package com.mware.security;

import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.mware.core.exception.BcAccessDeniedException;
import com.mware.core.exception.BcException;
import com.mware.core.model.clientapi.dto.ClientApiEdge;
import com.mware.core.model.clientapi.dto.ClientApiEdgeMultipleResponse;
import com.mware.core.model.clientapi.dto.ClientApiEdgeSearchResponse;
import com.mware.core.model.clientapi.dto.ClientApiEdgeWithVertexData;
import com.mware.core.model.clientapi.dto.ClientApiElement;
import com.mware.core.model.clientapi.dto.ClientApiElementAcl;
import com.mware.core.model.clientapi.dto.ClientApiElementSearchResponse;
import com.mware.core.model.clientapi.dto.ClientApiObject;
import com.mware.core.model.clientapi.dto.ClientApiProperty;
import com.mware.core.model.clientapi.dto.ClientApiPropertyAcl;
import com.mware.core.model.clientapi.dto.ClientApiVertex;
import com.mware.core.model.clientapi.dto.ClientApiVertexEdges;
import com.mware.core.model.clientapi.dto.ClientApiVertexMultipleResponse;
import com.mware.core.model.clientapi.dto.ClientApiWorkspaceVertices;
import com.mware.core.model.properties.BcSchema;
import com.mware.core.model.schema.Concept;
import com.mware.core.model.schema.HasSchemaProperties;
import com.mware.core.model.schema.Relationship;
import com.mware.core.model.schema.SchemaElement;
import com.mware.core.model.schema.SchemaProperty;
import com.mware.core.model.schema.SchemaRepository;
import com.mware.core.model.user.PrivilegeRepository;
import com.mware.core.model.user.UserRepository;
import com.mware.core.user.User;
import com.mware.core.util.BcLogger;
import com.mware.core.util.BcLoggerFactory;
import com.mware.ge.Edge;
import com.mware.ge.Element;
import com.mware.ge.Graph;
import com.mware.ge.Property;
import com.mware.ge.Vertex;
import com.mware.web.model.ClientApiElementFindRelatedResponse;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/mware/security/ACLProvider.class */
public abstract class ACLProvider {
    private static final BcLogger LOGGER = BcLoggerFactory.getLogger(ACLProvider.class);
    protected final Graph graph;
    protected final UserRepository userRepository;
    protected final SchemaRepository schemaRepository;
    private final PrivilegeRepository privilegeRepository;

    /* JADX INFO: Access modifiers changed from: protected */
    @Inject
    public ACLProvider(Graph graph, UserRepository userRepository, SchemaRepository schemaRepository, PrivilegeRepository privilegeRepository) {
        this.graph = graph;
        this.userRepository = userRepository;
        this.schemaRepository = schemaRepository;
        this.privilegeRepository = privilegeRepository;
    }

    public boolean canDeleteElement(Element element, User user, String str) {
        return canDeleteElement(element, getSchemaElement(element, str), user, str);
    }

    protected abstract boolean canDeleteElement(Element element, SchemaElement schemaElement, User user, String str);

    public boolean canDeleteElement(ClientApiElement clientApiElement, User user, String str) {
        return canDeleteElement(clientApiElement, getSchemaElement(clientApiElement, str), user, str);
    }

    protected abstract boolean canDeleteElement(ClientApiElement clientApiElement, SchemaElement schemaElement, User user, String str);

    public boolean canDeleteProperty(Element element, String str, String str2, User user, String str3) {
        return canDeleteProperty(element, getSchemaElement(element, str3), str, str2, user, str3);
    }

    protected abstract boolean canDeleteProperty(Element element, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public boolean canDeleteProperty(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        return canDeleteProperty(clientApiElement, getSchemaElement(clientApiElement, str3), str, str2, user, str3);
    }

    protected abstract boolean canDeleteProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public boolean canUpdateElement(Element element, User user, String str) {
        return canUpdateElement(element, getSchemaElement(element, str), user, str);
    }

    protected abstract boolean canUpdateElement(Element element, SchemaElement schemaElement, User user, String str);

    public boolean canUpdateElement(ClientApiElement clientApiElement, User user, String str) {
        return canUpdateElement(clientApiElement, getSchemaElement(clientApiElement, str), user, str);
    }

    protected abstract boolean canUpdateElement(ClientApiElement clientApiElement, SchemaElement schemaElement, User user, String str);

    public boolean canUpdateProperty(Element element, String str, String str2, User user, String str3) {
        return canUpdateProperty(element, getSchemaElement(element, str3), str, str2, user, str3);
    }

    protected abstract boolean canUpdateProperty(Element element, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public boolean canUpdateProperty(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        return canUpdateProperty(clientApiElement, getSchemaElement(clientApiElement, str3), str, str2, user, str3);
    }

    protected abstract boolean canUpdateProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public boolean canAddProperty(Element element, String str, String str2, User user, String str3) {
        return canAddProperty(element, getSchemaElement(element, str3), str, str2, user, str3);
    }

    protected abstract boolean canAddProperty(Element element, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public boolean canAddProperty(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        return canAddProperty(clientApiElement, getSchemaElement(clientApiElement, str3), str, str2, user, str3);
    }

    protected abstract boolean canAddProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, User user, String str3);

    public final void checkCanAddOrUpdateProperty(Element element, String str, String str2, User user, String str3) {
        checkCanAddOrUpdateProperty(element, getSchemaElement(element, str3), str, str2, this.privilegeRepository.getPrivileges(user), user, str3);
    }

    private void checkCanAddOrUpdateProperty(Element element, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) throws BcAccessDeniedException {
        if (!(element.getProperty(str, str2) != null ? internalCanUpdateProperty(element, schemaElement, str, str2, set, user, str3) : internalCanAddProperty(element, schemaElement, str, str2, set, user, str3))) {
            throw new BcAccessDeniedException(str2 + " cannot be added or updated due to ACL restriction", user, element.getId());
        }
    }

    public final void checkCanAddOrUpdateProperty(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        checkCanAddOrUpdateProperty(clientApiElement, getSchemaElement(clientApiElement, str3), str, str2, user, str3);
    }

    public final void checkCanAddOrUpdateProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, User user, String str3) throws BcAccessDeniedException {
        Set<String> privileges = this.privilegeRepository.getPrivileges(user);
        if (!(clientApiElement.getProperty(str, str2) != null ? internalCanUpdateProperty(clientApiElement, schemaElement, str, str2, privileges, user, str3) : internalCanAddProperty(clientApiElement, schemaElement, str, str2, privileges, user, str3))) {
            throw new BcAccessDeniedException(str2 + " cannot be added or updated due to ACL restriction", user, clientApiElement.getId());
        }
    }

    public final void checkCanDeleteProperty(Element element, String str, String str2, User user, String str3) {
        checkCanDeleteProperty(element, getSchemaElement(element, str3), str, str2, this.privilegeRepository.getPrivileges(user), user, str3);
    }

    private void checkCanDeleteProperty(Element element, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) throws BcAccessDeniedException {
        if (!internalCanDeleteProperty(element, schemaElement, str, str2, set, user, str3)) {
            throw new BcAccessDeniedException(str2 + " cannot be deleted due to ACL restriction", user, element.getId());
        }
    }

    public final void checkCanDeleteProperty(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        checkCanDeleteProperty(clientApiElement, getSchemaElement(clientApiElement, str3), str, str2, this.privilegeRepository.getPrivileges(user), user, str3);
    }

    private void checkCanDeleteProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) throws BcAccessDeniedException {
        if (!internalCanDeleteProperty(clientApiElement, schemaElement, str, str2, set, user, str3)) {
            throw new BcAccessDeniedException(str2 + " cannot be deleted due to ACL restriction", user, clientApiElement.getId());
        }
    }

    public final ClientApiElementAcl elementACL(ClientApiElement clientApiElement, User user, String str) {
        return elementACL(clientApiElement, getSchemaElement(clientApiElement, str), this.privilegeRepository.getPrivileges(user), user, str);
    }

    private ClientApiElementAcl elementACL(ClientApiElement clientApiElement, SchemaElement schemaElement, Set<String> set, User user, String str) {
        Preconditions.checkNotNull(clientApiElement, "clientApiElement is required");
        ClientApiElementAcl clientApiElementAcl = new ClientApiElementAcl();
        clientApiElementAcl.setAddable(true);
        clientApiElementAcl.setUpdateable(internalCanUpdateElement(clientApiElement, schemaElement, set, user, str));
        clientApiElementAcl.setDeleteable(internalCanDeleteElement(clientApiElement, schemaElement, set, user, str));
        List<ClientApiPropertyAcl> propertyAcls = clientApiElementAcl.getPropertyAcls();
        if (clientApiElement instanceof ClientApiVertex) {
            String conceptType = ((ClientApiVertex) clientApiElement).getConceptType();
            while (true) {
                String str2 = conceptType;
                if (str2 == null) {
                    break;
                }
                Concept conceptByName = this.schemaRepository.getConceptByName(str2, str);
                if (conceptByName == null) {
                    LOGGER.warn("Could not find concept: %s", new Object[]{str2});
                    break;
                }
                populatePropertyAcls(conceptByName, clientApiElement, schemaElement, set, user, str, propertyAcls);
                conceptType = conceptByName.getParentConceptName();
            }
        } else {
            if (!(clientApiElement instanceof ClientApiEdge)) {
                throw new BcException("unsupported ClientApiElement class " + clientApiElement.getClass().getName());
            }
            String label = ((ClientApiEdge) clientApiElement).getLabel();
            while (true) {
                String str3 = label;
                if (str3 == null) {
                    break;
                }
                Relationship relationshipByName = this.schemaRepository.getRelationshipByName(str3, str);
                if (relationshipByName == null) {
                    LOGGER.warn("Could not find relationship: %s", new Object[]{str3});
                    break;
                }
                populatePropertyAcls(relationshipByName, clientApiElement, schemaElement, set, user, str, propertyAcls);
                label = relationshipByName.getParentName();
            }
        }
        return clientApiElementAcl;
    }

    public final ClientApiObject appendACL(ClientApiObject clientApiObject, User user, String str) {
        return user == null ? clientApiObject : appendACL(clientApiObject, this.privilegeRepository.getPrivileges(user), user, str);
    }

    private ClientApiObject appendACL(ClientApiObject clientApiObject, Set<String> set, User user, String str) {
        if (clientApiObject instanceof ClientApiElement) {
            appendACL((ClientApiElement) clientApiObject, set, user, str);
        } else if (clientApiObject instanceof ClientApiWorkspaceVertices) {
            appendACL(((ClientApiWorkspaceVertices) clientApiObject).getVertices(), user, str);
        } else if (clientApiObject instanceof ClientApiVertexMultipleResponse) {
            appendACL(((ClientApiVertexMultipleResponse) clientApiObject).getVertices(), user, str);
        } else if (clientApiObject instanceof ClientApiEdgeMultipleResponse) {
            appendACL(((ClientApiEdgeMultipleResponse) clientApiObject).getEdges(), user, str);
        } else if (clientApiObject instanceof ClientApiElementSearchResponse) {
            appendACL(((ClientApiElementSearchResponse) clientApiObject).getElements(), user, str);
        } else if (clientApiObject instanceof ClientApiEdgeSearchResponse) {
            appendACL(((ClientApiEdgeSearchResponse) clientApiObject).getResults(), user, str);
        } else if (clientApiObject instanceof ClientApiVertexEdges) {
            appendACL((ClientApiVertexEdges) clientApiObject, set, user, str);
        } else if (clientApiObject instanceof ClientApiElementFindRelatedResponse) {
            appendACL(((ClientApiElementFindRelatedResponse) clientApiObject).getElements(), user, str);
        }
        return clientApiObject;
    }

    protected final boolean isComment(String str) {
        return BcSchema.COMMENT.isSameName(str);
    }

    protected final boolean isAuthor(Element element, String str, String str2, User user, String str3) {
        Property property;
        if (element == null || (property = element.getProperty(str, str2)) == null) {
            return false;
        }
        return user.getUserId().equals((String) BcSchema.MODIFIED_BY_METADATA.getMetadataValue(property.getMetadata()));
    }

    protected final boolean isAuthor(ClientApiElement clientApiElement, String str, String str2, User user, String str3) {
        ClientApiProperty property;
        if (clientApiElement == null || (property = clientApiElement.getProperty(str, str2)) == null) {
            return false;
        }
        return user.getUserId().equals((String) BcSchema.MODIFIED_BY_METADATA.getMetadataValue(property.getMetadata()));
    }

    private void appendACL(Collection<? extends ClientApiObject> collection, User user, String str) {
        Set<String> privileges = this.privilegeRepository.getPrivileges(user);
        Iterator<? extends ClientApiObject> it = collection.iterator();
        while (it.hasNext()) {
            appendACL(it.next(), privileges, user, str);
        }
    }

    protected void appendACL(ClientApiElement clientApiElement, Set<String> set, User user, String str) {
        appendACL(clientApiElement, getSchemaElement(clientApiElement, str), set, user, str);
    }

    private void appendACL(ClientApiElement clientApiElement, SchemaElement schemaElement, Set<String> set, User user, String str) {
        for (ClientApiProperty clientApiProperty : clientApiElement.getProperties()) {
            String key = clientApiProperty.getKey();
            String name = clientApiProperty.getName();
            clientApiProperty.setUpdateable(internalCanUpdateProperty(clientApiElement, schemaElement, key, name, set, user, str));
            clientApiProperty.setDeleteable(internalCanDeleteProperty(clientApiElement, schemaElement, key, name, set, user, str));
            clientApiProperty.setAddable(internalCanAddProperty(clientApiElement, schemaElement, key, name, set, user, str));
        }
        clientApiElement.setUpdateable(Boolean.valueOf(internalCanUpdateElement(clientApiElement, schemaElement, set, user, str)));
        clientApiElement.setDeleteable(Boolean.valueOf(internalCanDeleteElement(clientApiElement, schemaElement, set, user, str)));
        clientApiElement.setAcl(elementACL(clientApiElement, schemaElement, set, user, str));
        if (clientApiElement instanceof ClientApiEdgeWithVertexData) {
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getSource(), set, user, str);
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getTarget(), set, user, str);
        }
    }

    private void appendACL(ClientApiVertexEdges clientApiVertexEdges, Set<String> set, User user, String str) {
        for (ClientApiVertexEdges.Edge edge : clientApiVertexEdges.getRelationships()) {
            appendACL((ClientApiElement) edge.getRelationship(), set, user, str);
            appendACL((ClientApiElement) edge.getVertex(), set, user, str);
        }
    }

    private void populatePropertyAcls(HasSchemaProperties hasSchemaProperties, ClientApiElement clientApiElement, SchemaElement schemaElement, Set<String> set, User user, String str, List<ClientApiPropertyAcl> list) {
        Collection properties = hasSchemaProperties.getProperties();
        HashSet hashSet = new HashSet();
        Iterator it = properties.iterator();
        while (it.hasNext()) {
            String name = ((SchemaProperty) it.next()).getName();
            for (ClientApiProperty clientApiProperty : clientApiElement.getProperties(name)) {
                ClientApiPropertyAcl newClientApiPropertyAcl = newClientApiPropertyAcl(clientApiElement, schemaElement, clientApiProperty.getKey(), name, set, user, str);
                if (!newClientApiPropertyAcl.equals(newClientApiPropertyAcl(null, schemaElement, clientApiProperty.getKey(), name, set, user, str))) {
                    list.add(newClientApiPropertyAcl);
                }
                hashSet.add(name);
            }
        }
        list.addAll((Collection) properties.stream().filter(schemaProperty -> {
            return !hashSet.contains(schemaProperty.getName());
        }).map(schemaProperty2 -> {
            String name2 = schemaProperty2.getName();
            ClientApiPropertyAcl newClientApiPropertyAcl2 = newClientApiPropertyAcl(clientApiElement, schemaElement, null, name2, set, user, str);
            if (newClientApiPropertyAcl2.equals(newClientApiPropertyAcl(null, schemaElement, null, name2, set, user, str))) {
                return null;
            }
            return newClientApiPropertyAcl2;
        }).filter(clientApiPropertyAcl -> {
            return clientApiPropertyAcl != null;
        }).collect(Collectors.toList()));
    }

    private ClientApiPropertyAcl newClientApiPropertyAcl(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        ClientApiPropertyAcl clientApiPropertyAcl = new ClientApiPropertyAcl();
        clientApiPropertyAcl.setKey(str);
        clientApiPropertyAcl.setName(str2);
        clientApiPropertyAcl.setAddable(internalCanAddProperty(clientApiElement, schemaElement, str, str2, set, user, str3));
        clientApiPropertyAcl.setUpdateable(internalCanUpdateProperty(clientApiElement, schemaElement, str, str2, set, user, str3));
        clientApiPropertyAcl.setDeleteable(internalCanDeleteProperty(clientApiElement, schemaElement, str, str2, set, user, str3));
        return clientApiPropertyAcl;
    }

    private boolean internalCanDeleteElement(ClientApiElement clientApiElement, SchemaElement schemaElement, Set<String> set, User user, String str) {
        return PrivilegeRepository.hasPrivilege(set, "EDIT") && canDeleteElement(clientApiElement, schemaElement, user, str);
    }

    private boolean internalCanUpdateElement(ClientApiElement clientApiElement, SchemaElement schemaElement, Set<String> set, User user, String str) {
        return PrivilegeRepository.hasPrivilege(set, "EDIT") && canUpdateElement(clientApiElement, schemaElement, user, str);
    }

    private boolean internalCanDeleteProperty(Element element, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canDeleteProperty(element, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT_DELETE_ANY") || (PrivilegeRepository.hasPrivilege(set, "COMMENT") && isAuthor(element, str, str2, user, str3));
        }
        return z;
    }

    private boolean internalCanDeleteProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canDeleteProperty(clientApiElement, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT_DELETE_ANY") || (PrivilegeRepository.hasPrivilege(set, "COMMENT") && isAuthor(clientApiElement, str, str2, user, str3));
        }
        return z;
    }

    private boolean internalCanUpdateProperty(Element element, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canUpdateProperty(element, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT_EDIT_ANY") || (PrivilegeRepository.hasPrivilege(set, "COMMENT") && isAuthor(element, str, str2, user, str3));
        }
        return z;
    }

    private boolean internalCanUpdateProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canUpdateProperty(clientApiElement, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT_EDIT_ANY") || (PrivilegeRepository.hasPrivilege(set, "COMMENT") && isAuthor(clientApiElement, str, str2, user, str3));
        }
        return z;
    }

    private boolean internalCanAddProperty(Element element, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canAddProperty(element, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT");
        }
        return z;
    }

    private boolean internalCanAddProperty(ClientApiElement clientApiElement, SchemaElement schemaElement, String str, String str2, Set<String> set, User user, String str3) {
        boolean z = hasEditOrCommentPrivilege(set, str2) && canAddProperty(clientApiElement, schemaElement, str, str2, user, str3);
        if (z && isComment(str2)) {
            z = PrivilegeRepository.hasPrivilege(set, "COMMENT");
        }
        return z;
    }

    private boolean hasEditOrCommentPrivilege(Set<String> set, String str) {
        return PrivilegeRepository.hasPrivilege(set, "EDIT") || (isComment(str) && PrivilegeRepository.hasPrivilege(set, "COMMENT"));
    }

    protected SchemaElement getSchemaElement(Element element, String str) {
        if (element == null) {
            return null;
        }
        if (element instanceof Edge) {
            return getOntologyRelationshipFromElement((Edge) element, str);
        }
        if (element instanceof Vertex) {
            return getOntologyConceptFromElement((Vertex) element, str);
        }
        throw new BcException("Unexpected " + Element.class.getName() + " found " + element.getClass().getName());
    }

    protected SchemaElement getSchemaElement(ClientApiElement clientApiElement, String str) {
        if (clientApiElement == null) {
            return null;
        }
        if (clientApiElement instanceof ClientApiEdge) {
            return getOntologyRelationshipFromElement((ClientApiEdge) clientApiElement, str);
        }
        if (clientApiElement instanceof ClientApiVertex) {
            return getOntologyConceptFromElement((ClientApiVertex) clientApiElement, str);
        }
        throw new BcException("Unexpected " + ClientApiVertex.class.getName() + " found " + clientApiElement.getClass().getName());
    }

    private Relationship getOntologyRelationshipFromElement(Edge edge, String str) {
        return getOntologyRelationshipFromElement(edge.getLabel(), str);
    }

    private Relationship getOntologyRelationshipFromElement(ClientApiEdge clientApiEdge, String str) {
        return getOntologyRelationshipFromElement(clientApiEdge.getLabel(), str);
    }

    private Relationship getOntologyRelationshipFromElement(String str, String str2) {
        Preconditions.checkNotNull(str, "Edge label cannot be null");
        Relationship relationshipByName = this.schemaRepository.getRelationshipByName(str, str2);
        Preconditions.checkNotNull(relationshipByName, str + " does not exist in ontology");
        return relationshipByName;
    }

    private Concept getOntologyConceptFromElement(Vertex vertex, String str) {
        return getOntologyConcept((String) Optional.of(vertex.getConceptType()).orElse("thing"), str);
    }

    private Concept getOntologyConceptFromElement(ClientApiVertex clientApiVertex, String str) {
        return getOntologyConcept((String) Optional.of(clientApiVertex.getConceptType()).orElse("thing"), str);
    }

    private Concept getOntologyConcept(String str, String str2) {
        if (str == null) {
            return null;
        }
        return this.schemaRepository.getConceptByName(str, str2);
    }
}
