package com.adobe.cq.dam.cfm.headless.backend.impl.permissions;

import com.adobe.cq.dam.cfm.ContentFragment;
import com.adobe.cq.dam.cfm.openapi.models.Permission;
import com.adobe.granite.security.authorization.AuthorizationService;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrivilegeCollection;
import org.apache.sling.api.resource.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/cq/dam/cfm/headless/backend/impl/permissions/ContentFragmentPermissions.class */
public class ContentFragmentPermissions {
    private static final Logger LOG = LoggerFactory.getLogger(ContentFragmentPermissions.class);
    private static final String WORKFLOW_MODELS_PATH = "/var/workflow/models";
    private static final String REP_WRITE = "rep:write";
    private static final String RT_SLING_FOLDER = "sling:Folder";
    private static final String NT_FOLDER = "nt:folder";
    private static final String RT_SLING_ORDERED_FOLDER = "sling:OrderedFolder";

    private ContentFragmentPermissions() {
    }

    public static boolean isAdmin(AuthorizationService authorizationService, Session session) {
        return null != authorizationService && authorizationService.hasAdministrativeAccess(session);
    }

    public static List<Permission> getAllowedPermissions(JackrabbitSession jackrabbitSession, JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, List<Permission> list, AuthorizationService authorizationService, Map<String, PrivilegeCollection> map) {
        boolean isAdmin = isAdmin(authorizationService, jackrabbitSession);
        List<Permission> permissions = getPermissions(resource, list);
        if (isAdmin) {
            return permissions;
        }
        ArrayList arrayList = new ArrayList();
        for (Permission permission : permissions) {
            if (isContentFragment(resource) ? hasAccessOnContentFragment(jackrabbitSession, jackrabbitAccessControlManager, resource, permission, map) : isFolder(resource) ? hasAccessOnFolder(jackrabbitAccessControlManager, resource, permission, map) : false) {
                arrayList.add(permission);
            }
        }
        return arrayList;
    }

    private static boolean hasAccessOnContentFragment(JackrabbitSession jackrabbitSession, JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Permission permission, Map<String, PrivilegeCollection> map) {
        if (permission.equals(Permission.READ)) {
            return canRead(jackrabbitAccessControlManager, resource, map);
        }
        if (permission.equals(Permission.EDIT)) {
            return canEdit(jackrabbitAccessControlManager, resource, map);
        }
        if (permission.equals(Permission.DELETE)) {
            return canDelete(jackrabbitAccessControlManager, resource, map);
        }
        if (permission.equals(Permission.RENAME)) {
            return canRename(jackrabbitAccessControlManager, resource, map);
        }
        if (permission.equals(Permission.PUBLISH)) {
            return canReplicate(jackrabbitSession, jackrabbitAccessControlManager, resource, map);
        }
        return false;
    }

    private static boolean hasAccessOnFolder(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Permission permission, Map<String, PrivilegeCollection> map) {
        if (permission.equals(Permission.CREATE_CONTENT_FRAGMENT)) {
            return canCreateContentFragment(jackrabbitAccessControlManager, resource, map);
        }
        return false;
    }

    private static boolean canRead(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        return hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, resource.getPath(), map), new String[]{"{http://www.jcp.org/jcr/1.0}read"});
    }

    private static boolean canEdit(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        return hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, resource.getPath(), map), new String[]{REP_WRITE, "{http://www.jcp.org/jcr/1.0}versionManagement"});
    }

    private static boolean canDelete(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        Resource parent;
        if (hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, resource.getPath(), map), new String[]{"{http://www.jcp.org/jcr/1.0}removeNode"}) && null != (parent = resource.getParent())) {
            return hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, parent.getPath(), map), new String[]{"{http://www.jcp.org/jcr/1.0}removeChildNodes"});
        }
        return false;
    }

    private static boolean canRename(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        Resource parent;
        if (hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, resource.getPath(), map), new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}removeNode"}) && null != (parent = resource.getParent())) {
            return hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, parent.getPath(), map), new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes"});
        }
        return false;
    }

    private static boolean canReplicate(JackrabbitSession jackrabbitSession, JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        if (!hasPrivileges(getPrivilegeCollection(jackrabbitAccessControlManager, resource.getPath(), map), new String[]{"{http://www.day.com/crx/1.0}replicate"})) {
            return false;
        }
        try {
            return jackrabbitSession.itemExists(WORKFLOW_MODELS_PATH);
        } catch (RepositoryException e) {
            return false;
        }
    }

    private static boolean canCreateContentFragment(JackrabbitAccessControlManager jackrabbitAccessControlManager, Resource resource, Map<String, PrivilegeCollection> map) {
        return canEdit(jackrabbitAccessControlManager, resource, map);
    }

    private static List<Permission> getPermissions(Resource resource, List<Permission> list) {
        List<Permission> of;
        if (isContentFragment(resource)) {
            of = List.of(Permission.READ, Permission.EDIT, Permission.DELETE, Permission.RENAME, Permission.PUBLISH);
        } else {
            if (!isFolder(resource)) {
                return Collections.emptyList();
            }
            of = List.of(Permission.CREATE_CONTENT_FRAGMENT);
        }
        if (null == list || list.isEmpty()) {
            return of;
        }
        Stream<Permission> distinct = of.stream().distinct();
        Objects.requireNonNull(list);
        return (List) distinct.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toList());
    }

    private static PrivilegeCollection getPrivilegeCollection(JackrabbitAccessControlManager jackrabbitAccessControlManager, String str, Map<String, PrivilegeCollection> map) {
        PrivilegeCollection privilegeCollection;
        if (map.containsKey(str)) {
            return map.get(str);
        }
        try {
            privilegeCollection = jackrabbitAccessControlManager.getPrivilegeCollection(str);
        } catch (RepositoryException e) {
            LOG.warn("Unable to retrieve the privilege collection for path: {}, {}", str, e);
            privilegeCollection = null;
        }
        map.put(str, privilegeCollection);
        return privilegeCollection;
    }

    private static boolean hasPrivileges(PrivilegeCollection privilegeCollection, String[] strArr) {
        if (null != privilegeCollection && null != strArr) {
            try {
                if (privilegeCollection.includes(strArr)) {
                    return true;
                }
            } catch (RepositoryException e) {
                return false;
            }
        }
        return false;
    }

    private static boolean isContentFragment(Resource resource) {
        return (null == resource || null == resource.adaptTo(ContentFragment.class)) ? false : true;
    }

    private static boolean isFolder(Resource resource) {
        if (null == resource) {
            return false;
        }
        return resource.isResourceType(RT_SLING_FOLDER) || resource.isResourceType(RT_SLING_ORDERED_FOLDER) || resource.isResourceType(NT_FOLDER);
    }
}
