package net.bluemind.core.container.service.internal;

import java.sql.SQLException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.api.Count;
import net.bluemind.core.container.api.IInternalContainerManagement;
import net.bluemind.core.container.hooks.AbstractEmailHook;
import net.bluemind.core.container.hooks.IAclHook;
import net.bluemind.core.container.hooks.IContainersHook;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.ContainerDescriptor;
import net.bluemind.core.container.model.ContainerModifiableDescriptor;
import net.bluemind.core.container.model.ItemDescriptor;
import net.bluemind.core.container.model.ItemFlagFilter;
import net.bluemind.core.container.model.acl.AccessControlEntry;
import net.bluemind.core.container.model.acl.Verb;
import net.bluemind.core.container.persistence.AclStore;
import net.bluemind.core.container.persistence.ContainerPersonalSettingsStore;
import net.bluemind.core.container.persistence.ContainerSettingsStore;
import net.bluemind.core.container.persistence.ContainerStore;
import net.bluemind.core.container.persistence.DataSourceRouter;
import net.bluemind.core.container.persistence.ItemStore;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.sanitizer.Sanitizer;
import net.bluemind.core.validator.Validator;
import net.bluemind.eclipse.common.RunnableExtensionLoader;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.user.persistence.UserSubscriptionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/core/container/service/internal/ContainerManagement.class */
public class ContainerManagement implements IInternalContainerManagement {
    private AclStore aclStore;
    private SecurityContext securityContext;
    private Container container;
    private ContainerStore containerStore;
    private ItemStore itemStore;
    private ContainerPersonalSettingsStore containerPersonalSettingsStore;
    private ContainerSettingsStore containerSettingsStore;
    private BmContext context;
    private Sanitizer sanitizer;
    private Validator validator;
    private RBACManager rbacManager;
    private UserSubscriptionStore userSubscriptionStore;
    private AccessControlEntryValidator aceValidator;
    private static final List<IAclHook> hooks = loadHooks();
    private static final List<IContainersHook> cHooks = loadContainerHooks();
    private static final Logger logger = LoggerFactory.getLogger(ContainerManagement.class);

    private static List<IAclHook> loadHooks() {
        return new RunnableExtensionLoader().loadExtensions("net.bluemind.core.container.hooks", "aclhook", "acl_hook", "impl");
    }

    private static List<IContainersHook> loadContainerHooks() {
        return new RunnableExtensionLoader().loadExtensions("net.bluemind.core.container.hooks", "container", "hook", "impl");
    }

    public ContainerManagement(BmContext bmContext, Container container) throws ServerFault {
        this.container = container;
        this.context = bmContext;
        this.securityContext = bmContext.getSecurityContext();
        DataSource dataSource = DataSourceRouter.get(bmContext, container.uid);
        this.itemStore = new ItemStore(dataSource, container, this.securityContext);
        this.containerStore = new ContainerStore(bmContext, dataSource, this.securityContext);
        this.containerPersonalSettingsStore = new ContainerPersonalSettingsStore(dataSource, bmContext.getSecurityContext(), container);
        this.containerSettingsStore = new ContainerSettingsStore(dataSource, container);
        this.aclStore = new AclStore(bmContext, dataSource);
        this.sanitizer = new Sanitizer(bmContext);
        this.validator = new Validator(bmContext);
        this.rbacManager = new RBACManager(bmContext).forContainer(container);
        try {
            this.userSubscriptionStore = new UserSubscriptionStore(this.securityContext, bmContext.getDataSource(), new ContainerStore((BmContext) null, bmContext.getDataSource(), this.securityContext).get(bmContext.getSecurityContext().getContainerUid()));
            this.aceValidator = new AccessControlEntryValidator(container.domainUid);
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public void setAccessControlList(List<AccessControlEntry> list) throws ServerFault {
        setAccessControlList(list, true);
    }

    public void setAccessControlList(List<AccessControlEntry> list, boolean z) throws ServerFault {
        ReadOnlyMode.checkWritable();
        if (!this.container.owner.equals(this.securityContext.getSubject()) && !this.rbacManager.can(Verb.Manage.name())) {
            throw new ServerFault("container " + this.container.uid + " is not manageable", ErrorCode.PERMISSION_DENIED);
        }
        this.aceValidator.validate(this.container, list);
        List retrieveAndStore = this.aclStore.retrieveAndStore(this.container, list);
        ContainerDescriptor create = ContainerDescriptor.create(this.container.uid, this.container.name, this.container.owner, this.container.type, this.container.domainUid, false);
        hooks.stream().filter(iAclHook -> {
            return z || !(iAclHook instanceof AbstractEmailHook);
        }).forEach(iAclHook2 -> {
            try {
                iAclHook2.onAclChanged(this.context, create, Collections.unmodifiableList(retrieveAndStore), Collections.unmodifiableList(list));
            } catch (Exception e) {
                logger.error("error executing hook on setACL (container {}@{})", new Object[]{this.container.uid, this.container.domainUid, e});
            }
        });
        eventProducer().changed(this.container.type, this.container.uid);
    }

    public List<AccessControlEntry> getAccessControlList() throws ServerFault {
        this.rbacManager.check(Verb.Manage.name());
        try {
            return this.aclStore.get(this.container);
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public ContainerDescriptor getDescriptor() throws ServerFault {
        this.rbacManager.check(Verb.Manage.name(), Verb.Read.name());
        return new Containers(this.context).asDescriptorForUser(this.container, this.context.getSecurityContext(), this.context.getSecurityContext().getSubject());
    }

    public void update(ContainerModifiableDescriptor containerModifiableDescriptor) throws ServerFault {
        ReadOnlyMode.checkWritable();
        this.rbacManager.check(Verb.Manage.name());
        ContainerDescriptor descriptor = getDescriptor();
        this.sanitizer.update(descriptor, containerModifiableDescriptor);
        this.validator.update(descriptor, containerModifiableDescriptor);
        try {
            this.containerStore.update(this.container.uid, containerModifiableDescriptor.name, descriptor.defaultContainer);
            ContainerDescriptor descriptor2 = getDescriptor();
            Iterator<IContainersHook> it = cHooks.iterator();
            while (it.hasNext()) {
                it.next().onContainerUpdated(this.context, descriptor, descriptor2);
            }
            eventProducer().changed(descriptor.type, this.container.uid);
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public List<String> subscribers() throws ServerFault {
        if (!this.securityContext.isDomainAdmin(this.container.domainUid)) {
            throw new ServerFault("only admin can call this method", ErrorCode.FORBIDDEN);
        }
        try {
            return new ContainerStore((BmContext) null, this.context.getDataSource(), this.securityContext).listSubscriptions(this.container);
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public List<ItemDescriptor> getAllItems() throws ServerFault {
        this.rbacManager.check(Verb.Read.name());
        try {
            return ItemDescriptor.get(this.itemStore.all());
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public List<ItemDescriptor> getFilteredItems(ItemFlagFilter itemFlagFilter) throws ServerFault {
        this.rbacManager.check(Verb.Read.name());
        try {
            return ItemDescriptor.get(this.itemStore.filtered(itemFlagFilter));
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public List<ItemDescriptor> getItems(List<String> list) throws ServerFault {
        this.rbacManager.check(Verb.Read.name());
        try {
            return ItemDescriptor.get(this.itemStore.getMultiple(list));
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public void setPersonalSettings(Map<String, String> map) throws ServerFault {
        ReadOnlyMode.checkWritable();
        this.containerPersonalSettingsStore.set(map);
    }

    public void setSettings(Map<String, String> map) throws ServerFault {
        ReadOnlyMode.checkWritable();
        this.rbacManager.check(Verb.Manage.name());
        try {
            this.containerSettingsStore.setSettings(map);
            ContainerDescriptor create = ContainerDescriptor.create(this.container.uid, this.container.name, this.container.owner, this.container.type, this.container.domainUid, this.container.defaultContainer);
            Iterator<IContainersHook> it = cHooks.iterator();
            while (it.hasNext()) {
                it.next().onContainerSettingsChanged(this.context, create);
            }
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public Map<String, String> getSettings() throws ServerFault {
        this.rbacManager.check(Verb.Read.name());
        try {
            return this.containerSettingsStore.getSettings();
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    private ContainersEventProducer eventProducer() {
        return new ContainersEventProducer(this.context.getSecurityContext(), VertxPlatform.eventBus());
    }

    public void allowOfflineSync(String str) throws ServerFault {
        new RBACManager(this.context).forDomain(this.container.domainUid).forEntry(str).check("manageUserSubscriptions", "self");
        try {
            if (!this.userSubscriptionStore.isSubscribed(str, this.container)) {
                throw new ServerFault("No subscription for container " + this.container.uid);
            }
            this.userSubscriptionStore.allowSynchronization(str, this.container, true);
            ContainerDescriptor create = ContainerDescriptor.create(this.container.uid, this.container.name, this.container.owner, this.container.type, this.container.domainUid, false);
            Iterator<IContainersHook> it = cHooks.iterator();
            while (it.hasNext()) {
                it.next().onContainerOfflineSyncStatusChanged(this.context, create, str);
            }
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public void disallowOfflineSync(String str) throws ServerFault {
        new RBACManager(this.context).forDomain(this.container.domainUid).forEntry(str).check("manageUserSubscriptions", "self");
        try {
            if (!this.userSubscriptionStore.isSubscribed(str, this.container)) {
                throw new ServerFault("No subscription for container " + this.container.uid);
            }
            this.userSubscriptionStore.allowSynchronization(str, this.container, false);
            ContainerDescriptor create = ContainerDescriptor.create(this.container.uid, this.container.name, this.container.owner, this.container.type, this.container.domainUid, false);
            Iterator<IContainersHook> it = cHooks.iterator();
            while (it.hasNext()) {
                it.next().onContainerOfflineSyncStatusChanged(this.context, create, str);
            }
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public Count getItemCount() {
        this.rbacManager.check(Verb.Manage.name(), Verb.Read.name());
        try {
            return Count.of(this.itemStore.getItemCount());
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }

    public boolean canAccess(List<String> list) throws ServerFault {
        return this.rbacManager.can((String[]) list.toArray(new String[0]));
    }
}
