package org.kuali.kfs.sec.document;

import java.sql.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.kuali.kfs.sec.businessobject.SecurityModel;
import org.kuali.kfs.sec.businessobject.SecurityModelDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModelMember;
import org.kuali.kfs.sec.businessobject.SecurityPrincipal;
import org.kuali.kfs.sec.identity.SecKimAttributes;
import org.kuali.kfs.sec.util.KimUtil;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.kfs.sys.document.FinancialSystemMaintainable;
import org.kuali.rice.kew.exception.WorkflowException;
import org.kuali.rice.kim.bo.role.dto.KimRoleInfo;
import org.kuali.rice.kim.bo.role.dto.RoleMembershipInfo;
import org.kuali.rice.kim.bo.types.dto.AttributeSet;
import org.kuali.rice.kim.service.GroupService;
import org.kuali.rice.kim.service.IdentityManagementService;
import org.kuali.rice.kim.service.RoleManagementService;
import org.kuali.rice.kns.bo.DocumentHeader;
import org.kuali.rice.kns.bo.PersistableBusinessObject;
import org.kuali.rice.kns.document.MaintenanceDocument;
import org.kuali.rice.kns.service.BusinessObjectService;
import org.kuali.rice.kns.service.DocumentService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-4.1.1-5.jar:org/kuali/kfs/sec/document/SecurityModelMaintainableImpl.class */
public class SecurityModelMaintainableImpl extends FinancialSystemMaintainable {
    private static final Logger LOG = Logger.getLogger(SecurityModelMaintainableImpl.class);

    @Override // org.kuali.rice.kns.maintenance.KualiMaintainableImpl, org.kuali.rice.kns.maintenance.Maintainable
    public void refresh(String str, Map map, MaintenanceDocument maintenanceDocument) {
        super.refresh(str, map, maintenanceDocument);
        getBusinessObject().refreshNonUpdateableReferences();
        Iterator<PersistableBusinessObject> it = this.newCollectionLines.values().iterator();
        while (it.hasNext()) {
            it.next().refreshNonUpdateableReferences();
        }
    }

    @Override // org.kuali.rice.kns.maintenance.KualiMaintainableImpl, org.kuali.rice.kns.maintenance.Maintainable
    public void doRouteStatusChange(DocumentHeader documentHeader) {
        super.doRouteStatusChange(documentHeader);
        if (documentHeader.getWorkflowDocument().stateIsProcessed()) {
            try {
                MaintenanceDocument maintenanceDocument = (MaintenanceDocument) ((DocumentService) SpringContext.getBean(DocumentService.class)).getByDocumentHeaderId(documentHeader.getDocumentNumber());
                SecurityModel securityModel = (SecurityModel) maintenanceDocument.getOldMaintainableObject().getBusinessObject();
                SecurityModel securityModel2 = (SecurityModel) maintenanceDocument.getNewMaintainableObject().getBusinessObject();
                boolean z = getMaintenanceAction().equalsIgnoreCase("New") || getMaintenanceAction().equalsIgnoreCase("Copy");
                createOrUpdateModelRole(securityModel, securityModel2);
                assignOrUpdateModelMembershipToDefinitionRoles(securityModel, securityModel2, z);
                assignOrUpdateModelMembers(securityModel2);
                if (!securityModel2.isActive()) {
                    inactivateModelRole(securityModel2);
                }
                ((IdentityManagementService) SpringContext.getBean(IdentityManagementService.class)).flushAllCaches();
            } catch (WorkflowException e) {
                LOG.error("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
                throw new RuntimeException("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
            }
        }
    }

    protected void createOrUpdateModelRole(SecurityModel securityModel, SecurityModel securityModel2) {
        RoleManagementService roleManagementService = (RoleManagementService) SpringContext.getBean(RoleManagementService.class);
        String name = securityModel2.getName();
        String roleId = securityModel2.getRoleId();
        if (StringUtils.isBlank(roleId)) {
            roleId = roleManagementService.getNextAvailableRoleId();
            securityModel2.setRoleId(roleId);
        }
        roleManagementService.saveRole(roleId, name, securityModel2.getDescription(), true, "1", "KFS-SEC");
        roleManagementService.flushRoleCaches();
    }

    protected void inactivateModelRole(SecurityModel securityModel) {
        RoleManagementService roleManagementService = (RoleManagementService) SpringContext.getBean(RoleManagementService.class);
        KimRoleInfo role = roleManagementService.getRole(securityModel.getRoleId());
        roleManagementService.saveRole(role.getRoleId(), role.getRoleName(), securityModel.getDescription(), false, "1", "KFS-SEC");
    }

    protected void assignOrUpdateModelMembershipToDefinitionRoles(SecurityModel securityModel, SecurityModel securityModel2, boolean z) {
        RoleManagementService roleManagementService = (RoleManagementService) SpringContext.getBean(RoleManagementService.class);
        KimRoleInfo role = roleManagementService.getRole(securityModel2.getRoleId());
        for (SecurityModelDefinition securityModelDefinition : securityModel2.getModelDefinitions()) {
            KimRoleInfo role2 = roleManagementService.getRole(securityModelDefinition.getSecurityDefinition().getRoleId());
            RoleMembershipInfo roleMembershipInfo = null;
            if (!z) {
                SecurityModelDefinition securityModelDefinition2 = null;
                for (SecurityModelDefinition securityModelDefinition3 : securityModel.getModelDefinitions()) {
                    if (securityModelDefinition3.getModelDefinitionId() != null && securityModelDefinition.getModelDefinitionId() != null && securityModelDefinition3.getModelDefinitionId().equals(securityModelDefinition.getModelDefinitionId())) {
                        securityModelDefinition2 = securityModelDefinition3;
                    }
                }
                if (securityModelDefinition2 != null) {
                    AttributeSet attributeSet = new AttributeSet();
                    attributeSet.put(SecKimAttributes.CONSTRAINT_CODE, securityModelDefinition2.getConstraintCode());
                    attributeSet.put("operator", securityModelDefinition2.getOperatorCode());
                    attributeSet.put(SecKimAttributes.PROPERTY_VALUE, securityModelDefinition2.getAttributeValue());
                    attributeSet.put(SecKimAttributes.OVERRIDE_DENY, Boolean.toString(securityModelDefinition2.isOverrideDeny()));
                    if (role == null || role2 == null) {
                        LOG.error("Apparent data problem with access security. model or definition is null. this should not happen");
                        throw new RuntimeException("Apparent data problem with access security. model or definition is null. this should not happen");
                    }
                    roleMembershipInfo = KimUtil.getRoleMembershipInfoForMemberType(role2.getRoleId(), role.getRoleId(), "R", attributeSet);
                }
            }
            boolean z2 = securityModel2.isActive() && securityModelDefinition.isActive();
            String str = "";
            if (roleMembershipInfo != null) {
                str = roleMembershipInfo.getRoleMemberId();
                if (!z2) {
                    roleManagementService.removeRoleFromRole(roleMembershipInfo.getMemberId(), role2.getNamespaceCode(), role2.getRoleName(), roleMembershipInfo.getQualifier());
                }
            }
            if (z2) {
                AttributeSet attributeSet2 = new AttributeSet();
                attributeSet2.put(SecKimAttributes.CONSTRAINT_CODE, securityModelDefinition.getConstraintCode());
                attributeSet2.put("operator", securityModelDefinition.getOperatorCode());
                attributeSet2.put(SecKimAttributes.PROPERTY_VALUE, securityModelDefinition.getAttributeValue());
                attributeSet2.put(SecKimAttributes.OVERRIDE_DENY, Boolean.toString(securityModelDefinition.isOverrideDeny()));
                if (role == null || role2 == null) {
                    LOG.error("Apparent data problem with access security. model or definition is null. this should not happen");
                    throw new RuntimeException("Apparent data problem with access security. model or definition is null. this should not happen");
                }
                roleManagementService.saveRoleMemberForRole(str, role.getRoleId(), "R", role2.getRoleId(), attributeSet2, null, null);
            }
        }
    }

    protected void assignOrUpdateModelMembers(SecurityModel securityModel) {
        RoleManagementService roleManagementService = (RoleManagementService) SpringContext.getBean(RoleManagementService.class);
        KimRoleInfo role = roleManagementService.getRole(securityModel.getRoleId());
        if (role == null) {
            LOG.error("Apparent data problem with access security. model is null. this should not happen");
            throw new RuntimeException("Apparent data problem with access security. model is null. this should not happen");
        }
        for (SecurityModelMember securityModelMember : securityModel.getModelMembers()) {
            RoleMembershipInfo roleMembershipInfoForMemberType = KimUtil.getRoleMembershipInfoForMemberType(role.getRoleId(), securityModelMember.getMemberId(), securityModelMember.getMemberTypeCode(), null);
            String roleMemberId = roleMembershipInfoForMemberType != null ? roleMembershipInfoForMemberType.getRoleMemberId() : "";
            Date date = null;
            Date date2 = securityModelMember.getActiveFromDate() != null ? new Date(securityModelMember.getActiveFromDate().getTime()) : null;
            if (securityModelMember.getActiveToDate() != null) {
                date = new Date(securityModelMember.getActiveToDate().getTime());
            }
            roleManagementService.saveRoleMemberForRole(roleMemberId, securityModelMember.getMemberId(), securityModelMember.getMemberTypeCode(), role.getRoleId(), new AttributeSet(), date2, date);
            createPrincipalSecurityRecords(securityModelMember.getMemberId(), securityModelMember.getMemberTypeCode());
        }
    }

    protected void createPrincipalSecurityRecords(String str, String str2) {
        HashSet<String> hashSet = new HashSet();
        if ("P".equals(str2)) {
            hashSet.add(str);
        } else if ("R".equals(str2)) {
            KimRoleInfo role = ((RoleManagementService) SpringContext.getBean(RoleManagementService.class)).getRole(str);
            hashSet.addAll(((RoleManagementService) SpringContext.getBean(RoleManagementService.class)).getRoleMemberPrincipalIds(role.getNamespaceCode(), role.getRoleName(), new AttributeSet()));
        } else if ("G".equals(str2)) {
            hashSet.addAll(((GroupService) SpringContext.getBean(GroupService.class)).getMemberPrincipalIds(str));
        }
        BusinessObjectService businessObjectService = (BusinessObjectService) SpringContext.getBean(BusinessObjectService.class);
        for (String str3 : hashSet) {
            if (((SecurityPrincipal) businessObjectService.findBySinglePrimaryKey(SecurityPrincipal.class, str3)) == null) {
                SecurityPrincipal securityPrincipal = new SecurityPrincipal();
                securityPrincipal.setPrincipalId(str3);
                businessObjectService.save(securityPrincipal);
            }
        }
    }

    protected boolean isDefinitionInModel(String str, SecurityModel securityModel) {
        Iterator<SecurityModelDefinition> it = securityModel.getModelDefinitions().iterator();
        while (it.hasNext()) {
            if (StringUtils.equalsIgnoreCase(str, it.next().getSecurityDefinition().getName())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.kuali.rice.kns.maintenance.KualiMaintainableImpl, org.kuali.rice.kns.maintenance.Maintainable
    public void processAfterCopy(MaintenanceDocument maintenanceDocument, Map<String, String[]> map) {
        ((SecurityModel) maintenanceDocument.getNewMaintainableObject().getBusinessObject()).setRoleId("");
        super.processAfterCopy(maintenanceDocument, map);
    }
}
