package org.alfresco.repo.web.scripts;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.descriptor.DescriptorService;
import org.alfresco.web.app.servlet.command.ExecuteScriptCommand;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.scripts.AbstractRuntimeContainer;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.ServerModel;
import org.alfresco.web.scripts.WebScript;
import org.alfresco.web.scripts.WebScriptException;
import org.alfresco.web.scripts.WebScriptRequest;
import org.alfresco.web.scripts.WebScriptResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/web/scripts/RepositoryContainer.class */
public class RepositoryContainer extends AbstractRuntimeContainer {
    protected static final Log logger = LogFactory.getLog(RepositoryContainer.class);
    private Repository repository;
    private RepositoryImageResolver imageResolver;
    private RetryingTransactionHelper retryingTransactionHelper;
    private AuthorityService authorityService;
    private PermissionService permissionService;
    private DescriptorService descriptorService;

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void setRepositoryImageResolver(RepositoryImageResolver repositoryImageResolver) {
        this.imageResolver = repositoryImageResolver;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public void setTransactionHelper(RetryingTransactionHelper retryingTransactionHelper) {
        this.retryingTransactionHelper = retryingTransactionHelper;
    }

    public void setDescriptorService(DescriptorService descriptorService) {
        this.descriptorService = descriptorService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public ServerModel getDescription() {
        return new RepositoryServerModel(this.descriptorService.getServerDescriptor());
    }

    public Map<String, Object> getScriptParameters() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(super.getScriptParameters());
        addRepoParameters(hashMap);
        return hashMap;
    }

    public Map<String, Object> getTemplateParameters() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(super.getTemplateParameters());
        hashMap.put("imageresolver", this.imageResolver.getImageResolver());
        addRepoParameters(hashMap);
        return hashMap;
    }

    private void addRepoParameters(Map<String, Object> map) {
        if (AlfrescoTransactionSupport.getTransactionId() == null || AuthenticationUtil.getCurrentAuthentication() == null) {
            return;
        }
        NodeRef rootHome = this.repository.getRootHome();
        if (rootHome != null && this.permissionService.hasPermission(rootHome, "Read").equals(AccessStatus.ALLOWED)) {
            map.put("roothome", rootHome);
        }
        NodeRef companyHome = this.repository.getCompanyHome();
        if (companyHome != null && this.permissionService.hasPermission(companyHome, "Read").equals(AccessStatus.ALLOWED)) {
            map.put(NavigationBean.LOCATION_COMPANY, companyHome);
        }
        NodeRef person = this.repository.getPerson();
        if (person == null || !this.permissionService.hasPermission(companyHome, "Read").equals(AccessStatus.ALLOWED)) {
            return;
        }
        map.put(ExecuteScriptCommand.PROP_USERPERSON, person);
        map.put(NavigationBean.LOCATION_HOME, this.repository.getUserHome(person));
    }

    public void executeScript(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse, Authenticator authenticator) throws IOException {
        WebScript webScript = webScriptRequest.getServiceMatch().getWebScript();
        Description description = webScript.getDescription();
        Description.RequiredAuthentication requiredAuthentication = description.getRequiredAuthentication();
        boolean isGuest = webScriptRequest.isGuest();
        if (requiredAuthentication == Description.RequiredAuthentication.none) {
            AuthenticationUtil.clearCurrentSecurityContext();
            transactionedExecute(webScript, webScriptRequest, webScriptResponse);
            return;
        }
        if ((requiredAuthentication == Description.RequiredAuthentication.user || requiredAuthentication == Description.RequiredAuthentication.admin) && isGuest) {
            throw new WebScriptException(401, "Web Script " + description.getId() + " requires user authentication; however, a guest has attempted access.");
        }
        try {
            String currentUserName = AuthenticationUtil.getCurrentUserName();
            if (logger.isDebugEnabled()) {
                logger.debug("Current authentication: " + (currentUserName == null ? "unauthenticated" : "authenticated as " + currentUserName));
                logger.debug("Authentication required: " + requiredAuthentication);
                logger.debug("Guest login: " + isGuest);
            }
            if (authenticator == null || authenticator.authenticate(requiredAuthentication, isGuest)) {
                if (requiredAuthentication == Description.RequiredAuthentication.admin && !this.authorityService.hasAdminAuthority()) {
                    throw new WebScriptException(401, "Web Script " + description.getId() + " requires admin authentication; however, a non-admin has attempted access.");
                }
                transactionedExecute(webScript, webScriptRequest, webScriptResponse);
            }
            AuthenticationUtil.clearCurrentSecurityContext();
            if (currentUserName != null) {
                AuthenticationUtil.setCurrentUser(currentUserName);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication reset: " + (currentUserName == null ? "unauthenticated" : "authenticated as " + currentUserName));
            }
        } catch (Throwable th) {
            AuthenticationUtil.clearCurrentSecurityContext();
            if (0 != 0) {
                AuthenticationUtil.setCurrentUser((String) null);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication reset: " + (0 == 0 ? "unauthenticated" : "authenticated as " + ((String) null)));
            }
            throw th;
        }
    }

    protected void transactionedExecute(final WebScript webScript, final WebScriptRequest webScriptRequest, final WebScriptResponse webScriptResponse) throws IOException {
        final Description description = webScript.getDescription();
        if (description.getRequiredTransaction() == Description.RequiredTransaction.none) {
            webScript.execute(webScriptRequest, webScriptResponse);
            return;
        }
        RetryingTransactionHelper.RetryingTransactionCallback<Object> retryingTransactionCallback = new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.1
            public Object execute() throws Exception {
                if (RepositoryContainer.logger.isDebugEnabled()) {
                    RepositoryContainer.logger.debug("Begin transaction: " + description.getRequiredTransaction());
                }
                webScript.execute(webScriptRequest, webScriptResponse);
                if (!RepositoryContainer.logger.isDebugEnabled()) {
                    return null;
                }
                RepositoryContainer.logger.debug("End transaction: " + description.getRequiredTransaction());
                return null;
            }
        };
        if (description.getRequiredTransaction() == Description.RequiredTransaction.required) {
            this.retryingTransactionHelper.doInTransaction(retryingTransactionCallback);
        } else {
            this.retryingTransactionHelper.doInTransaction(retryingTransactionCallback, false, true);
        }
    }
}
