package org.apereo.portal.security.remoting;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.portal.groups.IEntityGroup;
import org.apereo.portal.layout.dlm.remoting.IGroupListHelper;
import org.apereo.portal.layout.dlm.remoting.JsonEntityBean;
import org.apereo.portal.portlets.groupselector.EntityEnum;
import org.apereo.portal.portlets.permissionsadmin.Assignment;
import org.apereo.portal.portlets.permissionsadmin.IPermissionAdministrationHelper;
import org.apereo.portal.security.IAuthorizationPrincipal;
import org.apereo.portal.security.IAuthorizationService;
import org.apereo.portal.security.IPermission;
import org.apereo.portal.security.IPermissionStore;
import org.apereo.portal.security.IPerson;
import org.apereo.portal.security.IPersonManager;
import org.apereo.portal.security.provider.PermissionImpl;
import org.apereo.portal.services.AuthorizationServiceFacade;
import org.apereo.portal.services.GroupService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:org/apereo/portal/security/remoting/PermissionAssignmentMapController.class */
public class PermissionAssignmentMapController extends AbstractPermissionsController {
    protected final Log log = LogFactory.getLog(getClass());
    private IGroupListHelper groupListHelper;
    private IPermissionAdministrationHelper permissionAdministrationHelper;
    private IPersonManager personManager;
    private IPermissionStore permissionStore;
    private IAuthorizationService authorizationService;

    @Autowired(required = true)
    public void setGroupListHelper(IGroupListHelper iGroupListHelper) {
        this.groupListHelper = iGroupListHelper;
    }

    @Autowired(required = true)
    public void setPermissionAdministrationHelper(IPermissionAdministrationHelper iPermissionAdministrationHelper) {
        this.permissionAdministrationHelper = iPermissionAdministrationHelper;
    }

    @Override // org.apereo.portal.security.remoting.AbstractPermissionsController
    @Autowired(required = true)
    public void setPersonManager(IPersonManager iPersonManager) {
        this.personManager = iPersonManager;
    }

    @Autowired
    public void setPermissionStore(IPermissionStore iPermissionStore) {
        this.permissionStore = iPermissionStore;
    }

    @Override // org.apereo.portal.security.remoting.AbstractPermissionsController
    @Autowired
    public void setAuthorizationService(IAuthorizationService iAuthorizationService) {
        this.authorizationService = iAuthorizationService;
    }

    @RequestMapping(value = {"/updatePermission"}, method = {RequestMethod.GET})
    public ModelAndView updatePermission(@RequestParam("principal") String str, @RequestParam("assignment") String str2, @RequestParam("principals[]") String[] strArr, @RequestParam("owner") String str3, @RequestParam("activity") String str4, @RequestParam("target") String str5, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        IPerson person = this.personManager.getPerson(httpServletRequest);
        if (!this.permissionAdministrationHelper.canEditPermission(person, str5) || !this.permissionAdministrationHelper.canViewPermission(person, str5)) {
            httpServletResponse.setStatus(401);
            return null;
        }
        JsonEntityBean entityForPrincipal = this.groupListHelper.getEntityForPrincipal(str);
        if (entityForPrincipal != null) {
            this.authorizationService.removePermissions(this.permissionStore.select(str3, this.groupListHelper.getPrincipalForEntity(entityForPrincipal).getPrincipalString(), str4, str5, (String) null));
            String upperCase = str2.toUpperCase();
            if (upperCase.equals(Assignment.Type.GRANT.toString()) || upperCase.equals(Assignment.Type.DENY.toString())) {
                IPermission permissionImpl = new PermissionImpl(str3);
                permissionImpl.setActivity(str4);
                permissionImpl.setPrincipal(entityForPrincipal.getPrincipalString());
                permissionImpl.setTarget(str5);
                permissionImpl.setType(upperCase);
                this.authorizationService.addPermissions(new IPermission[]{permissionImpl});
            }
        } else {
            this.log.warn("Unable to resolve the following principal (will be omitted from the list of assignments):  " + str);
        }
        return getOwners(strArr, str3, str4, str5, httpServletRequest, httpServletResponse);
    }

    @RequestMapping(value = {"/deletePermission"}, method = {RequestMethod.POST})
    public void deletePermission(@RequestParam("principal") String str, @RequestParam("owner") String str2, @RequestParam("activity") String str3, @RequestParam("target") String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        IPerson person = this.personManager.getPerson(httpServletRequest);
        if (!this.permissionAdministrationHelper.canEditPermission(person, str4) || !this.permissionAdministrationHelper.canViewPermission(person, str4)) {
            httpServletResponse.setStatus(401);
            return;
        }
        JsonEntityBean entityForPrincipal = this.groupListHelper.getEntityForPrincipal(str);
        if (entityForPrincipal != null) {
            this.authorizationService.removePermissions(this.permissionStore.select(str2, this.groupListHelper.getPrincipalForEntity(entityForPrincipal).getPrincipalString(), str3, str4, (String) null));
        } else {
            this.log.warn("Unable to resolve the following principal (will be omitted from the list of assignments):  " + str);
        }
        httpServletResponse.setStatus(200);
    }

    @RequestMapping(value = {"/permissionAssignmentMap"}, method = {RequestMethod.GET})
    public ModelAndView getOwners(@RequestParam("principals[]") String[] strArr, @RequestParam("owner") String str, @RequestParam("activity") String str2, @RequestParam("target") String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!this.permissionAdministrationHelper.canViewPermission(this.personManager.getPerson(httpServletRequest), str3)) {
            httpServletResponse.setStatus(401);
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str4 : strArr) {
            JsonEntityBean entityForPrincipal = this.groupListHelper.getEntityForPrincipal(str4);
            if (entityForPrincipal != null) {
                arrayList.add(new Assignment(str4, entityForPrincipal, getAssignmentType(this.groupListHelper.getPrincipalForEntity(entityForPrincipal), str, str2, str3)));
            } else {
                this.log.warn("Unable to resolve the following principal (will be omitted from the list of assignments):  " + str4);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            placeInHierarchy((Assignment) it.next(), arrayList2, str, str2, str3);
        }
        return new ModelAndView("jsonView", Collections.singletonMap("assignments", arrayList2));
    }

    private void placeInHierarchy(Assignment assignment, List<Assignment> list, String str, String str2, String str3) {
        if (assignment == null) {
            throw new IllegalArgumentException("Argument 'a' [Assignment] cannot be null");
        }
        if (list == null) {
            throw new IllegalArgumentException("Argument 'hierarchy' cannot be null");
        }
        Iterator<Assignment> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().findDecendentOrSelfIfExists(assignment.getPrincipal()) != null) {
                return;
            }
        }
        EntityEnum entityType = assignment.getPrincipal().getEntityType();
        IEntityGroup findGroup = entityType.isGroup() ? GroupService.findGroup(assignment.getPrincipal().getId()) : GroupService.getGroupMember(assignment.getPrincipal().getId(), entityType.getClazz());
        AuthorizationServiceFacade instance = AuthorizationServiceFacade.instance();
        Iterator findParentGroups = GroupService.getCompositeGroupService().findParentGroups(findGroup);
        if (!findParentGroups.hasNext()) {
            list.add(assignment);
            return;
        }
        while (findParentGroups.hasNext()) {
            IEntityGroup iEntityGroup = (IEntityGroup) findParentGroups.next();
            JsonEntityBean jsonEntityBean = new JsonEntityBean(iEntityGroup, EntityEnum.getEntityEnum(iEntityGroup.getLeafType(), true));
            Assignment assignment2 = null;
            Iterator<Assignment> it2 = list.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                assignment2 = it2.next().findDecendentOrSelfIfExists(jsonEntityBean);
                if (assignment2 != null) {
                    assignment2.addChild(assignment);
                    break;
                }
            }
            if (assignment2 == null) {
                IAuthorizationPrincipal newPrincipal = instance.newPrincipal(iEntityGroup);
                Assignment assignment3 = new Assignment(newPrincipal.getPrincipalString(), jsonEntityBean, getAssignmentType(newPrincipal, str, str2, str3));
                assignment3.addChild(assignment);
                placeInHierarchy(assignment3, list, str, str2, str3);
            }
        }
    }

    private Assignment.Type getAssignmentType(IAuthorizationPrincipal iAuthorizationPrincipal, String str, String str2, String str3) {
        Assignment.Type type;
        IPermission[] select = this.permissionStore.select(str, iAuthorizationPrincipal.getPrincipalString(), str2, str3, (String) null);
        if (select.length > 0) {
            type = select[0].getType().equals("GRANT") ? Assignment.Type.GRANT : Assignment.Type.DENY;
        } else {
            type = iAuthorizationPrincipal.hasPermission(str, str2, str3) ? Assignment.Type.INHERIT_GRANT : Assignment.Type.INHERIT_DENY;
        }
        return type;
    }
}
