package ch.elexis.admin;

import ch.elexis.core.constants.StringConstants;
import ch.elexis.core.data.activator.CoreHub;
import ch.elexis.data.Anwender;
import ch.elexis.data.NamedBlob;
import ch.elexis.data.Role;
import ch.elexis.data.User;
import ch.rgw.io.InMemorySettings;
import ch.rgw.io.Settings;
import ch.rgw.tools.Log;
import ch.rgw.tools.StringTool;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:ch/elexis/admin/AccessControlImpl.class */
public class AccessControlImpl extends AbstractAccessControl {
    public static final String KEY_GROUPS = "Groups";
    public static final String DB_UID = "dbUID";
    private static final boolean FORCE_ADMIN = false;
    public static final String GROUP_FOR_PREFERENCEPAGE = "ch.elexis.preferences.acl";
    private static final String ACLNAME = "AccessControlACL";
    private static Hashtable<String, ACE> rights;
    private static Hashtable<String, List<String>> usergroups;
    private static Hashtable<String, ACE> acls;
    public static final String ALL_GROUP = StringConstants.ROLE_ALL;
    public static final String USER_GROUP = StringConstants.ROLE_USERS;
    public static final String ADMIN_GROUP = StringConstants.ROLE_ADMIN;
    private static final String BLOBNAME = "AccessControl";
    private static final Log log = Log.get(BLOBNAME);

    public void load() {
        NamedBlob load = NamedBlob.load(BLOBNAME);
        if (load == null) {
            log.log("Warnung: ACEs nicht gefunden, erstelle neu ", 2);
            NamedBlob.createTable();
            load = NamedBlob.load(BLOBNAME);
        }
        NamedBlob load2 = NamedBlob.load(ACLNAME);
        rights = load.getHashtable();
        System.out.println("========= RIGHTS");
        rights.keySet().stream().forEach(str -> {
            System.out.println(String.valueOf(str) + ": " + rights.get(str).getCanonicalName());
        });
        acls = load2.getHashtable();
        if (rights.isEmpty() || acls.isEmpty()) {
            reset();
        }
        System.out.println("========= ACLS");
        acls.keySet().stream().forEach(str2 -> {
            System.out.println(String.valueOf(str2) + ": " + acls.get(str2).getCanonicalName());
        });
        usergroups = new Hashtable<>();
        log.log("loaded AccessControl", 4);
        Iterator<String> it = rights.keySet().iterator();
        while (it.hasNext()) {
            log.log(it.next(), 5);
        }
        log.log("loaded ACLs", 4);
        Iterator<String> it2 = acls.keySet().iterator();
        while (it2.hasNext()) {
            log.log(it2.next(), 5);
        }
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public void flush() {
        NamedBlob.load(BLOBNAME).put(rights);
        NamedBlob.load(ACLNAME).put(acls);
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public boolean request(ACE ace) {
        return request(CoreHub.actUser, ace);
    }

    public boolean request(Anwender anwender, ACE ace) {
        String str;
        if (ace == null) {
            return true;
        }
        String canonicalName = ace.getCanonicalName();
        if (rights == null) {
            return false;
        }
        if (rights.get(String.valueOf(Messages.AccessControl_GroupAll) + canonicalName) != null) {
            return true;
        }
        if (anwender == null) {
            return false;
        }
        if ((rights.get("Self" + canonicalName) != null && CoreHub.actUser.getId().equals(anwender.getId())) || rights.get(String.valueOf(anwender.getId()) + canonicalName) != null) {
            return true;
        }
        List<String> list = usergroups.get(String.valueOf(anwender.getId()) + "#groups#");
        if (list == null) {
            list = new ArrayList();
            Map map = anwender.getMap("ExtInfo");
            if (map != null && (str = (String) map.get(KEY_GROUPS)) != null) {
                for (String str2 : str.split(",")) {
                    list.add(str2);
                }
                usergroups.put(String.valueOf(anwender.getId()) + "#groups#", list);
            }
        }
        for (String str3 : list) {
            if (ADMIN_GROUP.equals(str3) || rights.get(String.valueOf(str3) + canonicalName) != null) {
                return true;
            }
        }
        ACE parent = ace.getParent();
        if (parent != null) {
            return request(anwender, parent);
        }
        return false;
    }

    public void grant(Anwender anwender, ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.put(String.valueOf(anwender.getId()) + ace.getCanonicalName(), ace);
            acls.put(ace.getCanonicalName(), ace);
        }
    }

    public void revoke(Anwender anwender, ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.remove(String.valueOf(anwender.getId()) + ace.getCanonicalName());
        }
    }

    public void grant(String str, ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.put(String.valueOf(str) + ace.getCanonicalName(), ace);
            acls.put(ace.getCanonicalName(), ace);
        }
    }

    public void revoke(String str, ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.remove(String.valueOf(str) + ace.getCanonicalName());
        }
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public void grant(Role role, ACE ace) {
        role.grantAccessRight(ace);
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public void revoke(Role role, ACE ace) {
        role.revokeAccessRight(ace);
    }

    public void grantForSelf(ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.put("Self" + ace.getCanonicalName(), ace);
            acls.put(ace.getCanonicalName(), ace);
        }
    }

    public void revokeFromSelf(ACE... aceArr) {
        for (ACE ace : aceArr) {
            rights.remove("Self" + ace.getCanonicalName());
        }
    }

    public void addToGroup(String str, Anwender anwender) {
        anwender.setInfoElement(KEY_GROUPS, String.valueOf(remove(str, anwender)) + "," + str);
    }

    public void removeFromGroup(String str, Anwender anwender) {
        anwender.setInfoElement(KEY_GROUPS, remove(str, anwender));
    }

    private String remove(String str, Anwender anwender) {
        String str2 = (String) anwender.getInfoElement(KEY_GROUPS);
        return str2 != null ? str2.replaceAll(anwender.getId(), "").replaceAll("\\s*,*$", "") : "";
    }

    public List<String> getGroups() {
        ArrayList arrayList = new ArrayList();
        for (String str : CoreHub.globalCfg.get("groupNames", ADMIN_GROUP).split(",")) {
            arrayList.add(str);
        }
        return arrayList;
    }

    public List<String> groupsForGrant(ACE ace) {
        ArrayList arrayList = new ArrayList();
        Pattern compile = Pattern.compile("([a-zA-Z0-9]+)" + ace.getCanonicalName());
        Enumeration<String> keys = rights.keys();
        while (keys.hasMoreElements()) {
            Matcher matcher = compile.matcher(keys.nextElement());
            if (matcher.matches()) {
                String group = matcher.group(1);
                if (Anwender.load(group) == null) {
                    arrayList.add(group);
                }
            }
        }
        return arrayList;
    }

    public List<Anwender> usersForGrant(ACE ace) {
        Anwender load;
        ArrayList arrayList = new ArrayList();
        Pattern compile = Pattern.compile("([a-zA-Z0-9]+)" + ace.getCanonicalName());
        Enumeration<String> keys = rights.keys();
        while (keys.hasMoreElements()) {
            Matcher matcher = compile.matcher(keys.nextElement());
            if (matcher.matches() && (load = Anwender.load(matcher.group(1))) != null && load.exists()) {
                arrayList.add(load);
            }
        }
        return arrayList;
    }

    public void deleteGrant(ACE ace) {
        Pattern compile = Pattern.compile("([a-zA-Z0-9]+)" + ace.getCanonicalName());
        Enumeration<String> keys = rights.keys();
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            if (compile.matcher(nextElement).matches()) {
                rights.remove(nextElement);
            }
        }
        acls.remove(ace);
    }

    public Settings asSettings() {
        return new InMemorySettings(rights);
    }

    public void reset() {
        rights.clear();
        grant(ALL_GROUP, AccessControlDefaults.getAlle());
        grant(USER_GROUP, AccessControlDefaults.getAnwender());
        acls.put(DB_UID, new ACE(ACE.ACE_ROOT, DB_UID, StringTool.unique("db%id")));
        flush();
    }

    public String getDBUID(boolean z) {
        ACE ace = acls.get(DB_UID);
        if (z && ace == null) {
            ace = new ACE(ACE.ACE_ROOT, DB_UID, StringTool.unique("db%id"));
            rights.put(DB_UID, ace);
            flush();
        }
        return ace.getLocalizedName();
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public boolean request(Role role, ACE ace) {
        return false;
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public boolean request(User user, ACE ace) {
        return false;
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public void grant(String str, ACE ace) {
    }

    @Override // ch.elexis.admin.AbstractAccessControl
    public boolean request(String str) {
        return false;
    }
}
