package org.visallo.core.security;

import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.vertexium.Edge;
import org.vertexium.Element;
import org.vertexium.Graph;
import org.vertexium.Property;
import org.vertexium.Vertex;
import org.visallo.core.exception.VisalloAccessDeniedException;
import org.visallo.core.exception.VisalloException;
import org.visallo.core.model.ontology.Concept;
import org.visallo.core.model.ontology.HasOntologyProperties;
import org.visallo.core.model.ontology.OntologyElement;
import org.visallo.core.model.ontology.OntologyProperty;
import org.visallo.core.model.ontology.OntologyRepository;
import org.visallo.core.model.ontology.Relationship;
import org.visallo.core.model.properties.VisalloProperties;
import org.visallo.core.model.user.PrivilegeRepository;
import org.visallo.core.model.user.UserRepository;
import org.visallo.core.user.User;
import org.visallo.core.util.VisalloLogger;
import org.visallo.core.util.VisalloLoggerFactory;
import org.visallo.web.clientapi.model.ClientApiEdge;
import org.visallo.web.clientapi.model.ClientApiEdgeMultipleResponse;
import org.visallo.web.clientapi.model.ClientApiEdgeSearchResponse;
import org.visallo.web.clientapi.model.ClientApiEdgeWithVertexData;
import org.visallo.web.clientapi.model.ClientApiElement;
import org.visallo.web.clientapi.model.ClientApiElementAcl;
import org.visallo.web.clientapi.model.ClientApiElementFindRelatedResponse;
import org.visallo.web.clientapi.model.ClientApiElementSearchResponse;
import org.visallo.web.clientapi.model.ClientApiObject;
import org.visallo.web.clientapi.model.ClientApiProperty;
import org.visallo.web.clientapi.model.ClientApiPropertyAcl;
import org.visallo.web.clientapi.model.ClientApiVertex;
import org.visallo.web.clientapi.model.ClientApiVertexEdges;
import org.visallo.web.clientapi.model.ClientApiVertexMultipleResponse;
import org.visallo.web.clientapi.model.ClientApiWorkspaceVertices;
import org.visallo.web.clientapi.model.Privilege;

/* loaded from: input_file:WEB-INF/lib/visallo-core-2.2.10.jar:org/visallo/core/security/ACLProvider.class */
public abstract class ACLProvider {
    private static final VisalloLogger LOGGER = VisalloLoggerFactory.getLogger(ACLProvider.class);
    protected final Graph graph;
    protected final UserRepository userRepository;
    protected final OntologyRepository ontologyRepository;
    private final PrivilegeRepository privilegeRepository;

    /* JADX INFO: Access modifiers changed from: protected */
    @Inject
    public ACLProvider(Graph graph, UserRepository userRepository, OntologyRepository ontologyRepository, PrivilegeRepository privilegeRepository) {
        this.graph = graph;
        this.userRepository = userRepository;
        this.ontologyRepository = ontologyRepository;
        this.privilegeRepository = privilegeRepository;
    }

    public boolean canDeleteElement(Element element, User user) {
        return canDeleteElement(element, getOntologyElement(element), user);
    }

    protected abstract boolean canDeleteElement(Element element, OntologyElement ontologyElement, User user);

    public boolean canDeleteElement(ClientApiElement clientApiElement, User user) {
        return canDeleteElement(clientApiElement, getOntologyElement(clientApiElement), user);
    }

    protected abstract boolean canDeleteElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user);

    public boolean canDeleteProperty(Element element, String str, String str2, User user) {
        return canDeleteProperty(element, getOntologyElement(element), str, str2, user);
    }

    protected abstract boolean canDeleteProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user);

    public boolean canDeleteProperty(ClientApiElement clientApiElement, String str, String str2, User user) {
        return canDeleteProperty(clientApiElement, getOntologyElement(clientApiElement), str, str2, user);
    }

    protected abstract boolean canDeleteProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user);

    public boolean canUpdateElement(Element element, User user) {
        return canUpdateElement(element, getOntologyElement(element), user);
    }

    protected abstract boolean canUpdateElement(Element element, OntologyElement ontologyElement, User user);

    public boolean canUpdateElement(ClientApiElement clientApiElement, User user) {
        return canUpdateElement(clientApiElement, getOntologyElement(clientApiElement), user);
    }

    protected abstract boolean canUpdateElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user);

    public boolean canUpdateProperty(Element element, String str, String str2, User user) {
        return canUpdateProperty(element, getOntologyElement(element), str, str2, user);
    }

    protected abstract boolean canUpdateProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user);

    public boolean canUpdateProperty(ClientApiElement clientApiElement, String str, String str2, User user) {
        return canUpdateProperty(clientApiElement, getOntologyElement(clientApiElement), str, str2, user);
    }

    protected abstract boolean canUpdateProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user);

    public boolean canAddProperty(Element element, String str, String str2, User user) {
        return canAddProperty(element, getOntologyElement(element), str, str2, user);
    }

    protected abstract boolean canAddProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user);

    public boolean canAddProperty(ClientApiElement clientApiElement, String str, String str2, User user) {
        return canAddProperty(clientApiElement, getOntologyElement(clientApiElement), str, str2, user);
    }

    protected abstract boolean canAddProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user);

    public final void checkCanAddOrUpdateProperty(Element element, String str, String str2, User user) {
        checkCanAddOrUpdateProperty(element, getOntologyElement(element), str, str2, user);
    }

    private void checkCanAddOrUpdateProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!(element.getProperty(str, str2) != null ? internalCanUpdateProperty(element, ontologyElement, str, str2, user) : internalCanAddProperty(element, ontologyElement, str, str2, user))) {
            throw new VisalloAccessDeniedException(str2 + " cannot be added or updated due to ACL restriction", user, element.getId());
        }
    }

    public final void checkCanAddOrUpdateProperty(ClientApiElement clientApiElement, String str, String str2, User user) {
        checkCanAddOrUpdateProperty(clientApiElement, getOntologyElement(clientApiElement), str, str2, user);
    }

    public final void checkCanAddOrUpdateProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!(clientApiElement.getProperty(str, str2) != null ? internalCanUpdateProperty(clientApiElement, ontologyElement, str, str2, user) : internalCanAddProperty(clientApiElement, ontologyElement, str, str2, user))) {
            throw new VisalloAccessDeniedException(str2 + " cannot be added or updated due to ACL restriction", user, clientApiElement.getId());
        }
    }

    public final void checkCanDeleteProperty(Element element, String str, String str2, User user) {
        checkCanDeleteProperty(element, getOntologyElement(element), str, str2, user);
    }

    private void checkCanDeleteProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!internalCanDeleteProperty(element, ontologyElement, str, str2, user)) {
            throw new VisalloAccessDeniedException(str2 + " cannot be deleted due to ACL restriction", user, element.getId());
        }
    }

    public final void checkCanDeleteProperty(ClientApiElement clientApiElement, String str, String str2, User user) {
        checkCanDeleteProperty(clientApiElement, getOntologyElement(clientApiElement), str, str2, user);
    }

    private void checkCanDeleteProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) throws VisalloAccessDeniedException {
        if (!internalCanDeleteProperty(clientApiElement, ontologyElement, str, str2, user)) {
            throw new VisalloAccessDeniedException(str2 + " cannot be deleted due to ACL restriction", user, clientApiElement.getId());
        }
    }

    public final ClientApiElementAcl elementACL(ClientApiElement clientApiElement, User user) {
        return elementACL(clientApiElement, getOntologyElement(clientApiElement), user);
    }

    private ClientApiElementAcl elementACL(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user) {
        Preconditions.checkNotNull(clientApiElement, "clientApiElement is required");
        ClientApiElementAcl clientApiElementAcl = new ClientApiElementAcl();
        clientApiElementAcl.setAddable(true);
        clientApiElementAcl.setUpdateable(internalCanUpdateElement(clientApiElement, ontologyElement, user));
        clientApiElementAcl.setDeleteable(internalCanDeleteElement(clientApiElement, ontologyElement, user));
        List<ClientApiPropertyAcl> propertyAcls = clientApiElementAcl.getPropertyAcls();
        if (clientApiElement instanceof ClientApiVertex) {
            String propertyValue = VisalloProperties.CONCEPT_TYPE.getPropertyValue(clientApiElement);
            while (true) {
                String str = propertyValue;
                if (str == null) {
                    break;
                }
                Concept conceptByIRI = this.ontologyRepository.getConceptByIRI(str);
                if (conceptByIRI == null) {
                    LOGGER.warn("Could not find concept: %s", str);
                    break;
                }
                populatePropertyAcls(conceptByIRI, clientApiElement, ontologyElement, user, propertyAcls);
                propertyValue = conceptByIRI.getParentConceptIRI();
            }
        } else {
            if (!(clientApiElement instanceof ClientApiEdge)) {
                throw new VisalloException("unsupported ClientApiElement class " + clientApiElement.getClass().getName());
            }
            String label = ((ClientApiEdge) clientApiElement).getLabel();
            while (true) {
                String str2 = label;
                if (str2 == null) {
                    break;
                }
                Relationship relationshipByIRI = this.ontologyRepository.getRelationshipByIRI(str2);
                if (relationshipByIRI == null) {
                    LOGGER.warn("Could not find relationship: %s", str2);
                    break;
                }
                populatePropertyAcls(relationshipByIRI, clientApiElement, ontologyElement, user, propertyAcls);
                label = relationshipByIRI.getParentIRI();
            }
        }
        return clientApiElementAcl;
    }

    public final ClientApiObject appendACL(ClientApiObject clientApiObject, User user) {
        if (clientApiObject instanceof ClientApiElement) {
            appendACL((ClientApiElement) clientApiObject, user);
        } else if (clientApiObject instanceof ClientApiWorkspaceVertices) {
            appendACL(((ClientApiWorkspaceVertices) clientApiObject).getVertices(), user);
        } else if (clientApiObject instanceof ClientApiVertexMultipleResponse) {
            appendACL(((ClientApiVertexMultipleResponse) clientApiObject).getVertices(), user);
        } else if (clientApiObject instanceof ClientApiEdgeMultipleResponse) {
            appendACL(((ClientApiEdgeMultipleResponse) clientApiObject).getEdges(), user);
        } else if (clientApiObject instanceof ClientApiElementSearchResponse) {
            appendACL(((ClientApiElementSearchResponse) clientApiObject).getElements(), user);
        } else if (clientApiObject instanceof ClientApiEdgeSearchResponse) {
            appendACL(((ClientApiEdgeSearchResponse) clientApiObject).getResults(), user);
        } else if (clientApiObject instanceof ClientApiVertexEdges) {
            appendACL((ClientApiVertexEdges) clientApiObject, user);
        } else if (clientApiObject instanceof ClientApiElementFindRelatedResponse) {
            appendACL(((ClientApiElementFindRelatedResponse) clientApiObject).getElements(), user);
        }
        return clientApiObject;
    }

    protected final boolean isComment(String str) {
        return VisalloProperties.COMMENT.isSameName(str);
    }

    protected final boolean isAuthor(Element element, String str, String str2, User user) {
        Property property;
        if (element == null || (property = element.getProperty(str, str2)) == null) {
            return false;
        }
        return user.getUserId().equals(VisalloProperties.MODIFIED_BY_METADATA.getMetadataValue(property.getMetadata()));
    }

    protected final boolean isAuthor(ClientApiElement clientApiElement, String str, String str2, User user) {
        ClientApiProperty property;
        if (clientApiElement == null || (property = clientApiElement.getProperty(str, str2)) == null) {
            return false;
        }
        return user.getUserId().equals(VisalloProperties.MODIFIED_BY_METADATA.getMetadataValue(property.getMetadata()));
    }

    protected final boolean hasPrivilege(User user, String str) {
        return this.privilegeRepository.hasPrivilege(user, str);
    }

    private void appendACL(Collection<? extends ClientApiObject> collection, User user) {
        Iterator<? extends ClientApiObject> it = collection.iterator();
        while (it.hasNext()) {
            appendACL(it.next(), user);
        }
    }

    private void appendACL(ClientApiElement clientApiElement, User user) {
        appendACL(clientApiElement, getOntologyElement(clientApiElement), user);
    }

    private void appendACL(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user) {
        for (ClientApiProperty clientApiProperty : clientApiElement.getProperties()) {
            String key = clientApiProperty.getKey();
            String name = clientApiProperty.getName();
            clientApiProperty.setUpdateable(internalCanUpdateProperty(clientApiElement, ontologyElement, key, name, user));
            clientApiProperty.setDeleteable(internalCanDeleteProperty(clientApiElement, ontologyElement, key, name, user));
            clientApiProperty.setAddable(internalCanAddProperty(clientApiElement, ontologyElement, key, name, user));
        }
        clientApiElement.setUpdateable(Boolean.valueOf(internalCanUpdateElement(clientApiElement, ontologyElement, user)));
        clientApiElement.setDeleteable(Boolean.valueOf(internalCanDeleteElement(clientApiElement, ontologyElement, user)));
        clientApiElement.setAcl(elementACL(clientApiElement, ontologyElement, user));
        if (clientApiElement instanceof ClientApiEdgeWithVertexData) {
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getSource(), user);
            appendACL((ClientApiElement) ((ClientApiEdgeWithVertexData) clientApiElement).getTarget(), user);
        }
    }

    private void appendACL(ClientApiVertexEdges clientApiVertexEdges, User user) {
        for (ClientApiVertexEdges.Edge edge : clientApiVertexEdges.getRelationships()) {
            appendACL((ClientApiElement) edge.getRelationship(), user);
            appendACL((ClientApiElement) edge.getVertex(), user);
        }
    }

    private void populatePropertyAcls(HasOntologyProperties hasOntologyProperties, ClientApiElement clientApiElement, OntologyElement ontologyElement, User user, List<ClientApiPropertyAcl> list) {
        Collection<OntologyProperty> properties = hasOntologyProperties.getProperties();
        HashSet hashSet = new HashSet();
        Iterator<OntologyProperty> it = properties.iterator();
        while (it.hasNext()) {
            String title = it.next().getTitle();
            for (ClientApiProperty clientApiProperty : clientApiElement.getProperties(title)) {
                ClientApiPropertyAcl newClientApiPropertyAcl = newClientApiPropertyAcl(clientApiElement, ontologyElement, clientApiProperty.getKey(), title, user);
                if (!newClientApiPropertyAcl.equals(newClientApiPropertyAcl(null, ontologyElement, clientApiProperty.getKey(), title, user))) {
                    list.add(newClientApiPropertyAcl);
                }
                hashSet.add(title);
            }
        }
        list.addAll((Collection) properties.stream().filter(ontologyProperty -> {
            return !hashSet.contains(ontologyProperty.getTitle());
        }).map(ontologyProperty2 -> {
            ClientApiPropertyAcl newClientApiPropertyAcl2 = newClientApiPropertyAcl(clientApiElement, ontologyElement, null, ontologyProperty2.getTitle(), user);
            if (newClientApiPropertyAcl2.equals(newClientApiPropertyAcl(null, ontologyElement, null, ontologyProperty2.getTitle(), user))) {
                return null;
            }
            return newClientApiPropertyAcl2;
        }).filter(clientApiPropertyAcl -> {
            return clientApiPropertyAcl != null;
        }).collect(Collectors.toList()));
    }

    private ClientApiPropertyAcl newClientApiPropertyAcl(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) {
        ClientApiPropertyAcl clientApiPropertyAcl = new ClientApiPropertyAcl();
        clientApiPropertyAcl.setKey(str);
        clientApiPropertyAcl.setName(str2);
        clientApiPropertyAcl.setAddable(internalCanAddProperty(clientApiElement, ontologyElement, str, str2, user));
        clientApiPropertyAcl.setUpdateable(internalCanUpdateProperty(clientApiElement, ontologyElement, str, str2, user));
        clientApiPropertyAcl.setDeleteable(internalCanDeleteProperty(clientApiElement, ontologyElement, str, str2, user));
        return clientApiPropertyAcl;
    }

    private boolean internalCanDeleteElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user) {
        return hasPrivilege(user, Privilege.EDIT) && canDeleteElement(clientApiElement, ontologyElement, user);
    }

    private boolean internalCanUpdateElement(ClientApiElement clientApiElement, OntologyElement ontologyElement, User user) {
        return hasPrivilege(user, Privilege.EDIT) && canUpdateElement(clientApiElement, ontologyElement, user);
    }

    private boolean internalCanDeleteProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canDeleteProperty(element, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT_DELETE_ANY) || (hasPrivilege(user, Privilege.COMMENT) && isAuthor(element, str, str2, user));
        }
        return z;
    }

    private boolean internalCanDeleteProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canDeleteProperty(clientApiElement, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT_DELETE_ANY) || (hasPrivilege(user, Privilege.COMMENT) && isAuthor(clientApiElement, str, str2, user));
        }
        return z;
    }

    private boolean internalCanUpdateProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canUpdateProperty(element, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT_EDIT_ANY) || (hasPrivilege(user, Privilege.COMMENT) && isAuthor(element, str, str2, user));
        }
        return z;
    }

    private boolean internalCanUpdateProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canUpdateProperty(clientApiElement, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT_EDIT_ANY) || (hasPrivilege(user, Privilege.COMMENT) && isAuthor(clientApiElement, str, str2, user));
        }
        return z;
    }

    private boolean internalCanAddProperty(Element element, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canAddProperty(element, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT);
        }
        return z;
    }

    private boolean internalCanAddProperty(ClientApiElement clientApiElement, OntologyElement ontologyElement, String str, String str2, User user) {
        boolean z = hasEditOrCommentPrivilege(str2, user) && canAddProperty(clientApiElement, ontologyElement, str, str2, user);
        if (z && isComment(str2)) {
            z = hasPrivilege(user, Privilege.COMMENT);
        }
        return z;
    }

    private boolean hasEditOrCommentPrivilege(String str, User user) {
        return hasPrivilege(user, Privilege.EDIT) || (isComment(str) && hasPrivilege(user, Privilege.COMMENT));
    }

    protected OntologyElement getOntologyElement(Element element) {
        if (element == null) {
            return null;
        }
        if (element instanceof Edge) {
            return getOntologyRelationshipFromElement((Edge) element);
        }
        if (element instanceof Vertex) {
            return getOntologyConceptFromElement((Vertex) element);
        }
        throw new VisalloException("Unexpected " + Element.class.getName() + " found " + element.getClass().getName());
    }

    protected OntologyElement getOntologyElement(ClientApiElement clientApiElement) {
        if (clientApiElement == null) {
            return null;
        }
        if (clientApiElement instanceof ClientApiEdge) {
            return getOntologyRelationshipFromElement((ClientApiEdge) clientApiElement);
        }
        if (clientApiElement instanceof ClientApiVertex) {
            return getOntologyConceptFromElement((ClientApiVertex) clientApiElement);
        }
        throw new VisalloException("Unexpected " + ClientApiVertex.class.getName() + " found " + clientApiElement.getClass().getName());
    }

    private Relationship getOntologyRelationshipFromElement(Edge edge) {
        return getOntologyRelationshipFromElement(edge.getLabel());
    }

    private Relationship getOntologyRelationshipFromElement(ClientApiEdge clientApiEdge) {
        return getOntologyRelationshipFromElement(clientApiEdge.getLabel());
    }

    private Relationship getOntologyRelationshipFromElement(String str) {
        Preconditions.checkNotNull(str, "Edge label cannot be null");
        Relationship relationshipByIRI = this.ontologyRepository.getRelationshipByIRI(str);
        Preconditions.checkNotNull(relationshipByIRI, str + " does not exist in ontology");
        return relationshipByIRI;
    }

    private Concept getOntologyConceptFromElement(Vertex vertex) {
        return getOntologyConcept(VisalloProperties.CONCEPT_TYPE.getPropertyValue(vertex, "http://www.w3.org/2002/07/owl#Thing"));
    }

    private Concept getOntologyConceptFromElement(ClientApiVertex clientApiVertex) {
        return getOntologyConcept(VisalloProperties.CONCEPT_TYPE.getPropertyValue((ClientApiElement) clientApiVertex, (ClientApiVertex) "http://www.w3.org/2002/07/owl#Thing"));
    }

    private Concept getOntologyConcept(String str) {
        if (str == null) {
            return null;
        }
        return this.ontologyRepository.getConceptByIRI(str);
    }
}
