package com.liferay.depot.internal.security.permission.wrapper;

import com.liferay.depot.model.DepotEntry;
import com.liferay.petra.function.UnsafeFunction;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.security.permission.wrapper.PermissionCheckerWrapper;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.RoleLocalService;
import com.liferay.portal.kernel.service.UserGroupRoleLocalService;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.security.permission.PermissionCacheUtil;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;

/* loaded from: input_file:com/liferay/depot/internal/security/permission/wrapper/DepotPermissionCheckerWrapper.class */
public class DepotPermissionCheckerWrapper extends PermissionCheckerWrapper {
    private static final Log _log = LogFactoryUtil.getLog(DepotPermissionCheckerWrapper.class);
    private static final Set<String> _supportedActionIds = new HashSet(Arrays.asList("ASSIGN_MEMBERS", "ASSIGN_USER_ROLES", "DELETE", "UPDATE", "VIEW", "VIEW_MEMBERS", "VIEW_SITE_ADMINISTRATION"));
    private final ModelResourcePermission<DepotEntry> _depotEntryModelResourcePermission;
    private final GroupLocalService _groupLocalService;
    private final RoleLocalService _roleLocalService;
    private final UserGroupRoleLocalService _userGroupRoleLocalService;

    public DepotPermissionCheckerWrapper(PermissionChecker permissionChecker, ModelResourcePermission<DepotEntry> modelResourcePermission, GroupLocalService groupLocalService, RoleLocalService roleLocalService, UserGroupRoleLocalService userGroupRoleLocalService) {
        super(permissionChecker);
        this._depotEntryModelResourcePermission = modelResourcePermission;
        this._groupLocalService = groupLocalService;
        this._roleLocalService = roleLocalService;
        this._userGroupRoleLocalService = userGroupRoleLocalService;
    }

    public boolean hasPermission(Group group, String str, long j, String str2) {
        if (_isDepotGroupOwner(group)) {
            return true;
        }
        return _hasPermission(str, j, str2, () -> {
            return Boolean.valueOf(super.hasPermission(group, str, j, str2));
        });
    }

    public boolean hasPermission(Group group, String str, String str2, String str3) {
        if (_isDepotGroupOwner(group)) {
            return true;
        }
        return super.hasPermission(group, str, str2, str3);
    }

    public boolean hasPermission(long j, String str, long j2, String str2) {
        if (_isDepotGroupOwner(this._groupLocalService.fetchGroup(j))) {
            return true;
        }
        return _hasPermission(str, j2, str2, () -> {
            return Boolean.valueOf(super.hasPermission(j, str, j2, str2));
        });
    }

    public boolean hasPermission(long j, String str, String str2, String str3) {
        if (_isDepotGroupOwner(this._groupLocalService.fetchGroup(j))) {
            return true;
        }
        return super.hasPermission(j, str, str2, str3);
    }

    public boolean isContentReviewer(long j, long j2) {
        return super.isContentReviewer(j, j2) || isGroupAdmin(j2);
    }

    public boolean isGroupAdmin(long j) {
        try {
            if (!isSignedIn()) {
                return false;
            }
            if (super.isGroupAdmin(j)) {
                return true;
            }
            if (j <= 0) {
                return false;
            }
            return _getOrAddToPermissionCache(this._groupLocalService.fetchGroup(j), this::_isGroupAdmin, "Asset Library Administrator");
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    public boolean isGroupMember(long j) {
        try {
            if (isSignedIn() && j > 0) {
                return _isGroupMember(this._groupLocalService.getGroup(j));
            }
            return false;
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    public boolean isGroupOwner(long j) {
        try {
            if (!isSignedIn()) {
                return false;
            }
            if (super.isGroupOwner(j)) {
                return true;
            }
            if (j <= 0) {
                return false;
            }
            return _getOrAddToPermissionCache(this._groupLocalService.fetchGroup(j), this::_isGroupOwner, "Asset Library Owner");
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    private Group _getDepotGroup(String str, long j) {
        try {
            if (!StringUtil.equals(str, Group.class.getName())) {
                return null;
            }
            Group group = this._groupLocalService.getGroup(j);
            if (group.getType() == 5) {
                return group;
            }
            return null;
        } catch (Exception e) {
            _log.error(e, e);
            return null;
        }
    }

    private boolean _getOrAddToPermissionCache(Group group, UnsafeFunction<Group, Boolean, Exception> unsafeFunction, String str) throws Exception {
        if (group == null) {
            return false;
        }
        Boolean userPrimaryKeyRole = PermissionCacheUtil.getUserPrimaryKeyRole(getUserId(), group.getGroupId(), str);
        if (userPrimaryKeyRole != null) {
            return userPrimaryKeyRole.booleanValue();
        }
        try {
            Boolean bool = (Boolean) unsafeFunction.apply(group);
            PermissionCacheUtil.putUserPrimaryKeyRole(getUserId(), group.getGroupId(), str, bool);
            return bool.booleanValue();
        } catch (Exception e) {
            PermissionCacheUtil.removeUserPrimaryKeyRole(getUserId(), group.getGroupId(), str);
            throw e;
        }
    }

    private boolean _hasPermission(String str, long j, String str2, Supplier<Boolean> supplier) {
        try {
            Group _getDepotGroup = _getDepotGroup(str, j);
            if (_getDepotGroup == null) {
                return supplier.get().booleanValue();
            }
            if (!_supportedActionIds.contains(str2)) {
                return false;
            }
            if (_isGroupAdmin(_getDepotGroup)) {
                return true;
            }
            return this._depotEntryModelResourcePermission.contains(this, _getDepotGroup.getClassPK(), str2);
        } catch (PortalException e) {
            _log.error(e, e);
            return false;
        }
    }

    private boolean _isDepotGroupOwner(Group group) {
        return group != null && group.getType() == 5 && isGroupOwner(group.getGroupId());
    }

    private boolean _isGroupAdmin(Group group) throws PortalException {
        if (group.getType() != 5) {
            return false;
        }
        if (this._userGroupRoleLocalService.hasUserGroupRole(getUserId(), group.getGroupId(), "Asset Library Administrator", true) || this._userGroupRoleLocalService.hasUserGroupRole(getUserId(), group.getGroupId(), "Asset Library Owner", true)) {
            return true;
        }
        Group group2 = group;
        while (!group2.isRoot()) {
            group2 = group2.getParentGroup();
            if (super.hasPermission(group2, Group.class.getName(), String.valueOf(group2.getGroupId()), "MANAGE_SUBGROUPS")) {
                return true;
            }
        }
        return false;
    }

    private boolean _isGroupMember(Group group) throws Exception {
        if (Arrays.binarySearch(getRoleIds(getUserId(), group.getGroupId()), this._roleLocalService.getRole(group.getCompanyId(), "Asset Library Member").getRoleId()) >= 0) {
            return true;
        }
        return super.isGroupMember(group.getGroupId());
    }

    private boolean _isGroupOwner(Group group) throws PortalException {
        return Objects.equals(Integer.valueOf(group.getType()), 5) && this._userGroupRoleLocalService.hasUserGroupRole(getUserId(), group.getGroupId(), "Asset Library Owner", true);
    }
}
