package org.xwiki.security.authorization.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.doc.XWikiDocument;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceResolver;
import org.xwiki.rendering.transformation.RenderingContext;
import org.xwiki.security.authorization.AccessDeniedException;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.ContextualAuthorizationManager;
import org.xwiki.security.authorization.Right;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-security-bridge-8.4.5.jar:org/xwiki/security/authorization/internal/DefaultContextualAuthorizationManager.class */
public class DefaultContextualAuthorizationManager implements ContextualAuthorizationManager {
    private static final Set<Right> CONTENT_AUTHOR_RIGHTS = new HashSet(Arrays.asList(Right.SCRIPT, Right.PROGRAM));

    @Inject
    private AuthorizationManager authorizationManager;

    @Inject
    private RenderingContext renderingContext;

    @Inject
    @Named("current")
    private EntityReferenceResolver<EntityReference> resolver;

    @Inject
    private Provider<XWikiContext> xcontextProvider;

    @Override // org.xwiki.security.authorization.ContextualAuthorizationManager
    public void checkAccess(Right right) throws AccessDeniedException {
        if (CONTENT_AUTHOR_RIGHTS.contains(right)) {
            checkAccess(right, getCurrentUser(right, null), right == Right.PROGRAM ? null : getCurrentEntity());
        } else {
            checkAccess(right, getCurrentEntity());
        }
    }

    @Override // org.xwiki.security.authorization.ContextualAuthorizationManager
    public void checkAccess(Right right, EntityReference entityReference) throws AccessDeniedException {
        checkAccess(right, getCurrentUser(right, entityReference), entityReference);
    }

    private void checkAccess(Right right, DocumentReference documentReference, EntityReference entityReference) throws AccessDeniedException {
        if (!checkPreAccess(right)) {
            throw new AccessDeniedException(right, documentReference, entityReference);
        }
        this.authorizationManager.checkAccess(right, documentReference, getFullReference(entityReference));
    }

    @Override // org.xwiki.security.authorization.ContextualAuthorizationManager
    public boolean hasAccess(Right right) {
        if (CONTENT_AUTHOR_RIGHTS.contains(right)) {
            return hasAccess(right, getCurrentUser(right, null), right == Right.PROGRAM ? null : getCurrentEntity());
        }
        return hasAccess(right, getCurrentEntity());
    }

    @Override // org.xwiki.security.authorization.ContextualAuthorizationManager
    public boolean hasAccess(Right right, EntityReference entityReference) {
        return hasAccess(right, getCurrentUser(right, entityReference), entityReference);
    }

    private boolean hasAccess(Right right, DocumentReference documentReference, EntityReference entityReference) {
        return checkPreAccess(right) && this.authorizationManager.hasAccess(right, documentReference, getFullReference(entityReference));
    }

    private EntityReference getFullReference(EntityReference entityReference) {
        if (entityReference != null) {
            return this.resolver.resolve(entityReference, entityReference.getType(), new Object[0]);
        }
        return null;
    }

    private boolean checkPreAccess(Right right) {
        if (!CONTENT_AUTHOR_RIGHTS.contains(right)) {
            return true;
        }
        if (this.renderingContext.isRestricted()) {
            return false;
        }
        return (right == Right.PROGRAM && this.xcontextProvider.get().hasDroppedPermissions()) ? false : true;
    }

    private DocumentReference getCurrentUser(Right right, EntityReference entityReference) {
        if (CONTENT_AUTHOR_RIGHTS.contains(right)) {
            XWikiDocument programmingDocument = entityReference == null ? getProgrammingDocument() : getDocument(entityReference);
            if (programmingDocument != null) {
                return getContentAuthor(programmingDocument);
            }
        }
        return this.xcontextProvider.get().getUserReference();
    }

    private XWikiDocument getDocument(EntityReference entityReference) {
        EntityReference extractReference;
        if (entityReference == null || (extractReference = entityReference.extractReference(EntityType.DOCUMENT)) == null) {
            return null;
        }
        XWikiContext xWikiContext = this.xcontextProvider.get();
        try {
            return xWikiContext.getWiki().getDocument(new DocumentReference(extractReference), xWikiContext);
        } catch (Exception e) {
            return null;
        }
    }

    private DocumentReference getContentAuthor(XWikiDocument xWikiDocument) {
        DocumentReference contentAuthorReference = xWikiDocument.getContentAuthorReference();
        if (contentAuthorReference != null && "XWikiGuest".equals(contentAuthorReference.getName())) {
            contentAuthorReference = null;
        }
        return contentAuthorReference;
    }

    private EntityReference getCurrentEntity() {
        XWikiDocument doc = this.xcontextProvider.get().getDoc();
        if (doc != null) {
            return doc.getDocumentReference();
        }
        return null;
    }

    private XWikiDocument getProgrammingDocument() {
        XWikiContext xWikiContext = this.xcontextProvider.get();
        XWikiDocument xWikiDocument = (XWikiDocument) xWikiContext.get(XWikiDocument.CKEY_SDOC);
        if (xWikiDocument == null) {
            xWikiDocument = xWikiContext.getDoc();
        }
        return xWikiDocument;
    }
}
