package org.opencms.security;

import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.opencms.configuration.CmsSystemConfiguration;
import org.opencms.db.CmsDbContext;
import org.opencms.db.CmsDriverManager;
import org.opencms.db.CmsSecurityManager;
import org.opencms.db.I_CmsCacheKey;
import org.opencms.file.CmsProject;
import org.opencms.file.CmsResource;
import org.opencms.file.CmsResourceFilter;
import org.opencms.file.types.CmsResourceTypeJsp;
import org.opencms.importexport.CmsImportExportManager;
import org.opencms.lock.CmsLock;
import org.opencms.main.CmsException;
import org.opencms.main.CmsInitException;
import org.opencms.main.CmsLog;
import org.opencms.main.OpenCms;
import org.opencms.security.I_CmsPermissionHandler;

/* loaded from: input_file:org/opencms/security/CmsDefaultPermissionHandler.class */
public class CmsDefaultPermissionHandler implements I_CmsPermissionHandler {
    private static final Log LOG = CmsLog.getLog(CmsDefaultPermissionHandler.class);
    protected CmsDriverManager m_driverManager;
    protected CmsSecurityManager m_securityManager;
    private I_CmsCacheKey m_keyGenerator;

    @Override // org.opencms.security.I_CmsPermissionHandler
    public I_CmsPermissionHandler.CmsPermissionCheckResult hasPermissions(CmsDbContext cmsDbContext, CmsResource cmsResource, CmsPermissionSet cmsPermissionSet, boolean z, CmsResourceFilter cmsResourceFilter) throws CmsException {
        I_CmsPermissionHandler.CmsPermissionCheckResult cmsPermissionCheckResult;
        if (!cmsResourceFilter.isValid(cmsDbContext.getRequestContext(), cmsResource)) {
            return I_CmsPermissionHandler.PERM_FILTERED;
        }
        String cacheKeyForUserPermissions = this.m_keyGenerator.getCacheKeyForUserPermissions((cmsResourceFilter.requireVisible() && z) ? "11" : (cmsResourceFilter.requireVisible() || !z) ? (!cmsResourceFilter.requireVisible() || z) ? "00" : CmsImportExportManager.EXPORT_VERSION : "01", cmsDbContext, cmsResource, cmsPermissionSet);
        I_CmsPermissionHandler.CmsPermissionCheckResult cachedPermission = OpenCms.getMemoryMonitor().getCachedPermission(cacheKeyForUserPermissions);
        if (cachedPermission != null) {
            return cachedPermission;
        }
        int i = 0;
        if (cmsDbContext.currentProject().isOnlineProject()) {
            i = 0 | 2;
        }
        boolean hasRoleForResource = this.m_securityManager.hasRoleForResource(cmsDbContext, cmsDbContext.currentUser(), CmsRole.VFS_MANAGER, cmsResource);
        boolean z2 = cmsPermissionSet.requiresWritePermission() || cmsPermissionSet.requiresControlPermission();
        if (z2 && !hasRoleForResource && CmsResourceTypeJsp.isJsp(cmsResource) && !this.m_securityManager.hasRoleForResource(cmsDbContext, cmsDbContext.currentUser(), CmsRole.VFS_MANAGER, cmsResource)) {
            i = i | 2 | 8;
        }
        if (z2 && z) {
            CmsLock lock = this.m_driverManager.getLock(cmsDbContext, cmsResource);
            if (lock.isUnlocked() || !lock.isLockableBy(cmsDbContext.currentUser())) {
                return I_CmsPermissionHandler.PERM_NOTLOCKED;
            }
        }
        CmsPermissionSetCustom cmsPermissionSetCustom = hasRoleForResource ? new CmsPermissionSetCustom(-1) : this.m_driverManager.getPermissions(cmsDbContext, cmsResource, cmsDbContext.currentUser());
        cmsPermissionSetCustom.denyPermissions(i);
        if ((cmsPermissionSetCustom.getPermissions() & 4) == 0) {
            if (hasRoleForResource || !cmsResourceFilter.requireVisible()) {
                cmsPermissionSetCustom.setPermissions(cmsPermissionSetCustom.getAllowedPermissions() | 4, cmsPermissionSetCustom.getDeniedPermissions() & (-5));
            } else {
                cmsPermissionSet = new CmsPermissionSet(cmsPermissionSet.getAllowedPermissions() | 4, cmsPermissionSet.getDeniedPermissions());
            }
        }
        if (cmsPermissionSet.requiresDirectPublishPermission() && (cmsPermissionSetCustom.getPermissions() & 16) == 0) {
            boolean hasRoleForResource2 = this.m_securityManager.hasRoleForResource(cmsDbContext, cmsDbContext.currentUser(), CmsRole.PROJECT_MANAGER, cmsResource);
            if (!hasRoleForResource2) {
                Iterator<CmsProject> it = this.m_driverManager.getAllManageableProjects(cmsDbContext, this.m_driverManager.readOrganizationalUnit(cmsDbContext, cmsDbContext.currentUser().getOuFqn()), true).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (CmsProject.isInsideProject(this.m_driverManager.readProjectResources(cmsDbContext, it.next()), cmsResource)) {
                        hasRoleForResource2 = true;
                        break;
                    }
                }
            }
            if (hasRoleForResource2) {
                cmsPermissionSetCustom.setPermissions(cmsPermissionSetCustom.getAllowedPermissions() | 16, cmsPermissionSetCustom.getDeniedPermissions() & (-17));
            }
        }
        if ((cmsPermissionSet.getPermissions() & cmsPermissionSetCustom.getPermissions()) == cmsPermissionSet.getPermissions()) {
            cmsPermissionCheckResult = I_CmsPermissionHandler.PERM_ALLOWED;
        } else {
            cmsPermissionCheckResult = I_CmsPermissionHandler.PERM_DENIED;
            if (LOG.isDebugEnabled()) {
                LOG.debug(Messages.get().getBundle().key(Messages.LOG_NO_PERMISSION_RESOURCE_USER_4, new Object[]{cmsDbContext.getRequestContext().removeSiteRoot(cmsResource.getRootPath()), cmsDbContext.currentUser().getName(), cmsPermissionSet.getPermissionString(), cmsPermissionSetCustom.getPermissionString()}));
            }
        }
        if (cmsDbContext.getProjectId().isNullUUID()) {
            OpenCms.getMemoryMonitor().cachePermission(cacheKeyForUserPermissions, cmsPermissionCheckResult);
        }
        return cmsPermissionCheckResult;
    }

    @Override // org.opencms.security.I_CmsPermissionHandler
    public void init(CmsDriverManager cmsDriverManager, CmsSystemConfiguration cmsSystemConfiguration) {
        this.m_driverManager = cmsDriverManager;
        this.m_securityManager = cmsDriverManager.getSecurityManager();
        String cacheKeyGenerator = cmsSystemConfiguration.getCacheSettings().getCacheKeyGenerator();
        try {
            this.m_keyGenerator = (I_CmsCacheKey) Class.forName(cacheKeyGenerator).newInstance();
        } catch (Exception e) {
            throw new CmsInitException(org.opencms.main.Messages.get().container(org.opencms.main.Messages.ERR_CRITICAL_CLASS_CREATION_1, cacheKeyGenerator), e);
        }
    }
}
