package com.adobe.aem.repoapi.impl.accesscontrol;

import com.adobe.aem.dam.api.DamEntity;
import com.adobe.aem.dam.api.exception.DamException;
import com.adobe.aem.dam.impl.exception.DamExceptionFactory;
import com.adobe.aem.repoapi.impl.Constants;
import com.adobe.aem.repoapi.impl.ResourceUtils;
import com.adobe.aem.repoapi.impl.accesscontrol.ims.ImsToken;
import com.adobe.aem.repoapi.impl.api.accesscontrol.AccessControlEntry;
import com.adobe.aem.repoapi.impl.api.accesscontrol.PrincipalMapper;
import com.adobe.aem.repoapi.impl.api.accesscontrol.RelationAccessControlProvider;
import com.adobe.aem.repoapi.impl.api.accesscontrol.RelationPrivileges;
import com.adobe.aem.repoapi.impl.api.accesscontrol.RepoApiPrivilege;
import com.adobe.aem.repoapi.impl.spi.patch.PatchOperation;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {RelationAccessControlProvider.class})
/* loaded from: input_file:com/adobe/aem/repoapi/impl/accesscontrol/AnnotationsAndTasksRelationAccessControlProviderImpl.class */
public class AnnotationsAndTasksRelationAccessControlProviderImpl implements RelationAccessControlProvider {
    private static final Logger log = LoggerFactory.getLogger(AnnotationsAndTasksRelationAccessControlProviderImpl.class);
    public static final String ANNOTATIONS_ACE_RESTRICTION = "*/jcr:content/comments*";
    public static final String TASKS_ACE_RESTRICTION = "*/jcr:content/tasks*";
    private static final String ANNOTATIONS_CHILD_NODE_NAME = "comments";
    private static final String TASKS_CHILD_NODE_NAME = "tasks";
    private final PrincipalMapper principalMapper;
    private final PolicyHelper policyHelper;

    @Activate
    public AnnotationsAndTasksRelationAccessControlProviderImpl(@Reference PrincipalMapper principalMapper) {
        this(principalMapper, new PolicyHelper());
    }

    AnnotationsAndTasksRelationAccessControlProviderImpl(@Nonnull PrincipalMapper principalMapper, @Nonnull PolicyHelper policyHelper) {
        this.principalMapper = principalMapper;
        this.policyHelper = policyHelper;
    }

    @Override // com.adobe.aem.repoapi.impl.api.accesscontrol.RelationAccessControlProvider
    public Optional<AccessControlEntry> mergeAccessControlEntry(DamEntity damEntity, ImsToken imsToken, JackrabbitAccessControlEntry jackrabbitAccessControlEntry, Optional<AccessControlEntry> optional) throws DamException {
        return this.policyHelper.mergeRelAccessControlEntry(this.principalMapper, damEntity, imsToken, jackrabbitAccessControlEntry, this.policyHelper.mergeRelAccessControlEntry(this.principalMapper, damEntity, imsToken, jackrabbitAccessControlEntry, optional, "jcr:read", "rep:write", ANNOTATIONS_ACE_RESTRICTION, Collections.singletonList(Constants.REL_ANNOTATIONS)), "jcr:read", "rep:write", TASKS_ACE_RESTRICTION, Collections.singletonList(Constants.REL_TASKS));
    }

    @Override // com.adobe.aem.repoapi.impl.api.accesscontrol.RelationAccessControlProvider
    public void applyAccessControlUpdate(DamEntity damEntity, ImsToken imsToken, PatchOperation patchOperation, AccessControlEntry accessControlEntry) throws DamException {
        try {
            List<String> relations = accessControlEntry.getRelations();
            if (relations.contains(Constants.REL_ANNOTATIONS) || relations.contains(Constants.REL_TASKS)) {
                Session entitySession = ResourceUtils.getEntitySession(damEntity);
                if (relations.contains(Constants.REL_ANNOTATIONS)) {
                    accessControlEntry.setGlobRestriction(entitySession.getValueFactory().createValue(ANNOTATIONS_ACE_RESTRICTION));
                }
                if (relations.contains(Constants.REL_TASKS)) {
                    accessControlEntry.setGlobRestriction(entitySession.getValueFactory().createValue(TASKS_ACE_RESTRICTION));
                }
                this.policyHelper.handleAclPatchUpdate(this.principalMapper, damEntity, imsToken, patchOperation, accessControlEntry, "jcr:read", "rep:write");
            } else {
                log.debug("Patch request not applicable to annotations/ tasks rel");
            }
        } catch (RepositoryException e) {
            throw DamExceptionFactory.fromRepositoryException(e);
        }
    }

    @Override // com.adobe.aem.repoapi.impl.api.accesscontrol.RelationAccessControlProvider
    public RelationPrivileges[] getEffectivePrivileges(DamEntity damEntity) throws DamException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        String path = damEntity.getPath();
        Session entitySession = ResourceUtils.getEntitySession(damEntity);
        String str = path + "/jcr:content/comments";
        String str2 = path + "/jcr:content/tasks";
        try {
            if (entitySession.hasPermission(str, "read")) {
                arrayList.add(RepoApiPrivilege.READ);
            }
            if (entitySession.hasPermission(str, "set_property")) {
                arrayList.add(RepoApiPrivilege.WRITE);
            }
            if (entitySession.hasPermission(str2, "read")) {
                arrayList2.add(RepoApiPrivilege.READ);
            }
            if (entitySession.hasPermission(str2, "set_property")) {
                arrayList2.add(RepoApiPrivilege.WRITE);
            }
        } catch (RepositoryException e) {
            log.error("Failed to check privileges on child tasks or annotations node on asset {} with exception: {}", path, e);
        }
        return new RelationPrivileges[]{new RelationPrivileges(Constants.REL_ANNOTATIONS, (RepoApiPrivilege[]) arrayList.toArray(new RepoApiPrivilege[arrayList.size()])), new RelationPrivileges(Constants.REL_TASKS, (RepoApiPrivilege[]) arrayList2.toArray(new RepoApiPrivilege[arrayList2.size()]))};
    }
}
