package org.kuali.kfs.sec.document;

import java.util.HashMap;
import org.apache.log4j.Logger;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.krad.bo.DocumentHeader;
import org.kuali.kfs.krad.service.DocumentService;
import org.kuali.kfs.sec.businessobject.AbstractSecurityModelDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModelMember;
import org.kuali.kfs.sec.businessobject.SecurityPrincipal;
import org.kuali.kfs.sec.businessobject.SecurityPrincipalDefinition;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.rice.core.api.membership.MemberType;
import org.kuali.rice.kew.api.exception.WorkflowException;
import org.kuali.rice.kim.api.role.Role;
import org.kuali.rice.kim.api.role.RoleMember;
import org.kuali.rice.kim.api.role.RoleService;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2018-01-18.jar:org/kuali/kfs/sec/document/SecurityPrincipalMaintainableImpl.class */
public class SecurityPrincipalMaintainableImpl extends AbstractSecurityModuleMaintainable {
    private static final Logger LOG = Logger.getLogger(SecurityPrincipalMaintainableImpl.class);

    @Override // org.kuali.kfs.krad.maintenance.MaintainableImpl, org.kuali.kfs.krad.maintenance.Maintainable
    public void doRouteStatusChange(DocumentHeader documentHeader) {
        super.doRouteStatusChange(documentHeader);
        if (documentHeader.getWorkflowDocument().isProcessed()) {
            try {
                MaintenanceDocument maintenanceDocument = (MaintenanceDocument) ((DocumentService) SpringContext.getBean(DocumentService.class)).getByDocumentHeaderId(documentHeader.getDocumentNumber());
                SecurityPrincipal securityPrincipal = (SecurityPrincipal) maintenanceDocument.getOldMaintainableObject().getBusinessObject();
                SecurityPrincipal securityPrincipal2 = (SecurityPrincipal) maintenanceDocument.getNewMaintainableObject().getBusinessObject();
                assignOrUpdatePrincipalMembershipToDefinitionRoles(securityPrincipal, securityPrincipal2, getMaintenanceAction().equalsIgnoreCase("New") || getMaintenanceAction().equalsIgnoreCase("Copy"));
                assignOrUpdatePrincipalModelRoles(securityPrincipal2);
            } catch (WorkflowException e) {
                LOG.error("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
                throw new RuntimeException("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
            }
        }
    }

    protected void assignOrUpdatePrincipalMembershipToDefinitionRoles(SecurityPrincipal securityPrincipal, SecurityPrincipal securityPrincipal2, boolean z) {
        RoleService roleService = KimApiServiceLocator.getRoleService();
        String principalId = securityPrincipal2.getPrincipalId();
        for (SecurityPrincipalDefinition securityPrincipalDefinition : securityPrincipal2.getPrincipalDefinitions()) {
            Role role = roleService.getRole(securityPrincipalDefinition.getSecurityDefinition().getRoleId());
            RoleMember roleMember = null;
            if (!z) {
                AbstractSecurityModelDefinition abstractSecurityModelDefinition = null;
                for (SecurityPrincipalDefinition securityPrincipalDefinition2 : securityPrincipal.getPrincipalDefinitions()) {
                    if (securityPrincipalDefinition2.getPrincipalDefinitionId() != null && securityPrincipalDefinition2.getPrincipalDefinitionId().equals(securityPrincipalDefinition.getPrincipalDefinitionId())) {
                        abstractSecurityModelDefinition = securityPrincipalDefinition2;
                    }
                }
                if (abstractSecurityModelDefinition != null) {
                    roleMember = getRoleMembershipForMemberType(role.getId(), principalId, MemberType.PRINCIPAL.getCode(), getRoleQualifiersFromSecurityModelDefinition(abstractSecurityModelDefinition));
                }
            }
            boolean isActive = securityPrincipalDefinition.isActive();
            if (roleMember != null) {
                boolean doMembershipQualificationsMatchValues = doMembershipQualificationsMatchValues(roleMember.getAttributes(), securityPrincipalDefinition.getConstraintCode(), securityPrincipalDefinition.getOperatorCode(), securityPrincipalDefinition.getAttributeValue());
                if (!isActive || !doMembershipQualificationsMatchValues) {
                    roleService.removePrincipalFromRole(roleMember.getMemberId(), role.getNamespaceCode(), role.getName(), roleMember.getAttributes());
                }
            }
            if (isActive) {
                if (roleMember == null) {
                    roleService.assignPrincipalToRole(principalId, role.getNamespaceCode(), role.getName(), getRoleQualifiersFromSecurityModelDefinition(securityPrincipalDefinition));
                } else {
                    RoleMember.Builder create = RoleMember.Builder.create(roleMember);
                    create.setAttributes(getRoleQualifiersFromSecurityModelDefinition(securityPrincipalDefinition));
                    create.setMemberId(principalId);
                    roleService.updateRoleMember(create.build());
                }
            }
        }
    }

    protected void assignOrUpdatePrincipalModelRoles(SecurityPrincipal securityPrincipal) {
        RoleService roleService = KimApiServiceLocator.getRoleService();
        String principalId = securityPrincipal.getPrincipalId();
        for (SecurityModelMember securityModelMember : securityPrincipal.getPrincipalModels()) {
            updateSecurityModelRoleMember(roleService.getRole(securityModelMember.getSecurityModel().getRoleId()), securityModelMember, MemberType.PRINCIPAL.getCode(), principalId, new HashMap(0));
        }
    }
}
