package com.adobe.cq.sites.ui.models.admin.security.permission;

import com.adobe.granite.activitystreams.Verbs;
import com.adobe.granite.security.user.util.AuthorizableUtil;
import com.day.cq.security.util.CqActions;
import java.io.StringWriter;
import java.util.Collection;
import java.util.Collections;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.apache.sling.models.annotations.Model;
import org.apache.sling.models.annotations.injectorspecific.Self;
import org.apache.sling.models.annotations.injectorspecific.SlingObject;
import org.apache.sling.models.annotations.injectorspecific.ValueMapValue;
import org.apache.sling.servlets.post.SlingPostConstants;

@Model(adaptables = {SlingHttpServletRequest.class})
/* loaded from: input_file:com/adobe/cq/sites/ui/models/admin/security/permission/Permissions.class */
public final class Permissions {

    @Self
    private SlingHttpServletRequest slingRequest;

    @ValueMapValue
    private String principalName;

    @ValueMapValue
    private String avatar;

    @Inject
    @SlingObject
    private Resource resource;

    @Inject
    private ResourceResolver resolver;
    private String label;
    private boolean aclEdit;
    private boolean read;
    private boolean modify;
    private boolean delete;
    private boolean replicate;
    private boolean create;
    private CqActions cqActions;

    @PostConstruct
    protected void initModel() throws RepositoryException {
        Session session = (Session) this.resolver.adaptTo(Session.class);
        PrincipalManager principalManager = ((JackrabbitSession) session).getPrincipalManager();
        AccessControlManager accessControlManager = session.getAccessControlManager();
        UserManager userManager = ((JackrabbitSession) session).getUserManager();
        if (StringUtils.isEmpty(this.principalName)) {
            return;
        }
        this.label = AuthorizableUtil.getFormattedName(this.resolver, userManager.getAuthorizable(principalManager.getPrincipal(this.principalName)).getID());
        if (StringUtils.isEmpty(this.label)) {
            this.label = this.principalName;
        }
        String parameter = this.slingRequest.getParameter("item");
        if (StringUtils.isNotEmpty(parameter) && ((JackrabbitSession) session).hasPermission(parameter, JackrabbitSession.ACTION_READ_ACCESS_CONTROL)) {
            this.cqActions = new CqActions(session);
            Collection<String> actions = getActions(accessControlManager, parameter, this.principalName, this.cqActions);
            if (actions != null) {
                this.read = actions.contains(Verbs.READ);
                this.modify = actions.contains(SlingPostConstants.OPERATION_MODIFY);
                this.delete = actions.contains("delete");
                this.replicate = actions.contains("replicate");
                this.create = actions.contains(Verbs.CREATE);
            }
            this.aclEdit = this.cqActions.getAllowedActions(parameter, null).contains("acl_edit");
        }
    }

    private Collection<String> getActions(AccessControlManager accessControlManager, String str, String str2, CqActions cqActions) throws RepositoryException {
        for (AccessControlList accessControlList : accessControlManager.getPolicies(str)) {
            if (accessControlList instanceof AccessControlList) {
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    if ((accessControlEntry instanceof JackrabbitAccessControlEntry) && accessControlEntry.getPrincipal() != null && str2.equals(accessControlEntry.getPrincipal().getName())) {
                        return cqActions.getAllowedActions(str, Collections.singleton(accessControlEntry.getPrincipal()));
                    }
                }
            }
        }
        return null;
    }

    public String getAclData() throws JSONException {
        StringWriter stringWriter = new StringWriter();
        JSONWriter jSONWriter = new JSONWriter(stringWriter);
        jSONWriter.object();
        jSONWriter.key("principalName").value(this.principalName);
        jSONWriter.key("label").value(this.label);
        jSONWriter.key("avatar").value(this.avatar);
        jSONWriter.key(Verbs.READ).value(this.read);
        jSONWriter.key(SlingPostConstants.OPERATION_MODIFY).value(this.modify);
        jSONWriter.key("delete").value(this.delete);
        jSONWriter.key("replicate").value(this.replicate);
        jSONWriter.key(Verbs.CREATE).value(this.create);
        jSONWriter.endObject();
        return stringWriter.toString();
    }

    public String getLabel() {
        return this.label;
    }

    public boolean canEditAcl() {
        return this.aclEdit;
    }

    public boolean canRead() {
        return this.read;
    }

    public boolean canModify() {
        return this.modify;
    }

    public boolean canDelete() {
        return this.delete;
    }

    public boolean canReplicate() {
        return this.replicate;
    }

    public boolean canCreate() {
        return this.create;
    }
}
