package info.magnolia.cms.security;

import info.magnolia.context.MgnlContext;
import info.magnolia.importexport.DataTransporter;
import info.magnolia.jcr.iterator.SameChildNodeTypeIterator;
import info.magnolia.jcr.util.NodeNameHelper;
import javax.inject.Inject;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/MgnlRoleManager.class */
public class MgnlRoleManager extends RepositoryBackedSecurityManager implements RoleManager {
    public static final String NODE_ACLROLES = "acl_userroles";
    private static final Logger log = LoggerFactory.getLogger(MgnlRoleManager.class);

    @Inject
    public MgnlRoleManager(NodeNameHelper nodeNameHelper) {
        super(nodeNameHelper);
    }

    @Deprecated
    public MgnlRoleManager() {
    }

    @Override // info.magnolia.cms.security.RoleManager
    public Role getRole(final String str) {
        return (Role) MgnlContext.doInSystemContext(new SilentSessionOp<MgnlRole>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlRoleManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public MgnlRole doExec(Session session) throws RepositoryException {
                Node findPrincipalNode = MgnlRoleManager.this.findPrincipalNode(str, MgnlContext.getJCRSession(MgnlRoleManager.this.getRepositoryName()));
                if (findPrincipalNode != null) {
                    return MgnlRoleManager.this.newRoleInstance(findPrincipalNode);
                }
                log.debug("can't find role [{}]", str);
                return null;
            }

            public String toString() {
                return "get role " + str;
            }
        });
    }

    @Override // info.magnolia.cms.security.RoleManager
    public Role createRole(String str) throws AccessDeniedException {
        return createRole(null, str);
    }

    @Override // info.magnolia.cms.security.RoleManager
    public Role createRole(final String str, final String str2) throws AccessDeniedException {
        validateRoleName(str2);
        return (Role) MgnlContext.doInSystemContext(new SilentSessionOp<MgnlRole>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlRoleManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // info.magnolia.cms.security.SilentSessionOp
            public MgnlRole doExec(Session session) throws RepositoryException {
                Node addNode = session.getNode(StringUtils.defaultString(str, DataTransporter.SLASH)).addNode(str2, "mgnl:role");
                Node addNode2 = addNode.addNode(MgnlRoleManager.NODE_ACLROLES, "mgnl:contentNode");
                Node addNode3 = addNode2.addNode(MgnlRoleManager.this.nodeNameHelper.getUniqueName(session, addNode2.getPath(), "0"), "mgnl:contentNode");
                addNode3.setProperty("path", addNode.getPath());
                addNode3.setProperty("permissions", 8L);
                session.save();
                return MgnlRoleManager.this.newRoleInstance(addNode);
            }

            public String toString() {
                return "create role " + str2;
            }
        });
    }

    protected MgnlRole newRoleInstance(Node node) throws RepositoryException {
        return new MgnlRole(node.getName(), node.getIdentifier(), getACLs(node).values());
    }

    @Override // info.magnolia.cms.security.RoleManager
    public void removePermission(final Role role, final String str, final String str2, final long j) {
        MgnlContext.doInSystemContext(new SilentSessionOp<Object>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlRoleManager.3
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Object doExec(Session session) throws Throwable {
                SameChildNodeTypeIterator sameChildNodeTypeIterator = new SameChildNodeTypeIterator(MgnlRoleManager.this.getAclNode(session.getNodeByIdentifier(role.getId()), str));
                while (sameChildNodeTypeIterator.hasNext()) {
                    Node nextNode = sameChildNodeTypeIterator.nextNode();
                    if (nextNode.getProperty("path").getString().equals(str2) && (j == MgnlRole.PERMISSION_ANY || nextNode.getProperty("permissions").getLong() == j)) {
                        nextNode.remove();
                    }
                }
                session.save();
                return null;
            }

            public String toString() {
                return "add permission to role " + role.getName();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Node getAclNode(Node node, String str) throws RepositoryException, PathNotFoundException, AccessDeniedException {
        return !node.hasNode(new StringBuilder().append("acl_").append(str).toString()) ? node.addNode("acl_" + str, "mgnl:contentNode") : node.getNode("acl_" + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean existsPermission(Node node, String str, long j) throws RepositoryException {
        NodeIterator nodes = node.getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (nextNode.hasProperty("path") && nextNode.getProperty("path").getString().equals(str) && (j == MgnlRole.PERMISSION_ANY || nextNode.getProperty("permissions").getLong() == j)) {
                return true;
            }
        }
        return false;
    }

    @Override // info.magnolia.cms.security.RoleManager
    public void addPermission(final Role role, final String str, final String str2, final long j) {
        MgnlContext.doInSystemContext(new SilentSessionOp<Object>(getRepositoryName()) { // from class: info.magnolia.cms.security.MgnlRoleManager.4
            @Override // info.magnolia.cms.security.SilentSessionOp
            public Object doExec(Session session) throws Throwable {
                Node aclNode = MgnlRoleManager.this.getAclNode(session.getNodeByIdentifier(role.getId()), str);
                if (MgnlRoleManager.this.existsPermission(aclNode, str2, j)) {
                    return null;
                }
                Node addNode = aclNode.addNode(MgnlRoleManager.this.nodeNameHelper.getUniqueName(session, aclNode.getPath(), "0"), "mgnl:contentNode");
                addNode.setProperty("path", str2);
                addNode.setProperty("permissions", j);
                session.save();
                return null;
            }

            public String toString() {
                return "remove permission from role " + role.getName();
            }
        });
    }

    @Override // info.magnolia.cms.security.RepositoryBackedSecurityManager
    protected Node findPrincipalNode(String str, Session session) throws RepositoryException {
        return findPrincipalNode(str, session, "mgnl:role");
    }

    @Override // info.magnolia.cms.security.RepositoryBackedSecurityManager
    protected String getRepositoryName() {
        return "userroles";
    }

    @Override // info.magnolia.cms.security.RoleManager
    public String getRoleNameById(String str) {
        return getResourceName(str);
    }

    protected void validateRoleName(String str) throws AccessDeniedException {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException(str + " is not a valid role name.");
        }
        if (Security.getRoleManager().getRole(str) != null) {
            throw new IllegalArgumentException("Role with name " + str + " already exists.");
        }
    }
}
