package com.liferay.data.engine.rest.internal.resource.v1_0.util;

import com.liferay.data.engine.rest.internal.constants.DataActionKeys;
import com.liferay.data.engine.rest.internal.constants.DataEngineConstants;
import com.liferay.portal.kernel.exception.NoSuchRoleException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.ResourcePermission;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.auth.PrincipalThreadLocal;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.ResourcePermissionLocalService;
import com.liferay.portal.kernel.service.RoleLocalService;
import com.liferay.portal.kernel.service.permission.ModelPermissions;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.StringUtil;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.validation.ValidationException;

/* loaded from: input_file:com/liferay/data/engine/rest/internal/resource/v1_0/util/DataEnginePermissionUtil.class */
public class DataEnginePermissionUtil {
    private static final Log _log = LogFactoryUtil.getLog(DataEnginePermissionUtil.class);

    public static void checkOperationPermission(GroupLocalService groupLocalService, String str, long j) throws Exception {
        if (!StringUtil.equalsIgnoreCase(DataEngineConstants.OPERATION_DELETE_PERMISSION, str) && !StringUtil.equalsIgnoreCase(DataEngineConstants.OPERATION_SAVE_PERMISSION, str)) {
            throw new ValidationException("Operation must be 'delete' or 'save'");
        }
        checkPermission(DataActionKeys.DEFINE_PERMISSIONS, groupLocalService, Long.valueOf(j));
    }

    public static void checkPermission(String str, GroupLocalService groupLocalService, Long l) throws PortalException {
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        Group fetchGroup = groupLocalService.fetchGroup(l.longValue());
        if (fetchGroup != null && fetchGroup.isStagingGroup()) {
            fetchGroup = fetchGroup.getLiveGroup();
        }
        if (!permissionChecker.hasPermission(fetchGroup, DataEngineConstants.RESOURCE_NAME, l.longValue(), str)) {
            throw new PrincipalException.MustHavePermission(permissionChecker, DataEngineConstants.RESOURCE_NAME, l.longValue(), new String[]{str});
        }
    }

    public static List<Role> getRoles(Company company, RoleLocalService roleLocalService, String[] strArr) throws PortalException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str : strArr) {
            try {
                arrayList2.add(roleLocalService.getRole(company.getCompanyId(), str));
            } catch (NoSuchRoleException e) {
                if (_log.isDebugEnabled()) {
                    _log.debug(str, e);
                }
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            return arrayList2;
        }
        throw new ValidationException("Invalid roles: " + ArrayUtil.toStringArray(arrayList));
    }

    public static void persistModelPermission(List<String> list, Company company, long j, String str, String str2, ResourcePermissionLocalService resourcePermissionLocalService, RoleLocalService roleLocalService, String[] strArr, long j2) throws Exception {
        if (StringUtil.equalsIgnoreCase(DataEngineConstants.OPERATION_SAVE_PERMISSION, str)) {
            ModelPermissions modelPermissions = new ModelPermissions();
            for (String str3 : strArr) {
                modelPermissions.addRolePermissions(str3, ArrayUtil.toStringArray(list));
            }
            resourcePermissionLocalService.addModelResourcePermissions(company.getCompanyId(), j2, PrincipalThreadLocal.getUserId(), str2, String.valueOf(j), modelPermissions);
            return;
        }
        for (Role role : getRoles(company, roleLocalService, strArr)) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                resourcePermissionLocalService.removeResourcePermission(company.getCompanyId(), str2, 4, String.valueOf(j), role.getRoleId(), it.next());
            }
        }
    }

    public static void persistPermission(List<String> list, Company company, String str, ResourcePermissionLocalService resourcePermissionLocalService, RoleLocalService roleLocalService, String[] strArr) throws Exception {
        List<Role> roles = getRoles(company, roleLocalService, strArr);
        if (StringUtil.equalsIgnoreCase(DataEngineConstants.OPERATION_SAVE_PERMISSION, str)) {
            Iterator<Role> it = roles.iterator();
            while (it.hasNext()) {
                resourcePermissionLocalService.setResourcePermissions(company.getCompanyId(), DataEngineConstants.RESOURCE_NAME, 1, String.valueOf(company.getCompanyId()), it.next().getRoleId(), ArrayUtil.toStringArray(list));
            }
            return;
        }
        Iterator<Role> it2 = roles.iterator();
        while (it2.hasNext()) {
            ResourcePermission fetchResourcePermission = resourcePermissionLocalService.fetchResourcePermission(company.getCompanyId(), DataEngineConstants.RESOURCE_NAME, 1, String.valueOf(company.getCompanyId()), it2.next().getRoleId());
            if (fetchResourcePermission != null) {
                resourcePermissionLocalService.deleteResourcePermission(fetchResourcePermission);
            }
        }
    }
}
