package info.magnolia.ui.admincentral.setup;

import info.magnolia.cms.security.operations.VoterBasedConfiguredAccessDefinition;
import info.magnolia.jcr.util.NodeUtil;
import info.magnolia.module.InstallContext;
import info.magnolia.module.delta.AbstractRepositoryTask;
import info.magnolia.module.delta.TaskExecutionException;
import info.magnolia.security.app.dialog.field.AccessControlList;
import info.magnolia.voting.voters.RoleBaseVoter;
import java.util.HashSet;
import java.util.Iterator;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.query.Query;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-ui-admincentral-5.6.jar:info/magnolia/ui/admincentral/setup/ConvertAclToAppPermissionTask.class */
public class ConvertAclToAppPermissionTask extends AbstractRepositoryTask {
    protected static final String APP_PERMISSIONS_PATH = "permissions/";
    protected static final String APP_ROLES_PATH = "roles/";
    protected static final String APP_PERMISSIONS_ROLES_PATH = "permissions/roles/";
    protected static final String APP_VOTERS_PATH = "voters/";
    protected static final String APP_DENIED_ROLES_PATH = "deniedRoles/";
    protected static final String APP_ALLOWED_ROLES_PATH = "allowedRoles/";
    protected static final String PROPERTY_CLASS_NAME = "class";
    protected static final String PROPERTY_NOT_NAME = "not";
    protected static final String SUPERUSER_ROLE = "superuser";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConvertAclToAppPermissionTask.class);
    private final String oldURL;
    private final String[] newApps;
    private final boolean removeOldPermissions;
    private final String query;

    public ConvertAclToAppPermissionTask(String str, String str2, String str3, String[] strArr, boolean z) {
        super(str, str2);
        this.oldURL = str3;
        this.newApps = strArr;
        this.removeOldPermissions = z;
        this.query = "select * from ['mgnl:contentNode'] as t where [path] = '" + str3 + "' OR [path] = '" + str3 + "*' OR [path] = '" + str3 + "/*'";
    }

    public ConvertAclToAppPermissionTask(String str, String str2, String str3, String str4, boolean z) {
        this(str, str2, str3, new String[]{str4}, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // info.magnolia.module.delta.AbstractRepositoryTask
    public void doExecute(InstallContext installContext) throws RepositoryException, TaskExecutionException {
        Session jCRSession = installContext.getJCRSession("config");
        NodeIterator nodes = installContext.getJCRSession("userroles").getWorkspace().getQueryManager().createQuery(this.query, Query.JCR_SQL2).execute().getNodes();
        HashSet hashSet = new HashSet();
        while (nodes.hasNext()) {
            Node node = (Node) nodes.next();
            try {
                Node parent = node.getParent().getParent();
                if (parent.isNodeType("mgnl:role")) {
                    String name2 = parent.getName();
                    Long valueOf = Long.valueOf(node.getProperty(AccessControlList.PERMISSIONS_PROPERTY_NAME).getLong());
                    for (String str : this.newApps) {
                        Node node2 = jCRSession.getNode(str);
                        if (valueOf.longValue() == 0) {
                            if (!node2.hasNode(APP_PERMISSIONS_ROLES_PATH)) {
                                NodeUtil.createPath(node2, APP_PERMISSIONS_PATH, "mgnl:contentNode").setProperty("class", VoterBasedConfiguredAccessDefinition.class.getName());
                                Node createPath = NodeUtil.createPath(node2.getNode(APP_PERMISSIONS_PATH), "voters/deniedRoles/", "mgnl:contentNode");
                                createPath.setProperty("class", RoleBaseVoter.class.getName());
                                createPath.setProperty(PROPERTY_NOT_NAME, "true");
                                NodeUtil.createPath(createPath, APP_ROLES_PATH, "mgnl:contentNode").setProperty(name2, name2);
                                log.info("Denying permission for '{}' app to role '{}'. Please add extra permissions to this app if required.", this.newApps, name2);
                            } else if (!node2.getNode(APP_PERMISSIONS_PATH).hasProperty("class")) {
                                NodeUtil.createPath(node2, APP_PERMISSIONS_PATH, "mgnl:contentNode").setProperty("class", VoterBasedConfiguredAccessDefinition.class.getName());
                                NodeUtil.createPath(node2.getNode(APP_PERMISSIONS_PATH), "voters/allowedRoles/", "mgnl:contentNode").setProperty("class", RoleBaseVoter.class.getName());
                                NodeUtil.moveNode(node2.getNode(APP_PERMISSIONS_ROLES_PATH), node2.getNode("permissions/voters/allowedRoles/"));
                                Node createPath2 = NodeUtil.createPath(node2.getNode(APP_PERMISSIONS_PATH), "voters/deniedRoles/", "mgnl:contentNode");
                                createPath2.setProperty("class", RoleBaseVoter.class.getName());
                                createPath2.setProperty(PROPERTY_NOT_NAME, "true");
                                NodeUtil.createPath(createPath2, APP_ROLES_PATH, "mgnl:contentNode").setProperty(name2, name2);
                                log.info("Denying permission for '{}' app to role '{}'. Please add extra permissions to this app if required.", this.newApps, name2);
                            } else if (node2.getNode(APP_PERMISSIONS_PATH).getProperty("class").getString().equals(VoterBasedConfiguredAccessDefinition.class.getName())) {
                                Node createPath3 = NodeUtil.createPath(node2.getNode(APP_PERMISSIONS_PATH), "voters/deniedRoles/", "mgnl:contentNode");
                                if (createPath3.hasProperty("class") && createPath3.getProperty("class").getString().equals(RoleBaseVoter.class.getName())) {
                                    Node createPath4 = NodeUtil.createPath(createPath3, APP_ROLES_PATH, "mgnl:contentNode");
                                    if (!createPath4.hasProperty(name2)) {
                                        createPath4.setProperty(name2, name2);
                                        log.info("Denying permission for '{}' app to '{}' role.", this.newApps, name2);
                                    }
                                } else {
                                    installContext.warn("Unknown voter class implementation " + createPath3.getPath() + " . Cannot convert old permission '" + this.oldURL + "'.");
                                }
                            } else {
                                installContext.warn("Unknown access permissions class implementation " + node2.getNode(APP_PERMISSIONS_PATH).getPath() + " . Cannot convert old permission '" + this.oldURL + "'.");
                            }
                        } else if (node2.hasNode(APP_PERMISSIONS_PATH) && node2.getNode(APP_PERMISSIONS_PATH).hasProperty("class") && node2.getNode(APP_PERMISSIONS_PATH).getProperty("class").getString().equals(VoterBasedConfiguredAccessDefinition.class.getName())) {
                            Node createPath5 = NodeUtil.createPath(node2.getNode(APP_PERMISSIONS_PATH), "voters/allowedRoles/", "mgnl:contentNode");
                            if (!createPath5.hasProperty("class")) {
                                createPath5.setProperty("class", RoleBaseVoter.class.getName());
                            } else if (!createPath5.getProperty("class").getString().equals(RoleBaseVoter.class.getName())) {
                                installContext.warn("Unknown voter class implementation " + createPath5.getPath() + " . Cannot convert old permission '" + this.oldURL + "'.");
                            }
                            Node createPath6 = NodeUtil.createPath(createPath5, APP_ROLES_PATH, "mgnl:contentNode");
                            if (!createPath6.hasProperty(name2)) {
                                createPath6.setProperty(name2, name2);
                                log.info("Adding permission for '{}' app to '{}' role.", this.newApps, name2);
                            }
                        } else if (!node2.hasNode(APP_PERMISSIONS_PATH) || (node2.hasNode(APP_PERMISSIONS_PATH) && !node2.getNode(APP_PERMISSIONS_PATH).hasProperty("class"))) {
                            Node createPath7 = NodeUtil.createPath(node2, APP_PERMISSIONS_ROLES_PATH, "mgnl:contentNode");
                            if (!createPath7.hasProperty(name2)) {
                                createPath7.setProperty(name2, name2);
                                log.info("Adding permission for '{}' app to '{}' role.", this.newApps, name2);
                            }
                        } else {
                            installContext.warn("Unknown access permissions class implementation " + node2.getNode(APP_PERMISSIONS_PATH).getPath() + " . Cannot convert old permission '" + this.oldURL + "'.");
                        }
                    }
                    if (this.removeOldPermissions) {
                        hashSet.add(node);
                        log.info("Obsolete permission property '{}={}' for role '{}' will be removed.", node.getProperty("path").getString(), valueOf, name2);
                    }
                }
            } catch (RepositoryException e) {
                String str2 = "Cannot convert old permission '" + this.oldURL + "' to permissions to new apps.";
                log.error(str2);
                throw new TaskExecutionException(str2, e);
            }
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            ((Node) it.next()).remove();
        }
    }
}
