package com.day.cq.dam.core.impl.metadata.editor;

import com.adobe.granite.toggle.api.ToggleCondition;
import com.day.cq.dam.commons.util.DamUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ResourceWrapper;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.wrappers.SlingHttpServletRequestWrapper;
import org.apache.sling.api.wrappers.ValueMapDecorator;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {Filter.class}, property = {"sling.filter.pattern=/mnt/overlay/dam/gui/content/assets/metadataeditor.*", "sling.filter.scope=COMPONENT"}, reference = {@Reference(service = ToggleCondition.class, name = "toggleCondition", target = "(toggle.name=FT_ASSETS-20935)", policy = ReferencePolicy.STATIC, cardinality = ReferenceCardinality.MANDATORY)})
/* loaded from: input_file:com/day/cq/dam/core/impl/metadata/editor/MetadataFieldPermissionFilter.class */
public final class MetadataFieldPermissionFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(MetadataFieldPermissionFilter.class);
    public static final String FT_ASSETS_20935 = "FT_ASSETS-20935";
    static final String RESOURCE_TYPE_FORM_FIELD = "granite/ui/components/coral/foundation/form/field";
    static final String RESOURCE_TYPE_SCHEMA_FIELD = "dam/gui/components/admin/schemafield";
    static final String RESOURCE_TYPE_MULTI_FIELD = "granite/ui/components/coral/foundation/form/multifield";
    static final String PROPERTY_RESOURCE_TYPE = "resourceType";
    static final String READ_ONLY = "readOnly";
    static final String RENDER_READ_ONLY = "renderReadOnly";
    static final String DISABLED = "disabled";
    static final String DELETE_HINT = "deleteHint";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/day/cq/dam/core/impl/metadata/editor/MetadataFieldPermissionFilter$FieldOverridingRequestWrapper.class */
    public static class FieldOverridingRequestWrapper extends SlingHttpServletRequestWrapper {
        private final ValueMap properties;

        FieldOverridingRequestWrapper(SlingHttpServletRequest slingHttpServletRequest, ValueMap valueMap) {
            super(slingHttpServletRequest);
            this.properties = valueMap;
        }

        @Nonnull
        public Resource getResource() {
            return new FieldOverridingResource(super.getResource(), this.properties);
        }
    }

    /* loaded from: input_file:com/day/cq/dam/core/impl/metadata/editor/MetadataFieldPermissionFilter$FieldOverridingResource.class */
    static class FieldOverridingResource extends ResourceWrapper {
        private final ValueMap overrideProperties;

        FieldOverridingResource(@NotNull Resource resource, ValueMap valueMap) {
            super(resource);
            this.overrideProperties = valueMap;
        }

        @NotNull
        public ValueMap getValueMap() {
            return this.overrideProperties;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SlingHttpServletRequest slingHttpServletRequest = (SlingHttpServletRequest) servletRequest;
        if (isReadOnlyAssetMetadataFormField(slingHttpServletRequest)) {
            filterChain.doFilter(getWrappedRequest(slingHttpServletRequest), servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    SlingHttpServletRequest getWrappedRequest(SlingHttpServletRequest slingHttpServletRequest) {
        return new FieldOverridingRequestWrapper(slingHttpServletRequest, getDisabledFieldProperties(slingHttpServletRequest));
    }

    boolean isReadOnlyAssetMetadataFormField(SlingHttpServletRequest slingHttpServletRequest) {
        String assetMetadataPropertyRelativePath;
        boolean z = false;
        if ((isFormField(slingHttpServletRequest) || isSchemaField(slingHttpServletRequest)) && (assetMetadataPropertyRelativePath = getAssetMetadataPropertyRelativePath(slingHttpServletRequest)) != null) {
            Set<String> assetMetadataPropertyPaths = getAssetMetadataPropertyPaths(slingHttpServletRequest, assetMetadataPropertyRelativePath);
            z = isReadOnly(slingHttpServletRequest, assetMetadataPropertyPaths);
            LOG.debug("asset metadata property paths: {}, is read only: {}", assetMetadataPropertyPaths, Boolean.valueOf(z));
        }
        return z;
    }

    ValueMap getDisabledFieldProperties(SlingHttpServletRequest slingHttpServletRequest) {
        HashMap hashMap = new HashMap((Map) slingHttpServletRequest.getResource().getValueMap());
        hashMap.put(DELETE_HINT, false);
        hashMap.put(DISABLED, true);
        hashMap.put(READ_ONLY, true);
        hashMap.put(RENDER_READ_ONLY, true);
        return new ValueMapDecorator(hashMap);
    }

    private String getAssetMetadataPropertyRelativePath(SlingHttpServletRequest slingHttpServletRequest) {
        Resource resource = slingHttpServletRequest.getResource();
        return (String) Optional.ofNullable(isMultiField(slingHttpServletRequest) ? resource.getChild("field") : resource).map((v0) -> {
            return v0.getValueMap();
        }).map(valueMap -> {
            return (String) valueMap.get("name", String.class);
        }).orElse(null);
    }

    private Set<String> getAssetMetadataPropertyPaths(SlingHttpServletRequest slingHttpServletRequest, String str) {
        HashSet hashSet = new HashSet();
        RequestParameter[] requestParameters = slingHttpServletRequest.getRequestParameters("item");
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        if (requestParameters != null) {
            Stream map = Arrays.stream(requestParameters).map((v0) -> {
                return v0.getString();
            });
            Objects.requireNonNull(resourceResolver);
            Stream map2 = map.map(resourceResolver::getResource).filter(DamUtil::isAsset).map(resource -> {
                return ResourceUtil.normalize(resource.getPath() + "/" + str);
            });
            Objects.requireNonNull(hashSet);
            map2.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }

    private boolean isReadOnly(SlingHttpServletRequest slingHttpServletRequest, Set<String> set) {
        Session session = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
        boolean z = false;
        try {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                if (!session.hasPermission(it.next(), "set_property")) {
                    z = true;
                }
            }
        } catch (RepositoryException e) {
            LOG.error("error checking permission for asset metadata properties: " + set, e);
            z = true;
        }
        return z;
    }

    private boolean isFormField(SlingHttpServletRequest slingHttpServletRequest) {
        return RESOURCE_TYPE_FORM_FIELD.equals(slingHttpServletRequest.getResourceResolver().getParentResourceType(slingHttpServletRequest.getResource()));
    }

    private boolean isSchemaField(SlingHttpServletRequest slingHttpServletRequest) {
        return RESOURCE_TYPE_SCHEMA_FIELD.equals(slingHttpServletRequest.getResource().getResourceType());
    }

    private boolean isMultiField(SlingHttpServletRequest slingHttpServletRequest) {
        return isSchemaField(slingHttpServletRequest) && ((String) slingHttpServletRequest.getResource().getValueMap().get(PROPERTY_RESOURCE_TYPE, "")).equals(RESOURCE_TYPE_MULTI_FIELD);
    }
}
