package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.NodeType;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.Path;
import org.eclipse.stardust.ui.web.viewscommon.core.CommonProperties;
import org.eclipse.stardust.vfs.impl.jcr.AuthorizableOrganizationDetails;
import org.eclipse.stardust.vfs.impl.jcr.JcrVfsPrincipal;

/* loaded from: input_file:lib/jcr-vfs.jar:org/apache/jackrabbit/core/security/authorization/acl/FileACLProvider.class */
public class FileACLProvider extends ACLProvider {
    protected EntryCollector createEntryCollector(SessionImpl sessionImpl) throws RepositoryException {
        return new FileACLCachingEntryCollector(sessionImpl, this.session.getRootNode().getNodeId());
    }

    public AccessControlPolicy[] getEffectivePolicies(Path path, CompiledPermissions compiledPermissions) throws ItemNotFoundException, RepositoryException {
        ArrayList arrayList = new ArrayList();
        if (path != null) {
            NodeImpl node = this.session.getNode(this.session.getJCRPath(path));
            NodeImpl node2 = getNode(node, isAcItem(node));
            if (node2.isNodeType(NodeType.NT_FILE) && isAccessControlled(node2)) {
                if (!compiledPermissions.grants(node2.getPrimaryPath(), 32)) {
                    throw new AccessDeniedException("Access denied at " + node2.getPath());
                }
                arrayList.add(getACL(node2, N_POLICY, node2.getPath()));
            }
        }
        return !arrayList.isEmpty() ? (AccessControlPolicy[]) arrayList.toArray(new AccessControlList[arrayList.size()]) : super.getEffectivePolicies(path, compiledPermissions);
    }

    private AccessControlList getACL(NodeImpl nodeImpl, Name name, String str) throws RepositoryException {
        return new UnmodifiableAccessControlList(new ACLTemplate(nodeImpl.getNode(name), str));
    }

    public boolean isAdminOrSystem(Set<Principal> set) {
        Set<AuthorizableOrganizationDetails> directGroups;
        boolean z = false;
        for (Principal principal : set) {
            if (!z && (principal instanceof JcrVfsPrincipal) && (directGroups = ((JcrVfsPrincipal) principal).getDirectGroups()) != null) {
                Iterator<AuthorizableOrganizationDetails> it = directGroups.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (CommonProperties.ADMINISTRATORS.equals(it.next().getGroupId())) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z || super.isAdminOrSystem(set);
    }
}
