package org.apereo.portal.rest.permissions;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.portal.groups.IEntityGroup;
import org.apereo.portal.layout.dlm.remoting.IGroupListHelper;
import org.apereo.portal.layout.dlm.remoting.JsonEntityBean;
import org.apereo.portal.permission.IPermissionActivity;
import org.apereo.portal.permission.IPermissionOwner;
import org.apereo.portal.permission.dao.IPermissionOwnerDao;
import org.apereo.portal.permission.target.IPermissionTarget;
import org.apereo.portal.permission.target.IPermissionTargetProvider;
import org.apereo.portal.permission.target.IPermissionTargetProviderRegistry;
import org.apereo.portal.portlets.groupselector.EntityEnum;
import org.apereo.portal.security.IAuthorizationPrincipal;
import org.apereo.portal.security.IAuthorizationService;
import org.apereo.portal.security.IPermission;
import org.apereo.portal.security.IPermissionStore;
import org.apereo.portal.services.GroupService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:org/apereo/portal/rest/permissions/PermissionsRESTController.class */
public class PermissionsRESTController {
    protected final Log log = LogFactory.getLog(getClass());
    private IPermissionOwnerDao permissionOwnerDao;
    private IPermissionTargetProviderRegistry targetProviderRegistry;
    private IPermissionStore permissionStore;
    private IGroupListHelper groupListHelper;
    private IAuthorizationService authorizationService;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apereo/portal/rest/permissions/PermissionsRESTController$UniquePermission.class */
    public static final class UniquePermission {
        private final String owner;
        private final String activity;
        private final String identifier;
        private final boolean inherited;

        public UniquePermission(String str, String str2, String str3, boolean z) {
            this.owner = str;
            this.activity = str2;
            this.identifier = str3;
            this.inherited = z;
        }

        public String getOwner() {
            return this.owner;
        }

        public String getActivity() {
            return this.activity;
        }

        public String getIdentifier() {
            return this.identifier;
        }

        public boolean isInherited() {
            return this.inherited;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * ((31 * 1) + (this.activity == null ? 0 : this.activity.hashCode()))) + (this.identifier == null ? 0 : this.identifier.hashCode()))) + (this.inherited ? 1231 : 1237))) + (this.owner == null ? 0 : this.owner.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            UniquePermission uniquePermission = (UniquePermission) obj;
            if (this.activity == null) {
                if (uniquePermission.activity != null) {
                    return false;
                }
            } else if (!this.activity.equals(uniquePermission.activity)) {
                return false;
            }
            if (this.identifier == null) {
                if (uniquePermission.identifier != null) {
                    return false;
                }
            } else if (!this.identifier.equals(uniquePermission.identifier)) {
                return false;
            }
            if (this.inherited != uniquePermission.inherited) {
                return false;
            }
            return this.owner == null ? uniquePermission.owner == null : this.owner.equals(uniquePermission.owner);
        }
    }

    @Autowired
    public void setPermissionOwnerDao(IPermissionOwnerDao iPermissionOwnerDao) {
        this.permissionOwnerDao = iPermissionOwnerDao;
    }

    @Autowired
    public void setPermissionTargetProviderRegistry(IPermissionTargetProviderRegistry iPermissionTargetProviderRegistry) {
        this.targetProviderRegistry = iPermissionTargetProviderRegistry;
    }

    @Autowired
    public void setPermissionStore(IPermissionStore iPermissionStore) {
        this.permissionStore = iPermissionStore;
    }

    @Autowired
    public void setGroupListHelper(IGroupListHelper iGroupListHelper) {
        this.groupListHelper = iGroupListHelper;
    }

    @Autowired
    public void setAuthorizationService(IAuthorizationService iAuthorizationService) {
        this.authorizationService = iAuthorizationService;
    }

    @RequestMapping(value = {"/permissions/owners.json"}, method = {RequestMethod.GET})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getOwners() {
        List allPermissionOwners = this.permissionOwnerDao.getAllPermissionOwners();
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("owners", allPermissionOwners);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping(value = {"/permissions/owners/{owner}.json"}, method = {RequestMethod.GET})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getOwners(@PathVariable("owner") String str, HttpServletResponse httpServletResponse) {
        IPermissionOwner permissionOwner;
        if (StringUtils.isNumeric(str)) {
            permissionOwner = this.permissionOwnerDao.getPermissionOwner(Long.valueOf(str).longValue());
        } else {
            permissionOwner = this.permissionOwnerDao.getPermissionOwner(str);
        }
        if (permissionOwner == null) {
            httpServletResponse.setStatus(404);
            return null;
        }
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("owner", permissionOwner);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping(value = {"/permissions/activities.json"}, method = {RequestMethod.GET})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getActivities(@RequestParam(value = "q", required = false) String str) {
        if (StringUtils.isNotBlank(str)) {
            str = str.toLowerCase();
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = this.permissionOwnerDao.getAllPermissionOwners().iterator();
        while (it.hasNext()) {
            for (IPermissionActivity iPermissionActivity : ((IPermissionOwner) it.next()).getActivities()) {
                if (StringUtils.isBlank(str) || iPermissionActivity.getName().toLowerCase().contains(str)) {
                    arrayList.add(iPermissionActivity);
                }
            }
        }
        Collections.sort(arrayList);
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("activities", arrayList);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [java.util.Collection] */
    @RequestMapping(value = {"/permissions/{activity}/targets.json"}, method = {RequestMethod.GET})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getTargets(@PathVariable("activity") Long l, @RequestParam("q") String str) {
        IPermissionActivity permissionActivity = this.permissionOwnerDao.getPermissionActivity(l.longValue());
        List<IPermissionTarget> emptyList = Collections.emptyList();
        if (permissionActivity != null) {
            IPermissionTargetProvider targetProvider = this.targetProviderRegistry.getTargetProvider(permissionActivity.getTargetProviderKey());
            TreeSet treeSet = new TreeSet();
            emptyList = targetProvider.searchTargets(str);
            for (IPermissionTarget iPermissionTarget : emptyList) {
                if ((StringUtils.isNotBlank(iPermissionTarget.getName()) && iPermissionTarget.getName().toLowerCase().contains(str)) || iPermissionTarget.getKey().toLowerCase().contains(str)) {
                    treeSet.addAll(emptyList);
                }
            }
        }
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("targets", emptyList);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping({"/assignments/principal/{principal}.json"})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getAssignmentsForPrincipal(@PathVariable("principal") String str, @RequestParam(value = "includeInherited", required = false) boolean z) {
        List<JsonPermission> permissionsForEntity = getPermissionsForEntity(this.groupListHelper.getEntityForPrincipal(str), z);
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("assignments", permissionsForEntity);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping({"/v5-5/permissions/assignments/users/{username}"})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getAssignmentsForUser(@PathVariable("username") String str, @RequestParam(value = "includeInherited", required = false, defaultValue = "false") boolean z) {
        List<JsonPermission> permissionsForEntity = getPermissionsForEntity(this.groupListHelper.getEntity(EntityEnum.PERSON.toString(), str, false), z);
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("assignments", permissionsForEntity);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping({"/assignments/{entityType}/{id}.json"})
    @PreAuthorize("(#entityType == 'person' and #id == authentication.name) or hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getAssignmentsForEntity(@PathVariable("entityType") String str, @PathVariable("id") String str2, @RequestParam(value = "includeInherited", required = false) boolean z) {
        List<JsonPermission> permissionsForEntity = getPermissionsForEntity(this.groupListHelper.getEntity(str, str2, false), z);
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("assignments", permissionsForEntity);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    @RequestMapping({"/assignments/target/{target}.json"})
    @PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
    public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String str, @RequestParam(value = "includeInherited", required = false) boolean z) {
        HashSet<UniquePermission> hashSet = new HashSet();
        for (IPermission iPermission : this.permissionStore.select((String) null, (String) null, (String) null, str, (String) null)) {
            hashSet.add(new UniquePermission(iPermission.getOwner(), iPermission.getActivity(), iPermission.getPrincipal(), false));
        }
        JsonEntityBean entityForPrincipal = this.groupListHelper.getEntityForPrincipal(str);
        HashSet<UniquePermission> hashSet2 = new HashSet();
        ArrayList arrayList = new ArrayList();
        if (entityForPrincipal != null) {
            IAuthorizationPrincipal newPrincipal = this.authorizationService.newPrincipal(entityForPrincipal.getId(), entityForPrincipal.getEntityType().getClazz());
            if (z) {
                Iterator it = GroupService.getGroupMember(newPrincipal.getKey(), newPrincipal.getType()).getAncestorGroups().iterator();
                while (it.hasNext()) {
                    for (IPermission iPermission2 : this.permissionStore.select((String) null, (String) null, (String) null, this.authorizationService.newPrincipal((IEntityGroup) it.next()).getKey(), (String) null)) {
                        hashSet2.add(new UniquePermission(iPermission2.getOwner(), iPermission2.getActivity(), iPermission2.getPrincipal(), true));
                    }
                }
            }
            for (UniquePermission uniquePermission : hashSet) {
                JsonEntityBean entityForPrincipal2 = this.groupListHelper.getEntityForPrincipal(uniquePermission.getIdentifier());
                EntityEnum entityEnum = EntityEnum.getEntityEnum(entityForPrincipal2.getEntityTypeAsString());
                if (this.authorizationService.newPrincipal(entityForPrincipal2.getId(), entityEnum.isGroup() ? IEntityGroup.class : entityEnum.getClazz()).hasPermission(uniquePermission.getOwner(), uniquePermission.getActivity(), newPrincipal.getKey())) {
                    arrayList.add(getPermissionOnTarget(uniquePermission, entityForPrincipal));
                }
            }
            for (UniquePermission uniquePermission2 : hashSet2) {
                JsonEntityBean entityForPrincipal3 = this.groupListHelper.getEntityForPrincipal(uniquePermission2.getIdentifier());
                EntityEnum entityEnum2 = EntityEnum.getEntityEnum(entityForPrincipal3.getEntityTypeAsString());
                if (this.authorizationService.newPrincipal(entityForPrincipal3.getId(), entityEnum2.isGroup() ? IEntityGroup.class : entityEnum2.getClazz()).hasPermission(uniquePermission2.getOwner(), uniquePermission2.getActivity(), newPrincipal.getKey())) {
                    arrayList.add(getPermissionOnTarget(uniquePermission2, entityForPrincipal));
                }
            }
            Collections.sort(arrayList);
        }
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("assignments", arrayList);
        modelAndView.setViewName("json");
        return modelAndView;
    }

    private List<JsonPermission> getPermissionsForEntity(JsonEntityBean jsonEntityBean, boolean z) {
        HashSet<UniquePermission> hashSet = new HashSet();
        IAuthorizationPrincipal newPrincipal = this.authorizationService.newPrincipal(jsonEntityBean.getId(), jsonEntityBean.getEntityType().getClazz());
        for (IPermission iPermission : this.permissionStore.select((String) null, newPrincipal.getPrincipalString(), (String) null, (String) null, (String) null)) {
            hashSet.add(new UniquePermission(iPermission.getOwner(), iPermission.getActivity(), iPermission.getTarget(), false));
        }
        HashSet<UniquePermission> hashSet2 = new HashSet();
        if (z) {
            Iterator it = GroupService.getGroupMember(newPrincipal.getKey(), newPrincipal.getType()).getAncestorGroups().iterator();
            while (it.hasNext()) {
                for (IPermission iPermission2 : this.permissionStore.select((String) null, this.authorizationService.newPrincipal((IEntityGroup) it.next()).getPrincipalString(), (String) null, (String) null, (String) null)) {
                    hashSet2.add(new UniquePermission(iPermission2.getOwner(), iPermission2.getActivity(), iPermission2.getTarget(), true));
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (UniquePermission uniquePermission : hashSet) {
            if (newPrincipal.hasPermission(uniquePermission.getOwner(), uniquePermission.getActivity(), uniquePermission.getIdentifier())) {
                arrayList.add(getPermissionForPrincipal(uniquePermission, jsonEntityBean));
            }
        }
        for (UniquePermission uniquePermission2 : hashSet2) {
            if (newPrincipal.hasPermission(uniquePermission2.getOwner(), uniquePermission2.getActivity(), uniquePermission2.getIdentifier())) {
                arrayList.add(getPermissionForPrincipal(uniquePermission2, jsonEntityBean));
            }
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    private JsonPermission getPermissionForPrincipal(UniquePermission uniquePermission, JsonEntityBean jsonEntityBean) {
        IPermissionTarget target;
        JsonPermission jsonPermission = new JsonPermission();
        jsonPermission.setOwnerKey(uniquePermission.getOwner());
        jsonPermission.setActivityKey(uniquePermission.getActivity());
        jsonPermission.setTargetKey(uniquePermission.getIdentifier());
        jsonPermission.setPrincipalKey(jsonEntityBean.getId());
        jsonPermission.setPrincipalName(jsonEntityBean.getName());
        jsonPermission.setInherited(uniquePermission.isInherited());
        try {
            IPermissionOwner permissionOwner = this.permissionOwnerDao.getPermissionOwner(uniquePermission.getOwner());
            if (permissionOwner != null) {
                jsonPermission.setOwnerName(permissionOwner.getName());
            }
            IPermissionActivity permissionActivity = this.permissionOwnerDao.getPermissionActivity(uniquePermission.getOwner(), uniquePermission.getActivity());
            if (permissionActivity != null) {
                jsonPermission.setActivityName(permissionActivity.getName());
                IPermissionTargetProvider targetProvider = this.targetProviderRegistry.getTargetProvider(permissionActivity.getTargetProviderKey());
                if (targetProvider != null && (target = targetProvider.getTarget(uniquePermission.getIdentifier())) != null) {
                    jsonPermission.setTargetName(target.getName());
                }
            }
        } catch (RuntimeException e) {
            this.log.warn("Exception while adding permission", e);
        }
        return jsonPermission;
    }

    private JsonPermission getPermissionOnTarget(UniquePermission uniquePermission, JsonEntityBean jsonEntityBean) {
        JsonPermission jsonPermission = new JsonPermission();
        jsonPermission.setOwnerKey(uniquePermission.getOwner());
        jsonPermission.setActivityKey(uniquePermission.getActivity());
        jsonPermission.setTargetKey(jsonEntityBean.getId());
        jsonPermission.setTargetName(jsonEntityBean.getName());
        jsonPermission.setInherited(uniquePermission.isInherited());
        try {
            IPermissionOwner permissionOwner = this.permissionOwnerDao.getPermissionOwner(uniquePermission.getOwner());
            if (permissionOwner != null) {
                jsonPermission.setOwnerName(permissionOwner.getName());
            } else {
                jsonPermission.setOwnerName(uniquePermission.getOwner());
            }
            IPermissionActivity permissionActivity = this.permissionOwnerDao.getPermissionActivity(uniquePermission.getOwner(), uniquePermission.getActivity());
            if (permissionActivity != null) {
                jsonPermission.setActivityName(permissionActivity.getName());
            } else {
                jsonPermission.setActivityName(uniquePermission.getActivity());
            }
            JsonEntityBean entityForPrincipal = this.groupListHelper.getEntityForPrincipal(uniquePermission.getIdentifier());
            if (entityForPrincipal != null) {
                jsonPermission.setPrincipalKey(entityForPrincipal.getId());
                jsonPermission.setPrincipalName(entityForPrincipal.getName());
            }
        } catch (RuntimeException e) {
            this.log.warn("Exception while adding permission", e);
        }
        return jsonPermission;
    }
}
