package org.linagora.linshare.core.rac.impl;

import java.util.Iterator;
import org.apache.commons.lang.Validate;
import org.linagora.linshare.core.domain.constants.PermissionType;
import org.linagora.linshare.core.domain.constants.TechnicalAccountPermissionType;
import org.linagora.linshare.core.domain.entities.Account;
import org.linagora.linshare.core.domain.entities.AccountPermission;
import org.linagora.linshare.core.exception.BusinessErrorCode;
import org.linagora.linshare.core.exception.BusinessException;
import org.linagora.linshare.core.rac.AbstractResourceAccessControl;
import org.linagora.linshare.core.service.FunctionalityReadOnlyService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/core/rac/impl/AbstractResourceAccessControlImpl.class */
public abstract class AbstractResourceAccessControlImpl<A, R, E> implements AbstractResourceAccessControl<A, R, E> {
    protected final FunctionalityReadOnlyService functionalityService;
    protected static Logger logger = LoggerFactory.getLogger(AbstractResourceAccessControlImpl.class);

    public AbstractResourceAccessControlImpl(FunctionalityReadOnlyService functionalityReadOnlyService) {
        this.functionalityService = functionalityReadOnlyService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean hasReadPermission(Account account, A a, E e, Object... objArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean hasListPermission(Account account, A a, E e, Object... objArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean hasDeletePermission(Account account, A a, E e, Object... objArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean hasCreatePermission(Account account, A a, E e, Object... objArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean hasUpdatePermission(Account account, A a, E e, Object... objArr);

    protected abstract String getTargetedAccountRepresentation(A a);

    protected A getOwner(E e, Object... objArr) {
        return null;
    }

    protected R getRecipient(E e) {
        return null;
    }

    protected String getRecipientRepresentation(E e) {
        return null;
    }

    protected abstract String getEntryRepresentation(E e);

    /* JADX INFO: Access modifiers changed from: protected */
    public void appendOwner(StringBuilder sb, E e, Object... objArr) {
        String ownerRepresentation;
        A owner = getOwner(e, objArr);
        if (owner == null || (ownerRepresentation = getOwnerRepresentation(owner)) == null) {
            return;
        }
        sb.append(" owned by : ");
        sb.append(ownerRepresentation);
    }

    protected String getOwnerRepresentation(A a) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public StringBuilder getActorStringBuilder(Account account) {
        StringBuilder sb = new StringBuilder("Actor ");
        sb.append(account.getAccountReprentation());
        return sb;
    }

    protected boolean isAuthorized(Account account, A a, PermissionType permissionType, E e, Class<?> cls, Object... objArr) {
        Validate.notNull(account);
        Validate.notNull(a);
        Validate.notNull(permissionType);
        if (account.hasAllRights()) {
            return true;
        }
        if (permissionType.equals(PermissionType.GET)) {
            if (hasReadPermission(account, a, e, objArr)) {
                return true;
            }
        } else if (permissionType.equals(PermissionType.LIST)) {
            if (hasListPermission(account, a, e, objArr)) {
                return true;
            }
        } else if (permissionType.equals(PermissionType.CREATE)) {
            if (hasCreatePermission(account, a, e, objArr)) {
                return true;
            }
        } else if (permissionType.equals(PermissionType.UPDATE)) {
            if (hasUpdatePermission(account, a, e, objArr)) {
                return true;
            }
        } else if (permissionType.equals(PermissionType.DELETE) && hasDeletePermission(account, a, e, objArr)) {
            return true;
        }
        if (cls == null) {
            return false;
        }
        StringBuilder actorStringBuilder = getActorStringBuilder(account);
        actorStringBuilder.append(" is trying to access to unauthorized resource named ");
        actorStringBuilder.append(cls.toString());
        appendOwner(actorStringBuilder, e, objArr);
        logger.error(actorStringBuilder.toString());
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(Account account, TechnicalAccountPermissionType technicalAccountPermissionType) {
        boolean z = false;
        Iterator<AccountPermission> it2 = account.getPermission().getAccountPermissions().iterator();
        while (!z && it2.hasNext()) {
            z = it2.next().getPermission().equals(technicalAccountPermissionType);
        }
        logger.debug(technicalAccountPermissionType.toString() + " : " + z);
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean defaultPermissionCheck(Account account, Account account2, E e, TechnicalAccountPermissionType technicalAccountPermissionType) {
        return account.hasDelegationRole() ? hasPermission(account, technicalAccountPermissionType) : (account.isInternal() || account.isGuest()) && account2 != null && account.equals(account2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkPermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, PermissionType permissionType, String str, String str2, Object... objArr) throws BusinessException {
        if (isAuthorized(account, a, permissionType, e, cls, objArr)) {
            return;
        }
        StringBuilder actorStringBuilder = getActorStringBuilder(account);
        actorStringBuilder.append(str);
        if (e != null) {
            actorStringBuilder.append(getEntryRepresentation(e));
        }
        if (a != null) {
            actorStringBuilder.append(" for targeted account : ");
            actorStringBuilder.append(getTargetedAccountRepresentation(a));
        }
        logger.error(actorStringBuilder.toString());
        throw new BusinessException(businessErrorCode, str2);
    }

    @Override // org.linagora.linshare.core.rac.AbstractResourceAccessControl
    public void checkReadPermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, Object... objArr) throws BusinessException {
        checkPermission(account, a, cls, businessErrorCode, e, PermissionType.GET, " is not authorized to get the entry ", "You are not authorized to get this entry.", objArr);
    }

    @Override // org.linagora.linshare.core.rac.AbstractResourceAccessControl
    public void checkListPermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, Object... objArr) throws BusinessException {
        checkPermission(account, a, cls, businessErrorCode, e, PermissionType.LIST, " is not authorized to list all entries ", "You are not authorized to list all entries.", objArr);
    }

    @Override // org.linagora.linshare.core.rac.AbstractResourceAccessControl
    public void checkCreatePermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, Object... objArr) throws BusinessException {
        checkPermission(account, a, cls, businessErrorCode, e, PermissionType.CREATE, " is not authorized to create an entry ", "You are not authorized to create an entry.", objArr);
    }

    @Override // org.linagora.linshare.core.rac.AbstractResourceAccessControl
    public void checkUpdatePermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, Object... objArr) throws BusinessException {
        checkPermission(account, a, cls, businessErrorCode, e, PermissionType.UPDATE, " is not authorized to update the entry ", "You are not authorized to update this entry.", objArr);
    }

    @Override // org.linagora.linshare.core.rac.AbstractResourceAccessControl
    public void checkDeletePermission(Account account, A a, Class<?> cls, BusinessErrorCode businessErrorCode, E e, Object... objArr) throws BusinessException {
        checkPermission(account, a, cls, businessErrorCode, e, PermissionType.DELETE, " is not authorized to delete the entry ", "You are not authorized to delete this entry.", objArr);
    }
}
