package org.kuali.kfs.kns.web.struts.action;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.kuali.kfs.coreservice.framework.CoreFrameworkServiceLocator;
import org.kuali.kfs.kns.web.struts.form.BackdoorForm;
import org.kuali.kfs.krad.UserSession;
import org.kuali.kfs.krad.util.GlobalVariables;
import org.kuali.kfs.sys.KFSConstants;
import org.kuali.rice.core.api.config.property.ConfigContext;
import org.kuali.rice.core.api.exception.RiceRuntimeException;
import org.kuali.rice.kew.api.KewApiConstants;
import org.kuali.rice.kim.api.KimConstants;
import org.kuali.rice.kim.api.permission.Permission;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;

/* loaded from: input_file:WEB-INF/lib/kfs-kns-2016-10-13.jar:org/kuali/kfs/kns/web/struts/action/BackdoorAction.class */
public class BackdoorAction extends KualiAction {
    private static final Logger LOG = Logger.getLogger(BackdoorAction.class);
    private List<Permission> perms;

    @Override // org.kuali.kfs.kns.web.struts.action.KualiAction, org.apache.struts.actions.DispatchAction, org.apache.struts.action.Action
    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        initForm(httpServletRequest, actionForm);
        return super.execute(actionMapping, actionForm, httpServletRequest, httpServletResponse);
    }

    public ActionForward menu(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug("menu");
        return actionMapping.findForward("basic");
    }

    @Override // org.kuali.kfs.kns.web.struts.action.KualiAction
    public ActionForward refresh(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return portal(actionMapping, actionForm, httpServletRequest, httpServletResponse);
    }

    public ActionForward start(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug("start");
        return portal(actionMapping, actionForm, httpServletRequest, httpServletResponse);
    }

    public ActionForward portal(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug("portal started");
        return actionMapping.findForward("viewPortal");
    }

    public ActionForward administration(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug(KFSConstants.NavigationLinkCategories.ADMINISTRATION);
        return actionMapping.findForward(KFSConstants.NavigationLinkCategories.ADMINISTRATION);
    }

    public ActionForward logout(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug("logout");
        String str = "viewPortal";
        UserSession userSession = getUserSession(httpServletRequest);
        if (userSession.isBackdoorInUse()) {
            userSession.clearBackdoorUser();
            setFormGroupPermission((BackdoorForm) actionForm, httpServletRequest);
            GlobalVariables.getUserSession().clearBackdoorUser();
        } else {
            str = "logout";
        }
        return actionMapping.findForward(str);
    }

    public ActionForward login(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        LOG.debug("login");
        UserSession userSession = getUserSession(httpServletRequest);
        BackdoorForm backdoorForm = (BackdoorForm) actionForm;
        userSession.clearObjectMap();
        if (!isBackdoorAuthorized(userSession, httpServletRequest)) {
            httpServletRequest.setAttribute("backdoorRestriction", "User " + userSession.getActualPerson().getPrincipalName() + " not permitted to use backdoor functionality inside application: " + ConfigContext.getCurrentContextConfig().getProperty("app.code") + ".");
            return logout(actionMapping, actionForm, httpServletRequest, httpServletResponse);
        }
        if (userSession.isBackdoorInUse() && (StringUtils.isEmpty(backdoorForm.getBackdoorId()) || userSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
            return logout(actionMapping, actionForm, httpServletRequest, httpServletResponse);
        }
        try {
            userSession.setBackdoorUser(backdoorForm.getBackdoorId());
            setFormGroupPermission(backdoorForm, httpServletRequest);
            return actionMapping.findForward("portal");
        } catch (RiceRuntimeException e) {
            LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
            return actionMapping.findForward("invalid_backdoor_portal");
        }
    }

    private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", "KR-WKFLW");
        hashMap.put("actionClass", "org.kuali.rice.kew.web.backdoor.AdministrationAction");
        backdoorForm.setIsAdmin(Boolean.valueOf(KimApiServiceLocator.getPermissionService().isAuthorizedByTemplate(getUserSession(httpServletRequest).getPrincipalId(), "KR-NS", KimConstants.PermissionTemplateNames.USE_SCREEN, hashMap, new HashMap())));
    }

    public void initForm(HttpServletRequest httpServletRequest, ActionForm actionForm) throws Exception {
        BackdoorForm backdoorForm = (BackdoorForm) actionForm;
        backdoorForm.setShowBackdoorLogin(CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean("KR-WKFLW", "Backdoor", KewApiConstants.SHOW_BACK_DOOR_LOGIN_IND));
        setFormGroupPermission(backdoorForm, httpServletRequest);
        if (backdoorForm.getGraphic() != null) {
            httpServletRequest.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
        }
    }

    public static UserSession getUserSession(HttpServletRequest httpServletRequest) {
        return GlobalVariables.getUserSession();
    }

    public boolean isBackdoorAuthorized(UserSession userSession, HttpServletRequest httpServletRequest) {
        boolean z = true;
        HashMap hashMap = new HashMap();
        String property = ConfigContext.getCurrentContextConfig().getProperty("app.code");
        hashMap.put(KimConstants.AttributeConstants.APP_CODE, property);
        Iterator<Permission> it = KimApiServiceLocator.getPermissionService().findPermissionsByTemplate("KR-SYS", KimConstants.PermissionTemplateNames.BACKDOOR_RESTRICTION).iterator();
        while (it.hasNext()) {
            if (it.next().getAttributes().values().contains(property)) {
                z = KimApiServiceLocator.getPermissionService().isAuthorizedByTemplate(userSession.getActualPerson().getPrincipalId(), "KR-SYS", KimConstants.PermissionTemplateNames.BACKDOOR_RESTRICTION, hashMap, Collections.emptyMap());
            }
        }
        if (!z) {
            LOG.warn("Attempt to backdoor was made by user: " + userSession.getPerson().getPrincipalId() + " into application with app code: " + property + " but they do not have appropriate permissions. Backdoor processing aborted.");
        }
        return z;
    }
}
