package org.sakaiproject.authz.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Stack;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroupService;
import org.sakaiproject.authz.api.SecurityAdvisor;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.entity.api.EntityManager;
import org.sakaiproject.memory.api.MemoryService;
import org.sakaiproject.memory.api.MultiRefCache;
import org.sakaiproject.thread_local.api.ThreadLocalManager;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.api.UserDirectoryService;

/* loaded from: input_file:WEB-INF/lib/sakai-authz-impl-dev.jar:org/sakaiproject/authz/impl/SakaiSecurity.class */
public abstract class SakaiSecurity implements SecurityService {
    private static Log M_log = LogFactory.getLog(SakaiSecurity.class);
    protected static final String ADVISOR_STACK = "SakaiSecurity.advisor.stack";
    protected MultiRefCache m_callCache = null;
    protected int m_cacheMinutes = 3;

    protected abstract ThreadLocalManager threadLocalManager();

    protected abstract AuthzGroupService authzGroupService();

    protected abstract UserDirectoryService userDirectoryService();

    protected abstract MemoryService memoryService();

    protected abstract EntityManager entityManager();

    public void setCacheMinutes(String str) {
        this.m_cacheMinutes = Integer.parseInt(str);
    }

    public void init() {
        if (this.m_cacheMinutes > 0) {
            this.m_callCache = memoryService().newMultiRefCache(900L);
        }
        M_log.info("init() - caching minutes: " + this.m_cacheMinutes);
    }

    public void destroy() {
        M_log.info("destroy()");
    }

    public boolean isSuperUser() {
        User currentUser = userDirectoryService().getCurrentUser();
        if (currentUser == null) {
            return false;
        }
        return isSuperUser(currentUser.getId());
    }

    public boolean isSuperUser(String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        String str2 = "super@" + str;
        if (this.m_callCache != null && this.m_callCache.containsKey(str2)) {
            return ((Boolean) this.m_callCache.get(str2)).booleanValue();
        }
        boolean z = false;
        if ("admin".equalsIgnoreCase(str)) {
            z = true;
        } else if ("postmaster".equalsIgnoreCase(str)) {
            z = true;
        } else if (authzGroupService().isAllowed(str, "site.upd", "/site/!admin")) {
            z = true;
        }
        if (this.m_callCache != null) {
            Vector vector = new Vector();
            vector.add("/site/!admin");
            this.m_callCache.put(str2, Boolean.valueOf(z), this.m_cacheMinutes * 60, (String) null, vector);
        }
        return z;
    }

    public boolean unlock(String str, String str2) {
        return unlock(userDirectoryService().getCurrentUser(), str, str2);
    }

    public boolean unlock(User user, String str, String str2) {
        User user2 = user;
        if (user2 == null) {
            user2 = userDirectoryService().getCurrentUser();
        }
        return unlock(user2.getId(), str, str2);
    }

    public boolean unlock(String str, String str2, String str3) {
        return unlock(str, str2, str3, null);
    }

    public boolean unlock(String str, String str2, String str3, Collection collection) {
        SecurityAdvisor.SecurityAdvice adviseIsAllowed;
        if (str == null || str2 == null || str3 == null) {
            M_log.warn("unlock(): null: " + str + " " + str2 + " " + str3);
            return false;
        }
        if (isSuperUser(str)) {
            return true;
        }
        return (!hasAdvisors() || (adviseIsAllowed = adviseIsAllowed(str, str2, str3)) == SecurityAdvisor.SecurityAdvice.PASS) ? checkAuthzGroups(str, str2, str3, collection) : adviseIsAllowed == SecurityAdvisor.SecurityAdvice.ALLOWED;
    }

    protected boolean checkAuthzGroups(String str, String str2, String str3, Collection collection) {
        String str4 = "unlock@" + str + "@" + str2 + "@" + str3;
        if (this.m_callCache != null && this.m_callCache.containsKey(str4)) {
            return ((Boolean) this.m_callCache.get(str4)).booleanValue();
        }
        if (collection == null) {
            collection = entityManager().newReference(str3).getAuthzGroups(str);
        }
        boolean isAllowed = authzGroupService().isAllowed(str, str2, collection);
        if (this.m_callCache != null) {
            this.m_callCache.put(str4, Boolean.valueOf(isAllowed), this.m_cacheMinutes * 60, str3, collection);
        }
        return isAllowed;
    }

    public List unlockUsers(String str, String str2) {
        if (str2 == null) {
            M_log.warn("unlockUsers(): null resource: " + str);
            return new Vector();
        }
        Collection authzGroups = entityManager().newReference(str2).getAuthzGroups();
        Vector vector = new Vector();
        vector.addAll(authzGroupService().getUsersIsAllowed(str, authzGroups));
        List users = userDirectoryService().getUsers(vector);
        Collections.sort(users);
        return users;
    }

    protected Stack getAdvisorStack(boolean z) {
        Stack stack = (Stack) threadLocalManager().get(ADVISOR_STACK);
        if (stack == null && z) {
            stack = new Stack();
            threadLocalManager().set(ADVISOR_STACK, stack);
        }
        return stack;
    }

    protected void dropAdvisorStack() {
        threadLocalManager().set(ADVISOR_STACK, (Object) null);
    }

    protected SecurityAdvisor.SecurityAdvice adviseIsAllowed(String str, String str2, String str3) {
        Stack advisorStack = getAdvisorStack(false);
        if (advisorStack == null || advisorStack.isEmpty()) {
            return SecurityAdvisor.SecurityAdvice.PASS;
        }
        for (int size = advisorStack.size() - 1; size >= 0; size--) {
            SecurityAdvisor.SecurityAdvice isAllowed = ((SecurityAdvisor) advisorStack.elementAt(size)).isAllowed(str, str2, str3);
            if (isAllowed != SecurityAdvisor.SecurityAdvice.PASS) {
                return isAllowed;
            }
        }
        return SecurityAdvisor.SecurityAdvice.PASS;
    }

    public void pushAdvisor(SecurityAdvisor securityAdvisor) {
        getAdvisorStack(true).push(securityAdvisor);
    }

    public SecurityAdvisor popAdvisor() {
        Stack advisorStack = getAdvisorStack(false);
        if (advisorStack == null) {
            return null;
        }
        SecurityAdvisor securityAdvisor = null;
        if (advisorStack.size() > 0) {
            securityAdvisor = (SecurityAdvisor) advisorStack.pop();
        }
        if (advisorStack.isEmpty()) {
            dropAdvisorStack();
        }
        return securityAdvisor;
    }

    public boolean hasAdvisors() {
        Stack advisorStack = getAdvisorStack(false);
        return (advisorStack == null || advisorStack.isEmpty()) ? false : true;
    }

    public void clearAdvisors() {
        dropAdvisorStack();
    }
}
