package info.magnolia.security.app.dialog.action;

import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import com.vaadin.data.Item;
import com.vaadin.data.Property;
import info.magnolia.cms.core.Path;
import info.magnolia.cms.security.RoleManager;
import info.magnolia.cms.security.SecuritySupport;
import info.magnolia.context.MgnlContext;
import info.magnolia.jcr.util.NodeUtil;
import info.magnolia.objectfactory.Components;
import info.magnolia.security.app.dialog.field.AccessControlList;
import info.magnolia.security.app.util.UsersWorkspaceUtil;
import info.magnolia.ui.api.action.ActionExecutionException;
import info.magnolia.ui.dialog.action.SaveDialogAction;
import info.magnolia.ui.dialog.action.SaveDialogActionDefinition;
import info.magnolia.ui.form.EditorCallback;
import info.magnolia.ui.form.EditorValidator;
import info.magnolia.ui.vaadin.integration.jcr.JcrNewNodeAdapter;
import info.magnolia.ui.vaadin.integration.jcr.JcrNodeAdapter;
import info.magnolia.ui.vaadin.integration.jcr.ModelConstants;
import java.lang.reflect.Field;
import java.security.AccessControlException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-security-app-5.5.3.jar:info/magnolia/security/app/dialog/action/SaveRoleDialogAction.class */
public class SaveRoleDialogAction extends SaveDialogAction {
    private static final Logger log = LoggerFactory.getLogger(SaveRoleDialogAction.class);
    private final SecuritySupport securitySupport;

    public SaveRoleDialogAction(SaveDialogActionDefinition saveDialogActionDefinition, Item item, EditorValidator editorValidator, EditorCallback editorCallback, SecuritySupport securitySupport) {
        super(saveDialogActionDefinition, item, editorValidator, editorCallback);
        this.securitySupport = securitySupport;
    }

    @Deprecated
    public SaveRoleDialogAction(SaveDialogActionDefinition saveDialogActionDefinition, Item item, EditorValidator editorValidator, EditorCallback editorCallback) {
        this(saveDialogActionDefinition, item, editorValidator, editorCallback, (SecuritySupport) Components.getComponent(SecuritySupport.class));
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [info.magnolia.ui.api.action.ActionDefinition] */
    @Override // info.magnolia.ui.dialog.action.SaveDialogAction, info.magnolia.ui.api.action.Action
    public void execute() throws ActionExecutionException {
        JcrNodeAdapter jcrNodeAdapter = (JcrNodeAdapter) this.item;
        if (validateForm() && validateNewRolePermission(jcrNodeAdapter)) {
            createOrUpdateRole(jcrNodeAdapter);
            this.callback.onSuccess(getDefinition2().getName());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // info.magnolia.ui.dialog.action.SaveDialogAction
    public boolean validateForm() {
        this.validator.showValidation(false);
        boolean isValid = this.validator.isValid();
        this.validator.showValidation(!isValid);
        if (!isValid) {
            log.info("Validation error(s) occurred. No save performed.");
        }
        return isValid;
    }

    private boolean validateNewRolePermission(JcrNodeAdapter jcrNodeAdapter) throws ActionExecutionException {
        if (MgnlContext.getUser().hasRole("superuser")) {
            return true;
        }
        try {
            if (!(jcrNodeAdapter instanceof JcrNewNodeAdapter)) {
                return true;
            }
            Node jcrItem = jcrNodeAdapter.getJcrItem();
            jcrItem.getSession().checkPermission(jcrItem.getPath(), Session.ACTION_ADD_NODE);
            return true;
        } catch (AccessControlException | RepositoryException e) {
            throw new ActionExecutionException(e);
        }
    }

    private void createOrUpdateRole(JcrNodeAdapter jcrNodeAdapter) throws ActionExecutionException {
        Node applyChanges;
        try {
            RoleManager roleManager = this.securitySupport.getRoleManager();
            String validatedLabel = Path.getValidatedLabel((String) jcrNodeAdapter.getItemProperty(ModelConstants.JCR_NAME).getValue());
            Map<String, AccessControlList<AccessControlList.Entry>> removeTransientAclProperties = removeTransientAclProperties(jcrNodeAdapter);
            if (jcrNodeAdapter instanceof JcrNewNodeAdapter) {
                Node jcrItem = jcrNodeAdapter.getJcrItem();
                JcrNodeAdapter convertNewNodeAdapterForUpdating = convertNewNodeAdapterForUpdating((JcrNewNodeAdapter) jcrNodeAdapter, jcrItem.getNode(roleManager.createRole(jcrItem.getPath(), validatedLabel).getName()), validatedLabel);
                applyChanges = convertNewNodeAdapterForUpdating.applyChanges();
                try {
                    Field declaredField = jcrNodeAdapter.getClass().getDeclaredField("appliedChanges");
                    declaredField.setAccessible(true);
                    declaredField.setBoolean(jcrNodeAdapter, true);
                    declaredField.setAccessible(false);
                    jcrNodeAdapter.setItemId(convertNewNodeAdapterForUpdating.getItemId());
                } catch (IllegalAccessException | NoSuchFieldException e) {
                    log.warn("Unable to set new JcrItemId for adapter {}", jcrNodeAdapter, e);
                }
                updateAcls(applyChanges, removeTransientAclProperties, false);
            } else {
                String name2 = jcrNodeAdapter.getJcrItem().getName();
                String path = jcrNodeAdapter.getJcrItem().getPath();
                applyChanges = jcrNodeAdapter.applyChanges();
                updateAcls(applyChanges, removeTransientAclProperties, true);
                if (!StringUtils.equals(name2, validatedLabel)) {
                    UsersWorkspaceUtil.updateAcls(applyChanges, path);
                }
            }
            applyChanges.getSession().save();
        } catch (RepositoryException e2) {
            throw new ActionExecutionException(e2);
        }
    }

    private void updateAcls(Node node, Map<String, AccessControlList<AccessControlList.Entry>> map, boolean z) throws RepositoryException {
        Node addNode;
        for (Map.Entry<String, AccessControlList<AccessControlList.Entry>> entry : map.entrySet()) {
            String key = entry.getKey();
            AccessControlList<AccessControlList.Entry> value = entry.getValue();
            if (node.hasNode(key)) {
                addNode = node.getNode(key);
                if (z) {
                    Iterator<Node> it = NodeUtil.getNodes(addNode).iterator();
                    while (it.hasNext()) {
                        it.next().remove();
                    }
                }
            } else {
                addNode = node.addNode(key, "mgnl:contentNode");
            }
            value.saveEntries(addNode);
            if (!addNode.hasNodes()) {
                addNode.remove();
            }
        }
    }

    private JcrNodeAdapter convertNewNodeAdapterForUpdating(JcrNewNodeAdapter jcrNewNodeAdapter, Node node, String str) throws RepositoryException {
        JcrNodeAdapter jcrNodeAdapter = new JcrNodeAdapter(node);
        for (Object obj : jcrNewNodeAdapter.getItemPropertyIds()) {
            Property itemProperty = jcrNodeAdapter.getItemProperty(obj);
            if (itemProperty == null) {
                jcrNodeAdapter.addItemProperty(obj, jcrNewNodeAdapter.getItemProperty(obj));
            } else if (!ModelConstants.JCR_NAME.equals(obj) || str == null) {
                itemProperty.setValue(jcrNewNodeAdapter.getItemProperty(obj).getValue());
            } else {
                itemProperty.setValue(node.getName());
            }
        }
        return jcrNodeAdapter;
    }

    private Map<String, AccessControlList<AccessControlList.Entry>> removeTransientAclProperties(JcrNodeAdapter jcrNodeAdapter) {
        Collection filter = Collections2.filter(ImmutableList.copyOf((Collection) jcrNodeAdapter.getItemPropertyIds()), new Predicate<Object>() { // from class: info.magnolia.security.app.dialog.action.SaveRoleDialogAction.1
            @Override // com.google.common.base.Predicate
            public boolean apply(Object obj) {
                return (obj instanceof String) && ((String) obj).startsWith("acl_");
            }
        });
        HashMap hashMap = new HashMap();
        for (Object obj : filter) {
            hashMap.put(obj.toString(), (AccessControlList) jcrNodeAdapter.getItemProperty(obj).getValue());
            jcrNodeAdapter.removeItemProperty(obj);
        }
        return hashMap;
    }
}
