package com.gentics.contentnode.rest;

import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.InsufficientPrivilegesException;
import com.gentics.api.lib.exception.NodeException;
import com.gentics.contentnode.i18n.CNI18nString;
import com.gentics.contentnode.object.Folder;
import com.gentics.contentnode.object.Node;
import com.gentics.contentnode.object.SystemUser;
import com.gentics.contentnode.object.UserGroup;
import com.gentics.contentnode.perm.PermHandler;
import com.gentics.contentnode.perm.PermissionPair;
import com.gentics.contentnode.perm.PermissionStore;
import com.gentics.contentnode.rest.exceptions.EntityNotFoundException;
import com.gentics.contentnode.rest.model.request.Permission;
import com.gentics.contentnode.rest.model.request.SetPermsRequest;
import com.gentics.contentnode.rest.model.response.GenericResponse;
import com.gentics.contentnode.rest.model.response.GroupsPermBitsResponse;
import com.gentics.contentnode.rest.model.response.Message;
import com.gentics.contentnode.rest.model.response.PermBitsResponse;
import com.gentics.contentnode.rest.model.response.PermResponse;
import com.gentics.contentnode.rest.model.response.ResponseCode;
import com.gentics.contentnode.rest.model.response.ResponseInfo;
import com.gentics.contentnode.rest.resource.PermResource;
import com.gentics.lib.base.factory.Transaction;
import com.gentics.lib.base.factory.TransactionManager;
import com.gentics.lib.base.object.NodeObject;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import org.apache.xalan.templates.Constants;

@Path("/perm")
/* loaded from: input_file:WEB-INF/lib/node-lib-1.21.21.jar:com/gentics/contentnode/rest/PermResourceImpl.class */
public class PermResourceImpl extends AuthenticatedContentNodeResource implements PermResource {
    @Override // com.gentics.contentnode.rest.resource.PermResource
    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/{type}/{id}")
    public PermBitsResponse getPermissions(@PathParam("type") int i, @PathParam("id") int i2, @QueryParam("nodeId") @DefaultValue("0") int i3, @QueryParam("type") @DefaultValue("-1") int i4, @QueryParam("lang") @DefaultValue("0") int i5) {
        int normalizeType = normalizeType(i);
        Transaction transaction = null;
        boolean z = false;
        try {
            try {
                transaction = TransactionManager.getCurrentTransaction();
                if (i3 > 0) {
                    transaction.setChannel(Integer.valueOf(i3));
                    z = true;
                }
                PermissionPair permissions = i2 > 0 ? transaction.getPermHandler().getPermissions(Integer.valueOf(normalizeType), Integer.valueOf(i2), i4, i5) : transaction.getPermHandler().getPermissions(Integer.valueOf(normalizeType), null, i4, i5);
                if (this.logger.isInfoEnabled()) {
                    StringBuilder sb = new StringBuilder("PermBits for user ");
                    sb.append(transaction.getUserId()).append(" for ").append(normalizeType);
                    if (i2 > 0) {
                        sb.append(Constants.ATTRVAL_THIS).append(i2);
                    }
                    if (i3 > 0) {
                        sb.append(" in node ").append(i3);
                    }
                    sb.append(" is ").append(permissions.toString());
                    this.logger.info(sb.toString());
                }
                PermBitsResponse permBitsResponse = new PermBitsResponse(ObjectTransformer.getString(permissions.getGroupPermissions(), null), ObjectTransformer.getString(permissions.getRolePermissions(), null));
                if (z) {
                    transaction.resetChannel();
                }
                return permBitsResponse;
            } catch (Exception e) {
                this.logger.error("Error while checking perm bits for " + normalizeType + Constants.ATTRVAL_THIS + i2, e);
                PermBitsResponse permBitsResponse2 = new PermBitsResponse(new Message(Message.Type.CRITICAL, new CNI18nString("rest.general.error").toString()), new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
                if (z) {
                    transaction.resetChannel();
                }
                return permBitsResponse2;
            }
        } catch (Throwable th) {
            if (z) {
                transaction.resetChannel();
            }
            throw th;
        }
    }

    @Override // com.gentics.contentnode.rest.resource.PermResource
    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/{perm}/{type}/{id}")
    public PermResponse getObjectPermission(@PathParam("perm") Permission permission, @PathParam("type") int i, @PathParam("id") int i2, @QueryParam("nodeId") @DefaultValue("0") int i3) {
        int normalizeType = normalizeType(i);
        try {
            Transaction currentTransaction = TransactionManager.getCurrentTransaction();
            switch (permission) {
                case delete:
                    return new PermResponse(currentTransaction.getPermHandler().canDelete(currentTransaction.getObject(currentTransaction.getClass(normalizeType), Integer.valueOf(i2))));
                case edit:
                    return new PermResponse(currentTransaction.getPermHandler().canEdit(currentTransaction.getObject(currentTransaction.getClass(normalizeType), Integer.valueOf(i2))));
                case publish:
                    return new PermResponse(currentTransaction.getPermHandler().canPublish(currentTransaction.getObject(currentTransaction.getClass(normalizeType), Integer.valueOf(i2))));
                case view:
                    return new PermResponse(currentTransaction.getPermHandler().canView(currentTransaction.getObject(currentTransaction.getClass(normalizeType), Integer.valueOf(i2))));
                default:
                    return new PermResponse(null, new ResponseInfo(ResponseCode.INVALIDDATA, "Invalid perm " + permission + " given"));
            }
        } catch (Exception e) {
            this.logger.error("Error while checking perm bits for " + normalizeType + Constants.ATTRVAL_THIS + i2, e);
            return new PermResponse(new Message(Message.Type.CRITICAL, new CNI18nString("rest.general.error").toString()), new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
        }
    }

    @Override // com.gentics.contentnode.rest.resource.PermResource
    @POST
    @Path("/{type}/{id}")
    public GenericResponse setPermissions(@PathParam("type") int i, @PathParam("id") int i2, SetPermsRequest setPermsRequest) {
        try {
            Transaction currentTransaction = TransactionManager.getCurrentTransaction();
            PermHandler permHandler = currentTransaction.getPermHandler();
            int normalizeType = normalizeType(i);
            Class<? extends NodeObject> cls = currentTransaction.getClass(normalizeType);
            if (cls == null) {
                throw new EntityNotFoundException("Could not find object type " + normalizeType);
            }
            if (cls.equals(Node.class)) {
                cls = Folder.class;
            }
            NodeObject object = currentTransaction.getObject(cls, Integer.valueOf(i2));
            if (object == null) {
                throw new EntityNotFoundException("Could not find object " + normalizeType + Constants.ATTRVAL_THIS + i2);
            }
            if (!permHandler.canSetPerms(object)) {
                throw new InsufficientPrivilegesException("Not allowed to change permissions on object " + normalizeType + Constants.ATTRVAL_THIS + i2);
            }
            UserGroup userGroup = (UserGroup) currentTransaction.getObject(UserGroup.class, Integer.valueOf(setPermsRequest.getGroupId()));
            if (userGroup == null) {
                throw new EntityNotFoundException("Did not find group with id " + setPermsRequest.getGroupId());
            }
            if (!permHandler.canSetPerms(userGroup)) {
                throw new InsufficientPrivilegesException("Not allowed to change permissions on group " + setPermsRequest.getGroupId());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(userGroup);
            if (setPermsRequest.isSubGroups()) {
                recursiveAddSubGroups(userGroup, arrayList);
            }
            setPermissions(object, arrayList, setPermsRequest.getPerm(), setPermsRequest.getRoleIds(), permHandler, setPermsRequest.isSubObjects());
            return new GenericResponse(null, new ResponseInfo(ResponseCode.OK, "Successfully changed permissions"));
        } catch (InsufficientPrivilegesException e) {
            return new GenericResponse(new Message(Message.Type.CRITICAL, e.getLocalizedMessage()), new ResponseInfo(ResponseCode.PERMISSION, e.getMessage()));
        } catch (EntityNotFoundException e2) {
            return new GenericResponse(new Message(Message.Type.CRITICAL, e2.getLocalizedMessage()), new ResponseInfo(ResponseCode.NOTFOUND, e2.getMessage()));
        } catch (Exception e3) {
            this.logger.error("Error while setting perm bits for " + i + Constants.ATTRVAL_THIS + i2, e3);
            return new GenericResponse(new Message(Message.Type.CRITICAL, new CNI18nString("rest.general.error").toString()), new ResponseInfo(ResponseCode.FAILURE, e3.getLocalizedMessage()));
        }
    }

    @Override // com.gentics.contentnode.rest.resource.PermResource
    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("/list/{type}/{id}")
    public GroupsPermBitsResponse list(@PathParam("type") int i, @PathParam("id") int i2) {
        int normalizeType = normalizeType(i);
        String str = "{" + normalizeType + Constants.ATTRVAL_THIS + i2 + "}";
        try {
            Transaction currentTransaction = TransactionManager.getCurrentTransaction();
            if (!currentTransaction.getPermHandler().checkPermissionBit(4, null, 0)) {
                throw new InsufficientPrivilegesException(new CNI18nString("groupadmin.nopermission").toString());
            }
            Class<? extends NodeObject> cls = currentTransaction.getClass(normalizeType);
            if (cls == null) {
                throw new EntityNotFoundException("Could not find object type " + normalizeType);
            }
            if (cls.equals(Node.class)) {
                cls = Folder.class;
            }
            NodeObject object = currentTransaction.getObject(cls, Integer.valueOf(i2));
            if (object == null) {
                throw new EntityNotFoundException("Could not find object " + str);
            }
            if (!PermHandler.ObjectPermission.view.checkObject(object)) {
                CNI18nString cNI18nString = new CNI18nString("object.nopermission");
                cNI18nString.setParameter("0", str);
                throw new InsufficientPrivilegesException(cNI18nString.toString());
            }
            SystemUser systemUser = (SystemUser) currentTransaction.getObject(SystemUser.class, Integer.valueOf(currentTransaction.getUserId()));
            Vector vector = new Vector();
            GroupResourceImpl.recursiveAddGroups(vector, systemUser.getUserGroups());
            HashMap hashMap = new HashMap();
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                Integer integer = ObjectTransformer.getInteger(((UserGroup) it.next()).getId(), 0);
                hashMap.put(integer, PermissionStore.getInstance().getMergedPermissions(Arrays.asList(integer), normalizeType, i2, -1, -1).getGroupPermissions().toString());
            }
            return new GroupsPermBitsResponse(null, new ResponseInfo(ResponseCode.OK, "Successfully fetched folder group permission bits"), hashMap);
        } catch (InsufficientPrivilegesException e) {
            return new GroupsPermBitsResponse(new Message(Message.Type.CRITICAL, e.getLocalizedMessage()), new ResponseInfo(ResponseCode.PERMISSION, e.getMessage()), null);
        } catch (Exception e2) {
            this.logger.error("Error while checking perm bits for " + str, e2);
            return new GroupsPermBitsResponse(new Message(Message.Type.CRITICAL, new CNI18nString("rest.general.error").toString()), new ResponseInfo(ResponseCode.FAILURE, "Error while fetching groups with permissions for object " + str + ": " + e2.getLocalizedMessage()), null);
        }
    }

    protected void recursiveAddSubGroups(UserGroup userGroup, List<UserGroup> list) throws NodeException {
        List<UserGroup> childGroups = userGroup.getChildGroups();
        list.addAll(childGroups);
        Iterator<UserGroup> it = childGroups.iterator();
        while (it.hasNext()) {
            recursiveAddSubGroups(it.next(), list);
        }
    }

    protected void setPermissions(NodeObject nodeObject, List<UserGroup> list, String str, Set<Integer> set, PermHandler permHandler, boolean z) throws NodeException {
        if (str != null) {
            PermHandler.setPermissions(ObjectTransformer.getInt(nodeObject.getTType(), 0), ObjectTransformer.getInt(nodeObject.getId(), 0), list, str);
        }
        if (set != null) {
            PermHandler.setRoles(ObjectTransformer.getInt(nodeObject.getTType(), 0), ObjectTransformer.getInt(nodeObject.getId(), 0), list, set);
        }
        if (nodeObject instanceof Folder) {
            Folder folder = (Folder) nodeObject;
            if (folder.isRoot()) {
                if (str != null) {
                    PermHandler.setPermissions(10001, ObjectTransformer.getInt(nodeObject.getId(), 0), list, str);
                }
                if (set != null) {
                    PermHandler.setRoles(10001, ObjectTransformer.getInt(nodeObject.getId(), 0), list, set);
                }
            }
            if (z) {
                for (Folder folder2 : folder.getChildFolders()) {
                    if (folder2.isMaster() && permHandler.canSetPerms(folder2)) {
                        setPermissions(folder2, list, str, set, permHandler, z);
                    }
                }
                Transaction currentTransaction = TransactionManager.getCurrentTransaction();
                Iterator<Node> it = folder.getNode().getAllChannels().iterator();
                while (it.hasNext()) {
                    currentTransaction.setChannel(it.next().getId());
                    ArrayList arrayList = new ArrayList();
                    try {
                        arrayList.clear();
                        arrayList.addAll(folder.getChildFolders());
                        Iterator it2 = arrayList.iterator();
                        while (it2.hasNext()) {
                            Folder folder3 = (Folder) it2.next();
                            if (folder3.isInherited() || !folder3.isMaster() || !permHandler.canSetPerms(folder3)) {
                                it2.remove();
                            }
                        }
                        Iterator it3 = arrayList.iterator();
                        while (it3.hasNext()) {
                            setPermissions((Folder) it3.next(), list, str, set, permHandler, z);
                        }
                    } finally {
                        currentTransaction.resetChannel();
                    }
                }
            }
        }
    }

    protected int normalizeType(int i) {
        switch (i) {
            case Node.TYPE_CHANNEL /* 10033 */:
                return 10001;
            case Folder.TYPE_INHERITED_FOLDER /* 10034 */:
                return 10002;
            default:
                return i;
        }
    }
}
