package com.openexchange.groupware.infostore.validation;

import com.openexchange.capabilities.CapabilityService;
import com.openexchange.capabilities.CapabilitySet;
import com.openexchange.database.provider.DBProvider;
import com.openexchange.exception.OXException;
import com.openexchange.group.Group;
import com.openexchange.group.GroupService;
import com.openexchange.groupware.container.ObjectPermission;
import com.openexchange.groupware.infostore.DocumentMetadata;
import com.openexchange.groupware.infostore.InfostoreExceptionCodes;
import com.openexchange.groupware.infostore.utils.Metadata;
import com.openexchange.groupware.userconfiguration.UserConfigurationCodes;
import com.openexchange.groupware.userconfiguration.UserPermissionBits;
import com.openexchange.groupware.userconfiguration.UserPermissionBitsStorage;
import com.openexchange.java.Autoboxing;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.share.GuestInfo;
import com.openexchange.share.ShareExceptionCodes;
import com.openexchange.share.ShareService;
import com.openexchange.share.recipient.RecipientType;
import com.openexchange.tools.session.ServerSession;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/groupware/infostore/validation/ObjectPermissionValidator.class */
public class ObjectPermissionValidator implements InfostoreValidator {
    private final DBProvider dbProvider;

    public ObjectPermissionValidator(DBProvider dBProvider) {
        this.dbProvider = dBProvider;
    }

    @Override // com.openexchange.groupware.infostore.validation.InfostoreValidator
    public String getName() {
        return ObjectPermissionValidator.class.getSimpleName();
    }

    @Override // com.openexchange.groupware.infostore.validation.InfostoreValidator
    public DocumentMetadataValidation validate(ServerSession serverSession, DocumentMetadata documentMetadata, DocumentMetadata documentMetadata2, Set<Metadata> set) {
        DocumentMetadataValidation documentMetadataValidation = new DocumentMetadataValidation();
        List<ObjectPermission> touchedPermissions = getTouchedPermissions(documentMetadata, documentMetadata2, set);
        if (null == touchedPermissions || 0 == touchedPermissions.size()) {
            return documentMetadataValidation;
        }
        if (false != checkPermissionBits(touchedPermissions, documentMetadataValidation) && false != checkPermissionEntities(serverSession, touchedPermissions, documentMetadataValidation) && false == checkCapabilities(serverSession, touchedPermissions, documentMetadataValidation)) {
            return documentMetadataValidation;
        }
        return documentMetadataValidation;
    }

    private boolean checkCapabilities(ServerSession serverSession, List<ObjectPermission> list, DocumentMetadataValidation documentMetadataValidation) {
        ShareService shareService = (ShareService) ServerServiceRegistry.getServize(ShareService.class);
        CapabilitySet capabilitySet = null;
        try {
            capabilitySet = ((CapabilityService) ServerServiceRegistry.getServize(CapabilityService.class)).getCapabilities(serverSession);
        } catch (OXException e) {
            LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting capabilities for user {}", Autoboxing.I(serverSession.getUserId()), e);
            documentMetadataValidation.setFatalException(e);
        }
        for (ObjectPermission objectPermission : list) {
            GuestInfo guestInfo = null;
            if (false == objectPermission.isGroup()) {
                try {
                    guestInfo = shareService.getGuestInfo(serverSession, objectPermission.getEntity());
                } catch (OXException e2) {
                    LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting guest info for permission entity {}", Autoboxing.I(objectPermission.getEntity()), e2);
                    documentMetadataValidation.setFatalException(e2);
                }
            }
            if (null != guestInfo) {
                if (RecipientType.ANONYMOUS.equals(guestInfo.getRecipientType())) {
                    if (null == capabilitySet || false == capabilitySet.contains("share_links")) {
                        OXException create = ShareExceptionCodes.NO_SHARE_LINK_PERMISSION.create();
                        documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, create.getDisplayMessage(serverSession.getUser().getLocale()));
                        documentMetadataValidation.setException(create);
                        return false;
                    }
                } else if (RecipientType.GUEST.equals(guestInfo.getRecipientType()) && (null == capabilitySet || false == capabilitySet.contains("invite_guests"))) {
                    OXException create2 = ShareExceptionCodes.NO_INVITE_GUEST_PERMISSION.create();
                    documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, create2.getDisplayMessage(serverSession.getUser().getLocale()));
                    documentMetadataValidation.setException(create2);
                    return false;
                }
            }
        }
        return true;
    }

    private boolean checkPermissionBits(List<ObjectPermission> list, DocumentMetadataValidation documentMetadataValidation) {
        for (ObjectPermission objectPermission : list) {
            int permissions = objectPermission.getPermissions();
            if (4 == permissions) {
                documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "DELETE object permission is not allowed.");
                documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(objectPermission.getEntity())));
                return false;
            }
            if (2 != permissions && 1 != permissions) {
                documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "Invalid permission bits: " + permissions);
                documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(objectPermission.getEntity())));
                return false;
            }
        }
        return true;
    }

    private boolean checkPermissionEntities(ServerSession serverSession, List<ObjectPermission> list, DocumentMetadataValidation documentMetadataValidation) {
        UserPermissionBits userPermissionBits;
        Group group;
        ArrayList arrayList = new ArrayList();
        int[] groupEntities = getGroupEntities(list);
        if (null != groupEntities) {
            for (int i : groupEntities) {
                try {
                    group = ((GroupService) ServerServiceRegistry.getServize(GroupService.class)).getGroup(serverSession.getContext(), i);
                } catch (OXException e) {
                    if ("GRP-0017".equals(e.getErrorCode())) {
                        documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, e.getDisplayMessage(serverSession.getUser().getLocale()));
                        documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(i)));
                        return false;
                    }
                    LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting group for permission entity {}", Autoboxing.I(i), e);
                    documentMetadataValidation.setFatalException(e);
                }
                if (Integer.MAX_VALUE == group.getIdentifier()) {
                    documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "Group " + group.getDisplayName() + " can't be used for object permissions.");
                    documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS_GUEST_GROUP.create(group.getDisplayName()));
                    return false;
                }
                continue;
            }
        }
        arrayList.addAll(getUserEntities(list));
        if (null == arrayList) {
            return true;
        }
        UserPermissionBitsStorage userPermissionBitsStorage = UserPermissionBitsStorage.getInstance();
        try {
            try {
                Connection readConnection = this.dbProvider.getReadConnection(serverSession.getContext());
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    int intValue = ((Integer) it.next()).intValue();
                    try {
                        userPermissionBits = userPermissionBitsStorage.getUserPermissionBits(readConnection, intValue, serverSession.getContext());
                    } catch (OXException e2) {
                        if (UserConfigurationCodes.NOT_FOUND.equals(e2)) {
                            documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, e2.getDisplayMessage(serverSession.getUser().getLocale()));
                            documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(intValue)));
                            if (null != readConnection) {
                                this.dbProvider.releaseReadConnection(serverSession.getContext(), readConnection);
                            }
                            return false;
                        }
                        LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting user configuration for permission entity {}", Autoboxing.I(intValue), e2);
                        documentMetadataValidation.setFatalException(e2);
                    }
                    if (false == userPermissionBits.hasFullSharedFolderAccess() || false == userPermissionBits.hasInfostore()) {
                        documentMetadataValidation.setError(Metadata.OBJECT_PERMISSIONS_LITERAL, "User " + intValue + " has no permission to see share items.");
                        documentMetadataValidation.setException(InfostoreExceptionCodes.VALIDATION_FAILED_INAPPLICABLE_PERMISSIONS.create(Autoboxing.I(intValue)));
                        if (null != readConnection) {
                            this.dbProvider.releaseReadConnection(serverSession.getContext(), readConnection);
                        }
                        return false;
                    }
                }
                if (null == readConnection) {
                    return true;
                }
                this.dbProvider.releaseReadConnection(serverSession.getContext(), readConnection);
                return true;
            } catch (Throwable th) {
                if (0 != 0) {
                    this.dbProvider.releaseReadConnection(serverSession.getContext(), null);
                }
                throw th;
            }
        } catch (OXException e3) {
            LoggerFactory.getLogger(ObjectPermissionValidator.class).warn("Error getting user configuration for permission entities", e3);
            documentMetadataValidation.setFatalException(e3);
            if (0 == 0) {
                return true;
            }
            this.dbProvider.releaseReadConnection(serverSession.getContext(), null);
            return true;
        }
    }

    private static int[] getGroupEntities(List<ObjectPermission> list) {
        if (null == list || 0 >= list.size()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (ObjectPermission objectPermission : list) {
            if (objectPermission.isGroup()) {
                arrayList.add(Autoboxing.I(objectPermission.getEntity()));
            }
        }
        if (0 < arrayList.size()) {
            return Autoboxing.I2i(arrayList);
        }
        return null;
    }

    private static List<Integer> getUserEntities(List<ObjectPermission> list) {
        ArrayList arrayList = new ArrayList();
        if (null != list && 0 < list.size()) {
            for (ObjectPermission objectPermission : list) {
                if (false == objectPermission.isGroup()) {
                    arrayList.add(Autoboxing.I(objectPermission.getEntity()));
                }
            }
        }
        return arrayList;
    }

    private static List<ObjectPermission> getTouchedPermissions(DocumentMetadata documentMetadata, DocumentMetadata documentMetadata2, Set<Metadata> set) {
        if (null == documentMetadata2) {
            return documentMetadata.getObjectPermissions();
        }
        if (null != set && false == set.contains(Metadata.OBJECT_PERMISSIONS_LITERAL)) {
            return null;
        }
        List<ObjectPermission> objectPermissions = documentMetadata2.getObjectPermissions();
        List<ObjectPermission> objectPermissions2 = documentMetadata.getObjectPermissions();
        ArrayList arrayList = new ArrayList();
        if (null != objectPermissions2) {
            for (ObjectPermission objectPermission : objectPermissions2) {
                ObjectPermission permissionByEntity = getPermissionByEntity(objectPermissions, objectPermission.getEntity());
                if (null == permissionByEntity || false == permissionByEntity.equals(objectPermission)) {
                    arrayList.add(objectPermission);
                }
            }
        }
        if (null != objectPermissions) {
            for (ObjectPermission objectPermission2 : objectPermissions) {
                if (null == getPermissionByEntity(objectPermissions2, objectPermission2.getEntity())) {
                    arrayList.add(objectPermission2);
                }
            }
        }
        return arrayList;
    }

    private static ObjectPermission getPermissionByEntity(List<ObjectPermission> list, int i) {
        if (null == list) {
            return null;
        }
        for (ObjectPermission objectPermission : list) {
            if (objectPermission.getEntity() == i) {
                return objectPermission;
            }
        }
        return null;
    }
}
