package com.gentics.mesh.core.endpoint.role;

import com.gentics.mesh.cli.BootstrapInitializer;
import com.gentics.mesh.context.InternalActionContext;
import com.gentics.mesh.core.action.RoleDAOActions;
import com.gentics.mesh.core.data.HibBaseElement;
import com.gentics.mesh.core.data.dao.RoleDao;
import com.gentics.mesh.core.data.perm.InternalPermission;
import com.gentics.mesh.core.data.role.HibRole;
import com.gentics.mesh.core.db.Database;
import com.gentics.mesh.core.endpoint.handler.AbstractCrudHandler;
import com.gentics.mesh.core.rest.error.Errors;
import com.gentics.mesh.core.rest.role.RolePermissionRequest;
import com.gentics.mesh.core.rest.role.RolePermissionResponse;
import com.gentics.mesh.core.rest.role.RoleResponse;
import com.gentics.mesh.core.verticle.handler.HandlerUtilities;
import com.gentics.mesh.core.verticle.handler.WriteLock;
import com.gentics.mesh.rest.Messages;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.util.HashSet;
import java.util.Iterator;
import javax.inject.Inject;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/gentics/mesh/core/endpoint/role/RoleCrudHandlerImpl.class */
public class RoleCrudHandlerImpl extends AbstractCrudHandler<HibRole, RoleResponse> implements RoleCrudHandler {
    private static final Logger log = LoggerFactory.getLogger(RoleCrudHandlerImpl.class);
    private BootstrapInitializer boot;

    @Inject
    public RoleCrudHandlerImpl(Database database, BootstrapInitializer bootstrapInitializer, HandlerUtilities handlerUtilities, WriteLock writeLock, RoleDAOActions roleDAOActions) {
        super(database, handlerUtilities, writeLock, roleDAOActions);
        this.boot = bootstrapInitializer;
    }

    public void handlePermissionRead(InternalActionContext internalActionContext, String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "error_uuid_must_be_specified", new String[0]);
        }
        if (StringUtils.isEmpty(str2)) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "role_permission_path_missing", new String[0]);
        }
        this.utils.syncTx(internalActionContext, tx -> {
            RoleDao roleDao = tx.roleDao();
            if (log.isDebugEnabled()) {
                log.debug("Handling permission request for element on path {" + str2 + "}");
            }
            HibRole loadObjectByUuid = roleDao.loadObjectByUuid(internalActionContext, str, InternalPermission.READ_PERM);
            HibBaseElement resolvePathToElement = this.boot.rootResolver().resolvePathToElement(str2);
            if (resolvePathToElement == null) {
                throw Errors.error(HttpResponseStatus.NOT_FOUND, "error_element_for_path_not_found", new String[]{str2});
            }
            RolePermissionResponse rolePermissionResponse = new RolePermissionResponse();
            Iterator it = roleDao.getPermissions(loadObjectByUuid, resolvePathToElement).iterator();
            while (it.hasNext()) {
                rolePermissionResponse.set(((InternalPermission) it.next()).getRestPerm(), true);
            }
            rolePermissionResponse.setOthers(false);
            return rolePermissionResponse;
        }, rolePermissionResponse -> {
            internalActionContext.send(rolePermissionResponse, HttpResponseStatus.OK);
        });
    }

    public void handlePermissionUpdate(InternalActionContext internalActionContext, String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "error_uuid_must_be_specified", new String[0]);
        }
        if (StringUtils.isEmpty(str2)) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "role_permission_path_missing", new String[0]);
        }
        WriteLock lock = this.writeLock.lock(internalActionContext);
        try {
            this.utils.syncTx(internalActionContext, (eventQueueBatch, tx) -> {
                if (log.isDebugEnabled()) {
                    log.debug("Handling permission request for element on path {" + str2 + "}");
                }
                RoleDao roleDao = tx.roleDao();
                HibRole loadObjectByUuid = roleDao.loadObjectByUuid(internalActionContext, str, InternalPermission.UPDATE_PERM);
                HibBaseElement resolvePathToElement = this.boot.rootResolver().resolvePathToElement(str2);
                if (resolvePathToElement == null) {
                    throw Errors.error(HttpResponseStatus.NOT_FOUND, "error_element_for_path_not_found", new String[]{str2});
                }
                RolePermissionRequest rolePermissionRequest = (RolePermissionRequest) internalActionContext.fromJson(RolePermissionRequest.class);
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (InternalPermission internalPermission : InternalPermission.values()) {
                    Boolean nullable = rolePermissionRequest.getPermissions().getNullable(internalPermission.getRestPerm());
                    if (nullable != null) {
                        if (nullable.booleanValue()) {
                            hashSet.add(internalPermission);
                        } else {
                            hashSet2.add(internalPermission);
                        }
                    }
                }
                if (log.isDebugEnabled()) {
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        log.debug("Granting permission: " + ((InternalPermission) it.next()));
                    }
                    Iterator it2 = hashSet2.iterator();
                    while (it2.hasNext()) {
                        log.debug("Revoking permission: " + ((InternalPermission) it2.next()));
                    }
                }
                roleDao.applyPermissions(resolvePathToElement, eventQueueBatch, loadObjectByUuid, BooleanUtils.isTrue(rolePermissionRequest.getRecursive()), hashSet, hashSet2);
                String name = loadObjectByUuid.getName();
                if (internalActionContext.getSecurityLogger().isInfoEnabled()) {
                    internalActionContext.getSecurityLogger().info(String.format("Permission for role {%s} (%s) to {%s} set to %s", loadObjectByUuid.getName(), str, str2, rolePermissionRequest.toJson()));
                }
                return Messages.message(internalActionContext, "role_updated_permission", new String[]{name});
            }, genericMessageResponse -> {
                internalActionContext.send(genericMessageResponse, HttpResponseStatus.OK);
            });
            if (lock != null) {
                lock.close();
            }
        } catch (Throwable th) {
            if (lock != null) {
                try {
                    lock.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
