(aclAwareModel));
    }

    private AclSid ensureSidForAuthority(String str) {
        AclSid findBySidAndPrincipal = this.aclSidPersistence.findBySidAndPrincipal(str, false);
        if (findBySidAndPrincipal != null) {
            return findBySidAndPrincipal;
        }
        log.warn("Creating AclSid for role '{}'", str);
        AclSid aclSid = new AclSid();
        aclSid.setPrincipal(false);
        aclSid.setSid(str);
        return (AclSid) this.aclSidPersistence.save(aclSid);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<AclSid> listAuthoritySids() {
        return this.aclSidPersistence.listAuthoritySids();
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    public AclObjectIdentity ensureObjectIdentity(long j, String str) {
        AclObjectIdentity findByObjectIdAndClassname = this.aclObjectIdentityPersistence.findByObjectIdAndClassname(j, str);
        if (findByObjectIdAndClassname == null) {
            AclObjectIdentity aclObjectIdentity = new AclObjectIdentity();
            aclObjectIdentity.setObjectIdIdentity(j);
            aclObjectIdentity.setAclClass(ensureAclClass(str));
            aclObjectIdentity.setOwnerSid(SecurityContextUtil.getCurrentUser());
            findByObjectIdAndClassname = (AclObjectIdentity) this.aclObjectIdentityPersistence.save(aclObjectIdentity);
        }
        return findByObjectIdAndClassname;
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(readOnly = true)
    public List<Long> listObjectIdentityIdsForSid(Class<? extends AclAwareModel> cls, AclSid aclSid, Permission permission) {
        return this.aclEntryPersistence.findObjectIdentitiesForSidAndAclClassAndMask(aclSid, cls.getName(), permission.getMask());
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.READ_UNCOMMITTED)
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
    public void makePubliclyReadable(AclAwareModel aclAwareModel, boolean z) {
        AclSid ensureAuthoritySid = ensureAuthoritySid("ROLE_EVERYONE");
        if (!z) {
            removePermissions(ensureObjectIdentity(aclAwareModel), ensureAuthoritySid);
            return;
        }
        Permissions grantNone = new Permissions().grantNone();
        grantNone.read = z;
        setPermissions(aclAwareModel, ensureAuthoritySid, grantNone);
    }

    @Override // org.genesys.blocks.security.service.CustomAclService
    @Transactional
    public void cleanupAcl() {
        List<AclObjectIdentity> findAll = this.aclObjectIdentityPersistence.findAll();
        log.warn("Cleaning ACL for {} OIDs", Integer.valueOf(findAll.size()));
        for (AclObjectIdentity aclObjectIdentity : findAll) {
            try {
                Class<?> cls = Class.forName(aclObjectIdentity.getAclClass().getAclClass());
                if (this.entityManager.find(cls, Long.valueOf(aclObjectIdentity.getObjectIdIdentity())) == null) {
                    log.info("{} with OID={} no longer exists, clearing ACL", cls.getName(), Long.valueOf(aclObjectIdentity.getObjectIdIdentity()));
                    List<AclEntry> findByObjectIdentity = this.aclEntryPersistence.findByObjectIdentity(aclObjectIdentity);
                    if (findByObjectIdentity != null) {
                        this.aclEntryPersistence.deleteAll(findByObjectIdentity);
                    }
                    this.aclObjectIdentityPersistence.resetChildrenOfOID(aclObjectIdentity);
                    this.aclObjectIdentityPersistence.delete(aclObjectIdentity);
                }
            } catch (ClassNotFoundException e) {
                log.info("{} for OID={} no longer exists, clearing ACL", aclObjectIdentity.getAclClass().getAclClass(), Long.valueOf(aclObjectIdentity.getObjectIdIdentity()));
                List<AclEntry> findByObjectIdentity2 = this.aclEntryPersistence.findByObjectIdentity(aclObjectIdentity);
                if (findByObjectIdentity2 != null) {
                    this.aclEntryPersistence.deleteAll(findByObjectIdentity2);
                }
                this.aclObjectIdentityPersistence.resetChildrenOfOID(aclObjectIdentity);
                this.aclObjectIdentityPersistence.delete(aclObjectIdentity);
            }
        }
        log.warn("Done cleaning ACL for {} OIDs", Integer.valueOf(findAll.size()));
        List<AclClass> findAll2 = this.aclClassPersistence.findAll();
        log.warn("Cleaning ACL for {} ACL classes", Integer.valueOf(findAll2.size()));
        for (AclClass aclClass : findAll2) {
            try {
                Class.forName(aclClass.getAclClass());
            } catch (ClassNotFoundException e2) {
                log.info("{} no longer exists, clearing ACL", aclClass.getAclClass());
                this.aclClassPersistence.delete(aclClass);
            }
        }
        log.warn("Done cleaning ACL for {} ACL classes", Integer.valueOf(findAll2.size()));
    }

    static {
        $assertionsDisabled = !CustomAclServiceImpl.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(CustomAclServiceImpl.class);
        basePermissions = new Permission[]{BasePermission.CREATE, BasePermission.READ, BasePermission.WRITE, BasePermission.DELETE, BasePermission.ADMINISTRATION};
    }
}
