package info.magnolia.security.app.dialog.action;

import com.vaadin.data.Item;
import info.magnolia.cms.security.MgnlUserManager;
import info.magnolia.cms.security.SecurityConstants;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.cms.security.SilentSessionOp;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.UserManager;
import info.magnolia.context.MgnlContext;
import info.magnolia.jcr.util.NodeUtil;
import info.magnolia.jcr.util.PropertyUtil;
import info.magnolia.security.app.util.UsersWorkspaceUtil;
import info.magnolia.ui.admincentral.dialog.action.SaveDialogAction;
import info.magnolia.ui.api.action.ActionExecutionException;
import info.magnolia.ui.form.EditorCallback;
import info.magnolia.ui.form.EditorValidator;
import info.magnolia.ui.vaadin.integration.jcr.JcrNewNodeAdapter;
import info.magnolia.ui.vaadin.integration.jcr.JcrNodeAdapter;
import info.magnolia.ui.vaadin.integration.jcr.ModelConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFactory;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-security-app-5.3.3.jar:info/magnolia/security/app/dialog/action/SaveUserDialogAction.class */
public class SaveUserDialogAction extends SaveDialogAction<SaveUserDialogActionDefinition> {
    private static final Logger log = LoggerFactory.getLogger(SaveUserDialogAction.class);
    private SecuritySupport securitySupport;
    private final List<String> protectedProperties;

    public SaveUserDialogAction(SaveUserDialogActionDefinition saveUserDialogActionDefinition, Item item, EditorValidator editorValidator, EditorCallback editorCallback, SecuritySupport securitySupport) {
        super(saveUserDialogActionDefinition, item, editorValidator, editorCallback);
        this.protectedProperties = Arrays.asList(MgnlUserManager.PROPERTY_PASSWORD, "name", SecurityConstants.NODE_GROUPS, SecurityConstants.NODE_ROLES);
        this.securitySupport = securitySupport;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // info.magnolia.ui.admincentral.dialog.action.SaveDialogAction, info.magnolia.ui.api.action.Action
    public void execute() throws ActionExecutionException {
        this.validator.showValidation(true);
        if (this.validator.isValid()) {
            createOrUpdateUser((JcrNodeAdapter) this.item);
            this.callback.onSuccess(((SaveUserDialogActionDefinition) getDefinition2()).getName());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void createOrUpdateUser(JcrNodeAdapter jcrNodeAdapter) throws ActionExecutionException {
        User user;
        try {
            String userManagerRealm = ((SaveUserDialogActionDefinition) getDefinition2()).getUserManagerRealm();
            if (StringUtils.isBlank(userManagerRealm)) {
                log.debug("userManagerRealm property is not defined -> will try to get realm from node path");
                userManagerRealm = resolveUserManagerRealm(jcrNodeAdapter);
            }
            UserManager userManager = this.securitySupport.getUserManager(userManagerRealm);
            if (userManager == null) {
                throw new ActionExecutionException("User cannot be created. No user manager with realm name " + userManagerRealm + " is defined.");
            }
            String str = (String) jcrNodeAdapter.getItemProperty(ModelConstants.JCR_NAME).getValue();
            String str2 = (String) jcrNodeAdapter.getItemProperty(MgnlUserManager.PROPERTY_PASSWORD).getValue();
            Session session = jcrNodeAdapter.getJcrItem().getSession();
            if (jcrNodeAdapter instanceof JcrNewNodeAdapter) {
                Node jcrItem = jcrNodeAdapter.getJcrItem();
                String path = jcrItem.getPath();
                if ("/".equals(path)) {
                    throw new ActionExecutionException("Users cannot be created directly under root");
                }
                jcrItem.getSession().checkPermission(jcrItem.getPath(), Session.ACTION_ADD_NODE);
                user = userManager.createUser(path, str, str2);
            } else {
                Node jcrItem2 = jcrNodeAdapter.getJcrItem();
                String name2 = jcrItem2.getName();
                user = userManager.getUser(name2);
                if (!StringUtils.equals(name2, str)) {
                    String path2 = jcrItem2.getPath();
                    NodeUtil.renameNode(jcrItem2, str);
                    jcrItem2.setProperty("name", str);
                    UsersWorkspaceUtil.updateAcls(jcrItem2, path2);
                }
                if (!StringUtils.equals(str2, user.getProperty(MgnlUserManager.PROPERTY_PASSWORD))) {
                    userManager.setProperty(user, MgnlUserManager.PROPERTY_PASSWORD, str2);
                }
            }
            Collection<String> resolveItemsNamesFromIdentifiers = resolveItemsNamesFromIdentifiers((Collection) jcrNodeAdapter.getItemProperty(SecurityConstants.NODE_GROUPS).getValue(), "usergroups");
            log.debug("Assigning user the following groups [{}]", resolveItemsNamesFromIdentifiers);
            storeGroupsCollection(userManager, user, resolveItemsNamesFromIdentifiers);
            Collection<String> resolveItemsNamesFromIdentifiers2 = resolveItemsNamesFromIdentifiers((Collection) jcrNodeAdapter.getItemProperty(SecurityConstants.NODE_ROLES).getValue(), "userroles");
            log.debug("Assigning user the following roles [{}]", resolveItemsNamesFromIdentifiers2);
            storeRolesCollection(userManager, user, resolveItemsNamesFromIdentifiers2);
            Collection<?> itemPropertyIds = jcrNodeAdapter.getItemPropertyIds();
            ValueFactory valueFactory = session.getValueFactory();
            for (Object obj : itemPropertyIds) {
                if (!this.protectedProperties.contains(obj)) {
                    userManager.setProperty(user, obj.toString(), PropertyUtil.createValue(jcrNodeAdapter.getItemProperty(obj).getValue(), valueFactory));
                }
            }
            session.save();
        } catch (RepositoryException e) {
            throw new ActionExecutionException(e);
        }
    }

    private String resolveUserManagerRealm(JcrNodeAdapter jcrNodeAdapter) throws RepositoryException {
        String path = jcrNodeAdapter.getJcrItem().getPath();
        if ((jcrNodeAdapter instanceof JcrNewNodeAdapter) && !"/".equals(path)) {
            path = path + "/";
        }
        return StringUtils.substringBetween(path, "/");
    }

    private void storeGroupsCollection(UserManager userManager, User user, Collection<String> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = user.getGroups().iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next());
        }
        for (String str : collection) {
            userManager.addGroup(user, str);
            arrayList.remove(str);
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            userManager.removeGroup(user, (String) it3.next());
        }
    }

    private void storeRolesCollection(UserManager userManager, User user, Collection<String> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = user.getRoles().iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next());
        }
        for (String str : collection) {
            userManager.addRole(user, str);
            arrayList.remove(str);
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            userManager.removeRole(user, (String) it3.next());
        }
    }

    private Collection<String> resolveItemsNamesFromIdentifiers(Collection<String> collection, String str) {
        final ArrayList arrayList = new ArrayList();
        for (final String str2 : collection) {
            MgnlContext.doInSystemContext(new SilentSessionOp<Void>(str) { // from class: info.magnolia.security.app.dialog.action.SaveUserDialogAction.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // info.magnolia.cms.security.SilentSessionOp
                public Void doExec(Session session) {
                    try {
                        arrayList.add(session.getNodeByIdentifier(str2).getName());
                        return null;
                    } catch (RepositoryException e) {
                        log.error("Can't resolve group/role with uuid: " + str2);
                        log.debug(e.getMessage());
                        return null;
                    }
                }
            });
        }
        return arrayList;
    }
}
