package com.inet.report.permissions;

import com.inet.annotations.InternalApi;
import com.inet.config.ConfigKey;
import com.inet.config.ConfigValue;
import com.inet.error.BaseErrorCode;
import com.inet.permissions.AccessDeniedException;
import com.inet.permissions.Permission;
import com.inet.permissions.SystemPermissionChecker;
import com.inet.permissions.SystemPermissionManager;
import com.inet.permissions.url.FilePermissions;
import com.inet.permissions.url.PermissionUrlObject;
import com.inet.permissions.url.PluginPermissionChecker;
import com.inet.permissions.url.URLPermissionChecker;
import com.inet.plugin.ServerPluginManager;
import com.inet.report.BaseUtils;
import com.inet.report.Engine;
import com.inet.report.ReportException;
import com.inet.report.plugins.ReportingServerPlugin;
import com.inet.report.util.UrlConstants;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserAccountType;
import com.inet.usersandgroups.api.user.UserManager;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import javax.annotation.SuppressFBWarnings;

@InternalApi
/* loaded from: input_file:com/inet/report/permissions/PermissionChecker.class */
public class PermissionChecker {
    public static final Permission PERMISSION_EXECUTE_ALL_REPORTS;
    private static PermissionChecker awH;
    private static final ConfigValue<Boolean> awI;
    private static final ConfigValue<Boolean> awJ;
    private static final List<PluginPermissionChecker> awK;

    private PermissionChecker() {
    }

    public static PermissionChecker getInstance() {
        return awH;
    }

    public static void checkReportLocation(URL url) throws AccessDeniedException {
        getInstance().checkReportLocationPermission(url);
    }

    public void checkReportLocationPermission(URL url) throws AccessDeniedException {
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null || currentUserAccount.getAccountType() != UserAccountType.Administrator) {
            URLPermissionChecker.checkReportLocation(url);
        }
    }

    public static void checkExecuteRight(URL url) throws AccessDeniedException {
        getInstance().checkExecutePermission(url);
    }

    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "file used for checkings")
    public void checkExecutePermission(URL url) throws AccessDeniedException {
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null || currentUserAccount.getAccountType() != UserAccountType.Administrator) {
            String url2 = url.toString();
            if ("file:".equals(url2)) {
                return;
            }
            checkReportLocation(url);
            if (((Boolean) awI.get()).booleanValue()) {
                Iterator<PluginPermissionChecker> it = awK.iterator();
                while (it.hasNext()) {
                    if (it.next().checkExecutePermission(url)) {
                        return;
                    }
                }
                if (BaseUtils.isParanoid()) {
                    BaseUtils.paranoid("Checking global permissions...");
                }
                if (SystemPermissionChecker.checkAccess(PERMISSION_EXECUTE_ALL_REPORTS)) {
                    String lowerCase = url2.toLowerCase();
                    if (lowerCase.endsWith(".rpt") || lowerCase.endsWith(".dataview")) {
                        return;
                    }
                }
                if (BaseUtils.isParanoid()) {
                    BaseUtils.paranoid("Checking folder permissions...");
                }
                PermissionUrlObject permissionUrlObject = null;
                try {
                    permissionUrlObject = FilePermissions.getPermission(url);
                } catch (Exception e) {
                    BaseUtils.printStackTrace(e);
                }
                if (permissionUrlObject == null || !permissionUrlObject.checkAccess(1)) {
                    if (BaseUtils.isParanoid()) {
                        BaseUtils.paranoid("Access denied!");
                    }
                    throw new AccessDeniedException(currentUserAccount == null ? BaseErrorCode.UserNotLoggedIn : BaseErrorCode.AccessDeniedOrFileNotExists, new Object[]{url});
                }
            }
        }
    }

    public static void checkAccessPermission(URL url, URL url2) throws ReportException {
        if (url == null || !Engine.EXPORT_DATA.equals(url.getProtocol())) {
            checkReportLocation(url);
            if (((Boolean) awJ.get()).booleanValue() && "file".equals(url.getProtocol())) {
                if (url2 == null || !"file".equals(url2.getProtocol())) {
                    throw new AccessDeniedException(BaseErrorCode.IllegalPath, new Object[]{url});
                }
                String url3 = url2.toString();
                if (!url.toString().toLowerCase().startsWith(url3.substring(0, url3.lastIndexOf(47) + 1).toLowerCase())) {
                    throw new AccessDeniedException(BaseErrorCode.IllegalPath, new Object[]{url});
                }
            }
        }
    }

    static {
        Permission.createCategory(UrlConstants.REPORTS, 5000, "com.inet.report.plugins.structure.i18n.ConfigStructure", PermissionChecker.class);
        PERMISSION_EXECUTE_ALL_REPORTS = SystemPermissionManager.add(ReportingServerPlugin.PLUGIN_ID, UrlConstants.REPORTS, (String) null, 5200, false, ReportingServerPlugin.class);
        awH = new PermissionChecker();
        awI = new ConfigValue<>(ConfigKey.SYSTEMPERMISSION_ENABLED);
        awJ = new ConfigValue<>(ConfigKey.REPOSITORY_ENABLED);
        awK = ServerPluginManager.getInstance().get(PluginPermissionChecker.class);
    }
}
