package org.kuali.rice.krad.uif.view;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.kuali.rice.core.api.CoreApiServiceLocator;
import org.kuali.rice.core.api.config.property.ConfigurationService;
import org.kuali.rice.kim.api.KimConstants;
import org.kuali.rice.kim.api.identity.Person;
import org.kuali.rice.krad.bo.DataObjectAuthorizerBase;
import org.kuali.rice.krad.datadictionary.AttributeSecurity;
import org.kuali.rice.krad.datadictionary.parse.BeanTag;
import org.kuali.rice.krad.datadictionary.parse.BeanTagAttribute;
import org.kuali.rice.krad.uif.component.Component;
import org.kuali.rice.krad.uif.component.ComponentSecurity;
import org.kuali.rice.krad.uif.component.DataBinding;
import org.kuali.rice.krad.uif.container.CollectionGroup;
import org.kuali.rice.krad.uif.container.Group;
import org.kuali.rice.krad.uif.element.Action;
import org.kuali.rice.krad.uif.field.DataField;
import org.kuali.rice.krad.uif.field.DataFieldSecurity;
import org.kuali.rice.krad.uif.field.Field;
import org.kuali.rice.krad.uif.field.FieldSecurity;
import org.kuali.rice.krad.uif.util.ObjectPropertyUtils;
import org.kuali.rice.krad.uif.widget.Widget;
import org.kuali.rice.krad.util.KRADConstants;
import org.kuali.rice.krad.util.KRADUtils;

@BeanTag(name = "viewAuthorizer")
/* loaded from: input_file:WEB-INF/lib/rice-krad-web-framework-2.5.10.jar:org/kuali/rice/krad/uif/view/ViewAuthorizerBase.class */
public class ViewAuthorizerBase extends DataObjectAuthorizerBase implements ViewAuthorizer {
    private static final long serialVersionUID = -2687378084630965412L;
    private static final Logger LOG = Logger.getLogger(ViewAuthorizerBase.class);
    private ConfigurationService configurationService;
    private RequestAuthorizationCache requestAuthorizationCache;

    public Set<String> getActionFlags(View view, ViewModel viewModel, Person person, Set<String> set) {
        if (set.contains(KRADConstants.KUALI_ACTION_CAN_EDIT) && !canEditView(view, viewModel, person)) {
            set.remove(KRADConstants.KUALI_ACTION_CAN_EDIT);
        }
        return set;
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public Set<String> getEditModes(View view, ViewModel viewModel, Person person, Set<String> set) {
        HashSet hashSet = new HashSet();
        Object dataObjectContext = getDataObjectContext(view, viewModel);
        for (String str : set) {
            HashMap hashMap = new HashMap();
            hashMap.put(KimConstants.AttributeConstants.EDIT_MODE, str);
            hashMap.put("viewId", view.getId());
            if (permissionExistsByTemplate(dataObjectContext, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.USE_VIEW, hashMap) && !isAuthorizedByTemplate(dataObjectContext, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.USE_VIEW, person.getPrincipalId(), hashMap, null)) {
                hashSet.add(str);
            }
        }
        set.removeAll(hashSet);
        return set;
    }

    public boolean canOpenView(View view, ViewModel viewModel, Person person) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", viewModel.getViewId());
        if (permissionExistsByTemplate(viewModel, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.OPEN_VIEW, hashMap)) {
            return isAuthorizedByTemplate(viewModel, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.OPEN_VIEW, person.getPrincipalId(), hashMap, null);
        }
        return true;
    }

    public boolean canEditView(View view, ViewModel viewModel, Person person) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", viewModel.getViewId());
        if (permissionExistsByTemplate(viewModel, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.EDIT_VIEW, hashMap)) {
            return isAuthorizedByTemplate(viewModel, KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.EDIT_VIEW, person.getPrincipalId(), hashMap, null);
        }
        return true;
    }

    public boolean canUnmaskField(View view, ViewModel viewModel, DataField dataField, String str, Person person) {
        AttributeSecurity attributeSecurity;
        if (dataField.getDataFieldSecurity() == null || (attributeSecurity = dataField.getDataFieldSecurity().getAttributeSecurity()) == null || !attributeSecurity.isMask()) {
            return true;
        }
        if (isNonProductionEnvAndUnmaskingTurnedOff()) {
            return false;
        }
        Object dataObjectContext = getDataObjectContext(view, viewModel);
        new HashMap();
        Map<String, String> namespaceAndComponentSimpleName = KRADUtils.getNamespaceAndComponentSimpleName(dataObjectContext.getClass());
        namespaceAndComponentSimpleName.put("propertyName", str);
        if (dataField.getComponentSecurity().getAdditionalPermissionDetails() != null) {
            namespaceAndComponentSimpleName.putAll(dataField.getComponentSecurity().getAdditionalPermissionDetails());
        }
        HashMap hashMap = new HashMap();
        if (dataField.getComponentSecurity().getAdditionalRoleQualifiers() != null) {
            hashMap.putAll(dataField.getComponentSecurity().getAdditionalRoleQualifiers());
        }
        return isAuthorizedByTemplate(dataObjectContext, KRADConstants.KNS_NAMESPACE, KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD, person.getPrincipalId(), namespaceAndComponentSimpleName, hashMap);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canPartialUnmaskField(View view, ViewModel viewModel, DataField dataField, String str, Person person) {
        AttributeSecurity attributeSecurity;
        if (dataField.getDataFieldSecurity() == null || (attributeSecurity = dataField.getDataFieldSecurity().getAttributeSecurity()) == null || !attributeSecurity.isPartialMask()) {
            return true;
        }
        if (isNonProductionEnvAndUnmaskingTurnedOff()) {
            return false;
        }
        Object dataObjectContext = getDataObjectContext(view, viewModel);
        new HashMap();
        Map<String, String> namespaceAndComponentSimpleName = KRADUtils.getNamespaceAndComponentSimpleName(dataObjectContext.getClass());
        namespaceAndComponentSimpleName.put("propertyName", str);
        if (dataField.getComponentSecurity().getAdditionalPermissionDetails() != null) {
            namespaceAndComponentSimpleName.putAll(dataField.getComponentSecurity().getAdditionalPermissionDetails());
        }
        HashMap hashMap = new HashMap();
        if (dataField.getComponentSecurity().getAdditionalRoleQualifiers() != null) {
            hashMap.putAll(dataField.getComponentSecurity().getAdditionalRoleQualifiers());
        }
        return isAuthorizedByTemplate(dataObjectContext, KRADConstants.KNS_NAMESPACE, KimConstants.PermissionTemplateNames.PARTIAL_UNMASK_FIELD, person.getPrincipalId(), namespaceAndComponentSimpleName, hashMap);
    }

    public boolean canEditField(View view, ViewModel viewModel, Field field, String str, Person person) {
        ComponentSecurity componentSecurity = field.getComponentSecurity();
        if (componentSecurity == null) {
            return true;
        }
        if (componentSecurity.isEditAuthz() == null && !isDataFieldAttributeSecurityHide(field)) {
            return true;
        }
        if (componentSecurity.isEditAuthz() == null || componentSecurity.isEditAuthz().booleanValue()) {
            return isAuthorizedByTemplate(view, field, viewModel, KimConstants.PermissionTemplateNames.EDIT_FIELD, person, null, null, false);
        }
        return true;
    }

    public boolean canViewField(View view, ViewModel viewModel, Field field, String str, Person person) {
        ComponentSecurity componentSecurity = field.getComponentSecurity();
        if (componentSecurity == null) {
            return true;
        }
        if (componentSecurity.isViewAuthz() == null && !isDataFieldAttributeSecurityHide(field)) {
            return true;
        }
        if (componentSecurity.isViewAuthz() == null || componentSecurity.isViewAuthz().booleanValue()) {
            return isAuthorizedByTemplate(view, field, viewModel, KimConstants.PermissionTemplateNames.VIEW_FIELD, person, null, null, false);
        }
        return true;
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canEditGroup(View view, ViewModel viewModel, Group group, String str, Person person) {
        ComponentSecurity componentSecurity = group.getComponentSecurity();
        if (componentSecurity == null || componentSecurity.isEditAuthz() == null || !componentSecurity.isEditAuthz().booleanValue()) {
            return true;
        }
        return isAuthorizedByTemplate(view, group, viewModel, KimConstants.PermissionTemplateNames.EDIT_GROUP, person, null, null, false);
    }

    public boolean canViewGroup(View view, ViewModel viewModel, Group group, String str, Person person) {
        ComponentSecurity componentSecurity = group.getComponentSecurity();
        if (componentSecurity == null || componentSecurity.isViewAuthz() == null || !componentSecurity.isViewAuthz().booleanValue()) {
            return true;
        }
        return isAuthorizedByTemplate(view, group, viewModel, KimConstants.PermissionTemplateNames.VIEW_GROUP, person, null, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canEditWidget(View view, ViewModel viewModel, Widget widget, String str, Person person) {
        ComponentSecurity componentSecurity = widget.getComponentSecurity();
        if (componentSecurity == null || componentSecurity.isEditAuthz() == null || !componentSecurity.isEditAuthz().booleanValue()) {
            return true;
        }
        return isAuthorizedByTemplate(view, widget, viewModel, KimConstants.PermissionTemplateNames.EDIT_WIDGET, person, null, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canViewWidget(View view, ViewModel viewModel, Widget widget, String str, Person person) {
        ComponentSecurity componentSecurity = widget.getComponentSecurity();
        if (componentSecurity == null || componentSecurity.isViewAuthz() == null || !componentSecurity.isViewAuthz().booleanValue()) {
            return true;
        }
        return isAuthorizedByTemplate(view, widget, viewModel, KimConstants.PermissionTemplateNames.VIEW_WIDGET, person, null, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canPerformAction(View view, ViewModel viewModel, Action action, String str, String str2, Person person) {
        if (action.getActionSecurity() == null || !action.getActionSecurity().isPerformActionAuthz()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotBlank(str)) {
            hashMap.put("actionEvent", str);
        }
        return isAuthorizedByTemplate(view, action, viewModel, KimConstants.PermissionTemplateNames.PERFORM_ACTION, person, hashMap, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canEditLine(View view, ViewModel viewModel, CollectionGroup collectionGroup, String str, Object obj, Person person) {
        if (collectionGroup.getCollectionGroupSecurity() == null || !collectionGroup.getCollectionGroupSecurity().isEditLineAuthz()) {
            return true;
        }
        return isAuthorizedByTemplate(view, collectionGroup, viewModel, KimConstants.PermissionTemplateNames.EDIT_LINE, person, null, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canViewLine(View view, ViewModel viewModel, CollectionGroup collectionGroup, String str, Object obj, Person person) {
        if (collectionGroup.getCollectionGroupSecurity() == null || !collectionGroup.getCollectionGroupSecurity().isViewLineAuthz()) {
            return true;
        }
        return isAuthorizedByTemplate(view, collectionGroup, viewModel, KimConstants.PermissionTemplateNames.VIEW_LINE, person, null, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canEditLineField(View view, ViewModel viewModel, CollectionGroup collectionGroup, String str, Object obj, Field field, String str2, Person person) {
        FieldSecurity fieldSecurity = field.getFieldSecurity();
        if (fieldSecurity == null) {
            return true;
        }
        if (fieldSecurity.isEditInLineAuthz() == null && !isDataFieldAttributeSecurityHide(field)) {
            return true;
        }
        if (fieldSecurity.isEditInLineAuthz() != null && !fieldSecurity.isEditInLineAuthz().booleanValue()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", collectionGroup.getId());
        hashMap.put(KimConstants.AttributeConstants.COLLECTION_PROPERTY_NAME, collectionGroup.getPropertyName());
        return isAuthorizedByTemplate(view, field, viewModel, KimConstants.PermissionTemplateNames.EDIT_LINE_FIELD, person, hashMap, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canViewLineField(View view, ViewModel viewModel, CollectionGroup collectionGroup, String str, Object obj, Field field, String str2, Person person) {
        FieldSecurity fieldSecurity = field.getFieldSecurity();
        if (fieldSecurity == null) {
            return true;
        }
        if (fieldSecurity.isViewInLineAuthz() == null && !isDataFieldAttributeSecurityHide(field)) {
            return true;
        }
        if (fieldSecurity.isViewInLineAuthz() != null && !fieldSecurity.isViewInLineAuthz().booleanValue()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", collectionGroup.getId());
        hashMap.put(KimConstants.AttributeConstants.COLLECTION_PROPERTY_NAME, collectionGroup.getPropertyName());
        return isAuthorizedByTemplate(view, field, viewModel, KimConstants.PermissionTemplateNames.VIEW_LINE_FIELD, person, hashMap, null, false);
    }

    @Override // org.kuali.rice.krad.uif.view.ViewAuthorizer
    public boolean canPerformLineAction(View view, ViewModel viewModel, CollectionGroup collectionGroup, String str, Object obj, Action action, String str2, String str3, Person person) {
        if (action.getActionSecurity() == null || !action.getActionSecurity().isPerformLineActionAuthz()) {
            return true;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", collectionGroup.getId());
        hashMap.put(KimConstants.AttributeConstants.COLLECTION_PROPERTY_NAME, collectionGroup.getPropertyName());
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put("actionEvent", str2);
        }
        return isAuthorizedByTemplate(view, action, viewModel, KimConstants.PermissionTemplateNames.PERFORM_LINE_ACTION, person, hashMap, null, false);
    }

    protected Object getDataObjectContext(View view, ViewModel viewModel) {
        Object propertyValue;
        Object obj = viewModel;
        if (StringUtils.isNotBlank(view.getDefaultBindingObjectPath()) && (propertyValue = ObjectPropertyUtils.getPropertyValue(viewModel, view.getDefaultBindingObjectPath())) != null) {
            obj = propertyValue;
        }
        return obj;
    }

    protected Map<String, String> getFieldPermissionDetails(View view, Object obj, Field field) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", view.getId());
        hashMap.put(KimConstants.AttributeConstants.FIELD_ID, field.getId());
        if (field instanceof DataBinding) {
            hashMap.put("propertyName", ((DataBinding) field).getPropertyName());
        }
        return hashMap;
    }

    protected Map<String, String> getGroupPermissionDetails(View view, Object obj, Group group) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", view.getId());
        hashMap.put("groupId", group.getId());
        if (group instanceof CollectionGroup) {
            hashMap.put(KimConstants.AttributeConstants.COLLECTION_PROPERTY_NAME, ((CollectionGroup) group).getPropertyName());
        }
        return hashMap;
    }

    protected Map<String, String> getWidgetPermissionDetails(View view, Object obj, Widget widget) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", view.getId());
        hashMap.put(KimConstants.AttributeConstants.WIDGET_ID, widget.getId());
        return hashMap;
    }

    protected Map<String, String> getActionPermissionDetails(View view, Object obj, Action action) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", view.getNamespaceCode());
        hashMap.put("viewId", view.getId());
        hashMap.put(KimConstants.AttributeConstants.FIELD_ID, action.getId());
        return hashMap;
    }

    protected boolean isAuthorizedByTemplate(View view, Component component, ViewModel viewModel, String str, Person person, Map<String, String> map, Map<String, String> map2, boolean z) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        if (map2 != null) {
            hashMap2.putAll(map2);
        }
        Object dataObjectContext = getDataObjectContext(view, viewModel);
        if (component instanceof Field) {
            hashMap.putAll(getFieldPermissionDetails(view, dataObjectContext, (Field) component));
        } else if (component instanceof Group) {
            hashMap.putAll(getGroupPermissionDetails(view, dataObjectContext, (Group) component));
        } else if (component instanceof Widget) {
            hashMap.putAll(getWidgetPermissionDetails(view, dataObjectContext, (Widget) component));
        } else if (component instanceof Action) {
            hashMap.putAll(getActionPermissionDetails(view, dataObjectContext, (Action) component));
        }
        ComponentSecurity componentSecurity = component.getComponentSecurity();
        if (componentSecurity != null) {
            if (StringUtils.isNotBlank(componentSecurity.getNamespaceAttribute())) {
                hashMap.put("namespaceCode", componentSecurity.getNamespaceAttribute());
            }
            if (StringUtils.isNotBlank(componentSecurity.getComponentAttribute())) {
                hashMap.put("componentName", componentSecurity.getComponentAttribute());
            }
            if (StringUtils.isNotBlank(componentSecurity.getIdAttribute())) {
                if (component instanceof Field) {
                    hashMap.put(KimConstants.AttributeConstants.FIELD_ID, componentSecurity.getIdAttribute());
                } else if (component instanceof Group) {
                    hashMap.put("groupId", componentSecurity.getIdAttribute());
                } else if (component instanceof Widget) {
                    hashMap.put(KimConstants.AttributeConstants.WIDGET_ID, componentSecurity.getIdAttribute());
                }
            }
            if (componentSecurity.getAdditionalPermissionDetails() != null) {
                hashMap.putAll(componentSecurity.getAdditionalPermissionDetails());
            }
            if (componentSecurity.getAdditionalRoleQualifiers() != null) {
                hashMap2.putAll(componentSecurity.getAdditionalRoleQualifiers());
            }
        }
        boolean z2 = true;
        if (!z || (z && permissionExistsByTemplate(dataObjectContext, KRADConstants.KRAD_NAMESPACE, str, hashMap))) {
            z2 = isAuthorizedByTemplate(dataObjectContext, KRADConstants.KRAD_NAMESPACE, str, person.getPrincipalId(), hashMap, hashMap2);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Performed permission check for: " + str + " and got result: " + z2);
            }
        }
        return z2;
    }

    private boolean isNonProductionEnvAndUnmaskingTurnedOff() {
        return (getConfigurationService().getPropertyValueAsString("production.environment.code").equalsIgnoreCase(getConfigurationService().getPropertyValueAsString("environment")) || getConfigurationService().getPropertyValueAsBoolean(KRADConstants.ENABLE_NONPRODUCTION_UNMASKING)) ? false : true;
    }

    private boolean isDataFieldAttributeSecurityHide(Field field) {
        DataFieldSecurity dataFieldSecurity;
        return (field instanceof DataField) && (dataFieldSecurity = ((DataField) field).getDataFieldSecurity()) != null && dataFieldSecurity.getAttributeSecurity() != null && dataFieldSecurity.getAttributeSecurity().isHide();
    }

    @BeanTagAttribute(name = "configurationService", type = BeanTagAttribute.AttributeType.SINGLEBEAN)
    protected ConfigurationService getConfigurationService() {
        return this.configurationService == null ? CoreApiServiceLocator.getKualiConfigurationService() : this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RequestAuthorizationCache getRequestAuthorizationCache() {
        return this.requestAuthorizationCache;
    }

    public void setRequestAuthorizationCache(RequestAuthorizationCache requestAuthorizationCache) {
        this.requestAuthorizationCache = requestAuthorizationCache;
    }
}
