package org.kuali.kfs.sys.document.workflow;

import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.kns.document.authorization.DocumentAuthorizer;
import org.kuali.kfs.kns.service.DataDictionaryService;
import org.kuali.kfs.kns.service.DocumentHelperService;
import org.kuali.kfs.krad.datadictionary.DocumentEntry;
import org.kuali.kfs.krad.service.KRADServiceLocatorWeb;
import org.kuali.kfs.krad.util.ObjectUtils;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.kfs.sys.document.datadictionary.FinancialSystemTransactionalDocumentEntry;
import org.kuali.rice.kew.api.KewApiServiceLocator;
import org.kuali.rice.kew.api.document.Document;
import org.kuali.rice.kew.api.exception.WorkflowException;
import org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2018-12-20.jar:org/kuali/kfs/sys/document/workflow/SensitiveDataSecurityAttribute.class */
public class SensitiveDataSecurityAttribute implements DocumentSecurityAttribute {
    private static final Logger LOG = LogManager.getLogger((Class<?>) SensitiveDataSecurityAttribute.class);

    @Override // org.kuali.rice.kew.framework.document.security.DocumentSecurityAttribute
    public boolean isAuthorizedForDocument(String str, Document document) {
        List<String> searchableAttributeStringValuesByKey;
        String documentTypeName = document.getDocumentTypeName();
        DocumentEntry documentEntry = ((DataDictionaryService) SpringContext.getBean(DataDictionaryService.class)).getDataDictionary().getDocumentEntry(documentTypeName);
        if (!(documentEntry instanceof FinancialSystemTransactionalDocumentEntry) || !((FinancialSystemTransactionalDocumentEntry) documentEntry).isPotentiallySensitive() || (searchableAttributeStringValuesByKey = KewApiServiceLocator.getWorkflowDocumentService().getSearchableAttributeStringValuesByKey(document.getDocumentId(), "sensitive")) == null || searchableAttributeStringValuesByKey.size() <= 0 || searchableAttributeStringValuesByKey == null || !searchableAttributeStringValuesByKey.contains("Y")) {
            return true;
        }
        DocumentAuthorizer documentAuthorizer = ((DocumentHelperService) SpringContext.getBean(DocumentHelperService.class)).getDocumentAuthorizer(documentTypeName);
        try {
            org.kuali.kfs.krad.document.Document byDocumentHeaderIdSessionless = KRADServiceLocatorWeb.getDocumentService().getByDocumentHeaderIdSessionless(document.getDocumentId());
            if (!ObjectUtils.isNull(byDocumentHeaderIdSessionless)) {
                return documentAuthorizer.canOpen(byDocumentHeaderIdSessionless, KimApiServiceLocator.getPersonService().getPerson(str));
            }
            LOG.error("KFS document is null but exists in rice, returning false from isAuthorizedForDocument. document.getDocumentId()=" + document.getDocumentId());
            return false;
        } catch (WorkflowException e) {
            LOG.error("Exception while testing if user can open document: document.getDocumentId()=" + document.getDocumentId(), (Throwable) e);
            return false;
        }
    }
}
