package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.Action;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.PermissionCollection;
import com.ibm.wps.ac.factories.ACAdministrationPermissionFactory;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import java.util.Collection;
import java.util.Iterator;

/* loaded from: input_file:lib/wps.jar:com/ibm/wps/ac/impl/ACAdministrationPermissionFactoryImpl.class */
public class ACAdministrationPermissionFactoryImpl extends BasePermissionFactoryImpl implements ACAdministrationPermissionFactory {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getCreateActionSetPermissions() {
        return this.ADDCHILD_ACTION_SETS_PERMISSION_COLLECTION;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getCreateRoleMappingPermissions(ObjectID objectID, ActionSet actionSet, ACPrincipal aCPrincipal) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        createPermissionCollection.add(this.accessControl.createPermission(Action.DELEGATE, aCPrincipal.getObjectID()));
        createPermissionCollection.add(objectID, actionSet);
        ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getCreateRoleMappingPermissions(ObjectID objectID, ActionSet actionSet, Collection collection) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            createPermissionCollection.add(this.accessControl.createPermission(Action.DELEGATE, ((ACPrincipal) it.next()).getObjectID()));
        }
        createPermissionCollection.add(objectID, actionSet);
        ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getDeleteRoleMappingPermissions(ObjectID objectID, ActionSet actionSet, ACPrincipal aCPrincipal) {
        return getCreateRoleMappingPermissions(objectID, actionSet, aCPrincipal);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getDeleteRoleMappingPermissions(ObjectID objectID, ActionSet actionSet, Collection collection) {
        return getCreateRoleMappingPermissions(objectID, actionSet, collection);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getCreateRolePermissions(ObjectID objectID, ActionSet actionSet) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        createPermissionCollection.add(objectID, actionSet);
        if (isResourceExternalized(objectID)) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyRoleAliasPermissions(ObjectID objectID, ActionSet actionSet) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        createPermissionCollection.add(this.GRANTACCESS_EXTERNAL_ACL_PERMISSION);
        createPermissionCollection.add(objectID, actionSet);
        if (isResourceExternalized(objectID)) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getDeleteRolePermissions(ObjectID objectID, ActionSet actionSet) {
        return getCreateRolePermissions(objectID, actionSet);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyInheritanceRoleBlockPermissions(ObjectID objectID, ActionSet actionSet) {
        boolean isResourceExternalized = isResourceExternalized(objectID);
        if (actionSet.implies(Action.GRANT_ACCESS)) {
            return isResourceExternalized ? this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION : this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION;
        }
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        createPermissionCollection.add(objectID, actionSet);
        ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyInheritanceRoleBlockPermissions(ObjectID objectID, Collection collection) {
        boolean isResourceExternalized = isResourceExternalized(objectID);
        Iterator it = collection.iterator();
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        while (it.hasNext()) {
            ActionSet actionSet = (ActionSet) it.next();
            if (actionSet.implies(Action.GRANT_ACCESS)) {
                return isResourceExternalized ? this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION : this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION;
            }
            createPermissionCollection.add(objectID, actionSet);
        }
        if (isResourceExternalized) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyPropagationRoleBlockPermissions(ObjectID objectID, ActionSet actionSet) {
        return getModifyInheritanceRoleBlockPermissions(objectID, actionSet);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyPropagationRoleBlockPermissions(ObjectID objectID, Collection collection) {
        return getModifyInheritanceRoleBlockPermissions(objectID, collection);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyOwnerPermissions(ObjectID objectID, boolean z, ACPrincipal aCPrincipal, ACPrincipal aCPrincipal2) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        if (aCPrincipal != null) {
            createPermissionCollection.add(this.accessControl.createPermission(Action.DELEGATE, aCPrincipal.getObjectID()));
        }
        if (aCPrincipal2 != null) {
            createPermissionCollection.add(this.accessControl.createPermission(Action.DELEGATE, aCPrincipal2.getObjectID()));
        }
        if (z) {
            createPermissionCollection.add(objectID, ActionSetImpl.OWNER_OF_PRIVATE_RESOURCE);
        } else {
            createPermissionCollection.add(objectID, ActionSetImpl.OWNER_OF_SHARED_RESOURCE);
        }
        if (isResourceExternalized(objectID)) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getModifyOwnerPermissions(ObjectID objectID, ObjectID objectID2) throws AuthorizationDataException {
        ProtectedResourceRO resourceByExternalID = AccessControlDataManagement.getResourceManager().getResourceByExternalID(objectID);
        AccessControlDataManagement.getACPrincipalManager();
        ACPrincipal aCPrincipal = null;
        ACPrincipal aCPrincipal2 = null;
        if (resourceByExternalID.getOwnerOID() != null) {
            aCPrincipal = ACManager.getAccessControl().createPrincipal(resourceByExternalID.getOwnerOID());
        }
        if (objectID2 != null) {
            aCPrincipal2 = ACManager.getAccessControl().createPrincipal(objectID2);
        }
        return getModifyOwnerPermissions(objectID, resourceByExternalID.isPrivate(), aCPrincipal, aCPrincipal2);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getExternalizeResourcePermissions(ObjectID objectID) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        createPermissionCollection.add(this.GRANTACCESS_EXTERNAL_ACL_PERMISSION);
        ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getInternalizeResourcePermissions(ObjectID objectID) {
        return getExternalizeResourcePermissions(objectID);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getDeleteACPrincipalPermissions(ACPrincipal aCPrincipal) {
        return getPermissionCollection(this.accessControl.createPermission(Action.DELETE, aCPrincipal.getObjectID()));
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getDeleteACPrincipalPermissions(ObjectID objectID) throws AuthorizationDataException {
        return getDeleteACPrincipalPermissions(AccessControlDataManagement.getACPrincipalManager().loadPrincipal(objectID));
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryACPrincipalPermissions(ACPrincipal aCPrincipal) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.VIEW, aCPrincipal.getObjectID()));
        if (!aCPrincipal.getObjectID().getResourceType().equals(ResourceType.USER_GROUP)) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        } else if (isResourceExternalized(aCPrincipal.getObjectID())) {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryRolesForPrincipalOnResourceCommand(ObjectID objectID) {
        return getViewAccessToACConfigPermissions(objectID);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryInheritedRoleMappingsPermissions(ObjectID objectID) {
        return getViewAccessToACConfigPermissions(objectID);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryMappedPrincipalsPermissions(ObjectID objectID) {
        return getViewAccessToACConfigPermissions(objectID);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryProtectedResourcePermissions(ObjectID objectID) {
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getQueryRoleDomainPermissions(ObjectID objectID) {
        return getViewAccessToACConfigPermissions(objectID);
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getTransformTOPrivatePermissions() {
        return this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getTransformTOSharedPermissions(ObjectID objectID, ObjectID objectID2) throws AuthorizationDataException {
        if (objectID2 == null) {
            objectID2 = AccessControlDataManagement.getResourceManager().getResource(AccessControlDataManagement.getResourceManager().getResourceByExternalID(objectID).getParentOID()).getExternalOID();
        }
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.ADD_CHILD, objectID2));
        createPermissionCollection.add(this.accessControl.createPermission(Action.VIEW, objectID));
        ((PermissionCollectionImpl) createPermissionCollection).addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        createPermissionCollection.setReadOnly();
        return createPermissionCollection;
    }

    @Override // com.ibm.wps.ac.factories.ACAdministrationPermissionFactory
    public PermissionCollection getOptimizeConfigurationPermissions() {
        return this.EXECUTE_XMLACCESS_PERMISSION_COLLECTION;
    }

    private PermissionCollection getViewAccessToACConfigPermissions(ObjectID objectID) {
        PermissionCollectionImpl permissionCollectionImpl = (PermissionCollectionImpl) this.accessControl.createPermissionCollection();
        permissionCollectionImpl.add(this.accessControl.createPermission(Action.GRANT_ACCESS, objectID));
        if (isResourceExternalized(objectID)) {
            permissionCollectionImpl.addShortcutPermissions(this.GRANTACCESS_PORTAL_EXTERNAL_ACCESS_CONTROL_PERMISSION_COLLECTION);
        } else {
            permissionCollectionImpl.addShortcutPermissions(this.GRANTACCESS_PORTAL_PERMISSION_COLLECTION);
        }
        PermissionCollection createPermissionCollection = this.accessControl.createPermissionCollection();
        createPermissionCollection.add(this.accessControl.createPermission(Action.VIEW, objectID));
        permissionCollectionImpl.addShortcutPermissions(createPermissionCollection);
        permissionCollectionImpl.setReadOnly();
        return permissionCollectionImpl;
    }
}
