package org.eclipse.emf.emfstore.internal.server.accesscontrol;

import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Set;
import org.eclipse.emf.ecore.EObject;
import org.eclipse.emf.emfstore.internal.common.APIUtil;
import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
import org.eclipse.emf.emfstore.internal.server.core.MonitorProvider;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.exceptions.SessionTimedOutException;
import org.eclipse.emf.emfstore.internal.server.model.ProjectHistory;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACGroup;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnit;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ServerAdmin;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESGlobalProjectIdImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESGroupImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESProjectHistoryImpl;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESUserImpl;
import org.eclipse.emf.emfstore.internal.server.startup.EmfStoreValidator;
import org.eclipse.emf.emfstore.server.auth.ESAuthorizationService;
import org.eclipse.emf.emfstore.server.auth.ESMethod;
import org.eclipse.emf.emfstore.server.auth.ESMethodInvocation;
import org.eclipse.emf.emfstore.server.auth.ESOrgUnitResolver;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.auth.ESSessions;
import org.eclipse.emf.emfstore.server.model.ESGlobalProjectId;
import org.eclipse.emf.emfstore.server.model.ESGroup;
import org.eclipse.emf.emfstore.server.model.ESOrgUnit;
import org.eclipse.emf.emfstore.server.model.ESOrgUnitId;
import org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider;
import org.eclipse.emf.emfstore.server.model.ESProjectHistory;
import org.eclipse.emf.emfstore.server.model.ESSessionId;
import org.eclipse.emf.emfstore.server.model.ESUser;

/* loaded from: input_file:org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.class */
public class DefaultESAuthorizationService implements ESAuthorizationService {
    private EnumMap<ESMethod.MethodId, AccessLevel> accessMap;
    private ESSessions sessions;
    private ESOrgUnitResolver orgUnitResolver;
    private ESOrgUnitProvider orgUnitProvider;
    private final Predicate<Role> isServerAdminPredicate = new HasRolePredicate(ServerAdmin.class);
    private final Predicate<Role> isProjectAdminPredicate = new HasRolePredicate(ProjectAdminRole.class);
    private static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$DefaultESAuthorizationService$AccessLevel;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService$AccessLevel.class */
    public enum AccessLevel {
        PROJECT_READ,
        PROJECT_WRITE,
        PROJECT_ADMIN,
        SERVER_ADMIN,
        NONE;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static AccessLevel[] valuesCustom() {
            AccessLevel[] valuesCustom = values();
            int length = valuesCustom.length;
            AccessLevel[] accessLevelArr = new AccessLevel[length];
            System.arraycopy(valuesCustom, 0, accessLevelArr, 0, length);
            return accessLevelArr;
        }
    }

    private void initAccessMap() {
        if (this.accessMap != null) {
            return;
        }
        this.accessMap = new EnumMap<>(ESMethod.MethodId.class);
        addAccessMapping(AccessLevel.NONE, ESMethod.MethodId.GETVERSION);
        addAccessMapping(AccessLevel.PROJECT_READ, ESMethod.MethodId.GETPROJECT, ESMethod.MethodId.GETEMFPROPERTIES, ESMethod.MethodId.GETHISTORYINFO, ESMethod.MethodId.GETCHANGES, ESMethod.MethodId.RESOLVEVERSIONSPEC, ESMethod.MethodId.DOWNLOADFILECHUNK, ESMethod.MethodId.DOWNLOADCHANGEPACKAGEFRAGMENT);
        addAccessMapping(AccessLevel.PROJECT_WRITE, ESMethod.MethodId.SETEMFPROPERTIES, ESMethod.MethodId.TRANSMITPROPERTY, ESMethod.MethodId.UPLOADFILECHUNK, ESMethod.MethodId.CREATEVERSION, ESMethod.MethodId.UPLOADCHANGEPACKAGEFRAGMENT, ESMethod.MethodId.GETBRANCHES);
        addAccessMapping(AccessLevel.PROJECT_ADMIN, ESMethod.MethodId.DELETEPROJECT, ESMethod.MethodId.REMOVETAG, ESMethod.MethodId.ADDTAG);
        addAccessMapping(AccessLevel.SERVER_ADMIN, ESMethod.MethodId.IMPORTPROJECTHISTORYTOSERVER, ESMethod.MethodId.EXPORTPROJECTHISTORYFROMSERVER, ESMethod.MethodId.REGISTEREPACKAGE);
        if (ServerConfiguration.isProjectAdminPrivileg(ESProjectAdminPrivileges.ShareProject)) {
            addAccessMapping(AccessLevel.PROJECT_ADMIN, ESMethod.MethodId.CREATEPROJECT, ESMethod.MethodId.CREATEEMPTYPROJECT);
        } else {
            addAccessMapping(AccessLevel.SERVER_ADMIN, ESMethod.MethodId.CREATEPROJECT, ESMethod.MethodId.CREATEEMPTYPROJECT);
        }
        addAccessMapping(AccessLevel.NONE, ESMethod.MethodId.GETPROJECTLIST, ESMethod.MethodId.RESOLVEUSER);
    }

    private void addAccessMapping(AccessLevel accessLevel, ESMethod.MethodId... methodIdArr) {
        for (ESMethod.MethodId methodId : methodIdArr) {
            this.accessMap.put((EnumMap<ESMethod.MethodId, AccessLevel>) methodId, (ESMethod.MethodId) accessLevel);
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public boolean checkProjectAdminAccess(ESSessionId eSSessionId, ESGlobalProjectId eSGlobalProjectId) throws AccessControlException {
        checkSession(eSSessionId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        Iterable<Role> concat = Iterables.concat(orgUnit.getRoles(), APIUtil.toInternal(this.orgUnitResolver.getRolesFromGroups((ESOrgUnit) orgUnit.toAPI())));
        if (Iterables.any(concat, this.isServerAdminPredicate)) {
            return true;
        }
        ProjectId internal = APIUtil.toInternal(ProjectId.class, eSGlobalProjectId);
        for (Role role : concat) {
            if ((internal == null && ProjectAdminRole.class.isInstance(role)) || role.canAdministrate(internal)) {
                return false;
            }
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public void checkServerAdminAccess(ESSessionId eSSessionId) throws AccessControlException {
        checkSession(eSSessionId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        if (!Iterables.any(Iterables.concat(orgUnit.getRoles(), APIUtil.toInternal(this.orgUnitResolver.getRolesFromGroups((ESOrgUnit) orgUnit.toAPI()))), this.isServerAdminPredicate)) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public boolean checkProjectAdminAccessForOrgUnit(ESSessionId eSSessionId, ESOrgUnitId eSOrgUnitId) throws AccessControlException {
        checkSession(eSSessionId);
        cleanupPARole(eSOrgUnitId);
        List<Role> allRoles = getAllRoles(eSOrgUnitId);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean any = Iterables.any(getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId)).getRoles(), this.isServerAdminPredicate);
        for (Role role : allRoles) {
            if ((this.isServerAdminPredicate.apply(role) || this.isProjectAdminPredicate.apply(role)) && !any) {
                throw new AccessControlException(Messages.AccessControlImpl_Not_Allowed_To_Remove_Other_Admin);
            }
            linkedHashSet.addAll(role.getProjects());
        }
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        Iterator it = linkedHashSet.iterator();
        while (it.hasNext()) {
            linkedHashSet2.add((ESGlobalProjectId) ((ProjectId) it.next()).toAPI());
        }
        return checkProjectAdminAccessForOrgUnit(eSSessionId, eSOrgUnitId, linkedHashSet2);
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public boolean checkProjectAdminAccessForOrgUnit(ESSessionId eSSessionId, ESOrgUnitId eSOrgUnitId, Set<ESGlobalProjectId> set) throws AccessControlException {
        checkSession(eSSessionId);
        cleanupPARole(eSOrgUnitId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        if (Iterables.any(orgUnit.getRoles(), this.isServerAdminPredicate)) {
            return true;
        }
        try {
            ProjectAdminRole projectAdminRole = (ProjectAdminRole) Iterables.find(orgUnit.getRoles(), this.isProjectAdminPredicate);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            Iterator<ESGlobalProjectId> it = set.iterator();
            while (it.hasNext()) {
                linkedHashSet.add(APIUtil.toInternal(ProjectId.class, it.next()));
            }
            if (projectAdminRole.getProjects().containsAll(linkedHashSet)) {
                return false;
            }
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        } catch (NoSuchElementException unused) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public boolean checkProjectAdminAccess(ESSessionId eSSessionId, ESGlobalProjectId eSGlobalProjectId, ESProjectAdminPrivileges eSProjectAdminPrivileges) throws AccessControlException {
        checkSession(eSSessionId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        Iterable<Role> concat = Iterables.concat(orgUnit.getRoles(), APIUtil.toInternal(this.orgUnitResolver.getRolesFromGroups((ESOrgUnit) orgUnit.toAPI())));
        if (Iterables.any(concat, this.isServerAdminPredicate)) {
            return true;
        }
        for (Role role : concat) {
            if (ProjectAdminRole.class.isInstance(role)) {
                if (!ServerConfiguration.isProjectAdminPrivileg(eSProjectAdminPrivileges)) {
                    throw new AccessControlException(Messages.AccessControlImpl_PARole_Missing_Privilege);
                }
                if (eSGlobalProjectId == null || ((ProjectAdminRole) ProjectAdminRole.class.cast(role)).canAdministrate(APIUtil.toInternal(ProjectId.class, eSGlobalProjectId))) {
                    return false;
                }
                throw new AccessControlException(Messages.AccessControlImpl_PARole_Missing_Privilege);
            }
        }
        throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public void checkReadAccess(ESSessionId eSSessionId, ESGlobalProjectId eSGlobalProjectId, Set<EObject> set) throws AccessControlException {
        checkSession(eSSessionId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        if (!canRead(Iterables.concat(orgUnit.getRoles(), APIUtil.toInternal(this.orgUnitResolver.getRolesFromGroups((ESOrgUnit) orgUnit.toAPI()))), (ProjectId) APIUtil.toInternal(ProjectId.class, eSGlobalProjectId), null)) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    private boolean canWrite(Iterable<Role> iterable, ProjectId projectId, EObject eObject) {
        for (Role role : iterable) {
            if (role.canModify(projectId, eObject) || role.canCreate(projectId, eObject) || role.canDelete(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    private boolean canRead(Iterable<Role> iterable, ProjectId projectId, EObject eObject) throws AccessControlException {
        Iterator<Role> it = iterable.iterator();
        while (it.hasNext()) {
            if (it.next().canRead(projectId, eObject)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public void checkWriteAccess(ESSessionId eSSessionId, ESGlobalProjectId eSGlobalProjectId, Set<EObject> set) throws AccessControlException {
        checkSession(eSSessionId);
        ACUser orgUnit = getOrgUnit(this.sessions.resolveToOrgUnitId(eSSessionId));
        if (!canWrite(Iterables.concat(orgUnit.getRoles(), APIUtil.toInternal(this.orgUnitResolver.getRolesFromGroups((ESOrgUnit) orgUnit.toAPI()))), (ProjectId) APIUtil.toInternal(ProjectId.class, eSGlobalProjectId), null)) {
            throw new AccessControlException(Messages.AccessControlImpl_Insufficient_Rights);
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public void checkAccess(ESMethodInvocation eSMethodInvocation) throws AccessControlException {
        initAccessMap();
        AccessLevel accessLevel = this.accessMap.get(eSMethodInvocation.getType());
        if (accessLevel == null) {
            throw new AccessControlException(Messages.AccessControlImpl_No_Access);
        }
        switch ($SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$DefaultESAuthorizationService$AccessLevel()[accessLevel.ordinal()]) {
            case EmfStoreValidator.RESOLVEALL /* 1 */:
                ProjectId projectIdFromParameters = getProjectIdFromParameters(eSMethodInvocation);
                checkReadAccess(eSMethodInvocation.getSessionId(), projectIdFromParameters == null ? null : (ESGlobalProjectIdImpl) projectIdFromParameters.toAPI(), null);
                return;
            case EmfStoreValidator.MODELELEMENTID /* 2 */:
                ProjectId projectIdFromParameters2 = getProjectIdFromParameters(eSMethodInvocation);
                checkWriteAccess(eSMethodInvocation.getSessionId(), projectIdFromParameters2 == null ? null : (ESGlobalProjectIdImpl) projectIdFromParameters2.toAPI(), null);
                return;
            case 3:
                ProjectId projectIdFromParameters3 = getProjectIdFromParameters(eSMethodInvocation);
                checkProjectAdminAccess(eSMethodInvocation.getSessionId(), projectIdFromParameters3 == null ? null : (ESGlobalProjectIdImpl) projectIdFromParameters3.toAPI());
                return;
            case EmfStoreValidator.PROJECTGENERATION /* 4 */:
                checkServerAdminAccess(eSMethodInvocation.getSessionId());
                return;
            case 5:
                return;
            default:
                throw new AccessControlException(Messages.AccessControlImpl_Unknown_Access_Type);
        }
    }

    private ProjectId getProjectIdFromParameters(ESMethodInvocation eSMethodInvocation) {
        for (Object obj : eSMethodInvocation.getParameters()) {
            if (obj instanceof ProjectId) {
                return (ProjectId) obj;
            }
        }
        return null;
    }

    private void cleanupPARole(ESOrgUnitId eSOrgUnitId) throws AccessControlException {
        ProjectAdminRole projectAdminRole = null;
        Iterator<Role> it = getAllRoles(eSOrgUnitId).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role next = it.next();
            if (ProjectAdminRole.class.isInstance(next)) {
                projectAdminRole = (ProjectAdminRole) next;
                break;
            }
        }
        if (projectAdminRole == null) {
            return;
        }
        List projects = this.orgUnitProvider.getProjects();
        ArrayList arrayList = new ArrayList();
        Iterator it2 = projects.iterator();
        while (it2.hasNext()) {
            arrayList.add(((ESProjectHistoryImpl) ESProjectHistoryImpl.class.cast((ESProjectHistory) it2.next())).toInternalAPI());
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            linkedHashSet.add(((ProjectHistory) it3.next()).getProjectId());
        }
        for (ProjectId projectId : projectAdminRole.getProjects()) {
            if (!linkedHashSet.contains(projectId)) {
                linkedHashSet2.add(projectId);
            }
        }
        projectAdminRole.getProjects().removeAll(linkedHashSet2);
        if (projectAdminRole.getProjects().size() == 0) {
            getOrgUnit(eSOrgUnitId).getRoles().remove(projectAdminRole);
        }
    }

    private List<Role> getAllRoles(ESOrgUnitId eSOrgUnitId) throws AccessControlException {
        ACOrgUnit<?> orgUnit = getOrgUnit(eSOrgUnitId);
        List internal = APIUtil.toInternal(this.orgUnitResolver.getGroups((ESOrgUnit) orgUnit.toAPI()));
        ArrayList arrayList = new ArrayList();
        Iterator it = internal.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((ACGroup) it.next()).getRoles());
        }
        arrayList.addAll(orgUnit.getRoles());
        return arrayList;
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable, java.lang.Object] */
    private ACOrgUnit<?> getOrgUnit(ESOrgUnitId eSOrgUnitId) throws AccessControlException {
        Preconditions.checkNotNull(eSOrgUnitId, "orgUnitId must not be null");
        ACOrgUnitId internal = APIUtil.toInternal(ACOrgUnitId.class, eSOrgUnitId);
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            Iterator it = this.orgUnitProvider.getUsers().iterator();
            while (it.hasNext()) {
                ACUser internalAPI = ((ESUserImpl) ESUserImpl.class.cast((ESUser) it.next())).toInternalAPI();
                if (internalAPI.getId().equals(internal)) {
                    return internalAPI;
                }
            }
            Iterator it2 = this.orgUnitProvider.getGroups().iterator();
            while (it2.hasNext()) {
                ACGroup internalAPI2 = ((ESGroupImpl) ESGroupImpl.class.cast((ESGroup) it2.next())).toInternalAPI();
                if (internalAPI2.getId().equals(internal)) {
                    return internalAPI2;
                }
            }
            throw new AccessControlException(Messages.AccessControlImpl_Given_OrgUnit_Does_Not_Exist);
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESAuthorizationService
    public void init(ESSessions eSSessions, ESOrgUnitResolver eSOrgUnitResolver, ESOrgUnitProvider eSOrgUnitProvider) {
        this.sessions = eSSessions;
        this.orgUnitResolver = eSOrgUnitResolver;
        this.orgUnitProvider = eSOrgUnitProvider;
    }

    private void checkSession(ESSessionId eSSessionId) throws SessionTimedOutException {
        this.sessions.isValid(eSSessionId);
    }

    static /* synthetic */ int[] $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$DefaultESAuthorizationService$AccessLevel() {
        int[] iArr = $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$DefaultESAuthorizationService$AccessLevel;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[AccessLevel.valuesCustom().length];
        try {
            iArr2[AccessLevel.NONE.ordinal()] = 5;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[AccessLevel.PROJECT_ADMIN.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[AccessLevel.PROJECT_READ.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[AccessLevel.PROJECT_WRITE.ordinal()] = 2;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[AccessLevel.SERVER_ADMIN.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        $SWITCH_TABLE$org$eclipse$emf$emfstore$internal$server$accesscontrol$DefaultESAuthorizationService$AccessLevel = iArr2;
        return iArr2;
    }
}
