package net.bluemind.backend.mail.replica.service.internal.hooks;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.bluemind.backend.mail.replica.api.IDbByContainerReplicatedMailboxes;
import net.bluemind.backend.mail.replica.api.IDbReplicatedMailboxes;
import net.bluemind.backend.mail.replica.api.IMailReplicaUids;
import net.bluemind.core.container.api.ContainerQuery;
import net.bluemind.core.container.api.IContainers;
import net.bluemind.core.container.api.ISharedContainers;
import net.bluemind.core.container.hooks.IAclHook;
import net.bluemind.core.container.model.ContainerDescriptor;
import net.bluemind.core.container.model.DataLocation;
import net.bluemind.core.container.model.acl.AccessControlEntry;
import net.bluemind.core.container.model.acl.Verb;
import net.bluemind.core.container.repository.ISharedContainerStore;
import net.bluemind.core.container.service.internal.AclService;
import net.bluemind.core.rest.BmContext;
import net.bluemind.directory.api.IDirectory;
import net.bluemind.mailbox.api.IMailboxAclUids;
import net.bluemind.repository.provider.RepositoryProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/backend/mail/replica/service/internal/hooks/VisibleOnHierarchyAclHook.class */
public class VisibleOnHierarchyAclHook implements IAclHook {
    private static final Logger logger = LoggerFactory.getLogger(VisibleOnHierarchyAclHook.class);

    public void onAclChanged(BmContext bmContext, ContainerDescriptor containerDescriptor, List<AccessControlEntry> list, List<AccessControlEntry> list2) {
        if ("mailbox_records".equals(containerDescriptor.type)) {
            ArrayList arrayList = new ArrayList(list2);
            arrayList.removeAll(list);
            ArrayList arrayList2 = new ArrayList(list);
            arrayList2.removeAll(list2);
            List<AccessControlEntry> list3 = arrayList2.stream().filter(accessControlEntry -> {
                return !accessControlEntry.subject.equals(bmContext.getSecurityContext().getOwnerPrincipal());
            }).toList();
            List<AccessControlEntry> list4 = arrayList.stream().filter(accessControlEntry2 -> {
                return !accessControlEntry2.subject.equals(bmContext.getSecurityContext().getOwnerPrincipal());
            }).toList();
            AclService aclService = new AclService(bmContext, bmContext.getSecurityContext(), ((IContainers) bmContext.su().provider().instance(IContainers.class, new String[0])).get(IMailboxAclUids.uidForMailbox(containerDescriptor.owner)));
            if (!list3.isEmpty()) {
                manageOldEntries(bmContext, containerDescriptor, aclService, list3);
            }
            if (!list4.isEmpty()) {
                manageNewEntries(bmContext, containerDescriptor, aclService, list4);
            }
        }
        if ("mailboxacl".equals(containerDescriptor.type)) {
            Set set = (Set) ((Set) ((ISharedContainers) bmContext.provider().instance(ISharedContainers.class, new String[]{containerDescriptor.domainUid, containerDescriptor.owner})).getSharedContainers("mailbox_records").stream().map(sharedContainer -> {
                return sharedContainer.givenRights;
            }).flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toSet())).stream().map(accessControlEntry3 -> {
                return accessControlEntry3.subject;
            }).collect(Collectors.toSet());
            ((Set) list.stream().map(accessControlEntry4 -> {
                return accessControlEntry4.getSubject();
            }).filter(str -> {
                return !str.equals(IMailboxAclUids.mailboxForUid(containerDescriptor.uid));
            }).collect(Collectors.toSet())).forEach(str2 -> {
                if (isNoMoreVisibleForSubject(list2, list, str2) && set.contains(str2)) {
                    new AclService(bmContext, bmContext.getSecurityContext(), containerDescriptor).add(List.of(AccessControlEntry.create(str2, Verb.Visible)));
                }
            });
        }
    }

    private boolean isNoMoreVisibleForSubject(List<AccessControlEntry> list, List<AccessControlEntry> list2, String str) {
        return list2.stream().anyMatch(accessControlEntry -> {
            return accessControlEntry.getVerb().can(Verb.Visible) && accessControlEntry.getSubject().equals(str);
        }) && !list.stream().anyMatch(accessControlEntry2 -> {
            return accessControlEntry2.getVerb().can(Verb.Visible) && accessControlEntry2.getSubject().equals(str);
        });
    }

    private void manageOldEntries(BmContext bmContext, ContainerDescriptor containerDescriptor, AclService aclService, List<AccessControlEntry> list) {
        List list2 = ((IContainers) bmContext.getServiceProvider().instance(IContainers.class, new String[0])).all(ContainerQuery.ownerAndType(containerDescriptor.owner, "mailbox_records")).stream().map(containerDescriptor2 -> {
            return Long.valueOf(containerDescriptor2.internalId);
        }).toList();
        ISharedContainerStore iSharedContainerStore = (ISharedContainerStore) RepositoryProvider.instance(ISharedContainerStore.class, bmContext, DataLocation.of(containerDescriptor.datalocation));
        for (String str : (Set) list.stream().map(accessControlEntry -> {
            return accessControlEntry.subject;
        }).collect(Collectors.toSet())) {
            try {
                Stream stream = iSharedContainerStore.getForSubject(str).stream().map(sharedContainerStoreResult -> {
                    return Long.valueOf(sharedContainerStoreResult.desc().internalId);
                }).toList().stream();
                list2.getClass();
                if (stream.filter((v1) -> {
                    return r1.contains(v1);
                }).toList().isEmpty()) {
                    removeVisibleRightOnHierarchy(aclService, str);
                }
            } catch (SQLException e) {
                logger.error(e.getMessage());
            }
        }
    }

    private void manageNewEntries(BmContext bmContext, ContainerDescriptor containerDescriptor, AclService aclService, List<AccessControlEntry> list) {
        Set<String> set = (Set) list.stream().map(accessControlEntry -> {
            return accessControlEntry.subject;
        }).collect(Collectors.toSet());
        Map map = (Map) aclService.get().stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getSubject();
        }, Collectors.mapping((v0) -> {
            return v0.getVerb();
        }, Collectors.toSet())));
        for (String str : set) {
            if (!((Set) map.computeIfAbsent(str, str2 -> {
                return Collections.emptySet();
            })).contains(Verb.Visible)) {
                aclService.add(List.of(AccessControlEntry.create(str, Verb.Visible)));
                touchMailboxFolderItem(bmContext, containerDescriptor);
            }
        }
    }

    private void removeVisibleRightOnHierarchy(AclService aclService, String str) {
        aclService.store(aclService.get().stream().filter(accessControlEntry -> {
            return (accessControlEntry.verb.equals(Verb.Visible) && accessControlEntry.subject.equals(str)) ? false : true;
        }).toList());
    }

    private void touchMailboxFolderItem(BmContext bmContext, ContainerDescriptor containerDescriptor) {
        ((IDbReplicatedMailboxes) bmContext.su().provider().instance(IDbByContainerReplicatedMailboxes.class, new String[]{IMailReplicaUids.subtreeUid(containerDescriptor.domainUid, ((IDirectory) bmContext.su().provider().instance(IDirectory.class, new String[]{containerDescriptor.domainUid})).findByEntryUid(containerDescriptor.owner))})).touch(IMailReplicaUids.uniqueId(containerDescriptor.uid));
    }
}
