package org.traccar.database;

import java.sql.SQLException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.traccar.Context;
import org.traccar.model.Attribute;
import org.traccar.model.Calendar;
import org.traccar.model.Command;
import org.traccar.model.Device;
import org.traccar.model.Driver;
import org.traccar.model.Geofence;
import org.traccar.model.Group;
import org.traccar.model.Maintenance;
import org.traccar.model.ManagedUser;
import org.traccar.model.Notification;
import org.traccar.model.Permission;
import org.traccar.model.Server;
import org.traccar.model.User;

/* loaded from: input_file:org/traccar/database/PermissionsManager.class */
public class PermissionsManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(PermissionsManager.class);
    private final DataManager dataManager;
    private final UsersManager usersManager;
    private volatile Server server;
    private final Map<Long, Set<Long>> groupPermissions = new HashMap();
    private final Map<Long, Set<Long>> devicePermissions = new HashMap();
    private final Map<Long, Set<Long>> deviceUsers = new HashMap();
    private final Map<Long, Set<Long>> groupDevices = new HashMap();

    public PermissionsManager(DataManager dataManager, UsersManager usersManager) {
        this.dataManager = dataManager;
        this.usersManager = usersManager;
        refreshServer();
        refreshDeviceAndGroupPermissions();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public User getUser(long j) {
        return (User) this.usersManager.getById(j);
    }

    public Set<Long> getGroupPermissions(long j) {
        if (!this.groupPermissions.containsKey(Long.valueOf(j))) {
            this.groupPermissions.put(Long.valueOf(j), new HashSet());
        }
        return this.groupPermissions.get(Long.valueOf(j));
    }

    public Set<Long> getDevicePermissions(long j) {
        if (!this.devicePermissions.containsKey(Long.valueOf(j))) {
            this.devicePermissions.put(Long.valueOf(j), new HashSet());
        }
        return this.devicePermissions.get(Long.valueOf(j));
    }

    private Set<Long> getAllDeviceUsers(long j) {
        if (!this.deviceUsers.containsKey(Long.valueOf(j))) {
            this.deviceUsers.put(Long.valueOf(j), new HashSet());
        }
        return this.deviceUsers.get(Long.valueOf(j));
    }

    public Set<Long> getDeviceUsers(long j) {
        Device byId = Context.getIdentityManager().getById(j);
        if (byId != null && !byId.getDisabled()) {
            return getAllDeviceUsers(j);
        }
        HashSet hashSet = new HashSet();
        Iterator<Long> it = getAllDeviceUsers(j).iterator();
        while (it.hasNext()) {
            long longValue = it.next().longValue();
            if (getUserAdmin(longValue)) {
                hashSet.add(Long.valueOf(longValue));
            }
        }
        return hashSet;
    }

    public Set<Long> getGroupDevices(long j) {
        if (!this.groupDevices.containsKey(Long.valueOf(j))) {
            this.groupDevices.put(Long.valueOf(j), new HashSet());
        }
        return this.groupDevices.get(Long.valueOf(j));
    }

    public void refreshServer() {
        try {
            this.server = this.dataManager.getServer();
        } catch (SQLException e) {
            LOGGER.warn("Refresh server config error", e);
        }
    }

    public final void refreshDeviceAndGroupPermissions() {
        this.groupPermissions.clear();
        this.devicePermissions.clear();
        try {
            GroupTree groupTree = new GroupTree(Context.getGroupsManager().getItems(Context.getGroupsManager().getAllItems()), Context.getDeviceManager().getAllDevices());
            for (Permission permission : this.dataManager.getPermissions(User.class, Group.class)) {
                Set<Long> groupPermissions = getGroupPermissions(permission.getOwnerId());
                Set<Long> devicePermissions = getDevicePermissions(permission.getOwnerId());
                groupPermissions.add(Long.valueOf(permission.getPropertyId()));
                Iterator<Group> it = groupTree.getGroups(permission.getPropertyId()).iterator();
                while (it.hasNext()) {
                    groupPermissions.add(Long.valueOf(it.next().getId()));
                }
                Iterator<Device> it2 = groupTree.getDevices(permission.getPropertyId()).iterator();
                while (it2.hasNext()) {
                    devicePermissions.add(Long.valueOf(it2.next().getId()));
                }
            }
            for (Permission permission2 : this.dataManager.getPermissions(User.class, Device.class)) {
                getDevicePermissions(permission2.getOwnerId()).add(Long.valueOf(permission2.getPropertyId()));
            }
            this.groupDevices.clear();
            Iterator<Long> it3 = Context.getGroupsManager().getAllItems().iterator();
            while (it3.hasNext()) {
                long longValue = it3.next().longValue();
                Iterator<Device> it4 = groupTree.getDevices(longValue).iterator();
                while (it4.hasNext()) {
                    getGroupDevices(longValue).add(Long.valueOf(it4.next().getId()));
                }
            }
        } catch (ClassNotFoundException | SQLException e) {
            LOGGER.warn("Refresh device permissions error", e);
        }
        this.deviceUsers.clear();
        for (Map.Entry<Long, Set<Long>> entry : this.devicePermissions.entrySet()) {
            Iterator<Long> it5 = entry.getValue().iterator();
            while (it5.hasNext()) {
                getAllDeviceUsers(it5.next().longValue()).add(entry.getKey());
            }
        }
    }

    public boolean getUserAdmin(long j) {
        User user = getUser(j);
        return user != null && user.getAdministrator();
    }

    public void checkAdmin(long j) throws SecurityException {
        if (!getUserAdmin(j)) {
            throw new SecurityException("Admin access required");
        }
    }

    public boolean getUserManager(long j) {
        User user = getUser(j);
        return (user == null || user.getUserLimit() == 0) ? false : true;
    }

    public void checkManager(long j) throws SecurityException {
        if (!getUserManager(j)) {
            throw new SecurityException("Manager access required");
        }
    }

    public void checkManager(long j, long j2) throws SecurityException {
        checkManager(j);
        if (!this.usersManager.getUserItems(j).contains(Long.valueOf(j2))) {
            throw new SecurityException("User access denied");
        }
    }

    public void checkUserLimit(long j) throws SecurityException {
        int userLimit = getUser(j).getUserLimit();
        if (userLimit != -1 && this.usersManager.getUserItems(j).size() >= userLimit) {
            throw new SecurityException("Manager user limit reached");
        }
    }

    public void checkDeviceLimit(long j) throws SecurityException {
        int deviceLimit = getUser(j).getDeviceLimit();
        if (deviceLimit != -1) {
            if ((getUserManager(j) ? Context.getDeviceManager().getAllManagedItems(j).size() : Context.getDeviceManager().getAllUserItems(j).size()) >= deviceLimit) {
                throw new SecurityException("User device limit reached");
            }
        }
    }

    public boolean getUserReadonly(long j) {
        User user = getUser(j);
        return user != null && user.getReadonly();
    }

    public boolean getUserDeviceReadonly(long j) {
        User user = getUser(j);
        return user != null && user.getDeviceReadonly();
    }

    public boolean getUserLimitCommands(long j) {
        User user = getUser(j);
        return user != null && user.getLimitCommands();
    }

    public void checkReadonly(long j) throws SecurityException {
        if (getUserAdmin(j)) {
            return;
        }
        if (this.server.getReadonly() || getUserReadonly(j)) {
            throw new SecurityException("Account is readonly");
        }
    }

    public void checkDeviceReadonly(long j) throws SecurityException {
        if (getUserAdmin(j)) {
            return;
        }
        if (this.server.getDeviceReadonly() || getUserDeviceReadonly(j)) {
            throw new SecurityException("Account is device readonly");
        }
    }

    public void checkLimitCommands(long j) throws SecurityException {
        if (getUserAdmin(j)) {
            return;
        }
        if (this.server.getLimitCommands() || getUserLimitCommands(j)) {
            throw new SecurityException("Account has limit sending commands");
        }
    }

    public void checkUserDeviceCommand(long j, long j2, long j3) throws SecurityException {
        if (!getUserAdmin(j) && Context.getCommandsManager().checkDeviceCommand(j2, j3)) {
            throw new SecurityException("Command can not be sent to this device");
        }
    }

    public void checkUserEnabled(long j) throws SecurityException {
        User user = getUser(j);
        if (user == null) {
            throw new SecurityException("Unknown account");
        }
        if (user.getDisabled()) {
            throw new SecurityException("Account is disabled");
        }
        if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
            throw new SecurityException("Account has expired");
        }
    }

    public void checkUserUpdate(long j, User user, User user2) throws SecurityException {
        if (user.getAdministrator() != user2.getAdministrator() || user.getDeviceLimit() != user2.getDeviceLimit() || user.getUserLimit() != user2.getUserLimit()) {
            checkAdmin(j);
        }
        User user3 = getUser(j);
        if (user3 != null && user3.getExpirationTime() != null && (user2.getExpirationTime() == null || user3.getExpirationTime().compareTo(user2.getExpirationTime()) < 0)) {
            checkAdmin(j);
        }
        if (user.getReadonly() == user2.getReadonly() && user.getDeviceReadonly() == user2.getDeviceReadonly() && user.getDisabled() == user2.getDisabled() && user.getLimitCommands() == user2.getLimitCommands()) {
            return;
        }
        if (j == user2.getId()) {
            checkAdmin(j);
        }
        if (getUserAdmin(j)) {
            return;
        }
        checkManager(j);
    }

    public void checkUser(long j, long j2) throws SecurityException {
        if (j == j2 || getUserAdmin(j)) {
            return;
        }
        checkManager(j, j2);
    }

    public void checkGroup(long j, long j2) throws SecurityException {
        if (getGroupPermissions(j).contains(Long.valueOf(j2)) || getUserAdmin(j)) {
            return;
        }
        checkManager(j);
        Iterator<Long> it = this.usersManager.getUserItems(j).iterator();
        while (it.hasNext()) {
            if (getGroupPermissions(it.next().longValue()).contains(Long.valueOf(j2))) {
                return;
            }
        }
        throw new SecurityException("Group access denied");
    }

    public void checkDevice(long j, long j2) throws SecurityException {
        if (Context.getDeviceManager().getUserItems(j).contains(Long.valueOf(j2)) || getUserAdmin(j)) {
            return;
        }
        checkManager(j);
        Iterator<Long> it = this.usersManager.getUserItems(j).iterator();
        while (it.hasNext()) {
            if (Context.getDeviceManager().getUserItems(it.next().longValue()).contains(Long.valueOf(j2))) {
                return;
            }
        }
        throw new SecurityException("Device access denied");
    }

    public void checkRegistration(long j) {
        if (!this.server.getRegistration() && !getUserAdmin(j)) {
            throw new SecurityException("Registration disabled");
        }
    }

    public void checkPermission(Class<?> cls, long j, long j2) throws SecurityException {
        SimpleObjectManager simpleObjectManager = null;
        if (cls.equals(Device.class)) {
            checkDevice(j, j2);
        } else if (cls.equals(Group.class)) {
            checkGroup(j, j2);
        } else if (cls.equals(User.class) || cls.equals(ManagedUser.class)) {
            checkUser(j, j2);
        } else if (cls.equals(Geofence.class)) {
            simpleObjectManager = Context.getGeofenceManager();
        } else if (cls.equals(Attribute.class)) {
            simpleObjectManager = Context.getAttributesManager();
        } else if (cls.equals(Driver.class)) {
            simpleObjectManager = Context.getDriversManager();
        } else if (cls.equals(Calendar.class)) {
            simpleObjectManager = Context.getCalendarManager();
        } else if (cls.equals(Command.class)) {
            simpleObjectManager = Context.getCommandsManager();
        } else if (cls.equals(Maintenance.class)) {
            simpleObjectManager = Context.getMaintenancesManager();
        } else {
            if (!cls.equals(Notification.class)) {
                throw new IllegalArgumentException("Unknown object type");
            }
            simpleObjectManager = Context.getNotificationManager();
        }
        if (simpleObjectManager == null || simpleObjectManager.checkItemPermission(j, j2) || getUserAdmin(j)) {
            return;
        }
        checkManager(j);
        Iterator<Long> it = this.usersManager.getManagedItems(j).iterator();
        while (it.hasNext()) {
            if (simpleObjectManager.checkItemPermission(it.next().longValue(), j2)) {
                return;
            }
        }
        throw new SecurityException("Type " + cls + " access denied");
    }

    public void refreshAllUsersPermissions() {
        if (Context.getGeofenceManager() != null) {
            Context.getGeofenceManager().refreshUserItems();
        }
        Context.getCalendarManager().refreshUserItems();
        Context.getDriversManager().refreshUserItems();
        Context.getAttributesManager().refreshUserItems();
        Context.getCommandsManager().refreshUserItems();
        Context.getMaintenancesManager().refreshUserItems();
        if (Context.getNotificationManager() != null) {
            Context.getNotificationManager().refreshUserItems();
        }
    }

    public void refreshAllExtendedPermissions() {
        if (Context.getGeofenceManager() != null) {
            Context.getGeofenceManager().refreshExtendedPermissions();
        }
        Context.getDriversManager().refreshExtendedPermissions();
        Context.getAttributesManager().refreshExtendedPermissions();
        Context.getCommandsManager().refreshExtendedPermissions();
        Context.getMaintenancesManager().refreshExtendedPermissions();
    }

    public void refreshPermissions(Permission permission) {
        if (!permission.getOwnerClass().equals(User.class)) {
            if (permission.getOwnerClass().equals(Device.class) || permission.getOwnerClass().equals(Group.class)) {
                if (permission.getPropertyClass().equals(Geofence.class) && Context.getGeofenceManager() != null) {
                    Context.getGeofenceManager().refreshExtendedPermissions();
                    return;
                }
                if (permission.getPropertyClass().equals(Driver.class)) {
                    Context.getDriversManager().refreshExtendedPermissions();
                    return;
                }
                if (permission.getPropertyClass().equals(Attribute.class)) {
                    Context.getAttributesManager().refreshExtendedPermissions();
                    return;
                }
                if (permission.getPropertyClass().equals(Command.class)) {
                    Context.getCommandsManager().refreshExtendedPermissions();
                    return;
                }
                if (permission.getPropertyClass().equals(Maintenance.class)) {
                    Context.getMaintenancesManager().refreshExtendedPermissions();
                    return;
                } else {
                    if (!permission.getPropertyClass().equals(Notification.class) || Context.getNotificationManager() == null) {
                        return;
                    }
                    Context.getNotificationManager().refreshExtendedPermissions();
                    return;
                }
            }
            return;
        }
        if (permission.getPropertyClass().equals(Device.class) || permission.getPropertyClass().equals(Group.class)) {
            refreshDeviceAndGroupPermissions();
            refreshAllExtendedPermissions();
            return;
        }
        if (permission.getPropertyClass().equals(ManagedUser.class)) {
            this.usersManager.refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Geofence.class) && Context.getGeofenceManager() != null) {
            Context.getGeofenceManager().refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Driver.class)) {
            Context.getDriversManager().refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Attribute.class)) {
            Context.getAttributesManager().refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Calendar.class)) {
            Context.getCalendarManager().refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Command.class)) {
            Context.getCommandsManager().refreshUserItems();
            return;
        }
        if (permission.getPropertyClass().equals(Maintenance.class)) {
            Context.getMaintenancesManager().refreshUserItems();
        } else {
            if (!permission.getPropertyClass().equals(Notification.class) || Context.getNotificationManager() == null) {
                return;
            }
            Context.getNotificationManager().refreshUserItems();
        }
    }

    public Server getServer() {
        return this.server;
    }

    public void updateServer(Server server) throws SQLException {
        this.dataManager.updateObject(server);
        this.server = server;
    }

    public User login(String str, String str2) throws SQLException {
        User login = this.dataManager.login(str, str2);
        if (login == null) {
            return null;
        }
        checkUserEnabled(login.getId());
        return getUser(login.getId());
    }

    public Object lookupAttribute(long j, String str, Object obj) {
        Object obj2;
        Object obj3 = this.server.getAttributes().get(str);
        Object obj4 = getUser(j).getAttributes().get(str);
        if (this.server.getForceSettings()) {
            obj2 = obj3 != null ? obj3 : obj4;
        } else {
            obj2 = obj4 != null ? obj4 : obj3;
        }
        return obj2 != null ? obj2 : obj;
    }
}
