package org.kuali.kfs.kim.impl.role;

import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.cache.CacheKeyUtils;
import org.kuali.kfs.core.api.criteria.CriteriaLookupService;
import org.kuali.kfs.core.api.criteria.GenericQueryResults;
import org.kuali.kfs.core.api.criteria.LookupCustomizer;
import org.kuali.kfs.core.api.criteria.QueryByCriteria;
import org.kuali.kfs.core.api.datetime.DateTimeService;
import org.kuali.kfs.core.api.delegation.DelegationType;
import org.kuali.kfs.core.api.membership.MemberType;
import org.kuali.kfs.kim.api.KimConstants;
import org.kuali.kfs.kim.api.identity.PersonService;
import org.kuali.kfs.kim.api.role.RoleMembership;
import org.kuali.kfs.kim.api.role.RoleService;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kim.api.type.KimTypeInfoService;
import org.kuali.kfs.kim.framework.common.delegate.DelegationTypeService;
import org.kuali.kfs.kim.framework.role.RoleTypeService;
import org.kuali.kfs.kim.framework.services.KimFrameworkServiceLocator;
import org.kuali.kfs.kim.framework.type.KimTypeService;
import org.kuali.kfs.kim.impl.common.attribute.AttributeTransform;
import org.kuali.kfs.kim.impl.common.attribute.KimAttributeData;
import org.kuali.kfs.kim.impl.common.delegate.DelegateMember;
import org.kuali.kfs.kim.impl.common.delegate.DelegateMemberAttributeData;
import org.kuali.kfs.kim.impl.common.delegate.DelegateType;
import org.kuali.kfs.kim.impl.identity.Person;
import org.kuali.kfs.kim.impl.permission.Permission;
import org.kuali.kfs.kim.impl.responsibility.Responsibility;
import org.kuali.kfs.kim.impl.role.RoleServiceBase;
import org.kuali.kfs.kim.impl.services.KimImplServiceLocator;
import org.kuali.kfs.kim.impl.type.KimType;
import org.kuali.kfs.kim.util.KimCommonUtilsInternal;
import org.kuali.kfs.krad.service.BusinessObjectService;
import org.kuali.kfs.krad.service.KRADServiceLocator;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.cache.support.NoOpCacheManager;
import org.springframework.util.LinkedMultiValueMap;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2023-08-30.jar:org/kuali/kfs/kim/impl/role/RoleServiceImpl.class */
public class RoleServiceImpl extends RoleServiceBase implements RoleService {
    private static final Logger LOG = LogManager.getLogger();
    private static final Map<String, RoleServiceBase.RoleDaoAction> memberTypeToRoleDaoActionMap = populateMemberTypeToRoleDaoActionMap();
    private RoleService proxiedRoleService;
    private CacheManager cacheManager = new NoOpCacheManager();
    private PersonService personService;
    private DateTimeService dateTimeService;
    private KimTypeInfoService kimTypeInfoService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/kfs-core-2023-08-30.jar:org/kuali/kfs/kim/impl/role/RoleServiceImpl$Context.class */
    public final class Context {
        private final String principalId;
        private List<String> principalGroupIds;
        private final Map<String, RoleTypeService> roleTypeServiceCache = new HashMap();
        private final Map<String, Boolean> isDerivedRoleTypeCache = new HashMap();

        Context(String str) {
            this.principalId = str;
        }

        List<String> getPrincipalGroupIds() {
            if (this.principalGroupIds == null) {
                this.principalGroupIds = RoleServiceImpl.this.getGroupService().getGroupIdsByPrincipalId(this.principalId);
            }
            return this.principalGroupIds;
        }

        RoleTypeService getRoleTypeService(String str) {
            KimType kimType;
            if (this.roleTypeServiceCache.containsKey(str)) {
                return this.roleTypeServiceCache.get(str);
            }
            RoleTypeService roleTypeService = null;
            if (str != null && (kimType = RoleServiceImpl.this.kimTypeInfoService.getKimType(str)) != null && StringUtils.isNotBlank(kimType.getServiceName())) {
                roleTypeService = RoleServiceImpl.this.getRoleTypeServiceByName(kimType.getServiceName());
            }
            if (roleTypeService == null) {
                roleTypeService = KimImplServiceLocator.getDefaultRoleTypeService();
            }
            this.roleTypeServiceCache.put(str, roleTypeService);
            return roleTypeService;
        }

        boolean isDerivedRoleType(String str) {
            Boolean bool = this.isDerivedRoleTypeCache.get(str);
            if (bool == null) {
                bool = Boolean.valueOf(RoleServiceImpl.this.isDerivedRoleType(getRoleTypeService(str)));
                this.isDerivedRoleTypeCache.put(str, bool);
            }
            return bool.booleanValue();
        }
    }

    private static Map<String, RoleServiceBase.RoleDaoAction> populateMemberTypeToRoleDaoActionMap() {
        return Map.ofEntries(Map.entry(MemberType.GROUP.getCode(), RoleServiceBase.RoleDaoAction.ROLE_GROUPS_FOR_GROUP_IDS_AND_ROLE_IDS), Map.entry(MemberType.PRINCIPAL.getCode(), RoleServiceBase.RoleDaoAction.ROLE_PRINCIPALS_FOR_PRINCIPAL_ID_AND_ROLE_IDS), Map.entry(MemberType.ROLE.getCode(), RoleServiceBase.RoleDaoAction.ROLE_MEMBERSHIPS_FOR_ROLE_IDS_AS_MEMBERS));
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Permission.CACHE_NAME, Responsibility.CACHE_NAME, Role.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleLite createRole(RoleLite roleLite) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(roleLite, "role");
        if (!StringUtils.isNotBlank(roleLite.getId()) || getRoleWithoutMembers(roleLite.getId()) == null) {
            return (RoleLite) getBusinessObjectService().save((BusinessObjectService) roleLite);
        }
        throw new IllegalStateException("the role to create already exists: " + roleLite);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Permission.CACHE_NAME, Responsibility.CACHE_NAME, Role.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleLite updateRole(RoleLite roleLite) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(roleLite, "role");
        RoleLite roleLite2 = getRoleLite(roleLite.getId());
        if (StringUtils.isBlank(roleLite.getId()) || roleLite2 == null) {
            throw new IllegalStateException("the role does not exist: " + roleLite);
        }
        RoleLite roleLite3 = (RoleLite) getBusinessObjectService().save((BusinessObjectService) roleLite);
        if (roleLite2.isActive() && !roleLite3.isActive()) {
            KimImplServiceLocator.getRoleInternalService().roleInactivated(roleLite3.getId());
        }
        return roleLite3;
    }

    protected boolean checkForCircularRoleMembership(String str, Role role) {
        return !getRoleTypeRoleMemberIds(str).contains(role.getId());
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public GenericQueryResults<RoleMember> findRoleMembers(QueryByCriteria queryByCriteria) throws IllegalStateException {
        incomingParamCheck(queryByCriteria, "queryByCriteria");
        LookupCustomizer.Builder create = LookupCustomizer.Builder.create();
        create.setPredicateTransform(AttributeTransform.getInstance());
        return getCriteriaLookupService().lookup(RoleMember.class, queryByCriteria, create.build());
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMember.CACHE_NAME}, key = "'{getRoleTypeRoleMemberIds}' + 'roleId=' + #p0")
    public Set<String> getRoleTypeRoleMemberIds(String str) throws IllegalArgumentException {
        incomingParamCheck(str, "roleId");
        HashSet hashSet = new HashSet();
        getNestedRoleTypeMemberIds(str, hashSet);
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMembership.CACHE_NAME}, key = "'memberType=' + #p0 + '|' + 'memberId=' + #p1")
    public List<String> getMemberParentRoleIds(String str, String str2) throws IllegalStateException {
        incomingParamCheck(str, "memberType");
        incomingParamCheck(str2, "memberId");
        List<RoleMember> roleMembershipsForMemberId = getRoleDao().getRoleMembershipsForMemberId(str, str2, Collections.emptyMap());
        ArrayList arrayList = new ArrayList(roleMembershipsForMemberId.size());
        Iterator<RoleMember> it = roleMembershipsForMemberId.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getRoleId());
        }
        return arrayList;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleResponsibility.CACHE_NAME}, key = "'roleMemberId=' + #p0")
    public List<RoleResponsibilityAction> getRoleMemberResponsibilityActions(String str) throws IllegalStateException {
        incomingParamCheck(str, "roleMemberId");
        HashMap hashMap = new HashMap(1);
        hashMap.put("roleMemberId", str);
        return (List) getBusinessObjectService().findMatching(RoleResponsibilityAction.class, hashMap);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public GenericQueryResults<DelegateMember> findDelegateMembers(QueryByCriteria queryByCriteria) throws IllegalStateException {
        incomingParamCheck(queryByCriteria, "queryByCriteria");
        LookupCustomizer.Builder create = LookupCustomizer.Builder.create();
        create.setPredicateTransform(AttributeTransform.getInstance());
        return getCriteriaLookupService().lookup(DelegateMember.class, queryByCriteria, create.build());
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{RoleType}id=' + #p0")
    public RoleLite getRoleWithoutMembers(String str) throws IllegalStateException {
        incomingParamCheck(str, "roleId");
        return loadRole(str);
    }

    protected RoleLite loadRole(String str) {
        RoleLite roleLite;
        RoleLite roleFromCache = getRoleFromCache(str);
        if (roleFromCache == null && (roleLite = getRoleLite(str)) != null) {
            roleFromCache = roleLite;
            putRoleInCache(roleFromCache);
        }
        return roleFromCache;
    }

    protected RoleLite getRoleFromCache(String str) {
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Role.CACHE_NAME).get("{RoleType}id=" + str);
        if (valueWrapper != null) {
            return (RoleLite) valueWrapper.get();
        }
        return null;
    }

    protected RoleLite getRoleFromCache(String str, String str2) {
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Role.CACHE_NAME).get("{RoleType}namespaceCode=" + str + "|name=" + str2);
        if (valueWrapper != null) {
            return (RoleLite) valueWrapper.get();
        }
        return null;
    }

    protected List<RoleLite> getRolesFromCache(String str, String str2) {
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Role.CACHE_NAME).get("{RoleTypes}namespaceCode=" + str + "|name=" + str2);
        return valueWrapper != null ? (List) valueWrapper.get() : List.of();
    }

    protected void putRoleInCache(RoleLite roleLite) {
        if (roleLite != null) {
            Cache cache = this.cacheManager.getCache(Role.CACHE_NAME);
            String str = "{RoleType}id=" + roleLite.getId();
            String str2 = "{RoleType}namespaceCode=" + roleLite.getNamespaceCode() + "|name=" + roleLite.getName();
            cache.put(str, roleLite);
            cache.put(str2, roleLite);
        }
    }

    protected void putRolesInCache(List<RoleLite> list, String str, String str2) {
        if (list == null || list.isEmpty()) {
            return;
        }
        list.forEach(this::putRoleInCache);
        this.cacheManager.getCache(Role.CACHE_NAME).put("{RoleTypes}namespaceCode=" + str + "|name=" + str2, list);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v27, types: [java.util.Map] */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.util.Map] */
    protected Map<String, RoleLite> getRoleLiteMap(Collection<String> collection) {
        HashMap hashMap;
        if (collection.size() == 1) {
            String next = collection.iterator().next();
            RoleLite roleLite = getRoleLite(next);
            if (roleLite == null) {
                return Collections.emptyMap();
            }
            hashMap = roleLite.isActive() ? Collections.singletonMap(next, roleLite) : Collections.emptyMap();
        } else {
            hashMap = new HashMap(collection.size());
            for (String str : collection) {
                RoleLite roleLite2 = getRoleLite(str);
                if (roleLite2 != null && roleLite2.isActive()) {
                    hashMap.put(str, roleLite2);
                }
            }
        }
        return hashMap;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'ids=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0)")
    public List<RoleLite> getRoles(List<String> list) throws IllegalStateException {
        if (CollectionUtils.isEmpty(list)) {
            throw new IllegalArgumentException("roleIds is null or empty");
        }
        return Collections.unmodifiableList(loadRoles(list));
    }

    protected List<RoleLite> loadRoles(List<String> list) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap(list.size());
        for (String str : list) {
            RoleLite roleFromCache = getRoleFromCache(str);
            if (roleFromCache != null) {
                hashMap.put(str, roleFromCache);
            } else {
                arrayList.add(str);
            }
        }
        if (!arrayList.isEmpty()) {
            Map<String, RoleLite> roleLiteMap = getRoleLiteMap(arrayList);
            for (String str2 : roleLiteMap.keySet()) {
                RoleLite roleLite = roleLiteMap.get(str2);
                if (roleLite != null) {
                    hashMap.put(str2, roleLite);
                    putRoleInCache(roleLite);
                }
            }
        }
        return new ArrayList(hashMap.values());
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{RoleType}-namespaceCode=' + #p0 + '|' + 'name='+ #p1")
    public RoleLite getRoleByNamespaceCodeAndName(String str, String str2) throws IllegalStateException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "roleName");
        return loadRoleByName(str, str2);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{RoleType}-namespaceCode=' + #p0 + '|' + 'name='+ #p1")
    public List<RoleLite> getAllRolesByNamespaceCodeAndName(String str, String str2) throws IllegalStateException {
        return loadAllRolesByName(str, str2);
    }

    protected RoleLite loadRoleByName(String str, String str2) {
        RoleLite roleLiteByName;
        RoleLite roleFromCache = getRoleFromCache(str, str2);
        if (roleFromCache == null && (roleLiteByName = getRoleLiteByName(str, str2)) != null) {
            roleFromCache = getRoleFromCache(roleLiteByName.getId());
            if (roleFromCache == null) {
                roleFromCache = roleLiteByName;
            }
            putRoleInCache(roleFromCache);
        }
        return roleFromCache;
    }

    protected List<RoleLite> loadAllRolesByName(String str, String str2) {
        List<RoleLite> rolesFromCache = getRolesFromCache(str, str2);
        if (rolesFromCache.isEmpty()) {
            List<RoleLite> roleLitesByName = getRoleLitesByName(str, str2);
            if (!roleLitesByName.isEmpty()) {
                rolesFromCache = getRolesFromCache(str, str2);
                if (rolesFromCache.isEmpty()) {
                    rolesFromCache = roleLitesByName;
                }
                putRolesInCache(rolesFromCache, str, str2);
            }
        }
        return rolesFromCache;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{getRoleIdByNamespaceCodeAndName}' + 'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
    public String getRoleIdByNamespaceCodeAndName(String str, String str2) throws IllegalStateException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "roleName");
        RoleLite roleByNamespaceCodeAndName = getRoleByNamespaceCodeAndName(str, str2);
        if (roleByNamespaceCodeAndName != null) {
            return roleByNamespaceCodeAndName.getId();
        }
        return null;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{getAllRoleIdsByNamespaceCodeAndName}' + 'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
    public List<String> getAllRoleIdsByNamespaceCodeAndName(String str, String str2) throws IllegalStateException {
        List<RoleLite> allRolesByNamespaceCodeAndName = getAllRolesByNamespaceCodeAndName(str, str2);
        return !allRolesByNamespaceCodeAndName.isEmpty() ? (List) allRolesByNamespaceCodeAndName.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toList()) : List.of();
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {Role.CACHE_NAME}, key = "'{isRoleActive}' + 'id=' + #p0")
    public boolean isRoleActive(String str) throws IllegalStateException {
        incomingParamCheck(str, "roleId");
        RoleLite roleWithoutMembers = getRoleWithoutMembers(str);
        return roleWithoutMembers != null && roleWithoutMembers.isActive();
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public List<Map<String, String>> getRoleQualifersForPrincipalByNamespaceAndRolename(String str, String str2, String str3, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "roleName");
        String roleIdByNamespaceCodeAndName = getRoleIdByNamespaceCodeAndName(str2, str3);
        return roleIdByNamespaceCodeAndName == null ? Collections.emptyList() : getNestedRoleQualifiersForPrincipalByRoleIds(str, Collections.singletonList(roleIdByNamespaceCodeAndName), map);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public List<Map<String, String>> getNestedRoleQualifiersForPrincipalByRoleIds(String str, List<String> list, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(list, "roleIds");
        ArrayList arrayList = new ArrayList();
        Map<String, RoleLite> roleLiteMap = getRoleLiteMap(list);
        List<RoleMember> storedRoleMembersUsingExactMatchOnQualification = getStoredRoleMembersUsingExactMatchOnQualification(str, getGroupService().getGroupIdsByPrincipalId(str), list, map);
        HashMap hashMap = new HashMap();
        for (RoleMember roleMember : storedRoleMembersUsingExactMatchOnQualification) {
            RoleTypeService roleTypeService = getRoleTypeService(roleMember.getRoleId());
            if (MemberType.PRINCIPAL.equals(roleMember.getType()) || MemberType.GROUP.equals(roleMember.getType())) {
                if (roleTypeService != null) {
                    ((List) hashMap.computeIfAbsent(roleMember.getRoleId(), str2 -> {
                        return new ArrayList();
                    })).add(RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build());
                } else {
                    arrayList.add(roleMember.getAttributes());
                }
            } else if (MemberType.ROLE.equals(roleMember.getType())) {
                Map<String, String> map2 = map;
                if (roleTypeService != null) {
                    RoleLite roleLite = roleLiteMap.get(roleMember.getRoleId());
                    RoleLite roleLite2 = getRoleLite(roleMember.getMemberId());
                    try {
                        map2 = roleTypeService.convertQualificationForMemberRoles(roleLite.getNamespaceCode(), roleLite.getName(), roleLite2.getNamespaceCode(), roleLite2.getName(), map);
                    } catch (Exception e) {
                        Logger logger = LOG;
                        Objects.requireNonNull(roleLite);
                        logger.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", roleLite::getId, () -> {
                            return e;
                        });
                    }
                }
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(roleMember.getMemberId());
                if (getProxiedRoleService().principalHasRole(str, arrayList2, map2, false)) {
                    arrayList.add(roleMember.getAttributes());
                }
            }
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            try {
                Iterator<RoleMembership> it = getRoleTypeService((String) entry.getKey()).getMatchingRoleMemberships(map, (List) entry.getValue()).iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getQualifier());
                }
            } catch (Exception e2) {
                Logger logger2 = LOG;
                Objects.requireNonNull(entry);
                logger2.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", entry::getKey, () -> {
                    return e2;
                });
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMember.CACHE_NAME}, key = "'namespaceCode=' + #p0 + '|' + 'roleName=' + #p1 + '|' + 'qualification=' +T(org.kuali.kfs.core.api.cache.CacheKeyUtils).mapKey(#p2)", condition = "!T(org.kuali.kfs.kim.api.cache.KimCacheUtils).isDynamicMembshipRoleByNamespaceAndName(#p0, #p1)")
    public Collection<String> getRoleMemberPrincipalIds(String str, String str2, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "roleName");
        HashSet hashSet = new HashSet();
        for (RoleMembership roleMembership : getRoleMembers(Collections.singletonList(getRoleIdByNamespaceCodeAndName(str, str2)), map, false, new HashSet())) {
            if (MemberType.GROUP.equals(roleMembership.getType())) {
                hashSet.addAll(getGroupService().getMemberPrincipalIds(roleMembership.getMemberId()));
            } else {
                hashSet.add(roleMembership.getMemberId());
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMember.CACHE_NAME}, key = "'namespaceCode=' + #p0 + '|' + 'roleName=' + #p1 + '|' + 'qualification=' +T(org.kuali.kfs.core.api.cache.CacheKeyUtils).mapKey(#p2)", condition = "!T(org.kuali.kfs.kim.api.cache.KimCacheUtils).isDynamicMembshipAllRolesByNamespaceAndName(#p0, #p1)")
    public Collection<String> getRoleMemberPrincipalIdsAllowNull(String str, String str2, Map<String, String> map) throws IllegalStateException {
        HashSet hashSet = new HashSet();
        for (RoleMembership roleMembership : getRoleMembers(getAllRoleIdsByNamespaceCodeAndName(str, str2), map, false, new HashSet())) {
            if (MemberType.GROUP.equals(roleMembership.getType())) {
                hashSet.addAll(getGroupService().getMemberPrincipalIds(roleMembership.getMemberId()));
            } else {
                hashSet.add(roleMembership.getMemberId());
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMember.CACHE_NAME}, key = "'getPrincipalIdSubListWithRole' + 'principalIds=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0) + '|' + 'roleNamespaceCode=' + #p1 + '|' + 'roleName=' + #p2 + '|' + 'qualification=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).mapKey(#p3)", condition = "!T(org.kuali.kfs.kim.api.cache.KimCacheUtils).isDynamicMembshipRoleByNamespaceAndName(#p1, #p2)")
    public List<String> getPrincipalIdSubListWithRole(List<String> list, String str, String str2, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(list, "principalIds");
        incomingParamCheck(str, "roleNamespaceCode");
        incomingParamCheck(str2, "roleName");
        ArrayList arrayList = new ArrayList();
        RoleLite roleLiteByName = getRoleLiteByName(str, str2);
        for (String str3 : list) {
            if (getProxiedRoleService().principalHasRole(str3, Collections.singletonList(roleLiteByName.getId()), map)) {
                arrayList.add(str3);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMember.CACHE_NAME}, key = "'getPrincipalIdSubListWithRoleAllowNull' + 'principalIds=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0) + '|' + 'roleNamespaceCode=' + #p1 + '|' + 'roleName=' + #p2 + '|' + 'qualification=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).mapKey(#p3)", condition = "!T(org.kuali.kfs.kim.api.cache.KimCacheUtils).isDynamicMembshipAllRolesByNamespaceAndName(#p1, #p2)")
    public List<String> getPrincipalIdSubListWithRoleAllowNull(List<String> list, String str, String str2, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(list, "principalIds");
        ArrayList arrayList = new ArrayList();
        List<RoleLite> roleLitesByName = getRoleLitesByName(str, str2);
        for (String str3 : list) {
            if (getProxiedRoleService().principalHasRole(str3, (List) roleLitesByName.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList()), map)) {
                arrayList.add(str3);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public GenericQueryResults<RoleLite> findRoles(QueryByCriteria queryByCriteria) throws IllegalStateException {
        incomingParamCheck(queryByCriteria, "queryByCriteria");
        return getCriteriaLookupService().lookup(RoleLite.class, queryByCriteria);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleMembership.CACHE_NAME}, key = "'roleIds=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0)")
    public List<RoleMembership> getFirstLevelRoleMembers(List<String> list) throws IllegalStateException {
        incomingParamCheck(list, "roleIds");
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList<RoleMember> arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(getStoredRoleMembersForRoleId(it.next(), null, null));
        }
        ArrayList arrayList2 = new ArrayList();
        for (RoleMember roleMember : arrayList) {
            arrayList2.add(RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build());
        }
        return Collections.unmodifiableList(arrayList2);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {DelegateMember.CACHE_NAME}, key = "'{getDelegationMemberById}-id=' + #p0")
    public DelegateMember getDelegationMemberById(String str) throws IllegalStateException {
        incomingParamCheck(str, KimConstants.PrimaryKeyConstants.DELEGATION_MEMBER_ID);
        return getDelegateMember(str);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {RoleResponsibility.CACHE_NAME}, key = "'{getRoleResponsibilities}-roleId=' + #p0")
    public List<RoleResponsibility> getRoleResponsibilities(String str) throws IllegalStateException {
        incomingParamCheck(str, "roleId");
        HashMap hashMap = new HashMap(1);
        hashMap.put("roleId", str);
        return (List) getBusinessObjectService().findMatching(RoleResponsibility.class, hashMap);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {DelegateType.CACHE_NAME}, key = "'roleId=' + #p0 + '|' + 'delegateType=' + #p1")
    public DelegateType getDelegateTypeByRoleIdAndDelegateTypeCode(String str, DelegationType delegationType) throws IllegalStateException {
        incomingParamCheck(str, "roleId");
        incomingParamCheck(delegationType, "delegationType");
        return getDelegationOfType(str, delegationType);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(cacheNames = {DelegateType.CACHE_NAME}, key = "'delegationId=' + #p0")
    public DelegateType getDelegateTypeByDelegationId(String str) throws IllegalStateException {
        incomingParamCheck(str, "delegationId");
        return getKimDelegationImpl(str);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(value = {RoleMember.CACHE_NAME}, key = "'roleIds=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).key(#p0) + '|' + 'qualification=' + T(org.kuali.kfs.core.api.cache.CacheKeyUtils).mapKey(#p1)", condition = "!T(org.kuali.kfs.kim.api.cache.KimCacheUtils).isDynamicRoleMembership(#p0)")
    public List<RoleMembership> getRoleMembers(List<String> list, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(list, "roleIds");
        return Collections.unmodifiableList(getRoleMembers(list, map, true, new HashSet()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r8v0, types: [org.kuali.kfs.kim.impl.role.RoleServiceImpl] */
    protected List<RoleMembership> getRoleMembers(List<String> list, Map<String, String> map, boolean z, Set<String> set) {
        List arrayList = new ArrayList();
        HashSet<String> hashSet = new HashSet();
        for (String str : list) {
            if (getProxiedRoleService().isRoleActive(str)) {
                hashSet.add(str);
            }
        }
        if (hashSet.isEmpty()) {
            return Collections.emptyList();
        }
        HashSet hashSet2 = new HashSet(hashSet.size());
        Map<String, RoleLite> roleLiteMap = getRoleLiteMap(hashSet);
        ArrayList arrayList2 = new ArrayList(hashSet);
        ArrayList<RoleMember> arrayList3 = new ArrayList();
        for (String str2 : hashSet) {
            RoleTypeService roleTypeService = getRoleTypeService(str2);
            if (roleTypeService != null) {
                List<String> qualifiersForExactMatch = roleTypeService.getQualifiersForExactMatch();
                if (CollectionUtils.isNotEmpty(qualifiersForExactMatch)) {
                    arrayList2.remove(str2);
                    arrayList3.addAll(getStoredRoleMembersForRoleId(str2, null, populateQualifiersForExactMatch(map, qualifiersForExactMatch)));
                }
            }
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            arrayList3.addAll(getStoredRoleMembersForRoleId((String) it.next(), null, null));
        }
        HashMap hashMap = new HashMap();
        for (RoleMember roleMember : arrayList3) {
            RoleMembership build = RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build();
            if (map == null || map.isEmpty()) {
                if (MemberType.ROLE.equals(roleMember.getType())) {
                    Map<String, String> map2 = map;
                    RoleTypeService roleTypeService2 = getRoleTypeService(roleMember.getRoleId());
                    if (roleTypeService2 != null) {
                        RoleLite roleLite = getRoleLite(build.getMemberId());
                        map2 = roleTypeService2.convertQualificationForMemberRoles(roleLiteMap.get(roleMember.getRoleId()).getNamespaceCode(), roleLiteMap.get(roleMember.getRoleId()).getName(), roleLite.getNamespaceCode(), roleLite.getName(), map);
                    }
                    if (getProxiedRoleService().isRoleActive(roleMember.getRoleId())) {
                        Collection<RoleMembership> nestedRoleMembers = getNestedRoleMembers(map2, build, set);
                        if (!nestedRoleMembers.isEmpty()) {
                            arrayList.addAll(nestedRoleMembers);
                            hashSet2.add(roleMember.getRoleId());
                        }
                    }
                } else {
                    arrayList.add(build);
                    hashSet2.add(roleMember.getRoleId());
                }
                hashSet2.add(roleMember.getRoleId());
            } else {
                ((List) hashMap.computeIfAbsent(build.getRoleId(), str3 -> {
                    return new ArrayList();
                })).add(build);
            }
        }
        if (!hashMap.isEmpty()) {
            for (Map.Entry entry : hashMap.entrySet()) {
                try {
                    RoleTypeService roleTypeService3 = getRoleTypeService((String) entry.getKey());
                    for (RoleMembership roleMembership : roleTypeService3.getMatchingRoleMemberships(map, (List) entry.getValue())) {
                        if (MemberType.ROLE.equals(roleMembership.getType())) {
                            RoleLite roleLite2 = getRoleLite(roleMembership.getMemberId());
                            if (roleLite2.isActive()) {
                                Collection<RoleMembership> nestedRoleMembers2 = getNestedRoleMembers(roleTypeService3.convertQualificationForMemberRoles(roleLiteMap.get(roleMembership.getRoleId()).getNamespaceCode(), roleLiteMap.get(roleMembership.getRoleId()).getName(), roleLite2.getNamespaceCode(), roleLite2.getName(), map), roleMembership, set);
                                if (!nestedRoleMembers2.isEmpty()) {
                                    arrayList.addAll(nestedRoleMembers2);
                                    hashSet2.add(roleMembership.getRoleId());
                                }
                            }
                        } else {
                            arrayList.add(roleMembership);
                            hashSet2.add(roleMembership.getRoleId());
                        }
                    }
                } catch (Exception e) {
                    Logger logger = LOG;
                    Objects.requireNonNull(entry);
                    logger.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", entry::getKey, () -> {
                        return e;
                    });
                }
            }
        }
        for (String str4 : hashSet) {
            RoleTypeService roleTypeService4 = getRoleTypeService(str4);
            RoleLite roleLite3 = roleLiteMap.get(str4);
            try {
                if (isDerivedRoleType(roleTypeService4)) {
                    List<RoleMembership> roleMembersFromDerivedRole = roleTypeService4.getRoleMembersFromDerivedRole(roleLite3.getNamespaceCode(), roleLite3.getName(), map);
                    if (!roleMembersFromDerivedRole.isEmpty()) {
                        hashSet2.add(str4);
                    }
                    Iterator<RoleMembership> it2 = roleMembersFromDerivedRole.iterator();
                    while (it2.hasNext()) {
                        RoleMembership.Builder create = RoleMembership.Builder.create(it2.next());
                        create.setRoleId(str4);
                        create.setId("*");
                        arrayList.add(create.build());
                    }
                }
            } catch (Exception e2) {
                LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", str4, e2);
            }
        }
        if (z && !hashSet2.isEmpty()) {
            Map<String, DelegateType> storedDelegationImplMapFromRoleIds = getStoredDelegationImplMapFromRoleIds(hashSet2);
            if (!storedDelegationImplMapFromRoleIds.isEmpty()) {
                List<RoleMembership.Builder> applyDelegationsToRoleMembers = applyDelegationsToRoleMembers(arrayList, storedDelegationImplMapFromRoleIds.values(), map);
                resolveDelegationMemberRoles(applyDelegationsToRoleMembers, map, set);
                arrayList = List.copyOf((List) applyDelegationsToRoleMembers.stream().map((v0) -> {
                    return v0.build();
                }).collect(Collectors.toList()));
            }
        }
        if (arrayList.size() > 1) {
            if (hashSet2.size() == 1) {
                String str5 = (String) hashSet2.iterator().next();
                RoleTypeService roleTypeService5 = getRoleTypeService(str5);
                if (roleTypeService5 != null) {
                    try {
                        arrayList = roleTypeService5.sortRoleMembers(arrayList);
                    } catch (Exception e3) {
                        LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", str5, e3);
                    }
                }
            } else if (hashSet2.size() > 1) {
                String str6 = null;
                boolean z2 = false;
                Iterator it3 = hashSet2.iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        break;
                    }
                    String serviceName = this.kimTypeInfoService.getKimType(getRoleWithoutMembers((String) it3.next()).getKimTypeId()).getServiceName();
                    if (str6 != null && !StringUtils.equals(str6, serviceName)) {
                        z2 = true;
                        break;
                    }
                    str6 = serviceName;
                }
                if (z2) {
                    LOG.warn("Did not sort role members - multiple role type services found.  Role Ids: {}", hashSet2);
                } else {
                    String str7 = (String) hashSet2.iterator().next();
                    try {
                        RoleTypeService roleTypeService6 = getRoleTypeService(str7);
                        if (roleTypeService6 != null) {
                            arrayList = roleTypeService6.sortRoleMembers(arrayList);
                        }
                    } catch (Exception e4) {
                        LOG.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", str7, e4);
                    }
                }
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    protected List<RoleMembership.Builder> applyDelegationsToRoleMembers(List<RoleMembership> list, Collection<DelegateType> collection, Map<String, String> map) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (RoleMembership roleMembership : list) {
            linkedMultiValueMap.add(roleMembership.getRoleId(), roleMembership.getId());
            RoleMembership.Builder create = RoleMembership.Builder.create(roleMembership);
            arrayList.add(create);
            hashMap.put(roleMembership.getId(), create);
        }
        for (DelegateType delegateType : collection) {
            List list2 = linkedMultiValueMap.get((Object) delegateType.getRoleId());
            if (CollectionUtils.isNotEmpty(list2)) {
                DelegationTypeService delegationTypeService = getDelegationTypeService(delegateType.getDelegationId());
                for (DelegateMember delegateMember : delegateType.getMembers()) {
                    if (delegateMember.isActive(this.dateTimeService.getLocalDateTimeNow()) && (delegationTypeService == null || delegationTypeService.doesDelegationQualifierMatchQualification(map, delegateMember.getQualifier()))) {
                        if (StringUtils.isBlank(delegateMember.getRoleMemberId())) {
                            RoleTypeService roleTypeService = getRoleTypeService(delegateType.getRoleId());
                            Iterator it = list2.iterator();
                            while (it.hasNext()) {
                                RoleMembership.Builder builder = (RoleMembership.Builder) hashMap.get((String) it.next());
                                if (roleTypeService == null || roleTypeService.doesRoleQualifierMatchQualification(builder.getQualifier(), delegateMember.getQualifier())) {
                                    linkDelegateToRoleMembership(delegateType, delegateMember, builder);
                                }
                            }
                        } else if (list2.contains(delegateMember.getRoleMemberId())) {
                            linkDelegateToRoleMembership(delegateType, delegateMember, (RoleMembership.Builder) hashMap.get(delegateMember.getRoleMemberId()));
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    protected void linkDelegateToRoleMembership(DelegateType delegateType, DelegateMember delegateMember, RoleMembership.Builder builder) {
        DelegateType delegateType2 = null;
        for (DelegateType delegateType3 : builder.getDelegates()) {
            if (delegateType3.getDelegationId().equals(delegateType.getDelegationId())) {
                delegateType2 = delegateType3;
            }
        }
        if (delegateType2 == null) {
            delegateType2 = new DelegateType();
            delegateType2.setDelegationType(delegateType.getDelegationType());
            delegateType2.setDelegationId(delegateType.getDelegationId());
            delegateType2.setRoleId(delegateType.getRoleId());
            delegateType2.setActive(delegateType.getActive());
            delegateType2.setKimTypeId(delegateType.getKimTypeId());
            delegateType2.setDelegationTypeCode(delegateType.getDelegationTypeCode());
            delegateType2.setDelegationMembers(new ArrayList());
            builder.getDelegates().add(delegateType2);
        }
        delegateType2.getMembers().add(delegateMember);
    }

    protected void resolveDelegationMemberRoles(List<RoleMembership.Builder> list, Map<String, String> map, Set<String> set) {
        Iterator<RoleMembership.Builder> it = list.iterator();
        while (it.hasNext()) {
            for (DelegateType delegateType : it.next().getDelegates()) {
                ArrayList arrayList = new ArrayList();
                for (DelegateMember delegateMember : delegateType.getMembers()) {
                    if (MemberType.ROLE.equals(delegateMember.getType())) {
                        for (RoleMembership roleMembership : getRoleMembers(Collections.singletonList(delegateMember.getMemberId()), map, false, set)) {
                            DelegateMember delegateMember2 = new DelegateMember();
                            KimCommonUtilsInternal.copyProperties(delegateMember2, delegateMember);
                            delegateMember2.setMemberId(roleMembership.getMemberId());
                            delegateMember2.setType(roleMembership.getType());
                            arrayList.add(delegateMember2);
                        }
                    } else {
                        arrayList.add(delegateMember);
                    }
                }
                delegateType.setDelegationMembers(arrayList);
            }
        }
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public boolean principalHasRole(String str, List<String> list, Map<String, String> map) throws IllegalStateException {
        if (LOG.isDebugEnabled()) {
            logPrincipalHasRoleCheck(str, list, map);
        }
        boolean principalHasRole = getProxiedRoleService().principalHasRole(str, list, map, true);
        LOG.debug("Result: {}", Boolean.valueOf(principalHasRole));
        return principalHasRole;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    public boolean principalHasRole(String str, List<String> list, Map<String, String> map, boolean z) {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(list, "roleIds");
        return principalHasRole(new Context(str), str, list, map, z);
    }

    protected boolean principalHasRole(Context context, String str, List<String> list, Map<String, String> map, boolean z) {
        try {
            ArrayList arrayList = new ArrayList(list.size());
            for (String str2 : list) {
                Boolean principalHasRoleFromCache = getPrincipalHasRoleFromCache(str, str2, map, z);
                if (principalHasRoleFromCache == null) {
                    arrayList.add(str2);
                } else if (principalHasRoleFromCache.booleanValue()) {
                    return true;
                }
            }
            List<RoleLite> loadRoles = loadRoles(arrayList);
            if (loadRoles.isEmpty()) {
                return false;
            }
            HashSet hashSet = new HashSet();
            for (RoleLite roleLite : loadRoles) {
                Map<String, String> map2 = null;
                if (map == null || map.isEmpty()) {
                    map2 = new HashMap();
                } else {
                    RoleTypeService roleTypeService = context.getRoleTypeService(roleLite.getKimTypeId());
                    if (roleTypeService != null) {
                        List<String> qualifiersForExactMatch = getQualifiersForExactMatch(roleLite.getKimTypeId(), roleTypeService);
                        if (CollectionUtils.isNotEmpty(qualifiersForExactMatch)) {
                            map2 = populateQualifiersForExactMatch(map, qualifiersForExactMatch);
                            if (map2.isEmpty()) {
                            }
                        }
                    }
                }
                if (map2 != null) {
                    hashSet.add(roleLite.getId());
                    if (CollectionUtils.isNotEmpty(getStoredRolePrincipalsForPrincipalIdAndRoleId(roleLite.getId(), str, map2))) {
                        return putPrincipalHasRoleInCache(true, str, roleLite.getId(), map, z);
                    }
                    if (!context.getPrincipalGroupIds().isEmpty() && CollectionUtils.isNotEmpty(getStoredRoleGroupsUsingExactMatchOnQualification(context.getPrincipalGroupIds(), roleLite.getId(), map))) {
                        return putPrincipalHasRoleInCache(true, str, roleLite.getId(), map, z);
                    }
                }
            }
            for (RoleLite roleLite2 : loadRoles) {
                if (!hashSet.contains(roleLite2.getId())) {
                    List<RoleMembership> convertToRoleMemberships = convertToRoleMemberships(getRoleMembersForPrincipalId(roleLite2.getId(), str), getRoleMembersForGroupIds(roleLite2.getId(), context.getPrincipalGroupIds()));
                    for (RoleMembership roleMembership : convertToRoleMemberships) {
                        try {
                        } catch (Exception e) {
                            Logger logger = LOG;
                            Objects.requireNonNull(roleLite2);
                            logger.warn("Unable to find role type service with id: {}", roleLite2::getKimTypeId);
                        }
                        if (!context.getRoleTypeService(roleLite2.getKimTypeId()).getMatchingRoleMemberships(map, convertToRoleMemberships).isEmpty()) {
                            return putPrincipalHasRoleInCache(true, str, roleLite2.getId(), map, z);
                        }
                    }
                }
            }
            HashMap hashMap = new HashMap();
            for (RoleLite roleLite3 : loadRoles) {
                hashMap.put(roleLite3.getId(), roleLite3);
            }
            ArrayList<RoleMember> arrayList2 = new ArrayList();
            Iterator it = hashMap.keySet().iterator();
            while (it.hasNext()) {
                arrayList2.addAll(getStoredRoleMembersForRoleId((String) it.next(), MemberType.ROLE.getCode(), null));
            }
            for (RoleMember roleMember : arrayList2) {
                RoleLite roleLite4 = (RoleLite) hashMap.get(roleMember.getRoleId());
                RoleTypeService roleTypeService2 = context.getRoleTypeService(roleLite4.getKimTypeId());
                if (roleTypeService2 != null) {
                    try {
                        if (roleTypeService2.doesRoleQualifierMatchQualification(map, roleMember.getAttributes())) {
                            RoleLite roleLite5 = getRoleLite(roleMember.getMemberId());
                            if (principalHasRole(context, str, Collections.singletonList(roleMember.getMemberId()), roleTypeService2.convertQualificationForMemberRoles(roleLite4.getNamespaceCode(), roleLite4.getName(), roleLite5.getNamespaceCode(), roleLite5.getName(), map), true)) {
                                return putPrincipalHasRoleInCache(true, str, roleLite4.getId(), map, z);
                            }
                        }
                    } catch (Exception e2) {
                        Logger logger2 = LOG;
                        Objects.requireNonNull(roleMember);
                        logger2.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", roleMember::getRoleId, () -> {
                            return e2;
                        });
                    }
                } else if (principalHasRole(context, str, Collections.singletonList(roleMember.getMemberId()), map, true)) {
                    return putPrincipalHasRoleInCache(true, str, roleLite4.getId(), map, z);
                }
            }
            for (RoleLite roleLite6 : loadRoles) {
                try {
                    if (context.isDerivedRoleType(roleLite6.getKimTypeId())) {
                        RoleTypeService roleTypeService3 = context.getRoleTypeService(roleLite6.getKimTypeId());
                        if (roleTypeService3.hasDerivedRole(str, context.getPrincipalGroupIds(), roleLite6.getNamespaceCode(), roleLite6.getName(), map)) {
                            if (roleTypeService3.dynamicRoleMembership(roleLite6.getNamespaceCode(), roleLite6.getName())) {
                                return true;
                            }
                            putPrincipalHasRoleInCache(true, str, roleLite6.getId(), map, z);
                            return true;
                        }
                    } else if (!z) {
                        putPrincipalHasRoleInCache(false, str, roleLite6.getId(), map, false);
                    }
                } catch (Exception e3) {
                    Logger logger3 = LOG;
                    Objects.requireNonNull(roleLite6);
                    logger3.warn("Not able to retrieve RoleTypeService from remote system for role Id: {}", roleLite6::getId, () -> {
                        return e3;
                    });
                }
            }
            return z && matchesOnDelegation(hashMap.keySet(), str, context.getPrincipalGroupIds(), map, context);
        } catch (Exception e4) {
            LOG.warn("Caught exception during a principalHasRole check", (Throwable) e4);
            return false;
        }
    }

    protected Boolean getPrincipalHasRoleFromCache(String str, String str2, Map<String, String> map, boolean z) {
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Role.CACHE_NAME).get(buildPrincipalHasRoleCacheKey(str, str2, map, z));
        if (valueWrapper == null) {
            return null;
        }
        return (Boolean) valueWrapper.get();
    }

    protected boolean putPrincipalHasRoleInCache(boolean z, String str, String str2, Map<String, String> map, boolean z2) {
        this.cacheManager.getCache(Role.CACHE_NAME).put(buildPrincipalHasRoleCacheKey(str, str2, map, z2), Boolean.valueOf(z));
        return z;
    }

    private String buildPrincipalHasRoleCacheKey(String str, String str2, Map<String, String> map, boolean z) {
        return "{principalHasRole}principalId=" + str + "|roleId=" + str2 + "|qualification=" + CacheKeyUtils.mapKey(map) + "|checkDelegations=" + z;
    }

    protected List<String> getQualifiersForExactMatch(String str, RoleTypeService roleTypeService) {
        String str2 = "{getQualifiersForExactMatch}kimTypeId=" + str;
        Cache cache = this.cacheManager.getCache(Role.CACHE_NAME);
        Cache.ValueWrapper valueWrapper = cache.get(str2);
        List<String> arrayList = new ArrayList();
        if (valueWrapper == null) {
            try {
                arrayList = roleTypeService.getQualifiersForExactMatch();
                cache.put(str2, arrayList);
            } catch (Exception e) {
                LOG.warn("Caught exception when attempting to invoke a role type service", (Throwable) e);
            }
        } else {
            arrayList = (List) valueWrapper.get();
        }
        return arrayList;
    }

    public boolean isDerivedRoleType(RoleTypeService roleTypeService) {
        return roleTypeService != null && roleTypeService.isDerivedRoleType();
    }

    private boolean dynamicRoleMembership(RoleTypeService roleTypeService, RoleLite roleLite) {
        return (roleTypeService == null || roleLite == null || !roleTypeService.dynamicRoleMembership(roleLite.getNamespaceCode(), roleLite.getName())) ? false : true;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @Cacheable(value = {Role.CACHE_NAME}, key = "'{isDynamicRoleMembership}' + 'roleId=' + #p0")
    public boolean isDynamicRoleMembership(String str) {
        incomingParamCheck(str, "roleId");
        try {
            return dynamicRoleMembership(getRoleTypeService(str), getRoleWithoutMembers(str));
        } catch (Exception e) {
            LOG.warn("Caught exception while invoking a role type service for role {}", str, e);
            return true;
        }
    }

    protected boolean matchesOnDelegation(Set<String> set, String str, List<String> list, Map<String, String> map, Context context) {
        Map<String, DelegateType> storedDelegationImplMapFromRoleIds = getStoredDelegationImplMapFromRoleIds(set);
        if (storedDelegationImplMapFromRoleIds.isEmpty()) {
            for (String str2 : set) {
                RoleLite loadRole = loadRole(str2);
                RoleTypeService roleTypeService = context.getRoleTypeService(loadRole.getKimTypeId());
                if (!context.isDerivedRoleType(loadRole.getKimTypeId()) || roleTypeService == null || !roleTypeService.dynamicRoleMembership(loadRole.getNamespaceCode(), loadRole.getName())) {
                    putPrincipalHasRoleInCache(false, str, str2, map, true);
                }
            }
            return false;
        }
        HashMap hashMap = new HashMap();
        for (DelegateType delegateType : storedDelegationImplMapFromRoleIds.values()) {
            ((List) hashMap.computeIfAbsent(delegateType.getRoleId(), str3 -> {
                return new ArrayList();
            })).add(delegateType);
        }
        for (String str4 : hashMap.keySet()) {
            boolean z = false;
            RoleLite roleWithoutMembers = getRoleWithoutMembers(str4);
            RoleTypeService roleTypeService2 = context.getRoleTypeService(roleWithoutMembers.getKimTypeId());
            for (DelegateType delegateType2 : (List) hashMap.get(str4)) {
                if (delegateType2.isActive()) {
                    for (DelegateMember delegateMember : delegateType2.getMembers()) {
                        if (delegateMember.isActive(new Timestamp(new Date().getTime())) && (!MemberType.PRINCIPAL.equals(delegateMember.getType()) || delegateMember.getMemberId().equals(str))) {
                            if (!MemberType.GROUP.equals(delegateMember.getType()) || list.contains(delegateMember.getMemberId())) {
                                if (!MemberType.ROLE.equals(delegateMember.getType()) || principalHasRole(str, Collections.singletonList(delegateMember.getMemberId()), map, false)) {
                                    if (roleTypeService2 != null) {
                                        try {
                                            if (!roleTypeService2.doesRoleQualifierMatchQualification(map, delegateMember.getQualifier())) {
                                            }
                                        } catch (Exception e) {
                                            Logger logger = LOG;
                                            Objects.requireNonNull(delegateType2);
                                            Objects.requireNonNull(delegateMember);
                                            logger.warn("Unable to call doesRoleQualifierMatchQualification on role type service for role Id: {} / {} / {}", delegateType2::getRoleId, () -> {
                                                return map;
                                            }, delegateMember::getQualifier, () -> {
                                                return e;
                                            });
                                        }
                                    }
                                    DelegationTypeService delegationTypeService = getDelegationTypeService(delegateMember.getDelegationId());
                                    if (delegationTypeService == null || delegationTypeService.doesDelegationQualifierMatchQualification(map, delegateMember.getQualifier())) {
                                        String roleMemberId = delegateMember.getRoleMemberId();
                                        if (StringUtils.isNotBlank(roleMemberId) && !StringUtils.equals("*", roleMemberId)) {
                                            RoleMember roleMember = getRoleMember(roleMemberId);
                                            if (roleMember == null) {
                                                LOG.warn("Unknown role member ID cited in the delegateType member table:");
                                                Logger logger2 = LOG;
                                                Objects.requireNonNull(delegateMember);
                                                Objects.requireNonNull(delegateMember);
                                                logger2.warn("       assignedToId: {} / roleMemberId: {}", delegateMember::getDelegationMemberId, delegateMember::getRoleMemberId);
                                            } else if (roleMember.isActive(new Timestamp(new Date().getTime()))) {
                                                Map<String, String> attributes = roleMember.getAttributes();
                                                if (roleTypeService2 != null) {
                                                    try {
                                                        if (!roleTypeService2.doesRoleQualifierMatchQualification(map, attributes)) {
                                                        }
                                                    } catch (Exception e2) {
                                                        Logger logger3 = LOG;
                                                        Objects.requireNonNull(delegateType2);
                                                        logger3.warn("Unable to call doesRoleQualifierMatchQualification on role type service for role Id: {} / {} / {}", delegateType2::getRoleId, () -> {
                                                            return map;
                                                        }, () -> {
                                                            return attributes;
                                                        }, () -> {
                                                            return e2;
                                                        });
                                                    }
                                                }
                                            } else {
                                                continue;
                                            }
                                        }
                                        z = true;
                                        break;
                                    }
                                }
                            }
                        }
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (!context.isDerivedRoleType(roleWithoutMembers.getKimTypeId()) || roleTypeService2 == null || !roleTypeService2.dynamicRoleMembership(roleWithoutMembers.getNamespaceCode(), roleWithoutMembers.getName())) {
                putPrincipalHasRoleInCache(z, str, str4, map, true);
            }
            if (z) {
                return true;
            }
        }
        return false;
    }

    protected List<RoleMembership> convertToRoleMemberships(List<RoleMember>... listArr) {
        ArrayList arrayList = new ArrayList();
        for (List<RoleMember> list : listArr) {
            for (RoleMember roleMember : list) {
                arrayList.add(RoleMembership.Builder.create(roleMember.getRoleId(), roleMember.getId(), roleMember.getMemberId(), roleMember.getType(), roleMember.getAttributes()).build());
            }
        }
        return arrayList;
    }

    protected DelegateType getKimDelegationImpl(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return (DelegateType) getBusinessObjectService().findByPrimaryKey(DelegateType.class, Collections.singletonMap("delegationId", str));
    }

    protected DelegationTypeService getDelegationTypeService(String str) {
        DelegationTypeService delegationTypeService = null;
        DelegateType kimDelegationImpl = getKimDelegationImpl(str);
        KimType kimType = this.kimTypeInfoService.getKimType(kimDelegationImpl.getKimTypeId());
        if (kimType != null) {
            KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(kimType);
            if (kimTypeService instanceof DelegationTypeService) {
                delegationTypeService = (DelegationTypeService) kimTypeService;
            } else {
                Logger logger = LOG;
                Objects.requireNonNull(kimType);
                logger.error("Service returned for type {}({}) was not a DelegationTypeService.  Was a {}", () -> {
                    return kimType;
                }, kimType::getName, () -> {
                    return kimTypeService != null ? kimTypeService.getClass() : "(null)";
                });
            }
        } else {
            RoleTypeService roleTypeService = getRoleTypeService(kimDelegationImpl.getRoleId());
            if (roleTypeService instanceof DelegationTypeService) {
                delegationTypeService = (DelegationTypeService) roleTypeService;
            }
        }
        return delegationTypeService;
    }

    protected Collection<RoleMembership> getNestedRoleMembers(Map<String, String> map, RoleMembership roleMembership, Set<String> set) {
        if (set.contains(roleMembership.getMemberId())) {
            return new ArrayList();
        }
        set.add(roleMembership.getMemberId());
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(roleMembership.getMemberId());
        List<RoleMembership> roleMembers = getRoleMembers(arrayList, map, false, set);
        ArrayList arrayList2 = new ArrayList();
        Iterator<RoleMembership> it = roleMembers.iterator();
        while (it.hasNext()) {
            RoleMembership.Builder create = RoleMembership.Builder.create(it.next());
            create.setId(roleMembership.getId());
            create.setRoleId(roleMembership.getRoleId());
            create.setEmbeddedRoleId(roleMembership.getMemberId());
            arrayList2.add(create.build());
        }
        return arrayList2;
    }

    private List<RoleMember> getStoredRoleMembersUsingExactMatchOnQualification(String str, List<String> list, List<String> list2, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(list2);
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : list2) {
            RoleTypeService roleTypeService = getRoleTypeService(str2);
            if (roleTypeService != null) {
                try {
                    List<String> qualifiersForExactMatch = roleTypeService.getQualifiersForExactMatch();
                    if (CollectionUtils.isNotEmpty(qualifiersForExactMatch)) {
                        arrayList.remove(str2);
                        arrayList2.addAll(getStoredRoleMembersForRoleIdWithFilters(str2, str, list, populateQualifiersForExactMatch(map, qualifiersForExactMatch)));
                    }
                } catch (Exception e) {
                    LOG.warn("Caught exception when attempting to invoke a role type service for role {}", str2, e);
                }
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.addAll(getStoredRoleMembersForRoleIdWithFilters((String) it.next(), str, list, null));
        }
        return arrayList2;
    }

    private List<RoleMember> getStoredRoleGroupsUsingExactMatchOnQualification(List<String> list, String str, Map<String, String> map) {
        HashSet hashSet = new HashSet();
        if (str != null) {
            hashSet.add(str);
        }
        return getStoredRoleGroupsUsingExactMatchOnQualification(list, hashSet, map);
    }

    private List<RoleMember> getStoredRoleGroupsUsingExactMatchOnQualification(List<String> list, Set<String> set, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(set);
        ArrayList arrayList2 = new ArrayList();
        for (String str : set) {
            RoleTypeService roleTypeService = getRoleTypeService(str);
            if (roleTypeService != null) {
                try {
                    List<String> qualifiersForExactMatch = roleTypeService.getQualifiersForExactMatch();
                    if (CollectionUtils.isNotEmpty(qualifiersForExactMatch)) {
                        arrayList.remove(str);
                        arrayList2.addAll(getStoredRoleGroupsForGroupIdsAndRoleId(str, list, populateQualifiersForExactMatch(map, qualifiersForExactMatch)));
                    }
                } catch (Exception e) {
                    LOG.warn("Caught exception when attempting to invoke a role type service for role {}", str, e);
                }
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.addAll(getStoredRoleGroupsForGroupIdsAndRoleId((String) it.next(), list, null));
        }
        return arrayList2;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleMember assignPrincipalToRole(String str, String str2, String str3, Map<String, String> map) throws IllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "roleName");
        incomingParamCheck(map, "qualifier");
        RoleLite roleLiteByName = getRoleLiteByName(str2, str3);
        List<RoleMember> doAnyMemberRecordsMatchByExactQualifier = doAnyMemberRecordsMatchByExactQualifier(roleLiteByName, str, memberTypeToRoleDaoActionMap.get(MemberType.PRINCIPAL.getCode()), map);
        if (CollectionUtils.isNotEmpty(doAnyMemberRecordsMatchByExactQualifier)) {
            return doAnyMemberRecordsMatchByExactQualifier.get(0);
        }
        RoleMember doAnyMemberRecordsMatch = doAnyMemberRecordsMatch(getRoleDao().getRoleMembersForRoleId(roleLiteByName.getId(), MemberType.PRINCIPAL.getCode(), map), str, MemberType.PRINCIPAL.getCode(), map);
        if (null != doAnyMemberRecordsMatch) {
            return doAnyMemberRecordsMatch;
        }
        RoleMember roleMember = new RoleMember();
        roleMember.setRoleId(roleLiteByName.getId());
        roleMember.setMemberId(str);
        roleMember.setType(MemberType.PRINCIPAL);
        addMemberAttributeData(roleMember, map, roleLiteByName.getKimTypeId());
        return getResponsibilityInternalService().saveRoleMember(roleMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleMember assignGroupToRole(String str, String str2, String str3, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(str, "groupId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "roleName");
        incomingParamCheck(map, "qualifier");
        Role roleByName = getRoleByName(str2, str3);
        List<RoleMember> doAnyMemberRecordsMatchByExactQualifier = doAnyMemberRecordsMatchByExactQualifier(roleByName, str, memberTypeToRoleDaoActionMap.get(MemberType.GROUP.getCode()), map);
        if (CollectionUtils.isNotEmpty(doAnyMemberRecordsMatchByExactQualifier)) {
            return doAnyMemberRecordsMatchByExactQualifier.get(0);
        }
        RoleMember doAnyMemberRecordsMatch = doAnyMemberRecordsMatch(roleByName.getMembers(), str, MemberType.GROUP.getCode(), map);
        if (null != doAnyMemberRecordsMatch) {
            return doAnyMemberRecordsMatch;
        }
        RoleMember roleMember = new RoleMember();
        roleMember.setRoleId(roleByName.getId());
        roleMember.setMemberId(str);
        roleMember.setType(MemberType.GROUP);
        addMemberAttributeData(roleMember, map, roleByName.getKimTypeId());
        return getResponsibilityInternalService().saveRoleMember(roleMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleMember assignRoleToRole(String str, String str2, String str3, Map<String, String> map) throws IllegalStateException {
        incomingParamCheck(str, "roleId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "roleName");
        incomingParamCheck(map, "qualifier");
        Role roleByName = getRoleByName(str2, str3);
        List<RoleMember> doAnyMemberRecordsMatchByExactQualifier = doAnyMemberRecordsMatchByExactQualifier(roleByName, str, memberTypeToRoleDaoActionMap.get(MemberType.ROLE.getCode()), map);
        if (CollectionUtils.isNotEmpty(doAnyMemberRecordsMatchByExactQualifier)) {
            return doAnyMemberRecordsMatchByExactQualifier.get(0);
        }
        RoleMember doAnyMemberRecordsMatch = doAnyMemberRecordsMatch(roleByName.getMembers(), str, MemberType.ROLE.getCode(), map);
        if (null != doAnyMemberRecordsMatch) {
            return doAnyMemberRecordsMatch;
        }
        if (!checkForCircularRoleMembership(str, roleByName)) {
            throw new IllegalArgumentException("Circular role reference.");
        }
        RoleMember roleMember = new RoleMember();
        roleMember.setRoleId(roleByName.getId());
        roleMember.setMemberId(str);
        roleMember.setType(MemberType.ROLE);
        addMemberAttributeData(roleMember, map, roleByName.getKimTypeId());
        return getResponsibilityInternalService().saveRoleMember(roleMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleMember createRoleMember(RoleMember roleMember) throws IllegalStateException {
        incomingParamCheck(roleMember, "roleMember");
        if (StringUtils.isNotBlank(roleMember.getId()) && getRoleMember(roleMember.getId()) != null) {
            throw new IllegalStateException("the roleMember to create already exists: " + roleMember);
        }
        roleMember.setAttributeDetails(KimAttributeData.createFrom(RoleMemberAttributeData.class, roleMember.getAttributes(), getRoleLite(roleMember.getRoleId()).getKimTypeId()));
        return getResponsibilityInternalService().saveRoleMember(roleMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleMember updateRoleMember(RoleMember roleMember) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(roleMember, "roleMember");
        RoleMember roleMember2 = StringUtils.isNotBlank(roleMember.getId()) ? getRoleMember(roleMember.getId()) : null;
        if (StringUtils.isBlank(roleMember.getId()) || roleMember2 == null) {
            throw new IllegalStateException("the roleMember to update does not exists: " + roleMember);
        }
        List<RoleMemberAttributeData> createFrom = KimAttributeData.createFrom(RoleMemberAttributeData.class, roleMember.getAttributes(), getRoleLite(roleMember.getRoleId()).getKimTypeId());
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (RoleMemberAttributeData roleMemberAttributeData : createFrom) {
            Iterator<RoleMemberAttributeData> it = roleMember2.getAttributeDetails().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RoleMemberAttributeData next = it.next();
                if (roleMemberAttributeData.getKimTypeId().equals(next.getKimTypeId()) && roleMemberAttributeData.getKimAttributeId().equals(next.getKimAttributeId())) {
                    roleMemberAttributeData.setAssignedToId(next.getAssignedToId());
                    roleMemberAttributeData.setVersionNumber(next.getVersionNumber());
                    roleMemberAttributeData.setId(next.getId());
                    arrayList.add(roleMemberAttributeData);
                    z = true;
                    break;
                }
            }
            if (z) {
                z = false;
            } else {
                arrayList.add(roleMemberAttributeData);
            }
        }
        roleMember.setAttributeDetails(arrayList);
        return getResponsibilityInternalService().saveRoleMember(roleMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public DelegateMember updateDelegateMember(DelegateMember delegateMember) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(delegateMember, "delegateMember");
        String delegationId = delegateMember.getDelegationId();
        incomingParamCheck(delegationId, "delegationId");
        DelegateType kimDelegationImpl = getKimDelegationImpl(delegationId);
        DelegateMember delegateMember2 = StringUtils.isNotEmpty(delegateMember.getDelegationMemberId()) ? getDelegateMember(delegateMember.getDelegationMemberId()) : null;
        if (kimDelegationImpl == null) {
            throw new IllegalStateException("the delegate does not exist: " + delegationId);
        }
        List<DelegateMemberAttributeData> createFrom = KimAttributeData.createFrom(DelegateMemberAttributeData.class, delegateMember.getAttributes(), getRoleLite(kimDelegationImpl.getRoleId()).getKimTypeId());
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        if (delegateMember2 != null) {
            delegateMember.setVersionNumber(delegateMember2.getVersionNumber());
            for (DelegateMemberAttributeData delegateMemberAttributeData : createFrom) {
                Iterator<DelegateMemberAttributeData> it = delegateMember2.getAttributeDetails().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    DelegateMemberAttributeData next = it.next();
                    if (delegateMemberAttributeData.getKimTypeId().equals(next.getKimTypeId()) && delegateMemberAttributeData.getKimAttributeId().equals(next.getKimAttributeId())) {
                        delegateMemberAttributeData.setAssignedToId(next.getAssignedToId());
                        delegateMemberAttributeData.setVersionNumber(next.getVersionNumber());
                        delegateMemberAttributeData.setId(next.getId());
                        arrayList.add(delegateMemberAttributeData);
                        z = true;
                        break;
                    }
                }
                if (z) {
                    z = false;
                } else {
                    arrayList.add(delegateMemberAttributeData);
                }
            }
        }
        delegateMember.setAttributeDetails(arrayList);
        return getResponsibilityInternalService().saveDelegateMember(delegateMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public DelegateMember createDelegateMember(DelegateMember delegateMember) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(delegateMember, "delegateMember");
        if (delegateMember.getDelegationMemberId() != null) {
            throw new IllegalStateException("the delegate member already exists: " + delegateMember.getDelegationMemberId());
        }
        String delegationId = delegateMember.getDelegationId();
        incomingParamCheck(delegationId, "delegationId");
        DelegateType kimDelegationImpl = getKimDelegationImpl(delegationId);
        if (kimDelegationImpl == null) {
            throw new IllegalStateException("the delegate does not exist: " + delegationId);
        }
        checkMemberExists(delegateMember);
        delegateMember.setAttributeDetails(KimAttributeData.createFrom(DelegateMemberAttributeData.class, delegateMember.getAttributes(), getRoleLite(kimDelegationImpl.getRoleId()).getKimTypeId()));
        return getResponsibilityInternalService().saveDelegateMember(delegateMember);
    }

    private void checkMemberExists(DelegateMember delegateMember) {
        String memberId = delegateMember.getMemberId();
        incomingParamCheck(memberId, "memberId");
        MemberType type = delegateMember.getType();
        switch (type) {
            case ROLE:
                if (getRoleWithoutMembers(memberId) == null) {
                    throw new IllegalStateException("the role does not exist: " + memberId);
                }
                return;
            case GROUP:
                if (getGroupService().getGroup(memberId) == null) {
                    throw new IllegalStateException("the group does not exist: " + memberId);
                }
                return;
            case PRINCIPAL:
                if (this.personService.getPerson(memberId) == null) {
                    throw new IllegalStateException("the user does not exist: " + memberId);
                }
                return;
            default:
                throw new IllegalStateException("Unexpected memberType: " + type + " for memberId: " + memberId);
        }
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public void removeDelegateMembers(List<DelegateMember> list) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(list, "delegateMembers");
        list.forEach(this::updateDelegateMember);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleResponsibilityAction createRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(roleResponsibilityAction, "roleResponsibilityAction");
        if (!StringUtils.isNotBlank(roleResponsibilityAction.getId()) || getRoleResponsibilityAction(roleResponsibilityAction.getId()) == null) {
            return (RoleResponsibilityAction) getBusinessObjectService().save((BusinessObjectService) roleResponsibilityAction);
        }
        throw new IllegalStateException("the roleResponsibilityAction to create already exists: " + roleResponsibilityAction);
    }

    protected void updateActionRequestsForRoleResponsibilityActionChange(RoleResponsibilityAction roleResponsibilityAction) {
        RoleResponsibility roleResponsibility = roleResponsibilityAction.getRoleResponsibility();
        if (roleResponsibility != null) {
            getResponsibilityInternalService().updateActionRequestsForResponsibilityChange(Collections.singleton(roleResponsibility.getResponsibilityId()));
        }
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public RoleResponsibilityAction updateRoleResponsibilityAction(RoleResponsibilityAction roleResponsibilityAction) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(roleResponsibilityAction, "roleResponsibilityAction");
        if (StringUtils.isBlank(roleResponsibilityAction.getId()) || getRoleResponsibilityAction(roleResponsibilityAction.getId()) == null) {
            throw new IllegalStateException("the roleResponsibilityAction to create does not exist: " + roleResponsibilityAction);
        }
        RoleResponsibilityAction roleResponsibilityAction2 = (RoleResponsibilityAction) getBusinessObjectService().save((BusinessObjectService) roleResponsibilityAction);
        updateActionRequestsForRoleResponsibilityActionChange(roleResponsibilityAction2);
        return roleResponsibilityAction2;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public DelegateType createDelegateType(DelegateType delegateType) throws IllegalArgumentException, IllegalStateException {
        incomingParamCheck(delegateType, "delegateType");
        if (!StringUtils.isNotBlank(delegateType.getDelegationId()) || getDelegateTypeByDelegationId(delegateType.getDelegationId()) == null) {
            return (DelegateType) getBusinessObjectService().save((BusinessObjectService) delegateType);
        }
        throw new IllegalStateException("the delegateType to create already exists: " + delegateType);
    }

    private void removeRoleMembers(List<RoleMember> list) {
        if (CollectionUtils.isNotEmpty(list)) {
            Iterator<RoleMember> it = list.iterator();
            while (it.hasNext()) {
                getResponsibilityInternalService().removeRoleMember(it.next());
            }
        }
    }

    private List<RoleMember> getRoleMembersByDefaultStrategy(String str, String str2, String str3, Map<String, String> map) {
        Map<String, String> convertQualifierKeys = convertQualifierKeys(map, str);
        ArrayList arrayList = new ArrayList();
        for (RoleMember roleMember : getRoleDao().getRoleMembershipsForMemberId(str3, str2, convertQualifierKeys)) {
            if (roleMember.getRoleId().equals(str)) {
                arrayList.add(roleMember);
            }
        }
        return arrayList;
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public void removePrincipalFromRole(String str, String str2, String str3, Map<String, String> map) throws IllegalArgumentException {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("principalId is null");
        }
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException("namespaceCode is null");
        }
        if (StringUtils.isBlank(str3)) {
            throw new IllegalArgumentException("roleName is null");
        }
        if (map == null) {
            throw new IllegalArgumentException("qualifier is null");
        }
        RoleLite roleLiteByName = getRoleLiteByName(str2, str3);
        List<RoleMember> roleMembersByExactQualifierMatch = getRoleMembersByExactQualifierMatch(roleLiteByName, str, memberTypeToRoleDaoActionMap.get(MemberType.PRINCIPAL.getCode()), map);
        if (CollectionUtils.isEmpty(roleMembersByExactQualifierMatch)) {
            roleMembersByExactQualifierMatch = getRoleMembersByDefaultStrategy(roleLiteByName.getId(), str, MemberType.PRINCIPAL.getCode(), map);
        }
        removeRoleMembers(roleMembersByExactQualifierMatch);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public void removeRoleFromRole(String str, String str2, String str3, Map<String, String> map) throws IllegalArgumentException {
        incomingParamCheck(str, "roleId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "roleName");
        incomingParamCheck(map, "qualifier");
        RoleLite roleLiteByName = getRoleLiteByName(str2, str3);
        List<RoleMember> roleMembersByExactQualifierMatch = getRoleMembersByExactQualifierMatch(roleLiteByName, str, memberTypeToRoleDaoActionMap.get(MemberType.ROLE.getCode()), map);
        if (CollectionUtils.isEmpty(roleMembersByExactQualifierMatch)) {
            roleMembersByExactQualifierMatch = getRoleMembersByDefaultStrategy(roleLiteByName.getId(), str, MemberType.ROLE.getCode(), map);
        }
        removeRoleMembers(roleMembersByExactQualifierMatch);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public void assignPermissionToRole(String str, String str2) throws IllegalArgumentException {
        incomingParamCheck(str, "permissionId");
        incomingParamCheck(str2, "roleId");
        RolePermission rolePermission = new RolePermission();
        Long nextAvailableSequenceNumber = KRADServiceLocator.getSequenceAccessorService().getNextAvailableSequenceNumber(KimConstants.SequenceNames.KRIM_ROLE_PERM_ID_S, RolePermission.class);
        if (nextAvailableSequenceNumber == null) {
            LOG.error("Unable to get new role permission id from sequence {}", KimConstants.SequenceNames.KRIM_ROLE_PERM_ID_S);
            throw new RuntimeException("Unable to get new role permission id from sequence KRIM_ROLE_PERM_ID_S");
        }
        rolePermission.setId(nextAvailableSequenceNumber.toString());
        rolePermission.setRoleId(str2);
        rolePermission.setPermissionId(str);
        rolePermission.setActive(true);
        getBusinessObjectService().save((BusinessObjectService) rolePermission);
    }

    @Override // org.kuali.kfs.kim.api.role.RoleService
    @CacheEvict(allEntries = true, value = {Role.CACHE_NAME, Permission.CACHE_NAME, Responsibility.CACHE_NAME, RoleMembership.CACHE_NAME, RoleMember.CACHE_NAME, DelegateMember.CACHE_NAME, RoleResponsibility.CACHE_NAME, DelegateType.CACHE_NAME})
    public void revokePermissionFromRole(String str, String str2) throws IllegalArgumentException {
        incomingParamCheck(str, "permissionId");
        incomingParamCheck(str2, "roleId");
        HashMap hashMap = new HashMap();
        hashMap.put("roleId", str2);
        hashMap.put("permissionId", str);
        hashMap.put("active", Boolean.TRUE);
        Collection<RolePermission> findMatching = getBusinessObjectService().findMatching(RolePermission.class, hashMap);
        ArrayList arrayList = new ArrayList();
        for (RolePermission rolePermission : findMatching) {
            rolePermission.setActive(false);
            arrayList.add(rolePermission);
        }
        getBusinessObjectService().save(arrayList);
    }

    protected void addMemberAttributeData(RoleMember roleMember, Map<String, String> map, String str) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            RoleMemberAttributeData roleMemberAttributeData = new RoleMemberAttributeData();
            roleMemberAttributeData.setAttributeValue(entry.getValue());
            roleMemberAttributeData.setKimTypeId(str);
            roleMemberAttributeData.setAssignedToId(roleMember.getId());
            roleMemberAttributeData.setKimAttributeId(getKimAttributeId(entry.getKey()));
            HashMap hashMap = new HashMap();
            hashMap.put("id", roleMemberAttributeData.getKimAttributeId());
            hashMap.put("assignedToId", roleMember.getId());
            List list = (List) getBusinessObjectService().findMatching(RoleMemberAttributeData.class, hashMap);
            RoleMemberAttributeData roleMemberAttributeData2 = (list == null || list.isEmpty()) ? null : (RoleMemberAttributeData) list.get(0);
            if (roleMemberAttributeData2 != null) {
                roleMemberAttributeData.setId(roleMemberAttributeData2.getId());
                roleMemberAttributeData.setVersionNumber(roleMemberAttributeData2.getVersionNumber());
            }
            arrayList.add(roleMemberAttributeData);
        }
        roleMember.setAttributeDetails(arrayList);
    }

    protected void logPrincipalHasRoleCheck(String str, List<String> list, Map<String, String> map) {
        Person person;
        StringBuilder sb = new StringBuilder();
        sb.append('\n');
        sb.append("Has Role     : ").append(list).append('\n');
        if (list != null) {
            for (String str2 : list) {
                RoleLite roleWithoutMembers = getRoleWithoutMembers(str2);
                if (roleWithoutMembers != null) {
                    sb.append("        Name : ").append(roleWithoutMembers.getNamespaceCode()).append('/').append(roleWithoutMembers.getName());
                    sb.append(" (").append(str2).append(')');
                    sb.append('\n');
                }
            }
        }
        sb.append("   Principal : ").append(str);
        if (str != null && (person = this.personService.getPerson(str)) != null) {
            sb.append(" (").append(person.getPrincipalName()).append(')');
        }
        sb.append('\n');
        sb.append("     Details :\n");
        if (map != null) {
            sb.append(map);
        } else {
            sb.append("               [null]\n");
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace((CharSequence) sb.append(ExceptionUtils.getStackTrace(new Throwable())));
        } else {
            LOG.debug((CharSequence) sb);
        }
    }

    private void incomingParamCheck(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str + " was null");
        }
        if ((obj instanceof String) && StringUtils.isBlank((String) obj)) {
            throw new IllegalArgumentException(str + " was blank");
        }
    }

    protected RoleService getProxiedRoleService() {
        if (this.proxiedRoleService == null) {
            this.proxiedRoleService = KimApiServiceLocator.getRoleService();
        }
        return this.proxiedRoleService;
    }

    public void setCacheManager(CacheManager cacheManager) {
        if (cacheManager == null) {
            throw new IllegalArgumentException("cacheManager must not be null");
        }
        this.cacheManager = cacheManager;
    }

    public void setKimTypeInfoService(KimTypeInfoService kimTypeInfoService) {
        this.kimTypeInfoService = kimTypeInfoService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setDateTimeService(DateTimeService dateTimeService) {
        this.dateTimeService = dateTimeService;
    }

    @Override // org.kuali.kfs.kim.impl.role.RoleServiceBase
    public /* bridge */ /* synthetic */ void setCriteriaLookupService(CriteriaLookupService criteriaLookupService) {
        super.setCriteriaLookupService(criteriaLookupService);
    }

    @Override // org.kuali.kfs.kim.impl.role.RoleServiceBase
    public /* bridge */ /* synthetic */ CriteriaLookupService getCriteriaLookupService() {
        return super.getCriteriaLookupService();
    }

    @Override // org.kuali.kfs.kim.impl.role.RoleServiceBase
    public /* bridge */ /* synthetic */ void setRoleDao(RoleDao roleDao) {
        super.setRoleDao(roleDao);
    }
}
