package org.exist.xquery.functions.securitymanager;

import java.util.ArrayList;
import java.util.List;
import org.exist.EXistException;
import org.exist.config.ConfigurationException;
import org.exist.dom.QName;
import org.exist.security.Account;
import org.exist.security.EXistSchemaType;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.security.internal.aider.GroupAider;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;

/* loaded from: input_file:WEB-INF/lib/exist.jar:org/exist/xquery/functions/securitymanager/GroupManagementFunction.class */
public class GroupManagementFunction extends BasicFunction {
    private static final QName qnCreateGroup = new QName("create-group", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnRemoveGroup = new QName("remove-group", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private static final QName qnDeleteGroup = new QName("delete-group", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    public static final FunctionSignature FNS_CREATE_GROUP = new FunctionSignature(qnCreateGroup, "Creates a User Group. The current user will be set as the group's manager.", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to create.")}, new SequenceType(11, 1));
    public static final FunctionSignature FNS_CREATE_GROUP_WITH_METADATA = new FunctionSignature(qnCreateGroup, "Creates a User Group. The current user will be set as the group's manager.", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to create."), new FunctionParameterSequenceType("description", 22, 2, "A description of the group.")}, new SequenceType(11, 1));
    public static final FunctionSignature FNS_CREATE_GROUP_WITH_MANAGERS_WITH_METADATA = new FunctionSignature(qnCreateGroup, "Creates a User Group. The current user will be set as a manager of the group in addition to the specified managers.", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The name of the group to create."), new FunctionParameterSequenceType("managers", 22, 6, "The usernames of users that will be a manager of this group."), new FunctionParameterSequenceType("description", 22, 2, "A description of the group.")}, new SequenceType(11, 1));
    public static final FunctionSignature FNS_REMOVE_GROUP = new FunctionSignature(qnRemoveGroup, "Remove a User Group. Any resources owned by the group will be moved to the 'guest' group.", new SequenceType[]{new FunctionParameterSequenceType("group-name", 22, 2, "The group-id to delete")}, new SequenceType(11, 1));
    public static final FunctionSignature FNS_DELETE_GROUP = new FunctionSignature(qnDeleteGroup, "Removes a User Group. Any resources owned by the group will be moved to the 'guest' group.", new SequenceType[]{new FunctionParameterSequenceType("group-id", 22, 2, "The group-id to delete")}, new SequenceType(11, 1), FNS_REMOVE_GROUP);

    public GroupManagementFunction(XQueryContext xQueryContext, FunctionSignature functionSignature) {
        super(xQueryContext, functionSignature);
    }

    @Override // org.exist.xquery.BasicFunction
    public Sequence eval(Sequence[] sequenceArr, Sequence sequence) throws XPathException {
        SecurityManager securityManager = this.context.getBroker().getBrokerPool().getSecurityManager();
        Subject currentSubject = this.context.getBroker().getCurrentSubject();
        try {
            String stringValue = sequenceArr[0].itemAt(0).getStringValue();
            if (isCalledAs(qnCreateGroup.getLocalPart())) {
                if (securityManager.hasGroup(stringValue)) {
                    throw new XPathException("The group with name " + stringValue + " already exists.");
                }
                if (!currentSubject.hasDbaRole()) {
                    throw new XPathException("Only DBA users may create a user group.");
                }
                GroupAider groupAider = new GroupAider(stringValue);
                groupAider.addManager(currentSubject);
                if (getSignature().getArgumentCount() == 3) {
                    groupAider.addManagers(getGroupManagers(securityManager, sequenceArr[1]));
                }
                if (getSignature().getArgumentCount() >= 2) {
                    groupAider.setMetadataValue(EXistSchemaType.DESCRIPTION, sequenceArr[getSignature().getArgumentCount() - 1].toString());
                }
                securityManager.addGroup(this.context.getBroker(), groupAider);
            } else {
                if (!isCalledAs(qnRemoveGroup.getLocalPart()) && !isCalledAs(qnDeleteGroup.getLocalPart())) {
                    throw new XPathException("Unknown function call: " + getSignature());
                }
                if (!securityManager.hasGroup(stringValue)) {
                    throw new XPathException("The group with name " + stringValue + " does not exist.");
                }
                if (getArgumentCount() == 2) {
                    String stringValue2 = sequenceArr[1].itemAt(0).getStringValue();
                    if (!currentSubject.hasGroup(stringValue2)) {
                        throw new PermissionDeniedException("You must be a member of the group for which permissions should be inherited by");
                    }
                    securityManager.getGroup(stringValue2);
                } else {
                    securityManager.getGroup("guest");
                }
                try {
                    securityManager.deleteGroup(stringValue);
                } catch (EXistException e) {
                    throw new XPathException(this, e);
                }
            }
            return Sequence.EMPTY_SEQUENCE;
        } catch (ConfigurationException e2) {
            throw new XPathException(this, e2);
        } catch (EXistException e3) {
            throw new XPathException(this, e3);
        } catch (PermissionDeniedException e4) {
            throw new XPathException(this, e4);
        }
    }

    private List<Account> getGroupManagers(SecurityManager securityManager, Sequence sequence) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < sequence.getItemCount(); i++) {
            arrayList.add(securityManager.getAccount(sequence.itemAt(i).toString()));
        }
        return arrayList;
    }
}
