package com.openexchange.groupware.infostore.validation;

import com.openexchange.database.provider.DBProvider;
import com.openexchange.exception.OXException;
import com.openexchange.group.Group;
import com.openexchange.group.GroupService;
import com.openexchange.groupware.container.ObjectPermission;
import com.openexchange.groupware.infostore.DocumentMetadata;
import com.openexchange.groupware.infostore.InfostoreExceptionCodes;
import com.openexchange.groupware.infostore.utils.Metadata;
import com.openexchange.groupware.userconfiguration.UserConfigurationCodes;
import com.openexchange.groupware.userconfiguration.UserPermissionBits;
import com.openexchange.groupware.userconfiguration.UserPermissionBitsStorage;
import com.openexchange.java.Autoboxing;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.tools.session.ServerSession;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/groupware/infostore/validation/ObjectPermissionValidator.class */
public class ObjectPermissionValidator implements InfostoreValidator {
    private final DBProvider dbProvider;

    public ObjectPermissionValidator(DBProvider dBProvider) {
        this.dbProvider = dBProvider;
    }

    @Override // com.openexchange.groupware.infostore.validation.InfostoreValidator
    public String getName() {
        return ObjectPermissionValidator.class.getSimpleName();
    }

    @Override // com.openexchange.groupware.infostore.validation.InfostoreValidator
    public DocumentMetadataValidation validate(ServerSession serverSession, DocumentMetadata documentMetadata) {
        UserPermissionBits userPermissionBits;
        Group group;
        DocumentMetadataValidation documentMetadataValidation = new DocumentMetadataValidation();
        List<ObjectPermission> objectPermissions = documentMetadata.getObjectPermissions();
        if (null != objectPermissions) {
            if (false == serverSession.getUserConfiguration().hasFullSharedFolderAccess()) {
                String displayName = serverSession.getUser().getDisplayName();
                documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "User " + serverSession.getUser().getDisplayName() + " has no permission to share items.");
                documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(displayName));
                return documentMetadataValidation;
            }
            for (ObjectPermission objectPermission : objectPermissions) {
                int permissions = objectPermission.getPermissions();
                if (4 == permissions) {
                    documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "DELETE object permission is not allowed.");
                    documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(objectPermission.getEntity())));
                    return documentMetadataValidation;
                }
                if (2 != permissions && 1 != permissions) {
                    documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "Invalid permission bits: " + permissions);
                    documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(objectPermission.getEntity())));
                    return documentMetadataValidation;
                }
            }
            int[] groupEntities = getGroupEntities(objectPermissions);
            if (null != groupEntities) {
                for (int i : groupEntities) {
                    try {
                        group = ((GroupService) ServerServiceRegistry.getServize(GroupService.class)).getGroup(serverSession.getContext(), i);
                    } catch (OXException e) {
                        if ("GRP-0017".equals(e.getErrorCode())) {
                            documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, e.getDisplayMessage(serverSession.getUser().getLocale()));
                            documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(i)));
                            return documentMetadataValidation;
                        }
                        LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting group for permission entity {}", Autoboxing.I(i), e);
                    }
                    if (Integer.MAX_VALUE == group.getIdentifier()) {
                        documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "Group " + group.getDisplayName() + " can't be used for object permissions.");
                        documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(i)));
                        return documentMetadataValidation;
                    }
                    continue;
                }
            }
            int[] userEntities = getUserEntities(objectPermissions);
            if (null != userEntities) {
                UserPermissionBitsStorage userPermissionBitsStorage = UserPermissionBitsStorage.getInstance();
                Connection connection = null;
                try {
                    try {
                        connection = this.dbProvider.getReadConnection(serverSession.getContext());
                        for (int i2 : userEntities) {
                            try {
                                userPermissionBits = userPermissionBitsStorage.getUserPermissionBits(connection, i2, serverSession.getContext());
                            } catch (OXException e2) {
                                if (UserConfigurationCodes.NOT_FOUND.equals(e2)) {
                                    documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, e2.getDisplayMessage(serverSession.getUser().getLocale()));
                                    documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(i2)));
                                    if (null != connection) {
                                        this.dbProvider.releaseReadConnection(serverSession.getContext(), connection);
                                    }
                                    return documentMetadataValidation;
                                }
                                LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting user configuration for permission entity {}", Autoboxing.I(i2), e2);
                            }
                            if (false == userPermissionBits.hasFullSharedFolderAccess() || false == userPermissionBits.hasInfostore()) {
                                documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "User " + i2 + " has no permission to see share items.");
                                documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(i2)));
                                if (null != connection) {
                                    this.dbProvider.releaseReadConnection(serverSession.getContext(), connection);
                                }
                                return documentMetadataValidation;
                            }
                        }
                        if (null != connection) {
                            this.dbProvider.releaseReadConnection(serverSession.getContext(), connection);
                        }
                    } catch (Throwable th) {
                        if (null != connection) {
                            this.dbProvider.releaseReadConnection(serverSession.getContext(), connection);
                        }
                        throw th;
                    }
                } catch (OXException e3) {
                    LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting user configuration for permission entities", e3);
                    if (null != connection) {
                        this.dbProvider.releaseReadConnection(serverSession.getContext(), connection);
                    }
                }
            }
        }
        return documentMetadataValidation;
    }

    private static int[] getGroupEntities(List<ObjectPermission> list) {
        if (null == list || 0 >= list.size()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (ObjectPermission objectPermission : list) {
            if (objectPermission.isGroup()) {
                arrayList.add(Autoboxing.I(objectPermission.getEntity()));
            }
        }
        if (0 < arrayList.size()) {
            return Autoboxing.I2i(arrayList);
        }
        return null;
    }

    private static int[] getUserEntities(List<ObjectPermission> list) {
        if (null == list || 0 >= list.size()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (ObjectPermission objectPermission : list) {
            if (false == objectPermission.isGroup()) {
                arrayList.add(Autoboxing.I(objectPermission.getEntity()));
            }
        }
        if (0 < arrayList.size()) {
            return Autoboxing.I2i(arrayList);
        }
        return null;
    }
}
