package com.liferay.portal.search.internal;

import com.liferay.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.exception.NoSuchResourceException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserGroupRole;
import com.liferay.portal.kernel.search.BooleanClauseOccur;
import com.liferay.portal.kernel.search.Document;
import com.liferay.portal.kernel.search.IndexerRegistry;
import com.liferay.portal.kernel.search.SearchContext;
import com.liferay.portal.kernel.search.SearchPermissionChecker;
import com.liferay.portal.kernel.search.filter.BooleanFilter;
import com.liferay.portal.kernel.search.filter.TermsFilter;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
import com.liferay.portal.kernel.security.permission.UserBag;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.ResourceBlockLocalService;
import com.liferay.portal.kernel.service.ResourcePermissionLocalService;
import com.liferay.portal.kernel.service.RoleLocalService;
import com.liferay.portal.kernel.service.UserGroupRoleLocalService;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.search.configuration.SearchPermissionCheckerConfiguration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.search.configuration.SearchPermissionCheckerConfiguration"}, immediate = true, service = {SearchPermissionChecker.class})
/* loaded from: input_file:com/liferay/portal/search/internal/SearchPermissionCheckerImpl.class */
public class SearchPermissionCheckerImpl implements SearchPermissionChecker {
    private static final Log _log = LogFactoryUtil.getLog(SearchPermissionCheckerImpl.class);

    @Reference
    private GroupLocalService _groupLocalService;

    @Reference
    private IndexerRegistry _indexerRegistry;

    @Reference
    private Portal _portal;

    @Reference
    private ResourceBlockLocalService _resourceBlockLocalService;

    @Reference
    private ResourcePermissionLocalService _resourcePermissionLocalService;

    @Reference
    private RoleLocalService _roleLocalService;
    private volatile SearchPermissionCheckerConfiguration _searchPermissionCheckerConfiguration;

    @Reference
    private UserGroupRoleLocalService _userGroupRoleLocalService;

    @Reference
    private UserLocalService _userLocalService;

    public void addPermissionFields(long j, Document document) {
        try {
            long j2 = GetterUtil.getLong(document.get("groupId"));
            String str = document.get("entryClassName");
            String str2 = document.get("entryClassPK");
            if (Validator.isNull(str) && Validator.isNull(str2)) {
                str = document.get("rootEntryClassName");
                str2 = document.get("rootEntryClassPK");
            }
            if (GetterUtil.getBoolean(document.get("relatedEntry"))) {
                str = this._portal.getClassName(GetterUtil.getLong(document.get("classNameId")));
                str2 = document.get("classPK");
            }
            if (Validator.isNull(str) || Validator.isNull(str2) || !this._indexerRegistry.nullSafeGetIndexer(str).isPermissionAware()) {
                return;
            }
            doAddPermissionFields_6(j, j2, str, str2, document);
        } catch (Exception e) {
            _log.error(e, e);
        } catch (NoSuchResourceException e2) {
            if (_log.isDebugEnabled()) {
                _log.debug(e2, e2);
            }
        }
    }

    public BooleanFilter getPermissionBooleanFilter(long j, long[] jArr, long j2, String str, BooleanFilter booleanFilter, SearchContext searchContext) {
        try {
            booleanFilter = doGetPermissionBooleanFilter(j, jArr, j2, str, booleanFilter, searchContext);
        } catch (Exception e) {
            _log.error(e, e);
        }
        return booleanFilter;
    }

    public void updatePermissionFields(String str, String str2) {
        try {
            doUpdatePermissionFields(str, str2);
        } catch (Exception e) {
            _log.error(e, e);
        }
    }

    @Activate
    @Modified
    protected void activate(Map<String, Object> map) {
        this._searchPermissionCheckerConfiguration = (SearchPermissionCheckerConfiguration) ConfigurableUtil.createConfigurable(SearchPermissionCheckerConfiguration.class, map);
    }

    protected void addRequiredMemberRole(Group group, TermsFilter termsFilter) throws Exception {
        if (group.isOrganization()) {
            termsFilter.addValue(group.getGroupId() + "-" + this._roleLocalService.getRole(group.getCompanyId(), "Organization User").getRoleId());
        }
        if (group.isSite()) {
            termsFilter.addValue(group.getGroupId() + "-" + this._roleLocalService.getRole(group.getCompanyId(), "Site Member").getRoleId());
        }
    }

    protected void doAddPermissionFields_6(long j, long j2, String str, String str2, Document document) throws Exception {
        List<Role> roles = this._resourceBlockLocalService.isSupported(str) ? this._resourceBlockLocalService.getRoles(str, Long.valueOf(str2).longValue(), "VIEW") : this._resourcePermissionLocalService.getRoles(j, str, 4, str2, "VIEW");
        if (roles.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Role role : roles) {
            if (role.getType() == 3 || role.getType() == 2) {
                arrayList2.add(j2 + "-" + role.getRoleId());
            } else {
                arrayList.add(Long.valueOf(role.getRoleId()));
            }
        }
        document.addKeyword("roleId", (Long[]) arrayList.toArray(new Long[arrayList.size()]));
        document.addKeyword("groupRoleId", (String[]) arrayList2.toArray(new String[arrayList2.size()]));
    }

    protected BooleanFilter doGetPermissionBooleanFilter(long j, long[] jArr, long j2, String str, BooleanFilter booleanFilter, SearchContext searchContext) throws Exception {
        if (!this._indexerRegistry.getIndexer(str).isPermissionAware()) {
            return booleanFilter;
        }
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        User user = permissionChecker.getUser();
        if (user == null || user.getUserId() != j2) {
            User fetchUser = this._userLocalService.fetchUser(j2);
            if (fetchUser == null) {
                return booleanFilter;
            }
            permissionChecker = PermissionCheckerFactoryUtil.create(fetchUser);
        }
        if (permissionChecker.getUserBag() == null) {
            return booleanFilter;
        }
        ArrayList arrayList = new ArrayList(ListUtil.toList(jArr));
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        LinkedHashSet linkedHashSet3 = new LinkedHashSet();
        HashMap hashMap = new HashMap();
        populate(j, arrayList, j2, permissionChecker, linkedHashSet, linkedHashSet2, linkedHashSet3, hashMap, searchContext);
        return doGetPermissionFilter_6(j, arrayList, j2, permissionChecker, str, booleanFilter, linkedHashSet, linkedHashSet2, linkedHashSet3, hashMap);
    }

    protected BooleanFilter doGetPermissionFilter_6(long j, List<Long> list, long j2, PermissionChecker permissionChecker, String str, BooleanFilter booleanFilter, Set<Group> set, Set<Role> set2, Set<UserGroupRole> set3, Map<Long, List<Role>> map) throws Exception {
        BooleanFilter booleanFilter2 = new BooleanFilter();
        if (j2 > 0) {
            booleanFilter2.addTerm("userId", j2);
        }
        TermsFilter termsFilter = new TermsFilter("groupId");
        TermsFilter termsFilter2 = new TermsFilter("groupRoleId");
        TermsFilter termsFilter3 = new TermsFilter("roleId");
        for (Role role : set2) {
            String name = role.getName();
            if (!name.equals("Administrator") && !this._resourcePermissionLocalService.hasResourcePermission(j, str, 1, String.valueOf(j), role.getRoleId(), "VIEW")) {
                if (role.getType() == 1 && this._resourcePermissionLocalService.hasResourcePermission(j, str, 3, String.valueOf(0L), role.getRoleId(), "VIEW")) {
                    return booleanFilter;
                }
                for (Group group : set) {
                    if (permissionChecker.isGroupAdmin(group.getGroupId()) || this._resourcePermissionLocalService.hasResourcePermission(j, str, 2, String.valueOf(group.getGroupId()), role.getRoleId(), "VIEW")) {
                        termsFilter.addValue(String.valueOf(group.getGroupId()));
                    }
                    if (role.getType() != 1 && this._resourcePermissionLocalService.hasResourcePermission(j, str, 3, String.valueOf(0L), role.getRoleId(), "VIEW") && map.get(Long.valueOf(group.getGroupId())).contains(role)) {
                        termsFilter.addValue(String.valueOf(group.getGroupId()));
                    }
                    if (group.isSite() && !name.equals("Site Member") && role.getType() == 2) {
                        termsFilter2.addValue(group.getGroupId() + "-" + role.getRoleId());
                    }
                }
                if (ListUtil.isNotEmpty(list)) {
                    Iterator<Long> it = list.iterator();
                    while (it.hasNext()) {
                        long longValue = it.next().longValue();
                        if (this._resourcePermissionLocalService.hasResourcePermission(j, str, 2, String.valueOf(longValue), role.getRoleId(), "VIEW")) {
                            termsFilter.addValue(String.valueOf(longValue));
                        }
                    }
                }
                termsFilter3.addValue(String.valueOf(role.getRoleId()));
            }
            return booleanFilter;
        }
        Iterator<Group> it2 = set.iterator();
        while (it2.hasNext()) {
            addRequiredMemberRole(it2.next(), termsFilter2);
        }
        for (UserGroupRole userGroupRole : set3) {
            termsFilter2.addValue(userGroupRole.getGroupId() + "-" + userGroupRole.getRoleId());
        }
        if (!termsFilter.isEmpty()) {
            booleanFilter2.add(termsFilter);
        }
        if (!termsFilter2.isEmpty()) {
            booleanFilter2.add(termsFilter2);
        }
        if (!termsFilter3.isEmpty()) {
            booleanFilter2.add(termsFilter3);
        }
        if (!booleanFilter2.hasClauses()) {
            return booleanFilter;
        }
        BooleanFilter booleanFilter3 = new BooleanFilter();
        if (booleanFilter != null && booleanFilter.hasClauses()) {
            booleanFilter3.add(booleanFilter, BooleanClauseOccur.MUST);
        }
        booleanFilter3.add(booleanFilter2, BooleanClauseOccur.MUST);
        return booleanFilter3;
    }

    protected void doUpdatePermissionFields(String str, String str2) throws Exception {
        this._indexerRegistry.nullSafeGetIndexer(str).reindex(str, GetterUtil.getLong(str2));
    }

    protected void populate(long j, List<Long> list, long j2, PermissionChecker permissionChecker, Set<Group> set, Set<Role> set2, Set<UserGroupRole> set3, Map<Long, List<Role>> map, SearchContext searchContext) throws Exception {
        UserBag userBag = permissionChecker.getUserBag();
        if (permissionChecker.isSignedIn()) {
            set2.addAll(userBag.getRoles());
            set2.add(this._roleLocalService.getRole(j, "Guest"));
        } else {
            set2.addAll(this._roleLocalService.getUserRelatedRoles(j2, Collections.singletonList(this._groupLocalService.getGroup(j, "Guest"))));
        }
        if (GetterUtil.getLong(searchContext.getAttribute("groupId")) == 0 && this._searchPermissionCheckerConfiguration.includeInheritedPermissions()) {
            set.addAll(this._groupLocalService.getUserGroups(j2, true));
            for (Group group : set) {
                if (!list.contains(Long.valueOf(group.getGroupId()))) {
                    list.add(Long.valueOf(group.getGroupId()));
                }
            }
        }
        if (ListUtil.isEmpty(list)) {
            set.addAll(this._groupLocalService.getUserGroups(j2, true));
            set.addAll(userBag.getGroups());
            set3.addAll(this._userGroupRoleLocalService.getUserGroupRoles(j2));
        } else {
            Iterator<Long> it = list.iterator();
            while (it.hasNext()) {
                long longValue = it.next().longValue();
                if (this._groupLocalService.hasUserGroup(j2, longValue)) {
                    set.add(this._groupLocalService.getGroup(longValue));
                }
                set3.addAll(this._userGroupRoleLocalService.getUserGroupRoles(j2, longValue));
                set3.addAll(this._userGroupRoleLocalService.getUserGroupRolesByUserUserGroupAndGroup(j2, longValue));
            }
        }
        if (permissionChecker.isSignedIn()) {
            set2.add(this._roleLocalService.getRole(j, "Guest"));
        }
        for (Group group2 : set) {
            List<Role> roles = this._roleLocalService.getRoles(permissionChecker.getRoleIds(j2, group2.getGroupId()));
            map.put(Long.valueOf(group2.getGroupId()), roles);
            set2.addAll(roles);
        }
    }
}
