package net.lukemurphey.nsia.web.views;

import java.io.IOException;
import java.sql.SQLException;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.lukemurphey.nsia.AccessControl;
import net.lukemurphey.nsia.AccessControlDescriptor;
import net.lukemurphey.nsia.Application;
import net.lukemurphey.nsia.GeneralizedException;
import net.lukemurphey.nsia.GroupManagement;
import net.lukemurphey.nsia.InputValidationException;
import net.lukemurphey.nsia.NoDatabaseConnectionException;
import net.lukemurphey.nsia.NotFoundException;
import net.lukemurphey.nsia.ObjectPermissionDescriptor;
import net.lukemurphey.nsia.UserManagement;
import net.lukemurphey.nsia.eventlog.EventLogField;
import net.lukemurphey.nsia.eventlog.EventLogMessage;
import net.lukemurphey.nsia.scan.ScanRule;
import net.lukemurphey.nsia.web.RequestContext;
import net.lukemurphey.nsia.web.SessionMessages;
import net.lukemurphey.nsia.web.Shortcuts;
import net.lukemurphey.nsia.web.URLInvalidException;
import net.lukemurphey.nsia.web.View;
import net.lukemurphey.nsia.web.ViewFailedException;
import net.lukemurphey.nsia.web.ViewNotFoundException;
import net.lukemurphey.nsia.web.forms.FieldError;
import net.lukemurphey.nsia.web.forms.FieldErrors;
import net.lukemurphey.nsia.web.templates.DialogTemplateDirective;
import net.lukemurphey.nsia.web.templates.TemplateLoader;
import net.lukemurphey.nsia.web.views.AccessControlView;

/* loaded from: input_file:net/lukemurphey/nsia/web/views/AccessControlEditView.class */
public class AccessControlEditView extends View {
    private static final int VALUE_UNDEFINED = -1;
    private static final int VALUE_INVALID = -2;
    public static final String VIEW_NAME = "access_control_editor";

    /* loaded from: input_file:net/lukemurphey/nsia/web/views/AccessControlEditView$ACLDescriptor.class */
    private static class ACLDescriptor {
        public AccessControlDescriptor.Action read;
        public AccessControlDescriptor.Action write;
        public AccessControlDescriptor.Action delete;
        public AccessControlDescriptor.Action control;
        public AccessControlDescriptor.Action execute;
        public AccessControlDescriptor.Action create;

        public ACLDescriptor(ObjectPermissionDescriptor objectPermissionDescriptor, HttpServletRequest httpServletRequest) {
            this.read = AccessControlDescriptor.Action.UNSPECIFIED;
            this.write = AccessControlDescriptor.Action.UNSPECIFIED;
            this.delete = AccessControlDescriptor.Action.UNSPECIFIED;
            this.control = AccessControlDescriptor.Action.UNSPECIFIED;
            this.execute = AccessControlDescriptor.Action.UNSPECIFIED;
            this.create = AccessControlDescriptor.Action.UNSPECIFIED;
            if (objectPermissionDescriptor != null) {
                this.read = objectPermissionDescriptor.getReadPermission();
                this.write = objectPermissionDescriptor.getModifyPermission();
                this.delete = objectPermissionDescriptor.getDeletePermission();
                this.control = objectPermissionDescriptor.getControlPermission();
                this.create = objectPermissionDescriptor.getCreatePermission();
                this.execute = objectPermissionDescriptor.getExecutePermission();
            }
            this.read = getACL(this.read, httpServletRequest.getParameter("OperationRead"));
            this.write = getACL(this.write, httpServletRequest.getParameter("OperationWrite"));
            this.delete = getACL(this.delete, httpServletRequest.getParameter("OperationDelete"));
            this.control = getACL(this.control, httpServletRequest.getParameter("OperationControl"));
            this.create = getACL(this.create, httpServletRequest.getParameter("OperationCreate"));
            this.execute = getACL(this.execute, httpServletRequest.getParameter("OperationExecute"));
        }

        private AccessControlDescriptor.Action getACL(AccessControlDescriptor.Action action, String str) {
            AccessControlDescriptor.Action action2 = action;
            if (str != null) {
                if (str.equals("Allow")) {
                    action2 = AccessControlDescriptor.Action.PERMIT;
                } else if (str.equals("Deny")) {
                    action2 = AccessControlDescriptor.Action.DENY;
                } else if (str.equals("Undefined")) {
                    action2 = AccessControlDescriptor.Action.UNSPECIFIED;
                }
            }
            return action2;
        }
    }

    public AccessControlEditView() {
        super("AccessControl", VIEW_NAME, Pattern.compile("[0-9]+"), Pattern.compile("New|Edit", 2), Pattern.compile("(User|Group)?", 2), Pattern.compile("[0-9]*"));
    }

    private AccessControlDescriptor.Action convertPermissionFromString(String str) {
        return str == null ? AccessControlDescriptor.Action.UNSPECIFIED : str.equalsIgnoreCase("Allow") ? AccessControlDescriptor.Action.PERMIT : str.equalsIgnoreCase("Deny") ? AccessControlDescriptor.Action.DENY : AccessControlDescriptor.Action.UNSPECIFIED;
    }

    private void processChange(AccessControl accessControl, ObjectPermissionDescriptor objectPermissionDescriptor, RequestContext requestContext, HttpServletResponse httpServletResponse, long j) throws IOException, URLInvalidException, NoDatabaseConnectionException, SQLException {
        long permissions = accessControl.setPermissions(objectPermissionDescriptor);
        if (permissions > 0) {
            Application.getApplication().logEvent(EventLogMessage.EventType.ACCESS_CONTROL_ENTRY_SET, new EventLogField(EventLogField.FieldName.OBJECT_ID, permissions));
        } else {
            Application.getApplication().logEvent(EventLogMessage.EventType.ACCESS_CONTROL_ENTRY_SET_FAILED);
        }
        requestContext.addMessage("Access control list entry successfully updated", SessionMessages.MessageSeverity.SUCCESS);
        httpServletResponse.sendRedirect(AccessControlView.getURL(j));
    }

    private boolean processChanges(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map, long j) throws NoDatabaseConnectionException, SQLException, IOException, URLInvalidException {
        String parameter = httpServletRequest.getParameter("Subject");
        if (parameter == null) {
            FieldErrors fieldErrors = new FieldErrors();
            fieldErrors.put(new FieldError("Subject", ScanRule.RULE_TYPE, "A user or group was not selected"));
            map.put("form_errors", fieldErrors);
            return false;
        }
        AccessControl accessControl = new AccessControl(Application.getApplication());
        if (httpServletRequest.getParameter("OperationRead") == null || httpServletRequest.getParameter("OperationModify") == null || httpServletRequest.getParameter("OperationControl") == null || httpServletRequest.getParameter("OperationExecute") == null || httpServletRequest.getParameter("OperationCreate") == null || httpServletRequest.getParameter("OperationDelete") == null) {
            return false;
        }
        AccessControlDescriptor.Action convertPermissionFromString = convertPermissionFromString(httpServletRequest.getParameter("OperationRead"));
        AccessControlDescriptor.Action convertPermissionFromString2 = convertPermissionFromString(httpServletRequest.getParameter("OperationModify"));
        AccessControlDescriptor.Action convertPermissionFromString3 = convertPermissionFromString(httpServletRequest.getParameter("OperationControl"));
        AccessControlDescriptor.Action convertPermissionFromString4 = convertPermissionFromString(httpServletRequest.getParameter("OperationExecute"));
        AccessControlDescriptor.Action convertPermissionFromString5 = convertPermissionFromString(httpServletRequest.getParameter("OperationCreate"));
        AccessControlDescriptor.Action convertPermissionFromString6 = convertPermissionFromString(httpServletRequest.getParameter("OperationDelete"));
        try {
            if (parameter.startsWith(GroupView.VIEW_NAME)) {
                processChange(accessControl, new ObjectPermissionDescriptor(convertPermissionFromString, convertPermissionFromString2, convertPermissionFromString5, convertPermissionFromString4, convertPermissionFromString6, convertPermissionFromString3, AccessControlDescriptor.Subject.GROUP, Integer.parseInt(parameter.substring(5)), j), requestContext, httpServletResponse, j);
                return true;
            }
            if (parameter.startsWith(UserView.VIEW_NAME)) {
                processChange(accessControl, new ObjectPermissionDescriptor(convertPermissionFromString, convertPermissionFromString2, convertPermissionFromString5, convertPermissionFromString4, convertPermissionFromString6, convertPermissionFromString3, AccessControlDescriptor.Subject.USER, Integer.parseInt(parameter.substring(4)), j), requestContext, httpServletResponse, j);
                return true;
            }
            requestContext.addMessage("Access control list entry successfully updated", SessionMessages.MessageSeverity.SUCCESS);
            httpServletResponse.sendRedirect(AccessControlView.getURL(j));
            return true;
        } catch (NumberFormatException e) {
            FieldErrors fieldErrors2 = new FieldErrors();
            fieldErrors2.put(new FieldError("Subject", ScanRule.RULE_TYPE, "A user or group was not selected"));
            map.put("form_errors", fieldErrors2);
            return false;
        }
    }

    @Override // net.lukemurphey.nsia.web.View
    protected boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map) throws ViewFailedException, URLInvalidException, IOException, ViewNotFoundException {
        try {
            map.put(DialogTemplateDirective.PARAM_TITLE, "Access Control");
            AccessControl accessControl = new AccessControl(Application.getApplication());
            long j = -1;
            if (strArr.length > 0) {
                try {
                    j = Long.parseLong(strArr[0]);
                } catch (NumberFormatException e) {
                    j = -2;
                }
            }
            if (httpServletRequest.getParameter("Cancel") != null) {
                httpServletResponse.sendRedirect(AccessControlView.getURL(j));
                return true;
            }
            if (!Shortcuts.canControl(requestContext.getSessionInfo(), j, "Edit access control list")) {
                map.put("permission_denied_message", "You do not have permission to edit the access control list");
                TemplateLoader.renderToResponse("AccessControl.ftl", map, httpServletResponse);
                return true;
            }
            if ("POST".equalsIgnoreCase(httpServletRequest.getMethod()) && processChanges(httpServletRequest, httpServletResponse, requestContext, strArr, map, j)) {
                return true;
            }
            String str = null;
            String str2 = null;
            int i = -1;
            int i2 = -1;
            ObjectPermissionDescriptor objectPermissionDescriptor = null;
            boolean z = false;
            if (strArr.length >= 4) {
                str = strArr[3];
                str2 = strArr[2];
            }
            if (str != null) {
                z = true;
                try {
                    if (str2.equalsIgnoreCase("Group")) {
                        i = Integer.parseInt(str);
                        objectPermissionDescriptor = accessControl.getGroupPermissions(i, j);
                        if (objectPermissionDescriptor == null) {
                            throw new ViewFailedException("Object permission descriptor is null for group ID " + i + " and object ID " + j);
                        }
                        map.put("permission", new AccessControlView.PermissionDescriptor(objectPermissionDescriptor));
                        map.put("subjectType", "Group");
                        map.put("subjectID", Integer.valueOf(i));
                    } else if (str2.equalsIgnoreCase("User")) {
                        i2 = Integer.parseInt(str);
                        objectPermissionDescriptor = accessControl.getUserPermissions(i2, j, false);
                        if (objectPermissionDescriptor == null) {
                            throw new ViewFailedException("Object permission descriptor is null for user ID " + i2 + " and object ID " + j);
                        }
                        map.put("permission", new AccessControlView.PermissionDescriptor(objectPermissionDescriptor));
                        map.put("subjectType", "User");
                        map.put("subjectID", Integer.valueOf(i2));
                    }
                } catch (NumberFormatException e2) {
                }
            }
            map.put("groups", new GroupManagement(Application.getApplication()).getGroupDescriptors());
            map.put("users", new UserManagement(Application.getApplication()).getUserDescriptors());
            map.put("isEditing", Boolean.valueOf(z));
            map.put("objectID", Long.valueOf(j));
            map.put("GROUP", AccessControlDescriptor.Subject.GROUP);
            map.put("USER", AccessControlDescriptor.Subject.USER);
            map.put("DENY", AccessControlDescriptor.Action.DENY);
            map.put("PERMIT", AccessControlDescriptor.Action.PERMIT);
            map.put("UNSPECIFIED", AccessControlDescriptor.Action.UNSPECIFIED);
            map.put("VALUE_UNDEFINED", -1);
            map.put("VALUE_INVALID", Integer.valueOf(VALUE_INVALID));
            map.put("userID", Integer.valueOf(i2));
            map.put("groupID", Integer.valueOf(i));
            ACLDescriptor aCLDescriptor = new ACLDescriptor(objectPermissionDescriptor, httpServletRequest);
            map.put("read", aCLDescriptor.read);
            map.put("create", aCLDescriptor.create);
            map.put("delete", aCLDescriptor.delete);
            map.put("execute", aCLDescriptor.execute);
            map.put("write", aCLDescriptor.write);
            map.put("control", aCLDescriptor.control);
            TemplateLoader.renderToResponse("AccessControlEdit.ftl", map, httpServletResponse);
            return true;
        } catch (SQLException e3) {
            throw new ViewFailedException(e3);
        } catch (GeneralizedException e4) {
            throw new ViewFailedException(e4);
        } catch (InputValidationException e5) {
            throw new ViewFailedException(e5);
        } catch (NoDatabaseConnectionException e6) {
            throw new ViewFailedException(e6);
        } catch (NotFoundException e7) {
            throw new ViewFailedException(e7);
        }
    }
}
