package com.ibm.bscape.rest.handler.action.util;

import com.ibm.bscape.ServerConfigConstants;
import com.ibm.bscape.exception.DocumentAccessException;
import com.ibm.bscape.exception.DocumentNotExistException;
import com.ibm.bscape.objects.Document;
import com.ibm.bscape.objects.DocumentActivity;
import com.ibm.bscape.objects.DocumentHistory;
import com.ibm.bscape.repository.db.DocEditorsAccessBean;
import com.ibm.bscape.repository.db.DocOwnershipsAccessBean;
import com.ibm.bscape.repository.db.DocumentACLAccessBean;
import com.ibm.bscape.repository.db.DocumentAccessBean;
import com.ibm.bscape.repository.db.DocumentActivityAccessBean;
import com.ibm.bscape.repository.db.DocumentHistoryAccessBean;
import com.ibm.bscape.resource.BScapeMessageKeys;
import com.ibm.bscape.resource.Messages;
import com.ibm.bscape.rest.servlet.BScapeServerApp;
import java.sql.SQLException;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:lib/BusinessLeaderRuntime.jar:com/ibm/bscape/rest/handler/action/util/DocumentSecurityHelper.class */
public class DocumentSecurityHelper {
    private static final String CLASSNAME = DocumentSecurityHelper.class.getName();
    protected static Logger logger = Logger.getLogger(CLASSNAME, null);

    public static void checkDocOwner(String str, String str2, Locale locale, boolean z) throws SQLException, DocumentAccessException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "checkDocOwner", "strUserDN: " + str + " docId: " + str2 + " isSiteAdmin:" + z);
        }
        if (!z && !new DocOwnershipsAccessBean().isDocOwner(str, str2)) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASSNAME, "checkDocOwner", "The user " + str + " is not the owner of the document: " + str2);
            }
            throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.NOT_DOC_OWNER, locale));
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "checkDocOwner", "strUserDN: " + str + " docId: " + str2 + " passed ");
        }
    }

    public static void checkEditACL(String str, String str2, Locale locale, boolean z) throws SQLException, DocumentAccessException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "checkEditACL", "spaceId: " + str2 + " docId: " + str + " isSiteAdmin: " + z);
        }
        if (!z && new DocumentACLAccessBean().getDocumentACLBySpace(str, str2) != 1) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASSNAME, "checkEditACL", "The spaceId " + str2 + " do not have edit permission for doc : " + str);
            }
            throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.NO_EDIT_PERMISSION, locale));
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "checkEditACL", "spaceId: " + str2 + " docId: " + str + " passed ");
        }
    }

    public static DocumentVersion checkDocumentACL(long j, String str, String str2, String str3, Locale locale, boolean z) throws SQLException, DocumentAccessException, DocumentNotExistException {
        return checkDocumentACL(j, str, str2, str3, locale, true, z);
    }

    public static DocumentVersion checkDocumentACL(long j, String str, String str2, String str3, Locale locale, boolean z, boolean z2) throws SQLException, DocumentAccessException, DocumentNotExistException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "checkDocumentACL", "verion: + " + j + "  spaceId: " + str2 + " docId: " + str + " isSiteAdmin:" + z2);
        }
        if (z) {
            checkDocExists(str, locale);
        }
        DocumentVersion documentVersion = new DocumentVersion();
        documentVersion.setUUID(str);
        boolean z3 = false;
        boolean z4 = false;
        if (str2 != null) {
            int documentACLBySpace = new DocumentACLAccessBean().getDocumentACLBySpace(str, str2);
            z4 = documentACLBySpace != -1;
            z3 = documentACLBySpace == 1;
        }
        if (z2) {
            z3 = true;
        }
        documentVersion.setInSpace(z4);
        documentVersion.setEditable(z3);
        if (j == 0) {
            boolean z5 = false;
            if (z3) {
                DocumentHistory lastestHistory = new DocumentHistoryAccessBean().getLastestHistory(str, true);
                documentVersion.setVersion(lastestHistory.getVersion());
                documentVersion.setPublic(false);
                if (lastestHistory.isReadOnly()) {
                    documentVersion.setCheckPointReadOnly(true);
                    documentVersion.setCreatedFrom(lastestHistory.getCreatedFrom());
                }
            } else if (new DocOwnershipsAccessBean().isDocOwner(str3, str)) {
                j = new DocumentHistoryAccessBean().getLastestVersionNumber(str, true);
                documentVersion.setVersion(j);
                documentVersion.setPublic(false);
            } else {
                j = new DocumentAccessBean().getPublicVersion(str);
                if (j != -1) {
                    z5 = true;
                }
                if (!z4 && !z5) {
                    if (logger.isLoggable(Level.SEVERE)) {
                        logger.logp(Level.SEVERE, CLASSNAME, "checkDocumentACL", "it is a private doc (" + str + "), but do not have acl in BL_DOC_ACL for space " + str2 + ", so no read permission");
                    }
                    throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.NO_READ_PERMISSION, locale));
                }
                if (z5) {
                    documentVersion.setVersion(j);
                    documentVersion.setPublic(true);
                } else {
                    j = new DocumentHistoryAccessBean().getLastestVersionNumber(str, true);
                    documentVersion.setVersion(j);
                    documentVersion.setPublic(false);
                }
            }
        } else {
            if (!isVersionValid(str, j)) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.logp(Level.SEVERE, CLASSNAME, "checkDocumentACL", "invalid version: docId=" + str + " version=" + j);
                }
                throw new DocumentNotExistException(Messages.getMessage(BScapeMessageKeys.DOCUMENT_NOT_EXISTS, new Object[]{String.valueOf(str) + "  version:" + j}, locale));
            }
            if (!z3 && !new DocOwnershipsAccessBean().isDocOwner(str3, str)) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.logp(Level.SEVERE, CLASSNAME, "checkDocumentACL", "without edit acl, you can not specify the version to look at histories.");
                }
                throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.NO_PERMISSION_TO_VIEW_HISTORY, locale));
            }
            documentVersion.setVersion(j);
            documentVersion.setPublic(false);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "checkDocumentACL", "spaceId: " + str2 + " docId: " + str + "  return " + j);
        }
        return documentVersion;
    }

    private static boolean isVersionValid(String str, long j) throws SQLException {
        return new DocumentHistoryAccessBean().validateVersion(str, j) != null;
    }

    public static void checkDocExists(String str, Locale locale) throws SQLException, DocumentNotExistException {
        if (!new DocumentAccessBean().isDocExists(str)) {
            throw new DocumentNotExistException(Messages.getMessage(BScapeMessageKeys.DOCUMENT_NOT_EXISTS, new Object[]{str}, locale));
        }
    }

    public static boolean checkDocContentExists(String str, int i) throws SQLException {
        return new DocumentAccessBean().isDocContentExists(str, i);
    }

    public static void canAssignReadACL(String str, String str2, Locale locale) throws SQLException, DocumentAccessException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "canAssignReadACL", "strUserDN: " + str2 + " docId: " + str);
        }
        if (!(new DocumentAccessBean().getPublicVersion(str) != -1 ? true : new DocOwnershipsAccessBean().isDocOwner(str2, str))) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASSNAME, "canAssignReadACL", Messages.getMessage(BScapeMessageKeys.CANNOT_ASSIGN_READ_ACL, new Object[]{str}, locale));
            }
            throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.CANNOT_ASSIGN_READ_ACL, new Object[]{str}, locale));
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "canAssignReadACL", "strUserDN: " + str2 + " docId: " + str + " passed ");
        }
    }

    public static void canAssignEditACL(String str, String str2, Locale locale) throws SQLException, DocumentAccessException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "canAssignEditACL", "strUserDN: " + str2 + " docId: " + str);
        }
        if (!new DocOwnershipsAccessBean().isDocOwner(str2, str)) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASSNAME, "canAssignEditACL", Messages.getMessage(BScapeMessageKeys.CANNOT_ASSIGN_EDIT_ACL, new Object[]{str}, locale));
            }
            throw new DocumentAccessException(Messages.getMessage(BScapeMessageKeys.CANNOT_ASSIGN_EDIT_ACL, new Object[]{str}, locale));
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "canAssignEditACL", "strUserDN: " + str2 + " docId: " + str + " passed ");
        }
    }

    public static DocumentVersion getDocVersionByACL(long j, String str, String str2, String str3, Locale locale, boolean z) throws SQLException, DocumentAccessException, DocumentNotExistException {
        Document documentInfo = new DocumentActivityAccessBean().getDocumentInfo(str);
        if (documentInfo == null) {
            throw new DocumentNotExistException(Messages.getMessage(BScapeMessageKeys.DOCUMENT_NOT_EXISTS, new Object[]{str}, locale));
        }
        return getDocVersionByACL(j, str, str2, str3, locale, documentInfo, z);
    }

    public static DocumentVersion getDocVersionByACL(long j, String str, String str2, String str3, Locale locale, Document document, boolean z) throws SQLException, DocumentAccessException, DocumentNotExistException {
        String elementType = document.getElementType();
        DocumentVersion checkDocumentACL = checkDocumentACL(j, str, str2, str3, locale, false, z);
        checkDocumentACL.setDocumentActivity((DocumentActivity) document.getActivity());
        checkDocumentACL.setDocType(elementType);
        checkDocumentACL.setUUID(str);
        checkDocumentACL.setID(document.getID());
        checkDocumentACL.setNameSpace(document.getNameSpace());
        checkDocumentACL.setCheckPointReadOnly(document.isReadOnly());
        if (j == 0) {
            String str4 = null;
            if (document != null) {
                str4 = document.getActivity().getLockedByDN();
            }
            if (str4 != null && str4.equalsIgnoreCase(str3)) {
                j = new DocumentHistoryAccessBean().getLastestAutoSaveVersion(str);
                checkDocumentACL.setLockedBy(true);
            } else if (str4 == null && checkDocumentACL.isEditable()) {
                long lastestAutoSaveVersion = new DocumentHistoryAccessBean().getLastestAutoSaveVersion(str);
                if (lastestAutoSaveVersion > checkDocumentACL.getVersion()) {
                    j = lastestAutoSaveVersion;
                }
                if (Boolean.parseBoolean(BScapeServerApp.getConfiguration(ServerConfigConstants.CONCURRENT_EDIT_ENABLEMENT))) {
                    checkDocumentACL.setEditors(new DocEditorsAccessBean().getDocumentEditors(str));
                }
            }
            if (j != 0 && j != checkDocumentACL.getVersion()) {
                checkDocumentACL.setVersion(j);
                checkDocumentACL.setAutosave(true);
            }
        }
        return checkDocumentACL;
    }
}
