package org.visallo.core.security;

import com.google.inject.Inject;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.vertexium.Authorizations;
import org.vertexium.Edge;
import org.vertexium.Element;
import org.vertexium.Graph;
import org.vertexium.Property;
import org.vertexium.Vertex;
import org.vertexium.util.IterableUtils;
import org.visallo.core.exception.VisalloAccessDeniedException;
import org.visallo.core.exception.VisalloException;
import org.visallo.core.model.ontology.Concept;
import org.visallo.core.model.ontology.HasOntologyProperties;
import org.visallo.core.model.ontology.OntologyProperty;
import org.visallo.core.model.ontology.OntologyRepository;
import org.visallo.core.model.ontology.Relationship;
import org.visallo.core.model.properties.VisalloProperties;
import org.visallo.core.model.user.UserRepository;
import org.visallo.core.user.User;
import org.visallo.web.clientapi.model.ClientApiEdge;
import org.visallo.web.clientapi.model.ClientApiEdgeMultipleResponse;
import org.visallo.web.clientapi.model.ClientApiEdgeSearchResponse;
import org.visallo.web.clientapi.model.ClientApiEdgeWithVertexData;
import org.visallo.web.clientapi.model.ClientApiElement;
import org.visallo.web.clientapi.model.ClientApiElementAcl;
import org.visallo.web.clientapi.model.ClientApiElementSearchResponse;
import org.visallo.web.clientapi.model.ClientApiObject;
import org.visallo.web.clientapi.model.ClientApiProperty;
import org.visallo.web.clientapi.model.ClientApiPropertyAcl;
import org.visallo.web.clientapi.model.ClientApiVertex;
import org.visallo.web.clientapi.model.ClientApiVertexEdges;
import org.visallo.web.clientapi.model.ClientApiVertexMultipleResponse;
import org.visallo.web.clientapi.model.ClientApiWorkspaceVertices;
import org.visallo.web.clientapi.model.Privilege;

/* loaded from: input_file:org/visallo/core/security/ACLProvider.class */
public abstract class ACLProvider {
    protected final Graph graph;
    protected final UserRepository userRepository;
    protected final OntologyRepository ontologyRepository;

    /* JADX INFO: Access modifiers changed from: protected */
    @Inject
    public ACLProvider(Graph graph, UserRepository userRepository, OntologyRepository ontologyRepository) {
        this.graph = graph;
        this.userRepository = userRepository;
        this.ontologyRepository = ontologyRepository;
    }

    public abstract boolean canDeleteElement(Element element, User user);

    public abstract boolean canDeleteProperty(Element element, String str, String str2, User user);

    public abstract boolean canUpdateElement(Element element, User user);

    public abstract boolean canUpdateProperty(Element element, String str, String str2, User user);

    public abstract boolean canAddProperty(Element element, String str, String str2, User user);

    public final void checkCanAddOrUpdateProperty(Element element, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!(element.getProperty(str, str2) != null ? internalCanUpdateProperty(element, str, str2, user) : internalCanAddProperty(element, str, str2, user))) {
            throw new VisalloAccessDeniedException(str2 + " cannot be added or updated due to ACL restriction", user, element.getId());
        }
    }

    public final void checkCanDeleteProperty(Element element, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!internalCanDeleteProperty(element, str, str2, user)) {
            throw new VisalloAccessDeniedException(str2 + " cannot be deleted due to ACL restriction", user, element.getId());
        }
    }

    public final ClientApiElementAcl elementACL(Element element, User user, OntologyRepository ontologyRepository) {
        ClientApiElementAcl clientApiElementAcl = new ClientApiElementAcl();
        clientApiElementAcl.setAddable(true);
        clientApiElementAcl.setUpdateable(internalCanUpdateElement(element, user));
        clientApiElementAcl.setDeleteable(internalCanDeleteElement(element, user));
        List<ClientApiPropertyAcl> propertyAcls = clientApiElementAcl.getPropertyAcls();
        if (element instanceof Vertex) {
            String propertyValue = VisalloProperties.CONCEPT_TYPE.getPropertyValue(element);
            while (true) {
                String str = propertyValue;
                if (str == null) {
                    break;
                }
                Concept conceptByIRI = ontologyRepository.getConceptByIRI(str);
                populatePropertyAcls(conceptByIRI, element, user, propertyAcls);
                propertyValue = conceptByIRI.getParentConceptIRI();
            }
        } else {
            if (!(element instanceof Edge)) {
                throw new VisalloException("unsupported Element class " + element.getClass().getName());
            }
            String label = ((Edge) element).getLabel();
            while (true) {
                String str2 = label;
                if (str2 == null) {
                    break;
                }
                Relationship relationshipByIRI = ontologyRepository.getRelationshipByIRI(str2);
                populatePropertyAcls(relationshipByIRI, element, user, propertyAcls);
                label = relationshipByIRI.getParentIRI();
            }
        }
        return clientApiElementAcl;
    }

    public final ClientApiObject appendACL(ClientApiObject clientApiObject, User user) {
        if (clientApiObject instanceof ClientApiElement) {
            appendACL((ClientApiElement) clientApiObject, user);
        } else if (clientApiObject instanceof ClientApiWorkspaceVertices) {
            appendACL(((ClientApiWorkspaceVertices) clientApiObject).getVertices(), user);
        } else if (clientApiObject instanceof ClientApiVertexMultipleResponse) {
            appendACL(((ClientApiVertexMultipleResponse) clientApiObject).getVertices(), user);
        } else if (clientApiObject instanceof ClientApiEdgeMultipleResponse) {
            appendACL(((ClientApiEdgeMultipleResponse) clientApiObject).getEdges(), user);
        } else if (clientApiObject instanceof ClientApiElementSearchResponse) {
            appendACL(((ClientApiElementSearchResponse) clientApiObject).getElements(), user);
        } else if (clientApiObject instanceof ClientApiEdgeSearchResponse) {
            appendACL(((ClientApiEdgeSearchResponse) clientApiObject).getResults(), user);
        } else if (clientApiObject instanceof ClientApiVertexEdges) {
            appendACL((ClientApiVertexEdges) clientApiObject, user);
        }
        return clientApiObject;
    }

    public Set<String> getAllPrivileges() {
        return Privilege.getAllBuiltIn();
    }

    protected final boolean isComment(String str) {
        return VisalloProperties.COMMENT.isSameName(str);
    }

    protected final boolean isAuthor(Element element, String str, String str2, User user) {
        Property property = element.getProperty(str, str2);
        if (property == null) {
            return false;
        }
        return user.getUserId().equals(VisalloProperties.MODIFIED_BY_METADATA.getMetadataValue(property.getMetadata()));
    }

    protected final boolean hasPrivilege(User user, String str) {
        return user.getPrivileges().contains(str);
    }

    private void appendACL(Collection<? extends ClientApiObject> collection, User user) {
        Iterator<? extends ClientApiObject> it = collection.iterator();
        while (it.hasNext()) {
            appendACL(it.next(), user);
        }
    }

    private void appendACL(ClientApiElement clientApiElement, User user) {
        Element findElement = findElement(clientApiElement);
        for (ClientApiProperty clientApiProperty : clientApiElement.getProperties()) {
            String key = clientApiProperty.getKey();
            String name = clientApiProperty.getName();
            clientApiProperty.setUpdateable(internalCanUpdateProperty(findElement, key, name, user));
            clientApiProperty.setDeleteable(internalCanDeleteProperty(findElement, key, name, user));
            clientApiProperty.setAddable(internalCanAddProperty(findElement, key, name, user));
        }
        clientApiElement.setUpdateable(Boolean.valueOf(internalCanUpdateElement(findElement, user)));
        clientApiElement.setDeleteable(Boolean.valueOf(internalCanDeleteElement(findElement, user)));
        clientApiElement.setAcl(elementACL(findElement, user, this.ontologyRepository));
        if (clientApiElement instanceof ClientApiEdgeWithVertexData) {
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getSource(), user);
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getTarget(), user);
        }
    }

    private void appendACL(ClientApiVertexEdges clientApiVertexEdges, User user) {
        for (ClientApiVertexEdges.Edge edge : clientApiVertexEdges.getRelationships()) {
            appendACL((ClientApiElement) edge.getRelationship(), user);
            appendACL((ClientApiElement) edge.getVertex(), user);
        }
    }

    private void populatePropertyAcls(HasOntologyProperties hasOntologyProperties, Element element, User user, List<ClientApiPropertyAcl> list) {
        Collection<OntologyProperty> properties = hasOntologyProperties.getProperties();
        HashSet hashSet = new HashSet();
        Iterator<OntologyProperty> it = properties.iterator();
        while (it.hasNext()) {
            String title = it.next().getTitle();
            Iterator it2 = IterableUtils.toList(element.getProperties(title)).iterator();
            while (it2.hasNext()) {
                list.add(newClientApiPropertyAcl(element, ((Property) it2.next()).getKey(), title, user));
                hashSet.add(title);
            }
        }
        list.addAll((Collection) properties.stream().filter(ontologyProperty -> {
            return !hashSet.contains(ontologyProperty.getTitle());
        }).map(ontologyProperty2 -> {
            return newClientApiPropertyAcl(element, null, ontologyProperty2.getTitle(), user);
        }).collect(Collectors.toList()));
    }

    private ClientApiPropertyAcl newClientApiPropertyAcl(Element element, String str, String str2, User user) {
        ClientApiPropertyAcl clientApiPropertyAcl = new ClientApiPropertyAcl();
        clientApiPropertyAcl.setKey(str);
        clientApiPropertyAcl.setName(str2);
        clientApiPropertyAcl.setAddable(internalCanAddProperty(element, str, str2, user));
        clientApiPropertyAcl.setUpdateable(internalCanUpdateProperty(element, str, str2, user));
        clientApiPropertyAcl.setDeleteable(internalCanDeleteProperty(element, str, str2, user));
        return clientApiPropertyAcl;
    }

    private Element findElement(ClientApiElement clientApiElement) {
        Authorizations authorizations = this.userRepository.getAuthorizations(this.userRepository.getSystemUser(), new String[0]);
        if (clientApiElement instanceof ClientApiVertex) {
            return this.graph.getVertex(clientApiElement.getId(), authorizations);
        }
        if (clientApiElement instanceof ClientApiEdge) {
            return this.graph.getEdge(clientApiElement.getId(), authorizations);
        }
        throw new VisalloException("unexpected ClientApiElement type " + clientApiElement.getClass().getName());
    }

    private boolean internalCanDeleteElement(Element element, User user) {
        return hasPrivilege(user, "EDIT") && canDeleteElement(element, user);
    }

    private boolean internalCanDeleteProperty(Element element, String str, String str2, User user) {
        boolean z = hasPrivilege(user, "EDIT") && canDeleteProperty(element, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, "COMMENT_DELETE_ANY") || (hasPrivilege(user, "COMMENT") && isAuthor(element, str, str2, user));
        }
        return z;
    }

    private boolean internalCanUpdateElement(Element element, User user) {
        return hasPrivilege(user, "EDIT") && canUpdateElement(element, user);
    }

    private boolean internalCanUpdateProperty(Element element, String str, String str2, User user) {
        boolean z = hasPrivilege(user, "EDIT") && canUpdateProperty(element, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, "COMMENT_EDIT_ANY") || (hasPrivilege(user, "COMMENT") && isAuthor(element, str, str2, user));
        }
        return z;
    }

    private boolean internalCanAddProperty(Element element, String str, String str2, User user) {
        boolean z = hasPrivilege(user, "EDIT") && canAddProperty(element, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, "COMMENT");
        }
        return z;
    }
}
