package org.sakaiproject.webcomponents.permissions;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.stream.Collectors;
import org.azeckoski.reflectutils.transcoders.JSONTranscoder;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.AuthzGroupService;
import org.sakaiproject.authz.api.AuthzPermissionException;
import org.sakaiproject.authz.api.FunctionManager;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.component.api.ServerConfigurationService;
import org.sakaiproject.entitybroker.EntityReference;
import org.sakaiproject.entitybroker.EntityView;
import org.sakaiproject.entitybroker.entityprovider.EntityProvider;
import org.sakaiproject.entitybroker.entityprovider.annotations.EntityCustomAction;
import org.sakaiproject.entitybroker.entityprovider.capabilities.ActionsExecutable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.Outputable;
import org.sakaiproject.entitybroker.entityprovider.extension.ActionReturn;
import org.sakaiproject.entitybroker.util.AbstractEntityProvider;
import org.sakaiproject.exception.IdUnusedException;
import org.sakaiproject.site.api.Group;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.SiteService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/webcomponents/permissions/PermissionsEntityProvider.class */
public class PermissionsEntityProvider extends AbstractEntityProvider implements EntityProvider, ActionsExecutable, Outputable {
    private SiteService siteService;
    private AuthzGroupService authzGroupService;
    private FunctionManager functionManager;
    private ServerConfigurationService serverConfigurationService;
    private SecurityService securityService;
    private static final Logger log = LoggerFactory.getLogger(PermissionsEntityProvider.class);
    public static String PREFIX = "permissions";

    /* loaded from: input_file:WEB-INF/classes/org/sakaiproject/webcomponents/permissions/PermissionsEntityProvider$PermissionGroup.class */
    public class PermissionGroup {
        public String reference;
        public String title;

        public PermissionGroup(Group group) {
            this.reference = group.getReference();
            this.title = group.getTitle();
        }
    }

    public String getEntityPrefix() {
        return PREFIX;
    }

    public String[] getHandledOutputFormats() {
        return new String[]{"json"};
    }

    @EntityCustomAction(action = "getPerms", viewKey = "show")
    public ActionReturn handleGet(EntityView entityView, Map<String, Object> map) {
        String id = entityView.getEntityReference().getId();
        String pathSegment = entityView.getPathSegment(3);
        String currentUserId = this.developerHelperService.getCurrentUserId();
        if (!this.securityService.isSuperUser(currentUserId) && !this.authzGroupService.isAllowed(currentUserId, "site.upd", "/site/" + id)) {
            throw new SecurityException("This action (getPerms) is not allowed.");
        }
        String str = (String) map.get("ref");
        try {
            AuthzGroup authzGroup = this.authzGroupService.getAuthzGroup(str);
            Site siteById = getSiteById(entityView.getEntityReference().getId());
            Set<Role> roles = authzGroup.getRoles();
            HashMap hashMap = new HashMap();
            for (Role role : roles) {
                Set<String> allowedFunctions = role.getAllowedFunctions();
                Set treeSet = new TreeSet();
                if (pathSegment != null) {
                    for (String str2 : allowedFunctions) {
                        if (str2.startsWith(pathSegment)) {
                            treeSet.add(str2);
                        }
                    }
                } else {
                    treeSet = allowedFunctions;
                }
                hashMap.put(role.getId(), treeSet);
            }
            Map map2 = (Map) roles.stream().collect(Collectors.toMap((v0) -> {
                return v0.getId();
            }, role2 -> {
                return this.authzGroupService.getRoleName(role2.getId());
            }));
            List registeredFunctions = this.functionManager.getRegisteredFunctions(pathSegment);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("on", hashMap);
            hashMap2.put("available", registeredFunctions);
            hashMap2.put("roleNameMappings", map2);
            hashMap2.put("groups", (List) siteById.getGroups().stream().map(group -> {
                return new PermissionGroup(group);
            }).collect(Collectors.toList()));
            return new ActionReturn(hashMap2, (Map) null, "json");
        } catch (GroupNotDefinedException e) {
            throw new IllegalArgumentException("No realm defined for ref " + str + ".");
        }
    }

    @EntityCustomAction(action = "setPerms", viewKey = "edit")
    public String handleSet(EntityReference entityReference, Map<String, Object> map) {
        if (this.developerHelperService.getCurrentUserId() == null) {
            throw new SecurityException("This action (setPerms) is not accessible to anon and there is no current user.");
        }
        String id = entityReference.getId();
        getSiteById(id);
        List registeredUserMutableFunctions = this.functionManager.getRegisteredUserMutableFunctions();
        boolean isUserAdmin = this.developerHelperService.isUserAdmin(this.developerHelperService.getCurrentUserReference());
        String str = (String) map.get("ref");
        try {
            AuthzGroup authzGroup = this.authzGroupService.getAuthzGroup(str);
            boolean z = false;
            for (String str2 : map.keySet()) {
                if (str2.contains(":")) {
                    String str3 = (String) map.get(str2);
                    String substring = str2.substring(0, str2.indexOf(":"));
                    Role role = authzGroup.getRole(substring);
                    if (role == null) {
                        throw new IllegalArgumentException("Invalid role id '" + substring + "' provided in POST parameters.");
                    }
                    String substring2 = str2.substring(str2.indexOf(":") + 1);
                    if (!isUserAdmin && !registeredUserMutableFunctions.contains(substring2)) {
                        throw new SecurityException("The function " + substring2 + " cannot be updated by the current user.");
                    }
                    if (JSONTranscoder.BOOLEAN_TRUE.equals(str3)) {
                        role.allowFunction(substring2);
                    } else {
                        role.disallowFunction(substring2);
                    }
                    z = true;
                }
            }
            if (z) {
                try {
                    this.authzGroupService.save(authzGroup);
                } catch (AuthzPermissionException e) {
                    throw new SecurityException("The permissions for this site (" + id + ") cannot be updated by the current user.");
                }
            }
            return "SUCCESS";
        } catch (GroupNotDefinedException e2) {
            throw new IllegalArgumentException("No realm defined for ref " + str + ".");
        }
    }

    private Site getSiteById(String str) {
        try {
            return this.siteService.getSite(str);
        } catch (IdUnusedException e) {
            throw new IllegalArgumentException("Cannot find site by siteId: " + str, e);
        }
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void setAuthzGroupService(AuthzGroupService authzGroupService) {
        this.authzGroupService = authzGroupService;
    }

    public void setFunctionManager(FunctionManager functionManager) {
        this.functionManager = functionManager;
    }

    public void setServerConfigurationService(ServerConfigurationService serverConfigurationService) {
        this.serverConfigurationService = serverConfigurationService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }
}
