package org.exist.xquery.functions.securitymanager;

import org.exist.config.ConfigurationException;
import org.exist.dom.QName;
import org.exist.security.Account;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.BrokerPoolConstants;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

/* loaded from: input_file:org/exist/xquery/functions/securitymanager/AccountStatusFunction.class */
public class AccountStatusFunction extends BasicFunction {
    private static final QName qnIsAccountEnabled = new QName("is-account-enabled", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnSetAccountEnabled = new QName("set-account-enabled", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_IS_ACCOUNT_ENABLED = new FunctionSignature(qnIsAccountEnabled, "Determines whether a user account is enabled. You must be a DBA, or you must be enquiring about your own user account.", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to check the status for.")}, new FunctionReturnSequenceType(23, 2, "true if the account is enabled, false otherwise."));
    public static final FunctionSignature FNS_SET_ACCOUNT_ENABLED = new FunctionSignature(qnSetAccountEnabled, "Enabled or disables a users account. You must be a DBA to enable or disable an account.", new SequenceType[]{new FunctionParameterSequenceType("username", 22, 2, "The username of the account to enable or disable."), new FunctionParameterSequenceType(BrokerPoolConstants.RECOVERY_ENABLED_ATTRIBUTE, 23, 2, "true to enable the account, false to disable the account.")}, new SequenceType(10, 1));

    public AccountStatusFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        DBBroker broker = getContext().getBroker();
        Subject currentSubject = broker.getCurrentSubject();
        SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        String stringValue = sequenceArr[0].getStringValue();
        if (isCalledAs(qnIsAccountEnabled.getLocalPart())) {
            if (currentSubject.hasDbaRole() || currentSubject.getName().equals(stringValue)) {
                return new BooleanValue(securityManager.getAccount(stringValue).isEnabled());
            }
            throw new XPathException("You must be a DBA or be enquiring about your own account!");
        }
        if (!isCalledAs(qnSetAccountEnabled.getLocalPart())) {
            throw new XPathException("Unknown function");
        }
        if (!currentSubject.hasDbaRole()) {
            throw new XPathException("You must be a DBA to change the status of an account!");
        }
        boolean effectiveBooleanValue = sequenceArr[1].effectiveBooleanValue();
        Account account = securityManager.getAccount(stringValue);
        account.setEnabled(effectiveBooleanValue);
        try {
            account.save(broker);
            return Sequence.EMPTY_SEQUENCE;
        } catch (ConfigurationException e) {
            throw new XPathException(e.getMessage(), e);
        } catch (PermissionDeniedException e2) {
            throw new XPathException(e2.getMessage(), e2);
        }
    }
}
