package com.liferay.object.service.impl;

import com.liferay.account.model.AccountEntryOrganizationRel;
import com.liferay.account.service.AccountEntryLocalService;
import com.liferay.account.service.AccountEntryOrganizationRelLocalService;
import com.liferay.object.configuration.ObjectConfiguration;
import com.liferay.object.entry.util.ObjectEntryThreadLocal;
import com.liferay.object.exception.ObjectDefinitionAccountEntryRestrictedException;
import com.liferay.object.exception.ObjectEntryCountException;
import com.liferay.object.model.ObjectDefinition;
import com.liferay.object.model.ObjectEntry;
import com.liferay.object.service.ObjectFieldLocalService;
import com.liferay.object.service.base.ObjectEntryServiceBaseImpl;
import com.liferay.object.service.persistence.ObjectDefinitionPersistence;
import com.liferay.osgi.service.tracker.collections.map.ServiceTrackerMap;
import com.liferay.osgi.service.tracker.collections.map.ServiceTrackerMapFactory;
import com.liferay.petra.function.transform.TransformUtil;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.aop.AopService;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.Organization;
import com.liferay.portal.kernel.model.ResourcePermission;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionCheckerFactory;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermissionRegistryUtil;
import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.ResourcePermissionLocalService;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserGroupRoleLocalService;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.MapUtil;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.object.configuration.ObjectConfiguration"}, property = {"json.web.service.context.name=object", "json.web.service.context.path=ObjectEntry"}, service = {AopService.class})
/* loaded from: input_file:com/liferay/object/service/impl/ObjectEntryServiceImpl.class */
public class ObjectEntryServiceImpl extends ObjectEntryServiceBaseImpl {

    @Reference
    private AccountEntryLocalService _accountEntryLocalService;

    @Reference
    private AccountEntryOrganizationRelLocalService _accountEntryOrganizationRelLocalService;

    @Reference
    private GroupLocalService _groupLocalService;
    private volatile ObjectConfiguration _objectConfiguration;

    @Reference
    private ObjectDefinitionPersistence _objectDefinitionPersistence;

    @Reference
    private ObjectFieldLocalService _objectFieldLocalService;

    @Reference
    private PermissionCheckerFactory _permissionCheckerFactory;
    private volatile ServiceTrackerMap<String, PortletResourcePermission> _portletResourcePermissionsServiceTrackerMap;

    @Reference
    private ResourcePermissionLocalService _resourcePermissionLocalService;

    @Reference
    private UserGroupRoleLocalService _userGroupRoleLocalService;

    public ObjectEntry addObjectEntry(long j, long j2, Map<String, Serializable> map, ServiceContext serviceContext) throws PortalException {
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            _checkPortletResourcePermission("ADD_OBJECT_ENTRY", j, j2, map);
        }
        _validateSubmissionLimit(j2, getUser());
        return this.objectEntryLocalService.addObjectEntry(getUserId(), j, j2, map, serviceContext);
    }

    public ObjectEntry addOrUpdateObjectEntry(String str, long j, long j2, Map<String, Serializable> map, ServiceContext serviceContext) throws PortalException {
        ObjectEntry fetchByERC_C_ODI = this.objectEntryPersistence.fetchByERC_C_ODI(str, serviceContext.getCompanyId(), j2);
        if (fetchByERC_C_ODI == null) {
            _checkPortletResourcePermission("ADD_OBJECT_ENTRY", j, j2, map);
        } else {
            checkModelResourcePermission(j2, fetchByERC_C_ODI.getObjectEntryId(), "UPDATE");
        }
        return this.objectEntryLocalService.addOrUpdateObjectEntry(str, getUserId(), j, j2, map, serviceContext);
    }

    public void checkModelResourcePermission(long j, long j2, String str) throws PortalException {
        ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(j).getClassName()).check(getPermissionChecker(), j2, str);
    }

    public ObjectEntry deleteObjectEntry(long j) throws PortalException {
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            _checkPermission("DELETE", this.objectEntryLocalService.getObjectEntry(j));
        }
        return this.objectEntryLocalService.deleteObjectEntry(j);
    }

    public ObjectEntry deleteObjectEntry(String str, long j, long j2) throws PortalException {
        ObjectEntry objectEntry = this.objectEntryLocalService.getObjectEntry(str, j, j2);
        _checkPermission("DELETE", objectEntry);
        return this.objectEntryLocalService.deleteObjectEntry(objectEntry);
    }

    public ObjectEntry fetchManyToOneObjectEntry(long j, long j2, long j3) throws PortalException {
        ObjectEntry fetchManyToOneObjectEntry = this.objectEntryLocalService.fetchManyToOneObjectEntry(j, j2, j3);
        if (fetchManyToOneObjectEntry != null && !ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            this.objectEntryService.checkModelResourcePermission(fetchManyToOneObjectEntry.getObjectDefinitionId(), fetchManyToOneObjectEntry.getObjectEntryId(), "VIEW");
        }
        return fetchManyToOneObjectEntry;
    }

    public ObjectEntry fetchObjectEntry(long j) throws PortalException {
        ObjectEntry fetchObjectEntry = this.objectEntryLocalService.fetchObjectEntry(j);
        if (fetchObjectEntry != null) {
            _checkPermission("VIEW", fetchObjectEntry);
        }
        return fetchObjectEntry;
    }

    public List<ObjectEntry> getManyToManyObjectEntries(long j, long j2, long j3, boolean z, boolean z2, String str, int i, int i2) throws PortalException {
        List<ObjectEntry> manyToManyObjectEntries = this.objectEntryLocalService.getManyToManyObjectEntries(j, j2, j3, z, z2, str, i, i2);
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            for (ObjectEntry objectEntry : manyToManyObjectEntries) {
                this.objectEntryService.checkModelResourcePermission(objectEntry.getObjectDefinitionId(), objectEntry.getObjectEntryId(), "VIEW");
            }
        }
        return manyToManyObjectEntries;
    }

    public int getManyToManyObjectEntriesCount(long j, long j2, long j3, boolean z, boolean z2, String str) throws PortalException {
        return this.objectEntryLocalService.getManyToManyObjectEntriesCount(j, j2, j3, z, z2, str);
    }

    public ModelResourcePermission<ObjectEntry> getModelResourcePermission(ObjectEntry objectEntry) throws PortalException {
        return ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(objectEntry.getObjectDefinitionId()).getClassName());
    }

    public ObjectEntry getObjectEntry(long j) throws PortalException {
        ObjectEntry objectEntry = this.objectEntryLocalService.getObjectEntry(j);
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            _checkPermission("VIEW", objectEntry);
        }
        return objectEntry;
    }

    public ObjectEntry getObjectEntry(String str, long j, long j2) throws PortalException {
        ObjectEntry objectEntry = this.objectEntryLocalService.getObjectEntry(str, j, j2);
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            _checkPermission("VIEW", objectEntry);
        }
        return objectEntry;
    }

    public List<ObjectEntry> getOneToManyObjectEntries(long j, long j2, long j3, boolean z, String str, int i, int i2) throws PortalException {
        List<ObjectEntry> oneToManyObjectEntries = this.objectEntryLocalService.getOneToManyObjectEntries(j, j2, j3, z, str, i, i2);
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            for (ObjectEntry objectEntry : oneToManyObjectEntries) {
                this.objectEntryService.checkModelResourcePermission(objectEntry.getObjectDefinitionId(), objectEntry.getObjectEntryId(), "VIEW");
            }
        }
        return oneToManyObjectEntries;
    }

    public int getOneToManyObjectEntriesCount(long j, long j2, long j3, boolean z, String str) throws PortalException {
        return this.objectEntryLocalService.getOneToManyObjectEntriesCount(j, j2, j3, z, str);
    }

    public boolean hasModelResourcePermission(long j, long j2, String str) throws PortalException {
        return ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(j).getClassName()).contains(getPermissionChecker(), j2, str);
    }

    public boolean hasModelResourcePermission(ObjectEntry objectEntry, String str) throws PortalException {
        return ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(objectEntry.getObjectDefinitionId()).getClassName()).contains(getPermissionChecker(), objectEntry, str);
    }

    public boolean hasModelResourcePermission(User user, long j, String str) throws PortalException {
        return ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(this.objectEntryLocalService.getObjectEntry(j).getObjectDefinitionId()).getClassName()).contains(this._permissionCheckerFactory.create(user), j, str);
    }

    public boolean hasPortletResourcePermission(long j, long j2, String str) throws PortalException {
        return _getPortletResourcePermission(j2).contains(getPermissionChecker(), j, str);
    }

    public ObjectEntry updateObjectEntry(long j, Map<String, Serializable> map, ServiceContext serviceContext) throws PortalException {
        ObjectEntry objectEntry = this.objectEntryLocalService.getObjectEntry(j);
        if (!ObjectEntryThreadLocal.isSkipObjectEntryResourcePermission()) {
            checkModelResourcePermission(objectEntry.getObjectDefinitionId(), objectEntry.getObjectEntryId(), "UPDATE");
        }
        return this.objectEntryLocalService.updateObjectEntry(getUserId(), j, map, serviceContext);
    }

    @Activate
    @Modified
    protected void activate(BundleContext bundleContext, Map<String, Object> map) {
        this._objectConfiguration = (ObjectConfiguration) ConfigurableUtil.createConfigurable(ObjectConfiguration.class, map);
        this._portletResourcePermissionsServiceTrackerMap = ServiceTrackerMapFactory.openSingleValueMap(bundleContext, PortletResourcePermission.class, "(&(com.liferay.object=true)(resource.name=*))", (serviceReference, emitter) -> {
            emitter.emit((String) serviceReference.getProperty("resource.name"));
        });
    }

    @Override // com.liferay.object.service.base.ObjectEntryServiceBaseImpl
    @Deactivate
    protected void deactivate() {
        this._portletResourcePermissionsServiceTrackerMap.close();
    }

    private void _checkPermission(String str, ObjectEntry objectEntry) throws PortalException {
        ModelResourcePermissionRegistryUtil.getModelResourcePermission(this._objectDefinitionPersistence.findByPrimaryKey(objectEntry.getObjectDefinitionId()).getClassName()).check(getPermissionChecker(), objectEntry, str);
    }

    private void _checkPortletResourcePermission(String str, long j, long j2, Map<String, Serializable> map) throws PortalException {
        PortletResourcePermission _getPortletResourcePermission = _getPortletResourcePermission(j2);
        PermissionChecker permissionChecker = getPermissionChecker();
        _getPortletResourcePermission.check(permissionChecker, j, str);
        if (permissionChecker.hasPermission(j, _getPortletResourcePermission.getResourceName(), 0L, str)) {
            return;
        }
        ObjectDefinition findByPrimaryKey = this._objectDefinitionPersistence.findByPrimaryKey(j2);
        if (findByPrimaryKey.isAccountEntryRestricted()) {
            long j3 = MapUtil.getLong(map, this._objectFieldLocalService.getObjectField(findByPrimaryKey.getAccountEntryRestrictedObjectFieldId()).getName());
            if (j3 == 0) {
                return;
            }
            if (!ArrayUtil.contains(ListUtil.toLongArray(this._accountEntryLocalService.getUserAccountEntries(getUserId(), 0L, (String) null, new String[]{"business", "person"}, 0, -1, -1), (v0) -> {
                return v0.getAccountEntryId();
            }), j3)) {
                throw new ObjectDefinitionAccountEntryRestrictedException(StringBundler.concat(new Object[]{"User ", Long.valueOf(getUserId()), " does not have access to account entry ", Long.valueOf(j3)}));
            }
            HashSet hashSet = new HashSet();
            hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), this._accountEntryLocalService.getAccountEntry(j3).getAccountEntryGroupId()), (v0) -> {
                return v0.getRoleId();
            }));
            Iterator it = this._accountEntryOrganizationRelLocalService.getAccountEntryOrganizationRels(j3).iterator();
            while (it.hasNext()) {
                Organization organization = ((AccountEntryOrganizationRel) it.next()).getOrganization();
                hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), this._groupLocalService.getOrganizationGroup(findByPrimaryKey.getCompanyId(), organization.getOrganizationId()).getGroupId()), (v0) -> {
                    return v0.getRoleId();
                }));
                Iterator it2 = organization.getAncestors().iterator();
                while (it2.hasNext()) {
                    hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), this._groupLocalService.getOrganizationGroup(findByPrimaryKey.getCompanyId(), ((Organization) it2.next()).getOrganizationId()).getGroupId()), (v0) -> {
                        return v0.getRoleId();
                    }));
                }
            }
            Iterator it3 = hashSet.iterator();
            while (it3.hasNext()) {
                ResourcePermission fetchResourcePermission = this._resourcePermissionLocalService.fetchResourcePermission(findByPrimaryKey.getCompanyId(), findByPrimaryKey.getResourceName(), 3, "0", ((Long) it3.next()).longValue());
                if (fetchResourcePermission != null && fetchResourcePermission.hasActionId(str)) {
                    return;
                }
            }
            throw new PrincipalException.MustHavePermission(permissionChecker, findByPrimaryKey.getResourceName(), 0L, new String[]{str});
        }
    }

    private PortletResourcePermission _getPortletResourcePermission(long j) throws PortalException {
        return (PortletResourcePermission) this._portletResourcePermissionsServiceTrackerMap.getService(this._objectDefinitionPersistence.findByPrimaryKey(j).getResourceName());
    }

    private void _validateSubmissionLimit(long j, User user) throws PortalException {
        if (user.isGuestUser()) {
            int countByU_ODI = this.objectEntryPersistence.countByU_ODI(user.getUserId(), j);
            long maximumNumberOfGuestUserObjectEntriesPerObjectDefinition = this._objectConfiguration.maximumNumberOfGuestUserObjectEntriesPerObjectDefinition();
            if (countByU_ODI >= maximumNumberOfGuestUserObjectEntriesPerObjectDefinition) {
                throw new ObjectEntryCountException(StringBundler.concat(new Object[]{"Unable to exceed ", Long.valueOf(maximumNumberOfGuestUserObjectEntriesPerObjectDefinition), " guest object entries for object definition ", Long.valueOf(j)}));
            }
        }
    }
}
