package com.xpn.xwiki.user.impl.xwiki;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.internal.mandatory.XWikiPreferencesDocumentInitializer;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.objects.classes.GroupsClass;
import com.xpn.xwiki.plugin.skinx.CssSkinExtensionPlugin;
import com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin;
import com.xpn.xwiki.user.api.XWikiGroupService;
import com.xpn.xwiki.user.api.XWikiRightNotFoundException;
import com.xpn.xwiki.user.api.XWikiRightService;
import com.xpn.xwiki.user.api.XWikiUser;
import com.xpn.xwiki.util.Util;
import com.xpn.xwiki.web.DownloadAction;
import com.xpn.xwiki.web.Utils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.fop.render.pdf.extensions.PDFExtensionAttachment;
import org.apache.solr.common.cloud.PlainIdRouter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xwiki.edit.script.EditScriptService;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.rendering.internal.parser.xwiki20.XWiki20LinkReferenceParser;
import org.xwiki.security.internal.XWikiConstants;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-9.11.jar:com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.class */
public class XWikiRightServiceImpl implements XWikiRightService {
    public static final EntityReference RIGHTCLASS_REFERENCE = new EntityReference(XWikiConstants.LOCAL_CLASSNAME, EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
    public static final EntityReference GLOBALRIGHTCLASS_REFERENCE = new EntityReference(XWikiConstants.GLOBAL_CLASSNAME, EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) XWikiRightServiceImpl.class);
    private static final EntityReference XWIKIPREFERENCES_REFERENCE = new EntityReference("XWikiPreferences", EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
    private static final List<String> ALLLEVELS = Arrays.asList("admin", "view", EditScriptService.ROLE_HINT, "comment", "delete", "undelete", "register", "programming");
    private static final EntityReference DEFAULTUSERSPACE = new EntityReference("XWiki", EntityType.SPACE);
    private static Map<String, String> actionMap;
    private DocumentReferenceResolver<String> currentMixedDocumentReferenceResolver = (DocumentReferenceResolver) Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "currentmixed");
    private EntityReferenceSerializer<String> entityReferenceSerializer = (EntityReferenceSerializer) Utils.getComponent(EntityReferenceSerializer.TYPE_STRING);

    protected void logAllow(String str, String str2, String str3, String str4) {
        LOGGER.debug("Access has been granted for ([{}], [{}], [{}]): [{}]", str, str2, str3, str4);
    }

    protected void logDeny(String str, String str2, String str3, String str4) {
        LOGGER.info("Access has been denied for ([{}], [{}], [{}]): [{}]", str, str2, str3, str4);
    }

    protected void logDeny(String str, String str2, String str3, String str4, Exception exc) {
        LOGGER.debug("Access has been denied for ([{}], [{}], [{}]) at [{}]", str, str2, str3, str4, exc);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public List<String> listAllLevels(XWikiContext xWikiContext) throws XWikiException {
        return new ArrayList(ALLLEVELS);
    }

    public String getRight(String str) {
        if (actionMap == null) {
            actionMap = new HashMap();
            actionMap.put("login", "login");
            actionMap.put("logout", "login");
            actionMap.put("loginerror", "login");
            actionMap.put("loginsubmit", "login");
            actionMap.put("view", "view");
            actionMap.put("viewrev", "view");
            actionMap.put("get", "view");
            actionMap.put("downloadrev", "view");
            actionMap.put(PlainIdRouter.NAME, "view");
            actionMap.put("raw", "view");
            actionMap.put(XWiki20LinkReferenceParser.ATTACH_SCHEME, "view");
            actionMap.put("charting", "view");
            actionMap.put("skin", "view");
            actionMap.put(DownloadAction.ACTION_NAME, "view");
            actionMap.put("dot", "view");
            actionMap.put("svg", "view");
            actionMap.put(PDFExtensionAttachment.PREFIX, "view");
            actionMap.put("delete", "delete");
            actionMap.put("deletespace", "admin");
            actionMap.put("deleteversions", "admin");
            actionMap.put("undelete", "undelete");
            actionMap.put("reset", "delete");
            actionMap.put("commentadd", "comment");
            actionMap.put("commentsave", "comment");
            actionMap.put("register", "register");
            actionMap.put("redirect", "view");
            actionMap.put("admin", "admin");
            actionMap.put("export", "view");
            actionMap.put("import", "admin");
            actionMap.put(JsSkinExtensionPlugin.PLUGIN_NAME, "view");
            actionMap.put(CssSkinExtensionPlugin.PLUGIN_NAME, "view");
            actionMap.put("tex", "view");
            actionMap.put("create", EditScriptService.ROLE_HINT);
            actionMap.put("temp", "view");
            actionMap.put("unknown", "view");
        }
        String str2 = actionMap.get(str);
        return str2 == null ? EditScriptService.ROLE_HINT : str2;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean checkAccess(String str, XWikiDocument xWikiDocument, XWikiContext xWikiContext) throws XWikiException {
        String user;
        String fullName;
        LOGGER.debug("checkAccess for [{}], [{}]", str, xWikiDocument);
        String right = getRight(str);
        if (right.equals("login")) {
            XWikiUser checkAuth = xWikiContext.getWiki().checkAuth(xWikiContext);
            String user2 = checkAuth == null ? "XWiki.XWikiGuest" : checkAuth.getUser();
            xWikiContext.setUser(user2);
            logAllow(user2, xWikiDocument.getFullName(), str, "login/logout pages");
            return true;
        }
        if (right.equals("delete")) {
            XWikiUser checkAuth2 = xWikiContext.getWiki().checkAuth(xWikiContext);
            String creator = xWikiDocument.getCreator();
            if (checkAuth2 != null && checkAuth2.getUser() != null && creator != null && checkAuth2.getUser().equals(creator)) {
                xWikiContext.setUser(checkAuth2.getUser());
                return true;
            }
        }
        XWikiUser xWikiUser = xWikiContext.getXWikiUser();
        if (xWikiUser == null) {
            boolean needsAuth = needsAuth(right, xWikiContext);
            try {
                xWikiUser = xWikiContext.getMode() != 2 ? xWikiContext.getWiki().checkAuth(xWikiContext) : new XWikiUser(xWikiContext.getUser());
                if (xWikiUser == null && needsAuth) {
                    logDeny("unauthentified", xWikiDocument.getFullName(), str, "Authentication needed");
                    if (xWikiContext.getRequest() == null || xWikiContext.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) {
                        return false;
                    }
                    xWikiContext.getWiki().getAuthService().showLogin(xWikiContext);
                    return false;
                }
            } catch (XWikiException e) {
                if (needsAuth) {
                    throw e;
                }
            }
            user = xWikiUser == null ? "XWiki.XWikiGuest" : xWikiUser.getUser();
            xWikiContext.setUser(user);
        } else {
            user = xWikiUser.getUser();
        }
        try {
            if (xWikiContext.getWikiId() != null) {
                fullName = xWikiContext.getWikiId() + ":" + xWikiDocument.getFullName();
                if (user.indexOf(":") == -1) {
                    user = xWikiContext.getWikiId() + ":" + user;
                }
            } else {
                fullName = xWikiDocument.getFullName();
            }
            if (xWikiContext.getWiki().getRightService().hasAccessLevel(right, user, fullName, xWikiContext)) {
                logAllow(user, fullName, str, "access manager granted right");
                return true;
            }
            if (xWikiUser != null) {
                logDeny(user, xWikiDocument.getFullName(), str, "access manager denied right");
                return false;
            }
            logDeny("unauthentified", xWikiDocument.getFullName(), str, "Guest has been denied");
            if (xWikiContext.getRequest() == null || xWikiContext.getWiki().Param("xwiki.hidelogin", "false").equalsIgnoreCase("true")) {
                return false;
            }
            xWikiContext.getWiki().getAuthService().showLogin(xWikiContext);
            return false;
        } catch (Exception e2) {
            logDeny(user, xWikiDocument.getFullName(), str, "access manager exception " + e2.getMessage());
            e2.printStackTrace();
            return false;
        }
    }

    private boolean needsAuth(String str, XWikiContext xWikiContext) {
        boolean z = false;
        try {
            z = xWikiContext.getWiki().getXWikiPreference("authenticate_" + str, "", xWikiContext).toLowerCase().equals("yes");
        } catch (Exception e) {
        }
        try {
            z |= xWikiContext.getWiki().getXWikiPreferenceAsInt(new StringBuilder().append("authenticate_").append(str).toString(), 0, xWikiContext) == 1;
        } catch (Exception e2) {
        }
        try {
            z |= xWikiContext.getWiki().getSpacePreference("authenticate_" + str, "", xWikiContext).toLowerCase().equals("yes");
        } catch (Exception e3) {
        }
        try {
            z |= xWikiContext.getWiki().getSpacePreferenceAsInt(new StringBuilder().append("authenticate_").append(str).toString(), 0, xWikiContext) == 1;
        } catch (Exception e4) {
        }
        return z;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasAccessLevel(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        try {
            return hasAccessLevel(str, str2, str3, true, xWikiContext);
        } catch (XWikiException e) {
            return false;
        }
    }

    public boolean checkRight(String str, XWikiDocument xWikiDocument, String str2, boolean z, boolean z2, boolean z3, XWikiContext xWikiContext) throws XWikiRightNotFoundException, XWikiException {
        if (!z3 && "admin".equals(str2)) {
            throw new XWikiRightNotFoundException();
        }
        EntityReference entityReference = z3 ? GLOBALRIGHTCLASS_REFERENCE : RIGHTCLASS_REFERENCE;
        String str3 = z ? "users" : "groups";
        boolean z4 = false;
        DocumentReference resolve = this.currentMixedDocumentReferenceResolver.resolve(str, new Object[0]);
        String serialize = this.entityReferenceSerializer.serialize(resolve, new Object[0]);
        String str4 = str;
        int indexOf = str.indexOf(":");
        if (indexOf != -1) {
            str4 = str.substring(indexOf + 1);
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Checking right: [{}], [{}], [{}], [{}], [{}], [{}]", str, xWikiDocument.getFullName(), str2, Boolean.valueOf(z), Boolean.valueOf(z2), Boolean.valueOf(z3));
        }
        List<BaseObject> xObjects = xWikiDocument.getXObjects(entityReference);
        if (xObjects != null) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Checking objects [{}]", Integer.valueOf(xObjects.size()));
            }
            for (int i = 0; i < xObjects.size(); i++) {
                LOGGER.debug("Checking object [{}]", Integer.valueOf(i));
                BaseObject baseObject = xObjects.get(i);
                if (baseObject == null) {
                    LOGGER.debug("Bypass object [{}]", Integer.valueOf(i));
                } else {
                    String stringValue = baseObject.getStringValue(str3);
                    String stringValue2 = baseObject.getStringValue("levels");
                    if ((baseObject.getIntValue("allow") == 1) == z2) {
                        LOGGER.debug("Checking match: [{}] in [{}]", str2, stringValue2);
                        if (ArrayUtils.contains(StringUtils.split(stringValue2, " ,|"), str2)) {
                            LOGGER.debug("Found a right for [{}]", Boolean.valueOf(z2));
                            z4 = true;
                            LOGGER.debug("Checking match: [{}] in [{}]", str, stringValue);
                            String[] strArr = (String[]) GroupsClass.getListFromString(stringValue).toArray(new String[0]);
                            for (int i2 = 0; i2 < strArr.length; i2++) {
                                String str5 = strArr[i2];
                                if (str5.indexOf(".") == -1) {
                                    strArr[i2] = "XWiki." + str5;
                                }
                            }
                            if (LOGGER.isDebugEnabled()) {
                                LOGGER.debug("Checking match: [{}] in [{}]", str, StringUtils.join(strArr, ","));
                            }
                            if (xWikiDocument.getWikiName().equals(resolve.getWikiReference().getName())) {
                                if (ArrayUtils.contains(strArr, str4)) {
                                    LOGGER.debug("Found matching right in [{}] for [{}]", stringValue, str4);
                                    return true;
                                }
                                if (ArrayUtils.contains(strArr, str4.substring(str4.indexOf(".") + 1))) {
                                    LOGGER.debug("Found matching right in [{}] for [{}]", stringValue, str4);
                                    return true;
                                }
                            }
                            if (xWikiContext.getWikiId() != null && ArrayUtils.contains(strArr, str)) {
                                LOGGER.debug("Found matching right in [{}] for [{}]", stringValue, str);
                                return true;
                            }
                            LOGGER.debug("Failed match: [{}] in [{}]", str, stringValue);
                        } else {
                            continue;
                        }
                    } else {
                        LOGGER.debug("Bypass object [{}] because wrong allow/deny", Integer.valueOf(i));
                    }
                }
            }
        }
        LOGGER.debug("Searching for matching rights at group level");
        if (((Map) xWikiContext.get("grouplist")) == null) {
            xWikiContext.put("grouplist", new HashMap());
        }
        HashSet hashSet = new HashSet();
        addMemberGroups(xWikiDocument.getWikiName(), serialize, resolve, hashSet, xWikiContext);
        if (!xWikiContext.getWikiId().equalsIgnoreCase(resolve.getWikiReference().getName())) {
            addMemberGroups(resolve.getWikiReference().getName(), serialize, resolve, hashSet, xWikiContext);
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Searching for matching rights for [{}] groups: [{}]", Integer.valueOf(hashSet.size()), hashSet);
        }
        for (String str6 : hashSet) {
            try {
            } catch (XWikiRightNotFoundException e) {
            } catch (Exception e2) {
                LOGGER.error("Failed to check right [{}] for group [{}] on document [¶}]", str2, str6, xWikiDocument.getPrefixedFullName(), e2);
            }
            if (checkRight(str6, xWikiDocument, str2, false, z2, z3, xWikiContext)) {
                return true;
            }
        }
        LOGGER.debug("Finished searching for rights for [{}]: [{}]", str, Boolean.valueOf(z4));
        if (z4) {
            return false;
        }
        throw new XWikiRightNotFoundException();
    }

    private void addMemberGroups(String str, String str2, DocumentReference documentReference, Collection<String> collection, XWikiContext xWikiContext) throws XWikiException {
        XWikiGroupService groupService = xWikiContext.getWiki().getGroupService(xWikiContext);
        Map map = (Map) xWikiContext.get("grouplist");
        if (map == null) {
            map = new HashMap();
            xWikiContext.put("grouplist", map);
        }
        String str3 = str + ":" + str2;
        Collection<? extends String> collection2 = (Collection) map.get(str3);
        if (collection2 == null) {
            String wikiId = xWikiContext.getWikiId();
            try {
                try {
                    xWikiContext.setWikiId(str);
                    Collection<DocumentReference> allGroupsReferencesForMember = groupService.getAllGroupsReferencesForMember(documentReference, 0, 0, xWikiContext);
                    collection2 = new ArrayList(allGroupsReferencesForMember.size());
                    Iterator<DocumentReference> it = allGroupsReferencesForMember.iterator();
                    while (it.hasNext()) {
                        collection2.add(this.entityReferenceSerializer.serialize(it.next(), new Object[0]));
                    }
                    xWikiContext.setWikiId(wikiId);
                } catch (Exception e) {
                    LOGGER.error("Failed to get groups for user or group [{}] in wiki [{}]", str2, str, e);
                    collection2 = Collections.emptyList();
                    xWikiContext.setWikiId(wikiId);
                }
                map.put(str3, collection2);
            } catch (Throwable th) {
                xWikiContext.setWikiId(wikiId);
                throw th;
            }
        }
        collection.addAll(collection2);
    }

    public boolean hasAccessLevel(String str, String str2, String str3, boolean z, XWikiContext xWikiContext) throws XWikiException {
        XWikiDocument document;
        XWikiDocument document2;
        XWikiDocument document3;
        LOGGER.debug("hasAccessLevel for [{}], [{}], [{}]", str, str2, str3);
        DocumentReference resolve = this.currentMixedDocumentReferenceResolver.resolve(str2, new Object[0]);
        if (!resolve.getName().equals("XWikiGuest") && xWikiContext.getWikiId() != null) {
            str2 = this.entityReferenceSerializer.serialize(this.currentMixedDocumentReferenceResolver.resolve(str2, DEFAULTUSERSPACE), new Object[0]);
            str3 = this.entityReferenceSerializer.serialize(this.currentMixedDocumentReferenceResolver.resolve(str3, new Object[0]), new Object[0]);
        }
        boolean z2 = false;
        boolean isReadOnly = xWikiContext.getWiki().isReadOnly();
        String wikiId = xWikiContext.getWikiId();
        XWikiDocument xWikiDocument = null;
        if (isReadOnly && (EditScriptService.ROLE_HINT.equals(str) || "delete".equals(str) || "undelete".equals(str) || "comment".equals(str) || "register".equals(str))) {
            logDeny(str2, str3, str, "server in read-only mode");
            return false;
        }
        if (resolve.getName().equals("XWikiGuest") && needsAuth(str, xWikiContext)) {
            return false;
        }
        if (str.equals("delete") && z) {
            xWikiDocument = xWikiContext.getWiki().getDocument(str3, xWikiContext);
            if (ObjectUtils.equals(resolve, xWikiDocument.getCreatorReference())) {
                logAllow(str2, str3, str, "delete right from document ownership");
                return true;
            }
        }
        boolean isSuperAdminOrProgramming = isSuperAdminOrProgramming(str2, str3, str, z, xWikiContext);
        if (!isSuperAdminOrProgramming) {
            try {
                if (!str.equals("programming")) {
                    if (xWikiDocument == null) {
                        try {
                            document = xWikiContext.getWiki().getDocument(str3, xWikiContext);
                        } catch (XWikiException e) {
                            logDeny(str2, str3, str, "global level (exception)", e);
                            e.printStackTrace();
                            xWikiContext.setWikiId(wikiId);
                            return false;
                        }
                    } else {
                        document = xWikiDocument;
                    }
                    XWikiDocument xWikiDocument2 = document;
                    DocumentReference documentReference = xWikiDocument2.getDocumentReference();
                    if (str.equals(EditScriptService.ROLE_HINT) && (documentReference.getName().equals(XWikiConstants.SPACE_DOC) || (documentReference.getLastSpaceReference().getName().equals("XWiki") && documentReference.getName().equals("XWikiPreferences")))) {
                        str = "admin";
                    }
                    xWikiContext.setWikiId(xWikiDocument2.getDatabase());
                    String wikiOwner = xWikiContext.getWiki().getWikiOwner(xWikiDocument2.getDatabase(), xWikiContext);
                    if (wikiOwner != null && wikiOwner.equals(str2)) {
                        logAllow(str2, str3, str, "admin level from wiki ownership");
                        xWikiContext.setWikiId(wikiId);
                        return true;
                    }
                    XWikiDocument document4 = xWikiContext.getWiki().getDocument(XWIKIPREFERENCES_REFERENCE, xWikiContext);
                    if (str.equals("register")) {
                        try {
                            if (checkRight(str2, document4, "register", z, true, true, xWikiContext)) {
                                logAllow(str2, str3, str, "register level");
                                xWikiContext.setWikiId(wikiId);
                                return true;
                            }
                            logDeny(str2, str3, str, "register level");
                            xWikiContext.setWikiId(wikiId);
                            return false;
                        } catch (XWikiRightNotFoundException e2) {
                            if (checkRight(str2, document4, "register", z, false, true, xWikiContext)) {
                                xWikiContext.setWikiId(wikiId);
                                return false;
                            }
                            logAllow(str2, str3, str, "register level (no right found)");
                            xWikiContext.setWikiId(wikiId);
                            return true;
                        }
                    }
                    int maxRecursiveSpaceChecks = xWikiContext.getWiki().getMaxRecursiveSpaceChecks(xWikiContext);
                    if (isSuperUser(str, str2, str3, z, document4, maxRecursiveSpaceChecks, xWikiContext)) {
                        logAllow(str2, str3, str, "admin level");
                        xWikiContext.setWikiId(wikiId);
                        return true;
                    }
                    if (hasDenyRights()) {
                        str3 = Util.getName(str3, xWikiContext);
                        if (xWikiDocument2 == null) {
                            try {
                                document3 = xWikiContext.getWiki().getDocument(str3, xWikiContext);
                            } catch (XWikiRightNotFoundException e3) {
                            }
                        } else {
                            document3 = xWikiDocument2;
                        }
                        xWikiDocument2 = document3;
                        if (checkRight(str2, xWikiDocument2, str, z, false, false, xWikiContext)) {
                            logDeny(str2, str3, str, "document level");
                            xWikiContext.setWikiId(wikiId);
                            return false;
                        }
                    }
                    if (xWikiDocument2 == null) {
                        try {
                            document2 = xWikiContext.getWiki().getDocument(str3, xWikiContext);
                        } catch (XWikiRightNotFoundException e4) {
                        }
                    } else {
                        document2 = xWikiDocument2;
                    }
                    xWikiDocument2 = document2;
                    z2 = true;
                    if (checkRight(str2, xWikiDocument2, str, z, true, false, xWikiContext)) {
                        logAllow(str2, str3, str, "document level");
                        xWikiContext.setWikiId(wikiId);
                        return true;
                    }
                    String space = xWikiDocument2.getSpace();
                    ArrayList arrayList = new ArrayList();
                    int i = 0;
                    while (space != null && i <= maxRecursiveSpaceChecks) {
                        i++;
                        arrayList.add(space);
                        XWikiDocument document5 = xWikiContext.getWiki().getDocument(space, XWikiConstants.SPACE_DOC, xWikiContext);
                        if (document5.isNew()) {
                            space = null;
                        } else {
                            if (hasDenyRights()) {
                                try {
                                    if (checkRight(str2, document5, str, z, false, true, xWikiContext)) {
                                        logDeny(str2, str3, str, "web level");
                                        xWikiContext.setWikiId(wikiId);
                                        return false;
                                    }
                                } catch (XWikiRightNotFoundException e5) {
                                }
                            }
                            if (!z2) {
                                try {
                                    z2 = true;
                                    if (checkRight(str2, document5, str, z, true, true, xWikiContext)) {
                                        logAllow(str2, str3, str, "web level");
                                        xWikiContext.setWikiId(wikiId);
                                        return true;
                                    }
                                } catch (XWikiRightNotFoundException e6) {
                                }
                            }
                            space = document5.getStringValue(XWikiPreferencesDocumentInitializer.LOCAL_REFERENCE_STRING, "parent");
                            if (space == null || space.trim().equals("") || arrayList.contains(space)) {
                                space = null;
                            }
                        }
                    }
                    if (hasDenyRights()) {
                        try {
                            if (checkRight(str2, document4, str, z, false, true, xWikiContext)) {
                                logDeny(str2, str3, str, "xwiki level");
                                xWikiContext.setWikiId(wikiId);
                                return false;
                            }
                        } catch (XWikiRightNotFoundException e7) {
                        }
                    }
                    if (!z2) {
                        try {
                            z2 = true;
                            if (checkRight(str2, document4, str, z, true, true, xWikiContext)) {
                                logAllow(str2, str3, str, "xwiki level");
                                xWikiContext.setWikiId(wikiId);
                                return true;
                            }
                        } catch (XWikiRightNotFoundException e8) {
                        }
                    }
                    if (z2) {
                        logDeny(str2, str3, str, "global level (restricting right was found)");
                        xWikiContext.setWikiId(wikiId);
                        return false;
                    }
                    if (!"delete".equals(str)) {
                        logAllow(str2, str3, str, "global level (no restricting right)");
                        xWikiContext.setWikiId(wikiId);
                        return true;
                    }
                    if (hasAccessLevel("admin", str2, str3, z, xWikiContext)) {
                        logAllow(str2, str3, str, "admin rights imply delete on empty wiki");
                        xWikiContext.setWikiId(wikiId);
                        return true;
                    }
                    logDeny(str2, str3, str, "global level (delete right must be explicit)");
                    xWikiContext.setWikiId(wikiId);
                    return false;
                }
            } catch (Throwable th) {
                xWikiContext.setWikiId(wikiId);
                throw th;
            }
        }
        return isSuperAdminOrProgramming;
    }

    private boolean hasDenyRights() {
        return true;
    }

    private boolean isSuperAdmin(String str) {
        return StringUtils.equalsIgnoreCase(((DocumentReferenceResolver) Utils.getComponent(DocumentReferenceResolver.TYPE_STRING)).resolve(str, new Object[0]).getName(), "superadmin");
    }

    private boolean isSuperAdminOrProgramming(String str, String str2, String str3, boolean z, XWikiContext xWikiContext) throws XWikiException {
        if (str == null) {
            return false;
        }
        String wikiId = xWikiContext.getWikiId();
        if (isSuperAdmin(str)) {
            logAllow(str, str2, str3, "super admin level");
            return true;
        }
        try {
            xWikiContext.setWikiId(xWikiContext.getMainXWiki());
            XWikiDocument document = xWikiContext.getWiki().getDocument(XWIKIPREFERENCES_REFERENCE, xWikiContext);
            if (checkRight(str, document, "admin", true, true, true, xWikiContext)) {
                logAllow(str, str2, str3, "master admin level");
                xWikiContext.setWikiId(wikiId);
                return true;
            }
            if (!str3.equals("programming")) {
                xWikiContext.setWikiId(wikiId);
                return false;
            }
            if (!str.startsWith(xWikiContext.getMainXWiki() + ":")) {
                xWikiContext.setWikiId(wikiId);
                return false;
            }
            try {
                if (checkRight(str, document, "programming", z, true, true, xWikiContext)) {
                    logAllow(str, str2, str3, "programming level");
                    xWikiContext.setWikiId(wikiId);
                    return true;
                }
                logDeny(str, str2, str3, "programming level");
                xWikiContext.setWikiId(wikiId);
                return false;
            } catch (XWikiRightNotFoundException e) {
                logDeny(str, str2, str3, "programming level (no right found)");
                xWikiContext.setWikiId(wikiId);
                return false;
            }
        } catch (Throwable th) {
            xWikiContext.setWikiId(wikiId);
            throw th;
        }
    }

    private boolean isSuperUser(String str, String str2, String str3, boolean z, XWikiDocument xWikiDocument, int i, XWikiContext xWikiContext) throws XWikiException {
        try {
            if (checkRight(str2, xWikiDocument, "admin", z, true, true, xWikiContext)) {
                logAllow(str2, str3, str, "admin level");
                return true;
            }
        } catch (XWikiRightNotFoundException e) {
        }
        XWikiDocument xWikiDocument2 = new XWikiDocument();
        xWikiDocument2.setFullName(str3);
        String space = xWikiDocument2.getSpace();
        ArrayList arrayList = new ArrayList();
        int i2 = 0;
        while (space != null && i2 <= i) {
            i2++;
            arrayList.add(space);
            XWikiDocument document = xWikiContext.getWiki().getDocument(space, XWikiConstants.SPACE_DOC, xWikiContext);
            if (document.isNew()) {
                space = null;
            } else {
                try {
                    if (checkRight(str2, document, "admin", z, true, true, xWikiContext)) {
                        logAllow(str2, str3, str, "web admin level");
                        return true;
                    }
                } catch (XWikiRightNotFoundException e2) {
                }
                space = document.getStringValue(XWikiPreferencesDocumentInitializer.LOCAL_REFERENCE_STRING, "parent");
                if (space == null || space.trim().equals("") || arrayList.contains(space)) {
                    space = null;
                }
            }
        }
        return false;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasProgrammingRights(XWikiContext xWikiContext) {
        if (xWikiContext.hasDroppedPermissions()) {
            return false;
        }
        XWikiDocument xWikiDocument = (XWikiDocument) xWikiContext.get(XWikiDocument.CKEY_SDOC);
        if (xWikiDocument == null) {
            xWikiDocument = xWikiContext.getDoc();
        }
        return hasProgrammingRights(xWikiDocument, xWikiContext);
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasProgrammingRights(XWikiDocument xWikiDocument, XWikiContext xWikiContext) {
        String fullName;
        try {
            if (xWikiDocument == null) {
                return isSuperAdminOrProgramming(this.entityReferenceSerializer.serialize(xWikiContext.getUserReference(), new Object[0]), null, "programming", true, xWikiContext);
            }
            String contentAuthor = xWikiDocument.getContentAuthor();
            if (contentAuthor == null) {
                return false;
            }
            if (xWikiDocument.getDatabase() != null) {
                fullName = xWikiDocument.getDatabase() + ":" + xWikiDocument.getFullName();
                if (contentAuthor.indexOf(":") == -1) {
                    contentAuthor = xWikiDocument.getDatabase() + ":" + contentAuthor;
                }
            } else {
                fullName = xWikiDocument.getFullName();
            }
            String database = xWikiContext.getWiki().getDatabase();
            if (database == null || !contentAuthor.startsWith(database)) {
                return false;
            }
            return hasAccessLevel("programming", contentAuthor, fullName, xWikiContext);
        } catch (Exception e) {
            LOGGER.error("Failed to check programming right for document [{}]", xWikiDocument.getPrefixedFullName(), e);
            return false;
        }
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasAdminRights(XWikiContext xWikiContext) {
        boolean hasWikiAdminRights = hasWikiAdminRights(xWikiContext);
        if (!hasWikiAdminRights) {
            try {
                hasWikiAdminRights = hasAccessLevel("admin", xWikiContext.getUser(), xWikiContext.getDoc().getSpace() + ".WebPreferences", xWikiContext);
            } catch (Exception e) {
                LOGGER.error("Failed to check space admin right for user [{}]", xWikiContext.getUser(), e);
            }
        }
        return hasWikiAdminRights;
    }

    @Override // com.xpn.xwiki.user.api.XWikiRightService
    public boolean hasWikiAdminRights(XWikiContext xWikiContext) {
        try {
            return hasAccessLevel("admin", xWikiContext.getUser(), XWikiPreferencesDocumentInitializer.LOCAL_REFERENCE_STRING, xWikiContext);
        } catch (Exception e) {
            LOGGER.error("Failed to check wiki admin right for user [{}]", xWikiContext.getUser(), e);
            return false;
        }
    }
}
