package org.kuali.coeus.common.impl.auth.perm;

import com.google.common.collect.Multimap;
import com.google.common.collect.MultimapBuilder;
import com.google.common.collect.Multimaps;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.kuali.coeus.common.framework.auth.UnitAuthorizationService;
import org.kuali.coeus.common.framework.auth.docperm.DocumentAccess;
import org.kuali.coeus.common.framework.auth.docperm.DocumentAccessConstants;
import org.kuali.coeus.common.framework.auth.perm.DocumentLevelPermissionable;
import org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService;
import org.kuali.coeus.common.framework.auth.perm.Permissionable;
import org.kuali.kra.award.lookup.AwardLookupableHelperServiceImpl;
import org.kuali.kra.krms.KcKrmsConstants;
import org.kuali.rice.core.api.criteria.Predicate;
import org.kuali.rice.core.api.criteria.PredicateFactory;
import org.kuali.rice.core.api.criteria.QueryByCriteria;
import org.kuali.rice.kim.api.permission.PermissionService;
import org.kuali.rice.kim.api.role.Role;
import org.kuali.rice.kim.api.role.RoleService;
import org.kuali.rice.kim.api.type.KimType;
import org.kuali.rice.kim.api.type.KimTypeInfoService;
import org.kuali.rice.krad.data.DataObjectService;
import org.kuali.rice.krad.data.PersistenceOption;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

@Component("kcAuthorizationService")
/* loaded from: input_file:org/kuali/coeus/common/impl/auth/perm/KcAuthorizationServiceImpl.class */
public class KcAuthorizationServiceImpl implements KcAuthorizationService {

    @Autowired
    @Qualifier("unitAuthorizationService")
    private UnitAuthorizationService unitAuthorizationService;

    @Autowired
    @Qualifier("roleService")
    private RoleService roleManagementService;

    @Autowired
    @Qualifier("permissionService")
    private PermissionService permissionService;

    @Autowired
    @Qualifier("dataObjectService")
    private DataObjectService dataObjectService;

    @Autowired
    @Qualifier("kimTypeInfoService")
    private KimTypeInfoService kimTypeInfoService;

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public void addDocumentLevelRole(String str, String str2, Permissionable permissionable) {
        if (!(permissionable instanceof DocumentLevelPermissionable)) {
            this.roleManagementService.assignPrincipalToRole(str, permissionable.getNamespace(), str2, new HashMap(createStandardQualifiers(permissionable)));
        } else {
            String validateDocumentLevelArguments = validateDocumentLevelArguments(((DocumentLevelPermissionable) permissionable).getDocumentNumber(), str, str2, permissionable.getNamespace());
            if (StringUtils.isNotBlank(validateDocumentLevelArguments)) {
                this.dataObjectService.save(new DocumentAccess(((DocumentLevelPermissionable) permissionable).getDocumentNumber(), str, validateDocumentLevelArguments, permissionable.getNamespace()), new PersistenceOption[0]);
            }
        }
    }

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public void removeDocumentLevelRole(String str, String str2, Permissionable permissionable) {
        if (!(permissionable instanceof DocumentLevelPermissionable)) {
            this.roleManagementService.removePrincipalFromRole(str, permissionable.getNamespace(), str2, new HashMap(createStandardQualifiers(permissionable)));
            return;
        }
        String validateDocumentLevelArguments = validateDocumentLevelArguments(((DocumentLevelPermissionable) permissionable).getDocumentNumber(), str, str2, permissionable.getNamespace());
        if (StringUtils.isNotBlank(validateDocumentLevelArguments)) {
            this.dataObjectService.deleteMatching(DocumentAccess.class, QueryByCriteria.Builder.fromPredicates(new Predicate[]{PredicateFactory.equal("documentNumber", ((DocumentLevelPermissionable) permissionable).getDocumentNumber()), PredicateFactory.equal(AwardLookupableHelperServiceImpl.PRINCIPAL_ID, str), PredicateFactory.equal("roleName", validateDocumentLevelArguments), PredicateFactory.equal(KcKrmsConstants.NAMESPACE_CODE, permissionable.getNamespace())}));
        }
    }

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public boolean hasDocumentLevelRole(String str, String str2, Permissionable permissionable) {
        String str3 = str2;
        if (permissionable instanceof DocumentLevelPermissionable) {
            str3 = validateDocumentLevelArguments(((DocumentLevelPermissionable) permissionable).getDocumentNumber(), str, str2, permissionable.getNamespace());
        }
        if (!StringUtils.isNotBlank(str3)) {
            return false;
        }
        Map<String, String> createStandardQualifiers = createStandardQualifiers(permissionable);
        Role roleByNamespaceCodeAndName = this.roleManagementService.getRoleByNamespaceCodeAndName(permissionable.getNamespace(), str3);
        return roleByNamespaceCodeAndName != null && this.roleManagementService.principalHasRole(str, Collections.singletonList(roleByNamespaceCodeAndName.getId()), createStandardQualifiers);
    }

    protected String validateDocumentLevelArguments(String str, String str2, String str3, String str4) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("documentNumber is blank");
        }
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException("principalId is blank");
        }
        return validateRoleArguments(str3, str4);
    }

    protected String validateRoleArguments(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("roleName is blank");
        }
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException("namespaceCode is blank");
        }
        String str3 = !str.endsWith(" Document Level") ? str + " Document Level" : str;
        Role roleByNamespaceCodeAndName = this.roleManagementService.getRoleByNamespaceCodeAndName(str2, str3);
        if (roleByNamespaceCodeAndName != null) {
            KimType kimType = this.kimTypeInfoService.getKimType(roleByNamespaceCodeAndName.getKimTypeId());
            if (kimType.getName().equals(DocumentAccessConstants.DOC_LEVEL_KIM_TYPE_NAME) && kimType.getNamespaceCode().equals("KC-SYS")) {
                return str3;
            }
            return null;
        }
        Role roleByNamespaceCodeAndName2 = this.roleManagementService.getRoleByNamespaceCodeAndName(str2, str);
        if (roleByNamespaceCodeAndName2 == null) {
            throw new IllegalStateException("role not found with namespace: " + str2 + " and name " + str3 + " or name " + str);
        }
        KimType kimType2 = this.kimTypeInfoService.getKimType(roleByNamespaceCodeAndName2.getKimTypeId());
        if (kimType2.getName().equals(DocumentAccessConstants.DOC_LEVEL_KIM_TYPE_NAME) && kimType2.getNamespaceCode().equals("KC-SYS")) {
            return str;
        }
        return null;
    }

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public boolean hasPermission(String str, Permissionable permissionable, String str2) {
        return hasPermission(str, permissionable, permissionable == null ? null : permissionable.getNamespace(), str2);
    }

    protected boolean hasPermission(String str, Permissionable permissionable, String str2, String str3) {
        boolean z = false;
        if (permissionable != null) {
            Map<String, String> createStandardQualifiers = createStandardQualifiers(permissionable);
            permissionable.populateAdditionalQualifiedRoleAttributes(createStandardQualifiers);
            String leadUnitNumber = permissionable.getLeadUnitNumber();
            if (StringUtils.isNotEmpty(permissionable.getDocumentNumberForPermission())) {
                z = this.permissionService.isAuthorized(str, str2, str3, createStandardQualifiers);
            }
            if (!z && StringUtils.isNotEmpty(leadUnitNumber)) {
                z = this.unitAuthorizationService.hasPermission(str, leadUnitNumber, str2, str3);
            }
        }
        return z;
    }

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public <P extends Permissionable> Collection<P> filterForPermission(String str, Collection<P> collection, String str2, String str3) {
        HashSet hashSet = new HashSet();
        Stream<P> filter = collection.stream().filter(permissionable -> {
            return permissionable.getLeadUnitNumber() != null;
        });
        Function function = (v0) -> {
            return v0.getLeadUnitNumber();
        };
        Function function2 = (v0) -> {
            return v0.getDocumentNumberForPermission();
        };
        MultimapBuilder.ListMultimapBuilder arrayListValues = MultimapBuilder.hashKeys().arrayListValues();
        Objects.requireNonNull(arrayListValues);
        Multimap multimap = (Multimap) filter.collect(Multimaps.toMultimap(function, function2, arrayListValues::build));
        multimap.keySet().forEach(str4 -> {
            if (this.unitAuthorizationService.hasPermission(str, str4, str2, str3)) {
                hashSet.addAll(multimap.get(str4));
            }
        });
        collection.stream().filter(permissionable2 -> {
            return !hashSet.contains(permissionable2.getDocumentNumberForPermission());
        }).forEach(permissionable3 -> {
            Map<String, String> createStandardQualifiers = createStandardQualifiers(permissionable3);
            permissionable3.populateAdditionalQualifiedRoleAttributes(createStandardQualifiers);
            if (this.permissionService.isAuthorized(str, str2, str3, createStandardQualifiers)) {
                hashSet.add(permissionable3.getDocumentNumberForPermission());
            }
        });
        return (Collection) collection.stream().filter(permissionable4 -> {
            return hashSet.contains(permissionable4.getDocumentNumberForPermission());
        }).collect(Collectors.toList());
    }

    @Override // org.kuali.coeus.common.framework.auth.perm.KcAuthorizationService
    public List<String> getPrincipalsInRole(String str, Permissionable permissionable) {
        HashSet hashSet = new HashSet();
        if (permissionable != null && StringUtils.isNotBlank(str)) {
            String validateRoleArguments = validateRoleArguments(str, permissionable.getNamespace());
            if (StringUtils.isNotBlank(validateRoleArguments)) {
                hashSet.addAll(this.roleManagementService.getRoleMemberPrincipalIds(permissionable.getNamespace(), validateRoleArguments, createStandardQualifiers(permissionable)));
                if ((permissionable instanceof DocumentLevelPermissionable) && this.roleManagementService.getRoleByNamespaceCodeAndName(permissionable.getNamespace(), validateRoleArguments) != null) {
                    hashSet.addAll(this.roleManagementService.getRoleMemberPrincipalIds(permissionable.getNamespace(), validateRoleArguments, createStandardQualifiers(permissionable)));
                }
            }
        }
        return new ArrayList(hashSet);
    }

    protected Map<String, String> createStandardQualifiers(Permissionable permissionable) {
        HashMap hashMap = new HashMap();
        hashMap.put(permissionable.getDocumentKey(), permissionable.getDocumentNumberForPermission());
        addDocumentQualifiers(permissionable, hashMap);
        return hashMap;
    }

    protected void addDocumentQualifiers(Permissionable permissionable, Map<String, String> map) {
        if (!(permissionable instanceof DocumentLevelPermissionable) || map == null) {
            return;
        }
        map.put("documentNumber", ((DocumentLevelPermissionable) permissionable).getDocumentNumber());
    }

    public void setUnitAuthorizationService(UnitAuthorizationService unitAuthorizationService) {
        this.unitAuthorizationService = unitAuthorizationService;
    }

    public void setRoleManagementService(RoleService roleService) {
        this.roleManagementService = roleService;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    public RoleService getRoleService() {
        return this.roleManagementService;
    }

    public UnitAuthorizationService getUnitAuthorizationService() {
        return this.unitAuthorizationService;
    }

    public RoleService getRoleManagementService() {
        return this.roleManagementService;
    }

    public PermissionService getPermissionService() {
        return this.permissionService;
    }

    public DataObjectService getDataObjectService() {
        return this.dataObjectService;
    }

    public void setDataObjectService(DataObjectService dataObjectService) {
        this.dataObjectService = dataObjectService;
    }

    public KimTypeInfoService getKimTypeInfoService() {
        return this.kimTypeInfoService;
    }

    public void setKimTypeInfoService(KimTypeInfoService kimTypeInfoService) {
        this.kimTypeInfoService = kimTypeInfoService;
    }
}
