package com.appiancorp.object.action.security;

import com.appiancorp.core.Constants;
import com.appiancorp.core.expr.portable.Type;
import com.appiancorp.core.expr.portable.Value;
import com.appiancorp.expr.server.fn.object.AppianObjectRuntimeException;
import com.appiancorp.object.action.security.SecurityHandlerFactory;
import com.appiancorp.object.exceptions.AppianObjectActionException;
import com.appiancorp.object.selector.SelectContext;
import com.appiancorp.process.engine.RequestResponseTypeIds;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.services.ServiceContextFactory;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.content.ContentRoleMap;
import com.appiancorp.suiteapi.content.ContentService;
import com.appiancorp.suiteapi.content.exceptions.InvalidContentException;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;

/* loaded from: input_file:com/appiancorp/object/action/security/ContentSecurityHandlerFactory.class */
public class ContentSecurityHandlerFactory implements SecurityHandlerFactory {

    /* loaded from: input_file:com/appiancorp/object/action/security/ContentSecurityHandlerFactory$ContentSecurityHandler.class */
    static class ContentSecurityHandler implements SecurityHandlerFactory.SecurityHandler {
        private static final String ADMINISTRATOR_KEY = "Administrator";
        private static final String NONE_KEY = "None";
        private final Long contentId;
        private final ContentRoleMap crm;
        private final ContentService cs;
        private static final String EDITOR_KEY = "Editor";
        private static final String VIEWER_KEY = "Viewer";
        private static final String DENY_KEY = "Deny";
        private static final Map<String, List<String>> FRONTEND_TO_BACKEND_ROLE_NAMES = ImmutableMap.builder().put("Administrator", ImmutableList.of("administrators")).put(EDITOR_KEY, ImmutableList.of("authors")).put(VIEWER_KEY, ImmutableList.of("readers")).put(DENY_KEY, ImmutableList.of(ContentRoleMap.DENY_ADMINISTRATOR, ContentRoleMap.DENY_AUTHOR, ContentRoleMap.DENY_READER)).build();
        private static final Map<String, Integer> DEFAULT_ROLE_FOR_ALL_USERS_MAP = ImmutableMap.builder().put("Administrator", new Integer(193)).put(EDITOR_KEY, new Integer(161)).put(VIEWER_KEY, new Integer(RequestResponseTypeIds.PUBLISH_PM)).put("None", new Integer(129)).build();

        public ContentSecurityHandler(Long l, ContentRoleMap contentRoleMap, ContentService contentService) {
            this.contentId = (Long) Preconditions.checkNotNull(l);
            this.crm = (ContentRoleMap) Preconditions.checkNotNull(contentRoleMap);
            this.cs = (ContentService) Preconditions.checkNotNull(contentService);
        }

        @Override // com.appiancorp.object.action.security.SecurityHandlerFactory.SecurityHandler
        public void addUserToRole(String str, String str2) {
            if (Strings.isNullOrEmpty(str)) {
                throw new AppianObjectRuntimeException("Username must not be null");
            }
            List<String> list = FRONTEND_TO_BACKEND_ROLE_NAMES.get(str2);
            if (list == null) {
                throw invalidRoleForUserOrGroupException(str2);
            }
            String[] strArr = {str};
            removeUserOrGroupFromAllRoles(strArr, false);
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                this.crm.addActorsToRole(it.next(), "users", strArr);
            }
        }

        @Override // com.appiancorp.object.action.security.SecurityHandlerFactory.SecurityHandler
        public void addGroupToRole(Long l, String str) {
            if (l == null) {
                throw new AppianObjectRuntimeException("Group id must not be null");
            }
            if (isValidGroup(l)) {
                List<String> list = FRONTEND_TO_BACKEND_ROLE_NAMES.get(str);
                if (list == null) {
                    throw invalidRoleForUserOrGroupException(str);
                }
                Long[] lArr = {l};
                removeUserOrGroupFromAllRoles(lArr, true);
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    this.crm.addActorsToRole(it.next(), "groups", lArr);
                }
            }
        }

        @Override // com.appiancorp.object.action.security.SecurityHandlerFactory.SecurityHandler
        public void setDefaultRoleForAllUsers(String str) {
            Integer num = DEFAULT_ROLE_FOR_ALL_USERS_MAP.get(str);
            if (num == null) {
                throw new AppianObjectRuntimeException("Invalid value [" + str + "] for default user security. Must be one of Administrator, Editor, Viewer, or None");
            }
            this.crm.setSecurity(num);
        }

        @Override // com.appiancorp.object.action.security.SecurityHandlerFactory.SecurityHandler
        public Value<?> complete() throws AppianObjectActionException {
            try {
                this.cs.setRoleMapForAllVersions(this.contentId, this.crm, Boolean.FALSE);
                return Type.BOOLEAN.valueOf(Constants.BOOLEAN_TRUE);
            } catch (PrivilegeException e) {
                throw new AppianObjectActionException(ErrorCode.APP_DESIGNER_SET_APPLICATION_SECURITY_PERMISSION_DENIED, e, new Object[0]);
            } catch (InvalidContentException e2) {
                throw new AppianObjectActionException(ErrorCode.APP_DESIGNER_SET_APPLICATION_SECURITY_DOES_NOT_EXIST, e2, new Object[0]);
            } catch (InvalidUserException e3) {
                throw new AppianObjectRuntimeException("An unexpected error occurred while setting the role map of a content item [id=" + this.contentId + "]", e3);
            }
        }

        private static AppianObjectRuntimeException invalidRoleForUserOrGroupException(String str) {
            return new AppianObjectRuntimeException("Invalid role [" + str + "] for user or group. Must be one of Administrator, Editor, Viewer, or Deny");
        }

        private void removeUserOrGroupFromAllRoles(Object[] objArr, boolean z) {
            Iterator<List<String>> it = FRONTEND_TO_BACKEND_ROLE_NAMES.values().iterator();
            while (it.hasNext()) {
                for (String str : it.next()) {
                    if (z) {
                        this.crm.removeActorsFromRole(str, "groups", (Long[]) objArr);
                    } else {
                        this.crm.removeActorsFromRole(str, "users", (String[]) objArr);
                    }
                }
            }
        }

        private boolean isValidGroup(final Long l) {
            return ((Boolean) SpringSecurityContextHelper.runAsAdmin(new Callable<Boolean>() { // from class: com.appiancorp.object.action.security.ContentSecurityHandlerFactory.ContentSecurityHandler.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Boolean call() {
                    try {
                        ServiceLocator.getGroupService(ServiceContextFactory.getAdministratorServiceContext()).getGroup(l);
                        return true;
                    } catch (InvalidGroupException e) {
                        return false;
                    } catch (PrivilegeException e2) {
                        throw new AppianObjectRuntimeException("Could not retrieve group [id=" + l + "]", e2);
                    }
                }
            })).booleanValue();
        }
    }

    @Override // com.appiancorp.object.action.security.SecurityHandlerFactory
    public SecurityHandlerFactory.SecurityHandler get(Long l, SelectContext selectContext) {
        return new ContentSecurityHandler(l, new ContentRoleMap(), (ContentService) selectContext.findServiceMatch(ContentService.class));
    }
}
