package org.xwiki.extension.xar.internal.security;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.user.api.XWikiRightService;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.extension.repository.InstalledExtensionRepository;
import org.xwiki.extension.xar.XarExtensionConfiguration;
import org.xwiki.extension.xar.internal.repository.XarInstalledExtensionRepository;
import org.xwiki.extension.xar.security.ProtectionLevel;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;

@Singleton
@Component(roles = {XarSecurityTool.class})
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-extension-handler-xar-10.11.jar:org/xwiki/extension/xar/internal/security/XarSecurityTool.class */
public class XarSecurityTool {

    @Inject
    private XarExtensionConfiguration configuration;

    @Inject
    @Named("xar")
    private InstalledExtensionRepository installedXARs;

    @Inject
    private Provider<AuthorizationManager> authorizationProvider;

    @Inject
    private Provider<XWikiContext> xcontextProvider;

    @Inject
    private Logger logger;
    private AuthorizationManager authorization;

    private AuthorizationManager getAuthorization() {
        if (this.authorization == null) {
            this.authorization = this.authorizationProvider.get();
        }
        return this.authorization;
    }

    public ProtectionLevel getProtectionLevel(Right right, DocumentReference documentReference, DocumentReference documentReference2) {
        XarExtensionConfiguration.DocumentProtection documentProtection = this.configuration.getDocumentProtection();
        if (documentProtection == XarExtensionConfiguration.DocumentProtection.NONE || ((XarInstalledExtensionRepository) this.installedXARs).isAllowed(documentReference2, right)) {
            return ProtectionLevel.NONE;
        }
        if (!documentProtection.isDeny() || XWikiRightService.isSuperAdmin(documentReference) || (getAuthorization().hasAccess(right, documentReference, documentReference2) && !isForcedDeny(documentProtection, documentReference))) {
            return ProtectionLevel.WARNING;
        }
        return ProtectionLevel.DENY;
    }

    private boolean isForcedDeny(XarExtensionConfiguration.DocumentProtection documentProtection, DocumentReference documentReference) {
        return documentProtection.isForced() && (!documentProtection.isSimple() || isSimpleUser(documentReference));
    }

    public boolean isSimpleUser(DocumentReference documentReference) {
        XWikiContext xWikiContext;
        if (XWikiRightService.isGuest(documentReference)) {
            return true;
        }
        if (XWikiRightService.isSuperAdmin(documentReference) || (xWikiContext = this.xcontextProvider.get()) == null) {
            return false;
        }
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(documentReference, xWikiContext);
            if (document.isNew()) {
                return false;
            }
            return !StringUtils.equals(document.getStringValue("usertype"), "Advanced");
        } catch (XWikiException e) {
            this.logger.error("Failed to access document of user [{}]. Assuming advanced user.", documentReference);
            return false;
        }
    }
}
