package org.kuali.kra.protocol.auth;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.kuali.coeus.common.framework.auth.SystemAuthorizationService;
import org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService;
import org.kuali.coeus.common.framework.auth.perm.Permissionable;
import org.kuali.rice.kim.api.role.Role;
import org.kuali.rice.kim.api.role.RoleMembership;
import org.kuali.rice.kim.api.role.RoleService;
import org.kuali.rice.kim.api.type.KimType;

/* loaded from: input_file:org/kuali/kra/protocol/auth/UnitAclLoadServiceImpl.class */
public class UnitAclLoadServiceImpl implements UnitAclLoadService {
    private KcAuthorizationService kraAuthorizationService;
    private RoleService roleManagementService;
    private SystemAuthorizationService systemAuthorizationService;

    public void setKraAuthorizationService(KcAuthorizationService kcAuthorizationService) {
        this.kraAuthorizationService = kcAuthorizationService;
    }

    public void setRoleManagementService(RoleService roleService) {
        this.roleManagementService = roleService;
    }

    public void setSystemAuthorizationService(SystemAuthorizationService systemAuthorizationService) {
        this.systemAuthorizationService = systemAuthorizationService;
    }

    @Override // org.kuali.kra.protocol.auth.UnitAclLoadService
    public void loadUnitAcl(Permissionable permissionable, String str) {
        HashMap hashMap = new HashMap();
        for (RoleMembership roleMembership : getDocumentDefaultAcl(permissionable.getLeadUnitNumber(), permissionable.getDocumentRoleTypeCode())) {
            String memberId = roleMembership.getMemberId();
            if (memberId != null && !StringUtils.equals(memberId, str)) {
                String str2 = roleMembership.getRoleId() + "|" + memberId;
                if (StringUtils.isEmpty((CharSequence) hashMap.get(str2))) {
                    Role role = this.roleManagementService.getRole(roleMembership.getRoleId());
                    hashMap.put(str2, role.getName());
                    this.kraAuthorizationService.addDocumentLevelRole(memberId, role.getName(), permissionable);
                }
            }
        }
    }

    protected Collection<RoleMembership> getDocumentDefaultAcl(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("unitNumber", str);
        ArrayList arrayList = new ArrayList();
        for (Role role : this.systemAuthorizationService.getRoles(str2)) {
            if (isAccessListRole(role)) {
                arrayList.add(role.getId());
            }
        }
        return this.roleManagementService.getRoleMembers(arrayList, new HashMap(hashMap));
    }

    protected boolean isAccessListRole(Role role) {
        KimType kimTypeInfoForRole = this.systemAuthorizationService.getKimTypeInfoForRole(role);
        return (StringUtils.startsWith(kimTypeInfoForRole.getName(), "Derived Role") || StringUtils.startsWith(kimTypeInfoForRole.getName(), "Default")) ? false : true;
    }
}
