package uk.ac.cam.caret.sakai.rwiki.component.service.impl;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xalan.templates.Constants;
import org.sakaiproject.authz.api.FunctionManager;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.component.api.ComponentManager;
import org.sakaiproject.entity.api.EntityManager;
import org.sakaiproject.exception.IdUnusedException;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.tool.api.ToolManager;
import uk.ac.cam.caret.sakai.rwiki.component.Messages;
import uk.ac.cam.caret.sakai.rwiki.service.api.RWikiSecurityService;
import uk.ac.cam.caret.sakai.rwiki.service.api.model.RWikiEntity;
import uk.ac.cam.caret.sakai.rwiki.service.api.model.RWikiObject;
import uk.ac.cam.caret.sakai.rwiki.service.exception.PermissionException;
import uk.ac.cam.caret.sakai.rwiki.utils.TimeLogger;

/* loaded from: input_file:WEB-INF/lib/sakai-rwiki-impl-10.7.jar:uk/ac/cam/caret/sakai/rwiki/component/service/impl/RWikiSecurityServiceImpl.class */
public class RWikiSecurityServiceImpl implements RWikiSecurityService {
    private static Log log = LogFactory.getLog(RWikiSecurityServiceImpl.class);
    private FunctionManager functionManager;
    private SecurityService securityService;
    private SiteService siteService;
    private ToolManager toolManager;
    private EntityManager entityManager;
    private SessionManager sessionManager;

    public void init() {
        ComponentManager componentManager = org.sakaiproject.component.cover.ComponentManager.getInstance();
        this.functionManager = (FunctionManager) load(componentManager, FunctionManager.class.getName());
        this.entityManager = (EntityManager) load(componentManager, EntityManager.class.getName());
        this.securityService = (SecurityService) load(componentManager, SecurityService.class.getName());
        this.sessionManager = (SessionManager) load(componentManager, SessionManager.class.getName());
        this.siteService = (SiteService) load(componentManager, SiteService.class.getName());
        this.toolManager = (ToolManager) load(componentManager, ToolManager.class.getName());
        List registeredFunctions = this.functionManager.getRegisteredFunctions("rwiki.");
        if (!registeredFunctions.contains("rwiki.read")) {
            this.functionManager.registerFunction("rwiki.read");
        }
        if (!registeredFunctions.contains("rwiki.update")) {
            this.functionManager.registerFunction("rwiki.update");
        }
        if (!registeredFunctions.contains("rwiki.create")) {
            this.functionManager.registerFunction("rwiki.create");
        }
        if (!registeredFunctions.contains("rwiki.superadmin")) {
            this.functionManager.registerFunction("rwiki.superadmin");
        }
        if (registeredFunctions.contains("rwiki.admin")) {
            return;
        }
        this.functionManager.registerFunction("rwiki.admin");
    }

    private Object load(ComponentManager componentManager, String str) {
        Object obj = componentManager.get(str);
        if (obj == null) {
            log.error("Cant find Spring component named " + str);
        }
        return obj;
    }

    public String getSiteReference() {
        try {
            return this.siteService.getSite(this.toolManager.getCurrentPlacement().getContext()).getReference();
        } catch (IdUnusedException e) {
            throw new PermissionException(Messages.getString("RWikiSecurityServiceImpl.2"));
        }
    }

    public String getSiteId() {
        return this.toolManager.getCurrentPlacement().getContext();
    }

    public boolean checkGetPermission(String str) {
        return this.securityService.unlock("rwiki.read", str);
    }

    public boolean checkUpdatePermission(String str) {
        return this.securityService.unlock("rwiki.update", str);
    }

    public boolean checkAdminPermission(String str) {
        return this.securityService.unlock("rwiki.admin", str);
    }

    public boolean checkSuperAdminPermission(String str) {
        return this.securityService.unlock("rwiki.superadmin", str);
    }

    public boolean checkCreatePermission(String str) {
        return this.securityService.unlock("rwiki.create", str);
    }

    public boolean checkSearchPermission(String str) {
        return this.securityService.unlock("rwiki.read", str);
    }

    public String createPermissionsReference(String str) {
        return this.entityManager.newReference("/wiki" + str + Constants.ATTRVAL_THIS).getReference();
    }

    public boolean checkRead(RWikiEntity rWikiEntity) {
        RWikiObject rWikiObject = rWikiEntity.getRWikiObject();
        long currentTimeMillis = System.currentTimeMillis();
        try {
            String currentSessionUserId = this.sessionManager.getCurrentSessionUserId();
            if (log.isDebugEnabled()) {
                log.debug("checkRead for " + rWikiObject.getName() + " by user: " + currentSessionUserId);
            }
            if (currentSessionUserId != null && currentSessionUserId.equals(rWikiObject.getOwner()) && (rWikiObject.getOwnerRead() || rWikiObject.getOwnerAdmin())) {
                if (log.isDebugEnabled()) {
                    log.debug("User is owner and allowed to read");
                }
                TimeLogger.printTimer("canRead: " + ("1"), currentTimeMillis, System.currentTimeMillis());
                return true;
            }
            String reference = rWikiEntity.getReference();
            if ((rWikiObject.getGroupRead() && checkGetPermission(reference)) || ((rWikiObject.getGroupWrite() && checkUpdatePermission(reference)) || (rWikiObject.getGroupAdmin() && checkAdminPermission(reference)))) {
                if (log.isDebugEnabled()) {
                    log.debug("User is in group and allowed to read");
                }
                TimeLogger.printTimer("canRead: " + ("2"), currentTimeMillis, System.currentTimeMillis());
                return true;
            }
            if (rWikiObject.getPublicRead()) {
                if (log.isDebugEnabled()) {
                    log.debug("Object is public read");
                }
                TimeLogger.printTimer("canRead: " + ("3"), currentTimeMillis, System.currentTimeMillis());
                return true;
            }
            if (checkSuperAdminPermission(reference)) {
                if (log.isDebugEnabled()) {
                    log.debug("User is SuperAdmin for Realm thus default allowed to update");
                }
                TimeLogger.printTimer("canRead: " + ("4"), currentTimeMillis, System.currentTimeMillis());
                return true;
            }
            if (log.isDebugEnabled()) {
                log.debug("Permission denied to read " + rWikiObject.getName() + " by user: " + currentSessionUserId);
            }
            TimeLogger.printTimer("canRead: " + ("5"), currentTimeMillis, System.currentTimeMillis());
            return false;
        } catch (Throwable th) {
            TimeLogger.printTimer("canRead: ", currentTimeMillis, System.currentTimeMillis());
            throw th;
        }
    }

    public boolean checkUpdate(RWikiEntity rWikiEntity) {
        String currentSessionUserId = this.sessionManager.getCurrentSessionUserId();
        RWikiObject rWikiObject = rWikiEntity.getRWikiObject();
        if (log.isDebugEnabled()) {
            log.debug("checkUpdate for " + rWikiObject.getName() + " by user: " + currentSessionUserId);
        }
        if (currentSessionUserId != null && currentSessionUserId.equals(rWikiObject.getOwner()) && (rWikiObject.getOwnerWrite() || rWikiObject.getOwnerAdmin())) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is owner and allowed to update");
            return true;
        }
        String reference = rWikiEntity.getReference();
        if ((rWikiObject.getGroupWrite() && checkUpdatePermission(reference)) || (rWikiObject.getGroupAdmin() && checkAdminPermission(reference))) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is in group and allowed to update");
            return true;
        }
        if (rWikiObject.getPublicWrite()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Object is public write");
            return true;
        }
        if (checkSuperAdminPermission(reference)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is SuperAdmin for Realm thus default allowed to update");
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Permission denied to update " + rWikiObject.getName() + " by user: " + currentSessionUserId);
        return false;
    }

    public boolean checkAdmin(RWikiEntity rWikiEntity) {
        String currentSessionUserId = this.sessionManager.getCurrentSessionUserId();
        RWikiObject rWikiObject = rWikiEntity.getRWikiObject();
        if (log.isDebugEnabled()) {
            log.debug("checkAdmin for " + rWikiObject.getName() + " by user: " + currentSessionUserId);
        }
        if (currentSessionUserId != null && currentSessionUserId.equals(rWikiObject.getOwner()) && rWikiObject.getOwnerAdmin()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is owner and allowed to admin");
            return true;
        }
        String reference = rWikiEntity.getReference();
        if (rWikiObject.getGroupAdmin() && checkAdminPermission(reference)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is in group and allowed to admin");
            return true;
        }
        if (checkSuperAdminPermission(reference)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("User is Super Admin for Realm thus default allowed to admin");
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Permission denied to admin " + rWikiObject.getName() + " by user: " + currentSessionUserId);
        return false;
    }
}
