package com.liferay.portal.verify;

import com.liferay.portal.NoSuchResourceException;
import com.liferay.portal.kernel.dao.jdbc.DataAccess;
import com.liferay.portal.kernel.dao.orm.DynamicQuery;
import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.model.Group;
import com.liferay.portal.model.Layout;
import com.liferay.portal.model.Organization;
import com.liferay.portal.model.Permission;
import com.liferay.portal.model.Resource;
import com.liferay.portal.model.ResourceCode;
import com.liferay.portal.model.ResourceConstants;
import com.liferay.portal.model.ResourcePermission;
import com.liferay.portal.model.Role;
import com.liferay.portal.security.permission.PermissionCacheUtil;
import com.liferay.portal.security.permission.ResourceActionsUtil;
import com.liferay.portal.service.LayoutLocalServiceUtil;
import com.liferay.portal.service.PermissionLocalServiceUtil;
import com.liferay.portal.service.ResourceActionLocalServiceUtil;
import com.liferay.portal.service.ResourceCodeLocalServiceUtil;
import com.liferay.portal.service.ResourceLocalServiceUtil;
import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
import com.liferay.portal.service.RoleLocalServiceUtil;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
import com.liferay.portal.util.PortalInstances;
import com.liferay.portal.util.PropsValues;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.List;

/* loaded from: input_file:com/liferay/portal/verify/VerifyPermission.class */
public class VerifyPermission extends VerifyProcess implements ResourceConstants {
    private static final Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS = {new Object[]{"APPROVE_PROPOSAL", 2L, 0L}, new Object[]{"ASSIGN_MEMBERS", 4L, 4L}, new Object[]{"ASSIGN_REVIEWER", 8L, 0L}, new Object[]{"MANAGE_ARCHIVED_SETUPS", 128L, 128L}, new Object[]{"MANAGE_LAYOUTS", 256L, 256L}, new Object[]{"MANAGE_STAGING", 512L, 512L}, new Object[]{"MANAGE_TEAMS", 2048L, 1024L}, new Object[]{"PUBLISH_STAGING", 16384L, 4096L}};
    private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);

    protected void checkPermissions() throws Exception {
        for (String str : ResourceActionsUtil.getModelNames()) {
            List modelResourceActions = ResourceActionsUtil.getModelResourceActions(str);
            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
                PermissionLocalServiceUtil.checkPermissions(str, modelResourceActions);
            } else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
                ResourceActionLocalServiceUtil.checkResourceActions(str, modelResourceActions, true);
            }
        }
    }

    protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
        for (long j : PortalInstances.getCompanyIdsBySQL()) {
            try {
                if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
                    deleteDefaultPrivateLayoutPermissions_5(j);
                } else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
                    deleteDefaultPrivateLayoutPermissions_6(j);
                } else {
                    deleteDefaultPrivateLayoutPermissions_1to4(j);
                }
            } catch (Exception e) {
                if (_log.isDebugEnabled()) {
                    _log.debug(e, e);
                }
            }
        }
    }

    protected void deleteDefaultPrivateLayoutPermissions_1to4(long j) throws Exception {
        long defaultUserId = UserLocalServiceUtil.getDefaultUserId(j);
        for (Permission permission : PermissionLocalServiceUtil.getUserPermissions(defaultUserId)) {
            Resource resource = ResourceLocalServiceUtil.getResource(permission.getResourceId());
            if (isPrivateLayout(ResourceCodeLocalServiceUtil.getResourceCode(resource.getCodeId()).getName(), resource.getPrimKey())) {
                PermissionLocalServiceUtil.unsetUserPermissions(defaultUserId, new String[]{permission.getActionId()}, permission.getResourceId());
            }
        }
    }

    protected void deleteDefaultPrivateLayoutPermissions_5(long j) throws Exception {
        Role role = RoleLocalServiceUtil.getRole(j, "Guest");
        for (Permission permission : PermissionLocalServiceUtil.getRolePermissions(role.getRoleId())) {
            Resource resource = ResourceLocalServiceUtil.getResource(permission.getResourceId());
            if (isPrivateLayout(ResourceCodeLocalServiceUtil.getResourceCode(resource.getCodeId()).getName(), resource.getPrimKey())) {
                PermissionLocalServiceUtil.unsetRolePermission(role.getRoleId(), permission.getPermissionId());
            }
        }
    }

    protected void deleteDefaultPrivateLayoutPermissions_6(long j) throws Exception {
        for (ResourcePermission resourcePermission : ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(RoleLocalServiceUtil.getRole(j, "Guest").getRoleId())) {
            if (isPrivateLayout(resourcePermission.getName(), resourcePermission.getPrimKey())) {
                ResourcePermissionLocalServiceUtil.deleteResourcePermission(resourcePermission.getResourcePermissionId());
            }
        }
    }

    @Override // com.liferay.portal.verify.VerifyProcess
    protected void doVerify() throws Exception {
        deleteDefaultPrivateLayoutPermissions();
        if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 || PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
            checkPermissions();
            fixLayoutRolePermissions();
            fixOrganizationRolePermissions();
        }
    }

    protected void fixLayoutRolePermissions() throws Exception {
        if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
            return;
        }
        fixLayoutRolePermissions_6();
        PermissionCacheUtil.clearCache();
    }

    protected void fixLayoutRolePermissions_6() throws Exception {
        List modelResourceActions = ResourceActionsUtil.getModelResourceActions(Layout.class.getName());
        String[] strArr = (String[]) modelResourceActions.toArray(new String[modelResourceActions.size()]);
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            connection = DataAccess.getUpgradeOptimizedConnection();
            StringBundler stringBundler = new StringBundler(4);
            stringBundler.append("select Layout.companyId as companyId, Layout.plid as ");
            stringBundler.append("primKey, Role_.roleId as ownerRoleId from Role_, ");
            stringBundler.append("Layout where Role_.companyId = Layout.companyId and ");
            stringBundler.append("Role_.name = ?");
            preparedStatement = connection.prepareStatement(stringBundler.toString());
            preparedStatement.setString(1, "Owner");
            resultSet = preparedStatement.executeQuery();
            while (resultSet.next()) {
                fixLayoutRolePermissions_6(resultSet.getLong("companyId"), String.valueOf(resultSet.getLong("primKey")), resultSet.getLong("ownerRoleId"), strArr);
            }
            DataAccess.cleanUp(connection, preparedStatement, resultSet);
        } catch (Throwable th) {
            DataAccess.cleanUp(connection, preparedStatement, resultSet);
            throw th;
        }
    }

    protected void fixLayoutRolePermissions_6(long j, String str, long j2, String[] strArr) throws Exception {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            connection = DataAccess.getUpgradeOptimizedConnection();
            StringBundler stringBundler = new StringBundler(4);
            stringBundler.append("select count(*) from ResourcePermission where ");
            stringBundler.append("ResourcePermission.companyId = ? and ");
            stringBundler.append("ResourcePermission.primKey = ? and ");
            stringBundler.append("ResourcePermission.roleId = ?");
            preparedStatement = connection.prepareStatement(stringBundler.toString());
            preparedStatement.setLong(1, j);
            preparedStatement.setString(2, str);
            preparedStatement.setLong(3, j2);
            resultSet = preparedStatement.executeQuery();
            if (!resultSet.next()) {
                DataAccess.cleanUp(connection, preparedStatement, resultSet);
            } else {
                if (resultSet.getInt(1) > 0) {
                    DataAccess.cleanUp(connection, preparedStatement, resultSet);
                    return;
                }
                ResourcePermissionLocalServiceUtil.setResourcePermissions(j, Layout.class.getName(), 4, str, j2, strArr);
                ResourcePermissionLocalServiceUtil.getResourcePermission(j, Layout.class.getName(), 4, str, j2);
                DataAccess.cleanUp(connection, preparedStatement, resultSet);
            }
        } catch (Throwable th) {
            DataAccess.cleanUp(connection, preparedStatement, resultSet);
            throw th;
        }
    }

    protected void fixOrganizationRolePermissions() throws Exception {
        if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
            fixOrganizationRolePermissions_5();
        } else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
            fixOrganizationRolePermissions_6();
        }
        PermissionCacheUtil.clearCache();
    }

    protected void fixOrganizationRolePermissions_5() throws Exception {
        DynamicQuery forClass = DynamicQueryFactoryUtil.forClass(ResourceCode.class);
        forClass.add(RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
        for (ResourceCode resourceCode : ResourceCodeLocalServiceUtil.dynamicQuery(forClass)) {
            DynamicQuery forClass2 = DynamicQueryFactoryUtil.forClass(Resource.class);
            forClass2.add(RestrictionsFactoryUtil.eq("codeId", Long.valueOf(resourceCode.getCodeId())));
            for (Resource resource : ResourceLocalServiceUtil.dynamicQuery(forClass2)) {
                DynamicQuery forClass3 = DynamicQueryFactoryUtil.forClass(Permission.class);
                forClass3.add(RestrictionsFactoryUtil.eq("resourceId", Long.valueOf(resource.getResourceId())));
                processPermissions(resource, PermissionLocalServiceUtil.dynamicQuery(forClass3));
            }
        }
    }

    protected void fixOrganizationRolePermissions_6() throws Exception {
        ResourcePermission resourcePermission;
        DynamicQuery forClass = DynamicQueryFactoryUtil.forClass(ResourcePermission.class);
        forClass.add(RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
        for (ResourcePermission resourcePermission2 : ResourcePermissionLocalServiceUtil.dynamicQuery(forClass)) {
            try {
                resourcePermission = ResourcePermissionLocalServiceUtil.getResourcePermission(resourcePermission2.getCompanyId(), Group.class.getName(), resourcePermission2.getScope(), resourcePermission2.getPrimKey(), resourcePermission2.getRoleId());
            } catch (Exception unused) {
                ResourcePermissionLocalServiceUtil.setResourcePermissions(resourcePermission2.getCompanyId(), Group.class.getName(), resourcePermission2.getScope(), resourcePermission2.getPrimKey(), resourcePermission2.getRoleId(), ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
                resourcePermission = ResourcePermissionLocalServiceUtil.getResourcePermission(resourcePermission2.getCompanyId(), Group.class.getName(), resourcePermission2.getScope(), resourcePermission2.getPrimKey(), resourcePermission2.getRoleId());
            }
            long actionIds = resourcePermission2.getActionIds();
            long actionIds2 = resourcePermission.getActionIds();
            for (Object[] objArr : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
                long longValue = ((Long) objArr[1]).longValue();
                long longValue2 = ((Long) objArr[2]).longValue();
                if ((actionIds & longValue) == longValue) {
                    actionIds &= longValue ^ (-1);
                    actionIds2 |= longValue2;
                }
            }
            try {
                resourcePermission2.resetOriginalValues();
                resourcePermission2.setActionIds(actionIds);
                ResourcePermissionLocalServiceUtil.updateResourcePermission(resourcePermission2, false);
                resourcePermission.resetOriginalValues();
                resourcePermission.setActionIds(actionIds2);
                ResourcePermissionLocalServiceUtil.updateResourcePermission(resourcePermission, false);
            } catch (Exception e) {
                _log.error(e, e);
            }
        }
    }

    protected boolean isPrivateLayout(String str, String str2) throws Exception {
        if (!str.equals(Layout.class.getName())) {
            return false;
        }
        Layout layout = LayoutLocalServiceUtil.getLayout(GetterUtil.getLong(str2));
        return (layout.isPublicLayout() || layout.isTypeControlPanel()) ? false : true;
    }

    protected void processPermissions(Resource resource, List<Permission> list) throws Exception {
        Resource addResource;
        try {
            addResource = ResourceLocalServiceUtil.getResource(resource.getCompanyId(), Group.class.getName(), resource.getScope(), resource.getPrimKey());
        } catch (NoSuchResourceException unused) {
            addResource = ResourceLocalServiceUtil.addResource(resource.getCompanyId(), Group.class.getName(), resource.getScope(), resource.getPrimKey());
        }
        for (Permission permission : list) {
            Object[][] objArr = _ORGANIZATION_ACTION_IDS_TO_MASKS;
            int length = objArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Object[] objArr2 = objArr[i];
                String str = (String) objArr2[0];
                long longValue = ((Long) objArr2[2]).longValue();
                if (!str.equals(permission.getActionId())) {
                    i++;
                } else if (longValue != 0) {
                    try {
                        permission.resetOriginalValues();
                        permission.setResourceId(addResource.getResourceId());
                        PermissionLocalServiceUtil.updatePermission(permission, false);
                    } catch (Exception e) {
                        _log.error(e, e);
                    }
                } else {
                    PermissionLocalServiceUtil.deletePermission(permission.getPermissionId());
                }
            }
        }
    }
}
