package com.gentics.mesh.core.data.dao;

import com.gentics.mesh.cache.PermissionCache;
import com.gentics.mesh.context.BulkActionContext;
import com.gentics.mesh.context.InternalActionContext;
import com.gentics.mesh.context.impl.DummyEventQueueBatch;
import com.gentics.mesh.core.data.HibBaseElement;
import com.gentics.mesh.core.data.HibNodeFieldContainer;
import com.gentics.mesh.core.data.NodeMigrationUser;
import com.gentics.mesh.core.data.group.HibGroup;
import com.gentics.mesh.core.data.node.HibNode;
import com.gentics.mesh.core.data.perm.InternalPermission;
import com.gentics.mesh.core.data.project.HibProject;
import com.gentics.mesh.core.data.role.HibRole;
import com.gentics.mesh.core.data.user.HibUser;
import com.gentics.mesh.core.db.Tx;
import com.gentics.mesh.core.rest.common.ContainerType;
import com.gentics.mesh.core.rest.common.PermissionInfo;
import com.gentics.mesh.core.rest.error.Errors;
import com.gentics.mesh.core.rest.group.GroupReference;
import com.gentics.mesh.core.rest.node.NodeResponse;
import com.gentics.mesh.core.rest.project.ProjectReference;
import com.gentics.mesh.core.rest.user.NodeReference;
import com.gentics.mesh.core.rest.user.UserCreateRequest;
import com.gentics.mesh.core.rest.user.UserResponse;
import com.gentics.mesh.core.rest.user.UserUpdateRequest;
import com.gentics.mesh.event.EventQueueBatch;
import com.gentics.mesh.json.JsonUtil;
import com.gentics.mesh.parameter.NodeParameters;
import com.gentics.mesh.parameter.value.FieldsSet;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/gentics/mesh/core/data/dao/PersistingUserDao.class */
public interface PersistingUserDao extends UserDao, PersistingDaoGlobal<HibUser> {
    public static final Logger log = LoggerFactory.getLogger(PersistingUserDao.class);

    default void updateShortcutEdges(HibUser hibUser) {
    }

    default boolean hasPermission(HibUser hibUser, HibBaseElement hibBaseElement, InternalPermission internalPermission) {
        if (log.isDebugEnabled()) {
            log.debug("Checking permissions for element {" + hibBaseElement.getUuid() + "}");
        }
        return hasPermissionForId(hibUser, hibBaseElement.getId(), internalPermission);
    }

    default boolean hasPermissionForId(HibUser hibUser, Object obj, InternalPermission internalPermission) {
        PermissionCache permissionCache = Tx.get().permissionCache();
        Boolean hasPermission = permissionCache.hasPermission(hibUser.getId(), internalPermission, obj);
        if (hasPermission != null) {
            return (hasPermission.booleanValue() || internalPermission != InternalPermission.READ_PUBLISHED_PERM) ? hasPermission.booleanValue() : hasPermissionForId(hibUser, obj, InternalPermission.READ_PERM);
        }
        if (hibUser.isAdmin()) {
            permissionCache.store(hibUser.getId(), EnumSet.allOf(InternalPermission.class), obj);
            return true;
        }
        EnumSet<InternalPermission> permissionsForElementId = getPermissionsForElementId(hibUser, obj);
        permissionCache.store(hibUser.getId(), permissionsForElementId, obj);
        if (permissionsForElementId.contains(internalPermission)) {
            return true;
        }
        if (internalPermission == InternalPermission.READ_PUBLISHED_PERM) {
            return hasPermissionForId(hibUser, obj, InternalPermission.READ_PERM);
        }
        return false;
    }

    EnumSet<InternalPermission> getPermissionsForElementId(HibUser hibUser, Object obj);

    void preparePermissionsForElementIds(HibUser hibUser, Collection<Object> collection);

    default HibUser create(String str, HibUser hibUser) {
        return create(str, hibUser, (String) null);
    }

    private default HibUser init(HibUser hibUser, String str, HibUser hibUser2) {
        HibUser findByUsername = findByUsername(str);
        if (findByUsername != null && !findByUsername.getUuid().equals(hibUser.getUuid())) {
            throw Errors.conflict(findByUsername.getUuid(), str, "user_conflicting_username", new String[0]);
        }
        hibUser.setUsername(str);
        hibUser.enable();
        hibUser.generateBucketId();
        if (hibUser2 != null) {
            hibUser.setCreator(hibUser2);
            hibUser.setCreationTimestamp();
            hibUser.setEditor(hibUser2);
            hibUser.setLastEditedTimestamp();
        }
        return hibUser;
    }

    default HibUser create(String str, HibUser hibUser, String str2) {
        HibUser hibUser2 = (HibUser) createPersisted(str2);
        init(hibUser2, str, hibUser);
        return (HibUser) mergeIntoPersisted(hibUser2);
    }

    default boolean canReadNode(HibUser hibUser, InternalActionContext internalActionContext, HibNode hibNode) {
        if (hibUser instanceof NodeMigrationUser) {
            return true;
        }
        return ContainerType.forVersion(internalActionContext.getVersioningParameters().getVersion()) == ContainerType.PUBLISHED ? hasPermission(internalActionContext.getUser(), hibNode, InternalPermission.READ_PUBLISHED_PERM) : hasPermission(internalActionContext.getUser(), hibNode, InternalPermission.READ_PERM);
    }

    default void failOnNoReadPermission(HibUser hibUser, HibNodeFieldContainer hibNodeFieldContainer, String str, String str2) {
        HibNode node = Tx.get().contentDao().getNode(hibNodeFieldContainer);
        if (hasReadPermission(hibUser, hibNodeFieldContainer, str, str2)) {
            return;
        }
        HttpResponseStatus httpResponseStatus = HttpResponseStatus.FORBIDDEN;
        String[] strArr = new String[2];
        strArr[0] = node.getUuid();
        strArr[1] = "published".equals(str2) ? InternalPermission.READ_PUBLISHED_PERM.getRestPerm().getName() : InternalPermission.READ_PERM.getRestPerm().getName();
        throw Errors.error(httpResponseStatus, "error_missing_perm", strArr);
    }

    default HibUser addCRUDPermissionOnRole(HibUser hibUser, HibBaseElement hibBaseElement, InternalPermission internalPermission, HibBaseElement hibBaseElement2) {
        addPermissionsOnRole(hibUser, hibBaseElement, internalPermission, hibBaseElement2, InternalPermission.CREATE_PERM, InternalPermission.READ_PERM, InternalPermission.UPDATE_PERM, InternalPermission.DELETE_PERM, InternalPermission.PUBLISH_PERM, InternalPermission.READ_PUBLISHED_PERM);
        return hibUser;
    }

    default HibUser addPermissionsOnRole(HibUser hibUser, HibBaseElement hibBaseElement, InternalPermission internalPermission, HibBaseElement hibBaseElement2, InternalPermission... internalPermissionArr) {
        RoleDao roleDao = Tx.get().roleDao();
        Iterator it = Tx.get().roleDao().getRolesWithPerm(hibBaseElement, internalPermission).iterator();
        while (it.hasNext()) {
            roleDao.grantPermissions((HibRole) it.next(), hibBaseElement2, internalPermissionArr);
        }
        return hibUser;
    }

    default boolean hasReadPermission(HibUser hibUser, HibNodeFieldContainer hibNodeFieldContainer, String str, String str2) {
        ContentDao contentDao = Tx.get().contentDao();
        HibNode node = contentDao.getNode(hibNodeFieldContainer);
        return ContainerType.PUBLISHED.equals(ContainerType.forVersion(str2)) ? contentDao.isPublished(hibNodeFieldContainer, str) && hasPermission(hibUser, node, InternalPermission.READ_PUBLISHED_PERM) : hasPermission(hibUser, node, InternalPermission.READ_PERM);
    }

    default boolean isResetTokenValid(HibUser hibUser, String str, int i) {
        Long resetTokenIssueTimestamp = hibUser.getResetTokenIssueTimestamp();
        if (str == null || resetTokenIssueTimestamp == null) {
            return false;
        }
        boolean z = System.currentTimeMillis() - resetTokenIssueTimestamp.longValue() > ((long) (60000 * i));
        boolean equals = str.equals(hibUser.getResetToken());
        if (!equals || !z) {
            return equals && !z;
        }
        hibUser.invalidateResetToken();
        return false;
    }

    default String getSubETag(HibUser hibUser, InternalActionContext internalActionContext) {
        StringBuilder sb = new StringBuilder();
        sb.append(hibUser.getLastEditedTimestamp());
        HibNode referencedNode = hibUser.getReferencedNode();
        boolean z = internalActionContext.getNodeParameters().getExpandedFieldnameList().contains("nodeReference") || internalActionContext.getNodeParameters().getExpandAll();
        if (referencedNode != null && z) {
            sb.append("-");
            sb.append(Tx.get().nodeDao().getETag(referencedNode, internalActionContext));
        } else if (referencedNode != null) {
            sb.append("-");
            sb.append(referencedNode.getUuid());
            sb.append(referencedNode.getProject().getName());
        }
        Iterator it = getGroups(hibUser).iterator();
        while (it.hasNext()) {
            sb.append(((HibGroup) it.next()).getUuid());
        }
        sb.append(String.valueOf(hibUser.isAdmin()));
        return sb.toString();
    }

    default PermissionInfo getPermissionInfo(HibUser hibUser, HibBaseElement hibBaseElement) {
        PermissionInfo permissionInfo = new PermissionInfo();
        Iterator<InternalPermission> it = getPermissions(hibUser, hibBaseElement).iterator();
        while (it.hasNext()) {
            permissionInfo.set(it.next().getRestPerm(), true);
        }
        permissionInfo.setOthers(false, hibBaseElement.hasPublishPermissions());
        return permissionInfo;
    }

    default Set<InternalPermission> getPermissions(HibUser hibUser, HibBaseElement hibBaseElement) {
        return (Set) Stream.of((Object[]) InternalPermission.values()).filter(internalPermission -> {
            return !(internalPermission == InternalPermission.READ_PUBLISHED_PERM || internalPermission == InternalPermission.PUBLISH_PERM) || hibBaseElement.hasPublishPermissions();
        }).filter(internalPermission2 -> {
            return hasPermission(hibUser, hibBaseElement, internalPermission2);
        }).collect(Collectors.toSet());
    }

    default UserResponse transformToRestSync(HibUser hibUser, InternalActionContext internalActionContext, int i, String... strArr) {
        FieldsSet fields = internalActionContext.getGenericParameters().getFields();
        UserResponse userResponse = new UserResponse();
        if (fields.has("username")) {
            userResponse.setUsername(hibUser.getUsername());
        }
        if (fields.has("emailAddress")) {
            userResponse.setEmailAddress(hibUser.getEmailAddress());
        }
        if (fields.has("firstname")) {
            userResponse.setFirstname(hibUser.getFirstname());
        }
        if (fields.has("lastname")) {
            userResponse.setLastname(hibUser.getLastname());
        }
        if (fields.has("admin")) {
            userResponse.setAdmin(Boolean.valueOf(hibUser.isAdmin()));
        }
        if (fields.has("enabled")) {
            userResponse.setEnabled(hibUser.isEnabled());
        }
        if (fields.has("nodeReference")) {
            setNodeReference(hibUser, internalActionContext, userResponse, i);
        }
        if (fields.has("groups")) {
            setGroups(hibUser, internalActionContext, userResponse);
        }
        if (fields.has("rolesHash")) {
            userResponse.setRolesHash(getRolesHash(hibUser));
        }
        if (fields.has("forcedPasswordChange")) {
            userResponse.setForcedPasswordChange(Boolean.valueOf(hibUser.isForcedPasswordChange()));
        }
        hibUser.fillCommonRestFields(internalActionContext, fields, userResponse);
        Tx.get().roleDao().setRolePermissions(hibUser, internalActionContext, userResponse);
        return userResponse;
    }

    default void setNodeReference(HibUser hibUser, InternalActionContext internalActionContext, UserResponse userResponse, int i) {
        NodeParameters nodeParameters = internalActionContext.getNodeParameters();
        HibNode referencedNode = hibUser.getReferencedNode();
        if (referencedNode == null) {
            return;
        }
        if (nodeParameters.getExpandedFieldnameList().contains("nodeReference") || nodeParameters.getExpandAll()) {
            userResponse.setNodeResponse(Tx.get().nodeDao().transformToRestSync(referencedNode, internalActionContext, i, new String[0]));
        } else {
            userResponse.setNodeReference(Tx.get().nodeDao().transformToReference(referencedNode, internalActionContext));
        }
    }

    default void setGroups(HibUser hibUser, InternalActionContext internalActionContext, UserResponse userResponse) {
        Iterator it = getGroups(hibUser).iterator();
        while (it.hasNext()) {
            userResponse.getGroups().add((GroupReference) ((HibGroup) it.next()).transformToReference());
        }
    }

    default boolean updateDry(HibUser hibUser, InternalActionContext internalActionContext) {
        return update(hibUser, internalActionContext, new DummyEventQueueBatch(), true);
    }

    default boolean update(HibUser hibUser, InternalActionContext internalActionContext, EventQueueBatch eventQueueBatch) {
        return update(hibUser, internalActionContext, eventQueueBatch, false);
    }

    default HibUser create(InternalActionContext internalActionContext, EventQueueBatch eventQueueBatch, String str) {
        HibBaseElement user = Tx.get().data().permissionRoots().user();
        GroupDao groupDao = Tx.get().groupDao();
        ProjectDao projectDao = Tx.get().projectDao();
        NodeDao nodeDao = Tx.get().nodeDao();
        HibUser user2 = internalActionContext.getUser();
        UserCreateRequest userCreateRequest = (UserCreateRequest) JsonUtil.readValue(internalActionContext.getBodyAsString(), UserCreateRequest.class);
        if (userCreateRequest == null) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "error_parse_request_json_error", new String[0]);
        }
        if (StringUtils.isEmpty(userCreateRequest.getPassword())) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_missing_password", new String[0]);
        }
        if (StringUtils.isEmpty(userCreateRequest.getUsername())) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_missing_username", new String[0]);
        }
        if (!hasPermission(user2, user, InternalPermission.CREATE_PERM)) {
            throw Errors.error(HttpResponseStatus.FORBIDDEN, "error_missing_perm", new String[]{user.getUuid(), InternalPermission.CREATE_PERM.getRestPerm().getName()});
        }
        String groupUuid = userCreateRequest.getGroupUuid();
        HibUser create = create(userCreateRequest.getUsername(), user2, str);
        create.setFirstname(userCreateRequest.getFirstname());
        create.setUsername(userCreateRequest.getUsername());
        create.setLastname(userCreateRequest.getLastname());
        create.setEmailAddress(userCreateRequest.getEmailAddress());
        updatePasswordHash(create, Tx.get().passwordEncoder().encode(userCreateRequest.getPassword()));
        Boolean forcedPasswordChange = userCreateRequest.getForcedPasswordChange();
        if (forcedPasswordChange != null) {
            create.setForcedPasswordChange(forcedPasswordChange.booleanValue());
        }
        Boolean admin = userCreateRequest.getAdmin();
        if (admin != null && admin.booleanValue()) {
            if (!user2.isAdmin()) {
                throw Errors.error(HttpResponseStatus.FORBIDDEN, "user_error_admin_privilege_needed_for_admin_flag", new String[0]);
            }
            create.setAdmin(admin.booleanValue());
        }
        inheritRolePermissions(user2, user, create);
        NodeReference nodeReference = userCreateRequest.getNodeReference();
        eventQueueBatch.add(create.onCreated());
        if (!StringUtils.isEmpty(groupUuid)) {
            HibGroup loadObjectByUuid = groupDao.loadObjectByUuid(internalActionContext, groupUuid, InternalPermission.CREATE_PERM);
            groupDao.addUser(loadObjectByUuid, create);
            inheritRolePermissions(user2, loadObjectByUuid, create);
        }
        if (nodeReference != null && (nodeReference instanceof NodeReference)) {
            NodeReference nodeReference2 = nodeReference;
            String uuid = nodeReference2.getUuid();
            String projectName = nodeReference2.getProjectName();
            if (StringUtils.isEmpty(projectName) || StringUtils.isEmpty(uuid)) {
                throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_incomplete_node_reference", new String[0]);
            }
            HibProject findByName = projectDao.findByName(projectName);
            if (findByName == null) {
                throw Errors.error(HttpResponseStatus.BAD_REQUEST, "project_not_found", new String[]{projectName});
            }
            create.setReferencedNode(nodeDao.loadObjectByUuid(findByName, internalActionContext, uuid, InternalPermission.READ_PERM));
        } else if (nodeReference != null) {
            throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_creation_full_node_reference_not_implemented", new String[0]);
        }
        return (HibUser) mergeIntoPersisted(create);
    }

    default void delete(HibUser hibUser, BulkActionContext bulkActionContext) {
        if ("admin".equals(hibUser.getUsername())) {
            throw Errors.error(HttpResponseStatus.FORBIDDEN, "error_illegal_admin_deletion", new String[0]);
        }
        bulkActionContext.add(hibUser.onDeleted());
        deletePersisted(hibUser);
        bulkActionContext.process();
        Tx.get().permissionCache().clear();
    }

    default HibUser setPassword(HibUser hibUser, String str) {
        updatePasswordHash(hibUser, Tx.get().passwordEncoder().encode(str));
        return (HibUser) mergeIntoPersisted(hibUser);
    }

    default void updatePasswordHash(HibUser hibUser, String str) {
        hibUser.setPasswordHash(str);
        hibUser.setForcedPasswordChange(false);
    }

    default String getRolesHash(HibUser hibUser) {
        return (String) Stream.concat(Stream.of(hibUser.isAdmin() ? "1" : "0"), StreamSupport.stream(getRoles(hibUser).spliterator(), false).map(hibRole -> {
            return hibRole.getId().toString();
        }).sorted()).collect(Collectors.joining());
    }

    private default boolean update(HibUser hibUser, InternalActionContext internalActionContext, EventQueueBatch eventQueueBatch, boolean z) {
        UserUpdateRequest userUpdateRequest = (UserUpdateRequest) internalActionContext.fromJson(UserUpdateRequest.class);
        boolean z2 = false;
        if (shouldUpdate(userUpdateRequest.getUsername(), hibUser.getUsername())) {
            HibUser findByUsername = findByUsername(userUpdateRequest.getUsername());
            if (findByUsername != null && !findByUsername.getUuid().equals(hibUser.getUuid())) {
                throw Errors.conflict(findByUsername.getUuid(), userUpdateRequest.getUsername(), "user_conflicting_username", new String[0]);
            }
            if (!z) {
                hibUser.setUsername(userUpdateRequest.getUsername());
            }
            z2 = true;
        }
        if (shouldUpdate(userUpdateRequest.getAdmin(), Boolean.valueOf(hibUser.isAdmin()))) {
            if (!internalActionContext.getUser().isAdmin()) {
                throw Errors.error(HttpResponseStatus.FORBIDDEN, "user_error_admin_privilege_needed_for_admin_flag", new String[0]);
            }
            hibUser.setAdmin(userUpdateRequest.getAdmin().booleanValue());
            Tx.get().permissionCache().clear();
            z2 = true;
        }
        if (shouldUpdate(userUpdateRequest.getFirstname(), hibUser.getFirstname())) {
            if (!z) {
                hibUser.setFirstname(userUpdateRequest.getFirstname());
            }
            z2 = true;
        }
        if (shouldUpdate(userUpdateRequest.getLastname(), hibUser.getLastname())) {
            if (!z) {
                hibUser.setLastname(userUpdateRequest.getLastname());
            }
            z2 = true;
        }
        if (shouldUpdate(userUpdateRequest.getEmailAddress(), hibUser.getEmailAddress())) {
            if (!z) {
                hibUser.setEmailAddress(userUpdateRequest.getEmailAddress());
            }
            z2 = true;
        }
        if (shouldUpdate(userUpdateRequest.getForcedPasswordChange(), Boolean.valueOf(hibUser.isForcedPasswordChange()))) {
            if (!z) {
                hibUser.setForcedPasswordChange(userUpdateRequest.getForcedPasswordChange().booleanValue());
            }
            z2 = true;
        }
        if (!StringUtils.isEmpty(userUpdateRequest.getPassword())) {
            if (!z) {
                updatePasswordHash(hibUser, Tx.get().passwordEncoder().encode(userUpdateRequest.getPassword()));
            }
            z2 = true;
        }
        if (userUpdateRequest.getNodeReference() != null) {
            NodeResponse nodeReference = userUpdateRequest.getNodeReference();
            String str = null;
            String str2 = null;
            if (nodeReference instanceof NodeResponse) {
                NodeResponse nodeResponse = nodeReference;
                ProjectReference project = nodeResponse.getProject();
                if (project == null) {
                    throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_incomplete_node_reference", new String[0]);
                }
                str2 = project.getName();
                if (StringUtils.isEmpty(str2)) {
                    throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_incomplete_node_reference", new String[0]);
                }
                str = nodeResponse.getUuid();
            }
            if (nodeReference instanceof NodeReference) {
                NodeReference nodeReference2 = (NodeReference) nodeReference;
                if (StringUtils.isEmpty(nodeReference2.getProjectName()) || StringUtils.isEmpty(nodeReference.getUuid())) {
                    throw Errors.error(HttpResponseStatus.BAD_REQUEST, "user_incomplete_node_reference", new String[0]);
                }
                str = nodeReference2.getUuid();
                str2 = nodeReference2.getProjectName();
            }
            if (str != null && str2 != null) {
                HibProject findByName = Tx.get().projectDao().findByName(str2);
                if (findByName == null) {
                    throw Errors.error(HttpResponseStatus.BAD_REQUEST, "project_not_found", new String[]{str2});
                }
                HibNode loadObjectByUuid = Tx.get().nodeDao().loadObjectByUuid(findByName, internalActionContext, str, InternalPermission.READ_PERM);
                if (!z) {
                    hibUser.setReferencedNode(loadObjectByUuid);
                }
                z2 = true;
            }
        }
        if (z2 && !z) {
            hibUser.setEditor(internalActionContext.getUser());
            hibUser.setLastEditedTimestamp();
            eventQueueBatch.add(((HibUser) mergeIntoPersisted(hibUser)).onUpdated());
        }
        return z2;
    }
}
