package com.day.cq.dam.core.impl.team;

import com.adobe.granite.security.user.UserManagementService;
import com.adobe.granite.toggle.api.ToggleRouter;
import com.day.cq.commons.jcr.JcrUtil;
import com.day.text.Text;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/cq/dam/core/impl/team/TeamManagerImpl.class */
public class TeamManagerImpl implements TeamManager {
    private static final Logger log = LoggerFactory.getLogger(TeamManagerImpl.class);
    private final Session serviceSession;
    private final Session ownerSession;
    private final String tenantId;
    private final UserManager srvUserManager;
    private final UserManager ownerUserManager;
    private UserManagementService userManagementService;
    private final Map<String, Role> roles;
    private ToggleRouter toggleRouter;
    private static final String CONTEXT_PREFIX = "mac";
    private static final String GRP_PREFIX = "mac-";
    private static final String TOGGLE_CLEARGROUPCACHE = "CT_ASSETS-27321";

    public TeamManagerImpl(Session session, Session session2, String str, Map<String, Role> map, ToggleRouter toggleRouter) throws RepositoryException {
        this(session, session2, str, map, null, toggleRouter);
    }

    public TeamManagerImpl(Session session, Session session2, String str, Map<String, Role> map, UserManagementService userManagementService, ToggleRouter toggleRouter) throws RepositoryException {
        this.serviceSession = session2;
        this.ownerSession = session;
        this.tenantId = str;
        this.roles = map;
        this.srvUserManager = ((JackrabbitSession) session2).getUserManager();
        this.ownerUserManager = ((JackrabbitSession) session).getUserManager();
        this.userManagementService = userManagementService;
        this.toggleRouter = toggleRouter;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public String getTenantId() {
        return this.tenantId;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Team createTeam(String str, Collection<TeamMember> collection, String str2, SetMemberCallback setMemberCallback) throws Exception {
        String format;
        String format2;
        Group createGroup;
        try {
            ArrayList arrayList = new ArrayList();
            for (TeamMember teamMember : collection) {
                if (teamMember.getRoles().contains(DefaultRoleProvider.ROLE_OWNER)) {
                    Authorizable authorizable = this.ownerUserManager.getAuthorizable(teamMember.getId());
                    if (authorizable == null || !(authorizable instanceof Authorizable)) {
                        throw new RuntimeException("Owner " + teamMember.getId() + " is not a valid user or group");
                    }
                    arrayList.add(authorizable);
                }
            }
            Authorizable authorizable2 = this.ownerUserManager.getAuthorizable(str);
            if (!(authorizable2 instanceof User)) {
                throw new RuntimeException("Unable to create team. no such creator: " + str);
            }
            String groupRootPath = this.userManagementService != null ? this.userManagementService.getGroupRootPath() : "/home/groups";
            Node node = this.serviceSession.getNode(groupRootPath + "/" + CONTEXT_PREFIX);
            Node addNode = !node.hasNode(this.tenantId) ? node.addNode(this.tenantId, "rep:AuthorizableFolder") : node.getNode(this.tenantId);
            AccessControlUtils.addAccessControlEntry(this.serviceSession, (!addNode.hasNode(str) ? addNode.addNode(str, "rep:AuthorizableFolder") : addNode.getNode(str)).getPath(), authorizable2.getPrincipal(), AccessControlUtils.privilegesFromNames(this.serviceSession, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}readAccessControl"}), true);
            String replaceAll = JcrUtil.createValidName(str2).replaceAll("-", "");
            int i = -1;
            while (true) {
                Object[] objArr = new Object[2];
                objArr[0] = replaceAll;
                objArr[1] = i < 0 ? "" : String.valueOf(i);
                format = String.format("%s%s", objArr);
                final String format3 = String.format("mac-%s-%s", this.tenantId, format);
                format2 = String.format(groupRootPath + "/" + CONTEXT_PREFIX + "/%s/%s/%s", this.tenantId, str, format);
                try {
                    createGroup = this.srvUserManager.createGroup(new Principal() { // from class: com.day.cq.dam.core.impl.team.TeamManagerImpl.1
                        @Override // java.security.Principal
                        public String getName() {
                            return format3;
                        }
                    }, format2);
                    if (!this.srvUserManager.isAutoSave()) {
                        this.serviceSession.save();
                        break;
                    }
                    break;
                } catch (AuthorizableExistsException e) {
                    i = i + 1 + 1;
                }
            }
            createGroup.setProperty("jcr:title", this.serviceSession.getValueFactory().createValue(str2));
            this.serviceSession.save();
            TeamImpl teamImpl = new TeamImpl(this, format, format2, str2);
            setMembers(teamImpl, collection, setMemberCallback);
            for (Map.Entry<String, Role> entry : this.roles.entrySet()) {
                getOrCreateRoleGroup(teamImpl, entry.getValue(), true);
                log.debug("Created role {} ", entry.getKey());
            }
            if (this.roles.values().contains(DefaultRoleProvider.ROLE_OWNER)) {
                AccessControlUtils.addAccessControlEntry(this.serviceSession, format2, getOrCreateRoleGroup(teamImpl, DefaultRoleProvider.ROLE_OWNER, false).getPrincipal(), AccessControlUtils.privilegesFromNames(this.serviceSession, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}readAccessControl"}), true);
            }
            this.serviceSession.save();
            return teamImpl;
        } catch (RepositoryException e2) {
            log.error("Error while creating team group.", e2);
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Group getOrCreateRoleGroup(TeamImpl teamImpl, Role role, boolean z) throws RepositoryException {
        if (role == null || role.equals(DefaultRoleProvider.ROLE_VIEWER)) {
            Group authorizable = this.srvUserManager.getAuthorizable(String.format("mac-%s-%s", this.tenantId, teamImpl.getId()));
            if (authorizable instanceof Group) {
                return authorizable;
            }
            return null;
        }
        final String format = String.format("mac-%s-%s-%s", this.tenantId, teamImpl.getId(), role.getId());
        try {
            Group authorizable2 = this.srvUserManager.getAuthorizable(format);
            if (authorizable2 == null && z) {
                Group createGroup = this.srvUserManager.createGroup(new Principal() { // from class: com.day.cq.dam.core.impl.team.TeamManagerImpl.2
                    @Override // java.security.Principal
                    public String getName() {
                        return format;
                    }
                }, teamImpl.getTeamPath());
                if (!this.srvUserManager.isAutoSave()) {
                    this.serviceSession.save();
                }
                return createGroup;
            }
            if (authorizable2 instanceof Group) {
                return authorizable2;
            }
            log.info("Unable to get group for role {}. No such group {}. Create disabled", role.getId(), format);
            return null;
        } catch (RepositoryException e) {
            log.error("Error while retrieving group {}.", format, e);
            return null;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Team getTeam(String str) {
        String format = String.format("mac-%s-%s", this.tenantId, str);
        try {
            Authorizable authorizable = this.srvUserManager.getAuthorizable(format);
            if (authorizable instanceof Group) {
                return new TeamImpl(this, str, Text.getRelativeParent(authorizable.getPath(), 1));
            }
            log.info("Unable to get team {} for tenant {}. No such group {}", new Object[]{str, this.tenantId, format});
            return null;
        } catch (RepositoryException e) {
            log.error("Error while retrieving group {}.", format, e);
            return null;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Team getTeam(Group group) {
        try {
            String id = group.getID();
            String[] explode = Text.explode(id, 45);
            if (explode.length < 3 || !CONTEXT_PREFIX.equals(explode[0]) || !this.tenantId.equalsIgnoreCase(explode[1])) {
                return null;
            }
            String str = explode[2];
            log.info("resolved team {} for group {}", str, id);
            return new TeamImpl(this, str, Text.getRelativeParent(group.getPath(), 1));
        } catch (RepositoryException e) {
            log.error("Error while retrieving team for group.", e);
            return null;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Collection<Team> getTeams() {
        ArrayList arrayList = new ArrayList();
        try {
            NodeIterator nodes = this.serviceSession.getWorkspace().getQueryManager().createQuery("/jcr:root//element(*,rep:Group)", "xpath").execute().getNodes();
            Pattern compile = Pattern.compile(GRP_PREFIX + this.tenantId + "-([^-]+)");
            while (nodes.hasNext()) {
                Group authorizableByPath = this.srvUserManager.getAuthorizableByPath(nodes.nextNode().getPath());
                Matcher matcher = compile.matcher(authorizableByPath.getID());
                if (matcher.matches()) {
                    arrayList.add(new TeamImpl(this, matcher.group(1), Text.getRelativeParent(authorizableByPath.getPath(), 1)));
                }
            }
        } catch (RepositoryException e) {
            log.error("Error while retrieving teams.");
        }
        Collections.sort(arrayList, new Comparator<Team>() { // from class: com.day.cq.dam.core.impl.team.TeamManagerImpl.3
            @Override // java.util.Comparator
            public int compare(Team team, Team team2) {
                return team.getName().compareTo(team2.getName());
            }
        });
        return arrayList;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public boolean canApplyTeam(Session session, String str) {
        try {
            AccessControlManager accessControlManager = session.getAccessControlManager();
            return accessControlManager.hasPrivileges(str, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyAccessControl")});
        } catch (RepositoryException e) {
            log.info("unable to determine if user can apply team: {}", e.getMessage());
            return false;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public boolean apply(Session session, Team team, String str, RoleProvider roleProvider) throws RepositoryException {
        assertSameTenant(team);
        for (Role role : roleProvider.getRoles()) {
            Group group = team.getGroup(role);
            if (group != null) {
                AccessControlUtils.addAccessControlEntry(session, str, group.getPrincipal(), role.getPrivileges(), true);
            } else {
                log.debug("No {} Group found for team {}. This is Ok ", role.getId(), team.getName());
            }
        }
        return false;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public boolean apply(Session session, Team team, String str) throws RepositoryException {
        assertSameTenant(team);
        try {
            Group group = team.getGroup(DefaultRoleProvider.ROLE_OWNER);
            if (group != null) {
                AccessControlUtils.addAccessControlEntry(session, str, group.getPrincipal(), DefaultRoleProvider.ROLE_OWNER.getPrivileges(), true);
                try {
                    AccessControlUtils.addAccessControlEntry(session, session.getNode(str).getParent().getPath(), group.getPrincipal(), AccessControlUtils.privilegesFromNames(session, new String[]{"{http://www.jcp.org/jcr/1.0}removeChildNodes"}), true);
                } catch (Exception e) {
                }
            }
            Group group2 = team.getGroup(DefaultRoleProvider.ROLE_EDITOR);
            if (group2 != null) {
                AccessControlUtils.addAccessControlEntry(session, str, group2.getPrincipal(), DefaultRoleProvider.ROLE_EDITOR.getPrivileges(), true);
                HashMap hashMap = new HashMap();
                hashMap.put("rep:glob", session.getValueFactory().createValue("/*"));
                addAccessControlEntryWithRestrictions(session, str, group2.getPrincipal(), AccessControlUtils.privilegesFromNames(session, new String[]{"{http://www.jcp.org/jcr/1.0}removeNode"}), true, hashMap);
            } else {
                log.debug("No {} Group found for team {}. This is Ok ", DefaultRoleProvider.ROLE_EDITOR, team.getName());
            }
            Group group3 = team.getGroup(DefaultRoleProvider.ROLE_VIEWER);
            if (group3 != null) {
                AccessControlUtils.addAccessControlEntry(session, str, group3.getPrincipal(), AccessControlUtils.privilegesFromNames(session, new String[]{"{http://www.jcp.org/jcr/1.0}read"}), true);
            } else {
                log.debug("No {} Group found for team {}. This is Ok ", DefaultRoleProvider.ROLE_VIEWER, team.getName());
            }
            if (group == null) {
                log.debug("No {} Group found for team {} and but everyone is allowed access.", DefaultRoleProvider.ROLE_OWNER, team.getName());
            }
            session.save();
            return true;
        } catch (AccessDeniedException e2) {
            log.error("Error while applying team to {}", str, e2);
            throw e2;
        } catch (RepositoryException e3) {
            log.error("Error while applying team to {}", str, e3);
            throw e3;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public boolean revoke(Team team, String str) throws RepositoryException {
        assertSameTenant(team);
        try {
            AccessControlManager accessControlManager = this.ownerSession.getAccessControlManager();
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
            if (accessControlList != null) {
                String format = String.format("mac-%s-%s", this.tenantId, team.getId());
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    if (accessControlEntry.getPrincipal().getName().indexOf(format) == 0) {
                        accessControlList.removeAccessControlEntry(accessControlEntry);
                    }
                }
                accessControlManager.setPolicy(str, accessControlList);
                this.ownerSession.save();
            }
            return true;
        } catch (AccessDeniedException e) {
            log.error("Error while revoking team from {}", str, e);
            throw e;
        } catch (RepositoryException e2) {
            log.error("Error while revoking team from {}", str, e2);
            throw e2;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Collection<Team> getAppliedTeams(Session session, String str) throws RepositoryException {
        Team team;
        try {
            HashMap hashMap = new HashMap();
            AccessControlManager accessControlManager = session.getAccessControlManager();
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(str);
            JackrabbitAccessControlList jackrabbitAccessControlList = null;
            int length = policies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                JackrabbitAccessControlList jackrabbitAccessControlList2 = policies[i];
                if (jackrabbitAccessControlList2 instanceof JackrabbitAccessControlList) {
                    jackrabbitAccessControlList = jackrabbitAccessControlList2;
                    break;
                }
                i++;
            }
            Privilege privilegeFromName = accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes");
            if (jackrabbitAccessControlList != null) {
                String format = String.format("mac-%s-", this.tenantId);
                for (AccessControlEntry accessControlEntry : jackrabbitAccessControlList.getAccessControlEntries()) {
                    String name = accessControlEntry.getPrincipal().getName();
                    if (name.indexOf(format) == 0) {
                        String substring = name.substring(format.length());
                        if (substring.indexOf(45) < 0 && !hashMap.containsKey(substring) && (team = getTeam(substring)) != null) {
                            boolean z = false;
                            if ("all".equals(substring) && accessControlEntry.getPrivileges().length == 1) {
                                z = privilegeFromName.equals(accessControlEntry.getPrivileges()[0]);
                            }
                            if (!z) {
                                hashMap.put(substring, team);
                            }
                        }
                    }
                }
            }
            return hashMap.values();
        } catch (AccessDeniedException e) {
            if (log.isDebugEnabled()) {
                log.warn("Error while aggregating team list for path {}", str, e);
            } else {
                log.warn("Error while aggregating team list for path {}: {}", str, e.toString());
            }
            throw e;
        } catch (RepositoryException e2) {
            log.error("Error while aggregating team list for path {}", str, e2);
            throw e2;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public boolean removeAppliedTeams(Session session, String str) throws Exception {
        try {
            Collection<Team> appliedTeams = getAppliedTeams(session, str);
            if (null != appliedTeams) {
                Iterator<Team> it = appliedTeams.iterator();
                while (it.hasNext()) {
                    this.serviceSession.removeItem(it.next().getTeamPath());
                }
            }
            this.serviceSession.save();
            return true;
        } catch (Exception e) {
            log.warn("Error in removing teams applied at path {}.", str, e);
            return false;
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Set<Role> getRoles() {
        return new HashSet(this.roles.values());
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Set<Role> getRoles(String... strArr) {
        if (strArr == null || strArr.length == 0) {
            return getRoles();
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet(Arrays.asList(strArr));
        for (Role role : this.roles.values()) {
            if (hashSet2.contains(role.getScope())) {
                hashSet.add(role);
            }
        }
        return hashSet;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Role getRole(String str) {
        if (this.roles.containsKey(str)) {
            return this.roles.get(str);
        }
        return null;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Collection<TeamMember> createTeamMemberList(String[] strArr, String[] strArr2) throws Exception {
        List emptyList = Collections.emptyList();
        if (strArr != null && strArr2 != null) {
            if (strArr.length != strArr2.length) {
                throw new IllegalArgumentException("userIds and roleIds must have the same size.");
            }
            emptyList = new ArrayList(strArr.length);
            for (int i = 0; i < strArr.length; i++) {
                String str = strArr[i];
                Role role = getRole(strArr2[i]);
                if (role == null) {
                    throw new RuntimeException("The role is not available for .");
                }
                emptyList.add(new TeamMember(str, role));
            }
        }
        return emptyList;
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public Collection<TeamMember> createTeamMemberList(List<String> list, List<String> list2) throws Exception {
        return createTeamMemberList((String[]) list.toArray(new String[list.size()]), (String[]) list2.toArray(new String[list2.size()]));
    }

    private void assertSameTenant(Team team) {
        if (!team.getTeamManager().getTenantId().equals(getTenantId())) {
            throw new IllegalArgumentException("team tenant must match teamManager tenant.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, TeamMember> getMembers(TeamImpl teamImpl) throws Exception {
        TreeMap treeMap = new TreeMap();
        Group orCreateRoleGroup = getOrCreateRoleGroup(teamImpl, null, false);
        if (orCreateRoleGroup == null) {
            throw new RuntimeException("Primary group must exist for team: " + teamImpl.getId());
        }
        Iterator declaredMembers = orCreateRoleGroup.getDeclaredMembers();
        while (declaredMembers.hasNext()) {
            Authorizable authorizable = (Authorizable) declaredMembers.next();
            Set<Role> roles = getRoles(teamImpl.getId(), authorizable);
            if (roles.isEmpty()) {
                roles.add(DefaultRoleProvider.ROLE_VIEWER);
            }
            treeMap.put(authorizable.getID(), new TeamMember(authorizable.getID(), roles));
        }
        return treeMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TeamMember addMember(TeamImpl teamImpl, String str, Set<Role> set) throws Exception {
        Group orCreateRoleGroup;
        try {
            Authorizable authorizable = this.ownerUserManager.getAuthorizable(str);
            if (!(authorizable instanceof Authorizable)) {
                throw new RuntimeException("User or Group" + str + " does not exist.");
            }
            Group orCreateRoleGroup2 = getOrCreateRoleGroup(teamImpl, null, false);
            if (orCreateRoleGroup2 == null) {
                throw new RuntimeException("Primary group must exist for team: " + teamImpl.getId());
            }
            Set<Role> roles = getRoles(teamImpl.getId(), authorizable);
            for (Role role : roles) {
                if ((set == null || !set.contains(role)) && (orCreateRoleGroup = getOrCreateRoleGroup(teamImpl, role, false)) != null) {
                    orCreateRoleGroup.removeMember(authorizable);
                }
            }
            if (set != null) {
                for (Role role2 : set) {
                    if (!roles.contains(role2)) {
                        getOrCreateRoleGroup(teamImpl, role2, true).addMember(authorizable);
                    }
                }
            }
            orCreateRoleGroup2.addMember(authorizable);
            TeamMember teamMember = new TeamMember(authorizable.getID(), set);
            this.serviceSession.save();
            clearGroupCache(this.ownerSession, authorizable);
            return teamMember;
        } catch (RepositoryException e) {
            log.error("Error while adding member to team", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TeamMember removeMember(TeamImpl teamImpl, String str) throws Exception {
        try {
            Authorizable authorizable = this.ownerUserManager.getAuthorizable(str);
            if (!(authorizable instanceof Authorizable)) {
                log.warn("unable to remove member {}: no such user or group.", str);
                return null;
            }
            Group orCreateRoleGroup = getOrCreateRoleGroup(teamImpl, null, false);
            if (orCreateRoleGroup == null) {
                throw new RuntimeException("Primary group must exist for team: " + teamImpl.getId());
            }
            if (!orCreateRoleGroup.isDeclaredMember(authorizable)) {
                log.warn("User {} is not member of this team {}", str, teamImpl.getId());
                return null;
            }
            Set<Role> roles = getRoles(teamImpl.getId(), authorizable);
            Iterator<Role> it = roles.iterator();
            while (it.hasNext()) {
                Group orCreateRoleGroup2 = getOrCreateRoleGroup(teamImpl, it.next(), false);
                if (orCreateRoleGroup2 != null) {
                    orCreateRoleGroup2.removeMember(authorizable);
                }
            }
            orCreateRoleGroup.removeMember(authorizable);
            this.serviceSession.save();
            clearGroupCache(this.ownerSession, authorizable);
            return new TeamMember(authorizable.getID(), roles);
        } catch (RepositoryException e) {
            log.error("Error while removing member from team", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean setMembers(TeamImpl teamImpl, Collection<TeamMember> collection, SetMemberCallback setMemberCallback) throws Exception {
        try {
            Map<String, TeamMember> members = getMembers(teamImpl);
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (TeamMember teamMember : collection) {
                String id = teamMember.getId();
                Authorizable authorizable = this.ownerUserManager.getAuthorizable(id);
                if (authorizable == null || !(authorizable instanceof Authorizable)) {
                    log.warn("unable add member {}: no such user.", id);
                } else {
                    TeamMember remove = members.remove(id);
                    if (remove == null) {
                        hashMap.put(id, teamMember);
                    } else if (!remove.equals(teamMember)) {
                        hashMap2.put(id, teamMember);
                    }
                }
            }
            for (TeamMember teamMember2 : hashMap.values()) {
                addMember(teamImpl, teamMember2.getId(), teamMember2.getRoles());
                if (setMemberCallback != null) {
                    setMemberCallback.setMember(teamMember2.getId(), teamMember2.getRoles(), null);
                }
            }
            for (TeamMember teamMember3 : hashMap2.values()) {
                String id2 = teamMember3.getId();
                Authorizable authorizable2 = this.ownerUserManager.getAuthorizable(id2);
                if (authorizable2 instanceof Authorizable) {
                    Set<Role> roles = getRoles(teamImpl.getId(), authorizable2);
                    if (roles.isEmpty()) {
                        roles.add(DefaultRoleProvider.ROLE_VIEWER);
                    }
                    Iterator<Role> it = roles.iterator();
                    while (it.hasNext()) {
                        Group orCreateRoleGroup = getOrCreateRoleGroup(teamImpl, it.next(), false);
                        if (orCreateRoleGroup != null) {
                            orCreateRoleGroup.removeMember(authorizable2);
                        }
                    }
                    if (teamMember3.getRoles() != null) {
                        for (Role role : teamMember3.getRoles()) {
                            if (!roles.contains(role)) {
                                getOrCreateRoleGroup(teamImpl, role, true).addMember(authorizable2);
                            }
                        }
                        getOrCreateRoleGroup(teamImpl, null, false).addMember(authorizable2);
                    }
                    if (setMemberCallback != null) {
                        setMemberCallback.setMember(teamMember3.getId(), teamMember3.getRoles(), roles);
                    }
                } else {
                    log.warn("unable add member {}: no such user.", id2);
                }
            }
            for (TeamMember teamMember4 : members.values()) {
                removeMember(teamImpl, teamMember4.getId());
                if (setMemberCallback != null) {
                    setMemberCallback.setMember(teamMember4.getId(), null, null);
                }
            }
            this.serviceSession.save();
            return true;
        } catch (RepositoryException e) {
            throw new RuntimeException("Error while updating team", e);
        }
    }

    private Set<Role> getRoles(String str, Authorizable authorizable) throws RepositoryException {
        Role role;
        HashSet hashSet = new HashSet();
        String format = String.format("mac-%s-%s-", this.tenantId, str);
        Iterator declaredMemberOf = authorizable.declaredMemberOf();
        while (declaredMemberOf.hasNext()) {
            String id = ((Group) declaredMemberOf.next()).getID();
            if (id.startsWith(format) && (role = getRole(id.substring(format.length()))) != null) {
                hashSet.add(role);
            }
        }
        return hashSet;
    }

    private boolean addAccessControlEntryWithRestrictions(Session session, String str, Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(session, str);
        if (accessControlList == null || !accessControlList.addEntry(principal, privilegeArr, true, map)) {
            return false;
        }
        session.getAccessControlManager().setPolicy(str, accessControlList);
        return true;
    }

    private void clearGroupCache(Session session, Authorizable authorizable) {
        if (this.toggleRouter == null || !this.toggleRouter.isEnabled(TOGGLE_CLEARGROUPCACHE)) {
            return;
        }
        try {
            if (this.serviceSession.nodeExists(authorizable.getPath() + "/rep:cache")) {
                this.serviceSession.removeItem(authorizable.getPath() + "/rep:cache");
                this.serviceSession.save();
                log.info("clearGroupCache: removed group cache for authorizable {}", authorizable.getID());
            } else {
                log.debug("clearGroupCache: no group cache found for authorizable {}", authorizable.getPath());
            }
        } catch (RepositoryException e) {
            try {
                log.error("Unable to clear cache for user '" + authorizable.getID() + "' : " + e.getMessage(), e);
                session.refresh(false);
            } catch (RepositoryException e2) {
                log.error("Unable refresh session after failed cache clearing : " + e.getMessage(), e);
            }
        }
    }

    @Override // com.day.cq.dam.core.impl.team.TeamManager
    public void close() {
        if (null != this.serviceSession) {
            this.serviceSession.logout();
        }
    }
}
