package com.liferay.object.internal.security.permission.resource;

import com.liferay.account.constants.AccountConstants;
import com.liferay.account.model.AccountEntry;
import com.liferay.account.model.AccountEntryOrganizationRel;
import com.liferay.account.service.AccountEntryLocalService;
import com.liferay.account.service.AccountEntryOrganizationRelLocalService;
import com.liferay.object.model.ObjectAction;
import com.liferay.object.model.ObjectDefinition;
import com.liferay.object.model.ObjectEntry;
import com.liferay.object.service.ObjectActionLocalService;
import com.liferay.object.service.ObjectDefinitionLocalService;
import com.liferay.object.service.ObjectEntryLocalService;
import com.liferay.object.service.ObjectFieldLocalService;
import com.liferay.petra.function.transform.TransformUtil;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.Organization;
import com.liferay.portal.kernel.model.ResourcePermission;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.ResourcePermissionLocalService;
import com.liferay.portal.kernel.service.UserGroupRoleLocalService;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.MapUtil;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;

/* loaded from: input_file:com/liferay/object/internal/security/permission/resource/ObjectEntryModelResourcePermission.class */
public class ObjectEntryModelResourcePermission implements ModelResourcePermission<ObjectEntry> {
    private final AccountEntryLocalService _accountEntryLocalService;
    private final AccountEntryOrganizationRelLocalService _accountEntryOrganizationRelLocalService;
    private final GroupLocalService _groupLocalService;
    private final String _modelName;
    private final ObjectActionLocalService _objectActionLocalService;
    private final ObjectDefinitionLocalService _objectDefinitionLocalService;
    private final ObjectEntryLocalService _objectEntryLocalService;
    private final ObjectFieldLocalService _objectFieldLocalService;
    private final PortletResourcePermission _portletResourcePermission;
    private final ResourcePermissionLocalService _resourcePermissionLocalService;
    private final UserGroupRoleLocalService _userGroupRoleLocalService;

    public ObjectEntryModelResourcePermission(AccountEntryLocalService accountEntryLocalService, AccountEntryOrganizationRelLocalService accountEntryOrganizationRelLocalService, GroupLocalService groupLocalService, String str, ObjectActionLocalService objectActionLocalService, ObjectDefinitionLocalService objectDefinitionLocalService, ObjectEntryLocalService objectEntryLocalService, ObjectFieldLocalService objectFieldLocalService, PortletResourcePermission portletResourcePermission, ResourcePermissionLocalService resourcePermissionLocalService, UserGroupRoleLocalService userGroupRoleLocalService) {
        this._accountEntryLocalService = accountEntryLocalService;
        this._accountEntryOrganizationRelLocalService = accountEntryOrganizationRelLocalService;
        this._groupLocalService = groupLocalService;
        this._modelName = str;
        this._objectActionLocalService = objectActionLocalService;
        this._objectDefinitionLocalService = objectDefinitionLocalService;
        this._objectEntryLocalService = objectEntryLocalService;
        this._objectFieldLocalService = objectFieldLocalService;
        this._portletResourcePermission = portletResourcePermission;
        this._resourcePermissionLocalService = resourcePermissionLocalService;
        this._userGroupRoleLocalService = userGroupRoleLocalService;
    }

    public void check(PermissionChecker permissionChecker, long j, String str) throws PortalException {
        if (contains(permissionChecker, j, str)) {
            return;
        }
        _throwPrincipalException(str, this._objectEntryLocalService.getObjectEntry(j), permissionChecker);
    }

    public void check(PermissionChecker permissionChecker, ObjectEntry objectEntry, String str) throws PortalException {
        if (contains(permissionChecker, objectEntry, str)) {
            return;
        }
        _throwPrincipalException(str, objectEntry, permissionChecker);
    }

    public boolean contains(PermissionChecker permissionChecker, long j, String str) throws PortalException {
        return contains(permissionChecker, this._objectEntryLocalService.getObjectEntry(j), str);
    }

    public boolean contains(PermissionChecker permissionChecker, ObjectEntry objectEntry, String str) throws PortalException {
        if (objectEntry.getRootObjectEntryId() != 0 && !_isObjectActionName(str, objectEntry.getObjectDefinitionId())) {
            ObjectEntry fetchObjectEntry = this._objectEntryLocalService.fetchObjectEntry(objectEntry.getRootObjectEntryId());
            if (fetchObjectEntry == null) {
                return true;
            }
            objectEntry = fetchObjectEntry;
        }
        User user = permissionChecker.getUser();
        ObjectDefinition objectDefinition = this._objectDefinitionLocalService.getObjectDefinition(objectEntry.getObjectDefinitionId());
        if (user.isGuestUser()) {
            return permissionChecker.hasPermission(objectEntry.getGroupId(), objectDefinition.getClassName(), objectEntry.getObjectEntryId(), str);
        }
        if (permissionChecker.hasOwnerPermission(permissionChecker.getCompanyId(), objectDefinition.getClassName(), objectEntry.getObjectEntryId(), objectEntry.getUserId(), str) || permissionChecker.hasPermission(objectEntry.getGroupId(), objectDefinition.getClassName(), objectEntry.getObjectEntryId(), str)) {
            return true;
        }
        if (!objectDefinition.isAccountEntryRestricted()) {
            return false;
        }
        long j = MapUtil.getLong(objectEntry.getValues(), this._objectFieldLocalService.getObjectField(objectDefinition.getAccountEntryRestrictedObjectFieldId()).getName());
        if (j == 0) {
            return true;
        }
        AccountEntry accountEntry = this._accountEntryLocalService.getAccountEntry(j);
        if (Objects.equals(str, "VIEW")) {
            return ArrayUtil.contains(ListUtil.toLongArray(this._accountEntryLocalService.getUserAccountEntries(permissionChecker.getUserId(), 0L, (String) null, AccountConstants.ACCOUNT_ENTRY_TYPES_DEFAULT_ALLOWED_TYPES, 0, -1, -1), (v0) -> {
                return v0.getAccountEntryId();
            }), j);
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), accountEntry.getAccountEntryGroupId()), (v0) -> {
            return v0.getRoleId();
        }));
        Iterator it = this._accountEntryOrganizationRelLocalService.getAccountEntryOrganizationRels(j).iterator();
        while (it.hasNext()) {
            Organization organization = ((AccountEntryOrganizationRel) it.next()).getOrganization();
            hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), this._groupLocalService.getOrganizationGroup(objectDefinition.getCompanyId(), organization.getOrganizationId()).getGroupId()), (v0) -> {
                return v0.getRoleId();
            }));
            Iterator it2 = organization.getAncestors().iterator();
            while (it2.hasNext()) {
                hashSet.addAll(TransformUtil.transform(this._userGroupRoleLocalService.getUserGroupRoles(permissionChecker.getUserId(), this._groupLocalService.getOrganizationGroup(objectDefinition.getCompanyId(), ((Organization) it2.next()).getOrganizationId()).getGroupId()), (v0) -> {
                    return v0.getRoleId();
                }));
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            ResourcePermission fetchResourcePermission = this._resourcePermissionLocalService.fetchResourcePermission(objectDefinition.getCompanyId(), objectDefinition.getClassName(), 3, "0", ((Long) it3.next()).longValue());
            if (fetchResourcePermission != null && fetchResourcePermission.hasActionId(str)) {
                return true;
            }
        }
        return false;
    }

    public String getModelName() {
        return this._modelName;
    }

    public PortletResourcePermission getPortletResourcePermission() {
        return this._portletResourcePermission;
    }

    private boolean _isObjectActionName(String str, long j) {
        Iterator it = this._objectActionLocalService.getObjectActions(j, "standalone").iterator();
        while (it.hasNext()) {
            if (Objects.equals(((ObjectAction) it.next()).getName(), str)) {
                return true;
            }
        }
        return false;
    }

    private void _throwPrincipalException(String str, ObjectEntry objectEntry, PermissionChecker permissionChecker) throws PortalException {
        if (objectEntry.getRootObjectEntryId() != 0) {
            objectEntry = this._objectEntryLocalService.getObjectEntry(objectEntry.getRootObjectEntryId());
        }
        throw new PrincipalException.MustHavePermission(permissionChecker, this._modelName, objectEntry.getObjectEntryId(), new String[]{str});
    }
}
