package org.kuali.kfs.kns.service.impl;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.kuali.kfs.core.api.config.property.ConfigurationService;
import org.kuali.kfs.core.impl.config.property.Config;
import org.kuali.kfs.datadictionary.legacy.BusinessObjectDictionaryService;
import org.kuali.kfs.datadictionary.legacy.MaintenanceDocumentDictionaryService;
import org.kuali.kfs.kim.api.KimConstants;
import org.kuali.kfs.kim.api.permission.PermissionService;
import org.kuali.kfs.kim.impl.identity.Person;
import org.kuali.kfs.kns.authorization.BusinessObjectAuthorizer;
import org.kuali.kfs.kns.bo.authorization.InquiryOrMaintenanceDocumentAuthorizer;
import org.kuali.kfs.kns.bo.authorization.KnsMaintenanceDocumentPresentationController;
import org.kuali.kfs.kns.datadictionary.BusinessObjectEntry;
import org.kuali.kfs.kns.datadictionary.FieldDefinition;
import org.kuali.kfs.kns.datadictionary.InquiryCollectionDefinition;
import org.kuali.kfs.kns.datadictionary.InquirySectionDefinition;
import org.kuali.kfs.kns.datadictionary.MaintainableCollectionDefinition;
import org.kuali.kfs.kns.datadictionary.MaintainableItemDefinition;
import org.kuali.kfs.kns.datadictionary.MaintainableSectionDefinition;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.kns.document.authorization.BusinessObjectRestrictions;
import org.kuali.kfs.kns.document.authorization.BusinessObjectRestrictionsBase;
import org.kuali.kfs.kns.document.authorization.InquiryOrMaintenanceDocumentRestrictions;
import org.kuali.kfs.kns.document.authorization.InquiryOrMaintenanceDocumentRestrictionsBase;
import org.kuali.kfs.kns.document.authorization.MaintenanceDocumentAuthorizer;
import org.kuali.kfs.kns.document.authorization.MaintenanceDocumentPresentationController;
import org.kuali.kfs.kns.document.authorization.MaintenanceDocumentRestrictions;
import org.kuali.kfs.kns.document.authorization.MaintenanceDocumentRestrictionsBase;
import org.kuali.kfs.kns.inquiry.InquiryAuthorizer;
import org.kuali.kfs.kns.inquiry.InquiryRestrictions;
import org.kuali.kfs.kns.service.BusinessObjectAuthorizationService;
import org.kuali.kfs.kns.service.DocumentHelperService;
import org.kuali.kfs.kns.service.KNSServiceLocator;
import org.kuali.kfs.krad.bo.BusinessObject;
import org.kuali.kfs.krad.bo.DataObjectAuthorizer;
import org.kuali.kfs.krad.datadictionary.AttributeDefinition;
import org.kuali.kfs.krad.document.Document;
import org.kuali.kfs.krad.document.DocumentAuthorizer;
import org.kuali.kfs.krad.service.KRADServiceLocator;
import org.kuali.kfs.krad.service.impl.DataObjectAuthorizationServiceImpl;
import org.kuali.kfs.krad.util.KRADConstants;
import org.kuali.kfs.krad.util.KRADUtils;
import org.kuali.kfs.krad.util.ObjectUtils;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2023-05-10.jar:org/kuali/kfs/kns/service/impl/BusinessObjectAuthorizationServiceImpl.class */
public class BusinessObjectAuthorizationServiceImpl extends DataObjectAuthorizationServiceImpl implements BusinessObjectAuthorizationService {
    private PermissionService permissionService;
    private BusinessObjectDictionaryService businessObjectDictionaryService;
    private MaintenanceDocumentDictionaryService maintenanceDocumentDictionaryService;
    private ConfigurationService kualiConfigurationService;

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public BusinessObjectRestrictions getLookupResultRestrictions(Object obj, Person person) {
        BusinessObjectRestrictionsBase businessObjectRestrictionsBase = new BusinessObjectRestrictionsBase();
        considerBusinessObjectFieldUnmaskAuthorization(obj, person, businessObjectRestrictionsBase, "", null);
        return businessObjectRestrictionsBase;
    }

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public InquiryRestrictions getInquiryRestrictions(BusinessObject businessObject, Person person) {
        InquiryRestrictions inquiryOrMaintenanceDocumentRestrictionsBase = new InquiryOrMaintenanceDocumentRestrictionsBase();
        BusinessObjectEntry businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(businessObject.getClass().getName());
        InquiryAuthorizer inquiryAuthorizer = getBusinessObjectDictionaryService().getInquiryAuthorizer(businessObject.getClass());
        considerBusinessObjectFieldUnmaskAuthorization(businessObject, person, inquiryOrMaintenanceDocumentRestrictionsBase, "", null);
        considerBusinessObjectFieldViewAuthorization(businessObjectEntry, businessObject, null, person, inquiryAuthorizer, inquiryOrMaintenanceDocumentRestrictionsBase, "");
        considerInquiryOrMaintenanceDocumentAuthorizer(inquiryAuthorizer, businessObject, person, inquiryOrMaintenanceDocumentRestrictionsBase);
        for (InquirySectionDefinition inquirySectionDefinition : businessObjectEntry.getInquiryDefinition().getInquirySections()) {
            if (inquirySectionDefinition.getInquiryCollections() != null) {
                addInquirableItemRestrictions(inquirySectionDefinition.getInquiryCollections().values(), inquiryAuthorizer, inquiryOrMaintenanceDocumentRestrictionsBase, businessObject, businessObject, "", person);
            }
            List<FieldDefinition> inquiryFields = inquirySectionDefinition.getInquiryFields();
            if (inquiryFields != null) {
                for (FieldDefinition fieldDefinition : inquiryFields) {
                    addInquirableItemRestrictions(inquiryFields, inquiryAuthorizer, inquiryOrMaintenanceDocumentRestrictionsBase, businessObject, businessObject, "", person);
                }
            }
        }
        return inquiryOrMaintenanceDocumentRestrictionsBase;
    }

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public MaintenanceDocumentRestrictions getMaintenanceDocumentRestrictions(MaintenanceDocument maintenanceDocument, Person person) {
        MaintenanceDocumentRestrictions maintenanceDocumentRestrictionsBase = new MaintenanceDocumentRestrictionsBase();
        BusinessObjectEntry businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(maintenanceDocument.getNewMaintainableObject().getDataObject().getClass().getName());
        MaintenanceDocumentPresentationController maintenanceDocumentPresentationController = (MaintenanceDocumentPresentationController) getDocumentHelperService().getDocumentPresentationController(maintenanceDocument);
        MaintenanceDocumentAuthorizer maintenanceDocumentAuthorizer = (MaintenanceDocumentAuthorizer) getDocumentHelperService().getDocumentAuthorizer(maintenanceDocument);
        considerBusinessObjectFieldUnmaskAuthorization(maintenanceDocument.getNewMaintainableObject().getDataObject(), person, maintenanceDocumentRestrictionsBase, "", maintenanceDocument);
        considerBusinessObjectFieldViewAuthorization(businessObjectEntry, maintenanceDocument.getNewMaintainableObject().getDataObject(), null, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictionsBase, "");
        considerBusinessObjectFieldModifyAuthorization(businessObjectEntry, maintenanceDocument.getNewMaintainableObject().getDataObject(), null, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictionsBase, "");
        considerCustomButtonFieldAuthorization(businessObjectEntry, maintenanceDocument.getNewMaintainableObject().getDataObject(), null, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictionsBase, "");
        considerKnsMaintenanceDocumentPresentationController(maintenanceDocumentPresentationController, maintenanceDocument, maintenanceDocumentRestrictionsBase);
        considerInquiryOrMaintenanceDocumentAuthorizer(maintenanceDocumentAuthorizer, maintenanceDocument, person, maintenanceDocumentRestrictionsBase);
        considerMaintenanceDocumentPresentationController(maintenanceDocumentPresentationController, maintenanceDocument, maintenanceDocumentRestrictionsBase);
        considerMaintenanceDocumentAuthorizer(maintenanceDocumentAuthorizer, maintenanceDocument, person, maintenanceDocumentRestrictionsBase);
        Iterator<MaintainableSectionDefinition> it = getMaintenanceDocumentDictionaryService().getMaintenanceDocumentEntry(maintenanceDocument.getDocumentHeader().getWorkflowDocument().getDocumentTypeName()).getMaintainableSections().iterator();
        while (it.hasNext()) {
            addMaintainableItemRestrictions(it.next().getMaintainableItems(), maintenanceDocumentAuthorizer, maintenanceDocumentRestrictionsBase, maintenanceDocument, maintenanceDocument.getNewMaintainableObject().getBusinessObject(), "", person);
        }
        return maintenanceDocumentRestrictionsBase;
    }

    protected void considerBusinessObjectFieldUnmaskAuthorization(Object obj, Person person, BusinessObjectRestrictions businessObjectRestrictions, String str, Document document) {
        BusinessObjectEntry businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(obj.getClass().getName());
        BusinessObject businessObject = obj instanceof BusinessObject ? (BusinessObject) obj : document;
        for (String str2 : businessObjectEntry.getAttributeNames()) {
            AttributeDefinition attributeDefinition = businessObjectEntry.getAttributeDefinition(str2);
            if (attributeDefinition.getAttributeSecurity() != null) {
                if (attributeDefinition.getAttributeSecurity().isMask() && !canFullyUnmaskFieldForBusinessObject(person, obj.getClass(), str2, businessObject, document)) {
                    businessObjectRestrictions.addFullyMaskedField(str + str2, attributeDefinition.getAttributeSecurity().getMaskFormatter());
                }
                if (attributeDefinition.getAttributeSecurity().isPartialMask() && !canPartiallyUnmaskFieldForBusinessObject(person, obj.getClass(), str2, businessObject, document)) {
                    businessObjectRestrictions.addPartiallyMaskedField(str + str2, attributeDefinition.getAttributeSecurity().getPartialMaskFormatter());
                }
            }
        }
    }

    protected boolean canFullyUnmaskFieldForBusinessObject(Person person, Class<?> cls, String str, BusinessObject businessObject, Document document) {
        if (isNonProductionEnvAndUnmaskingTurnedOff() || person == null || StringUtils.isEmpty(person.getPrincipalId())) {
            return false;
        }
        DocumentAuthorizer documentAuthorizer = null;
        BusinessObject businessObject2 = null;
        if (document != null) {
            documentAuthorizer = findDocumentAuthorizerForBusinessObject(document);
            businessObject2 = document;
        }
        if (documentAuthorizer == null) {
            documentAuthorizer = findDocumentAuthorizerForBusinessObject(businessObject);
            if (documentAuthorizer == null) {
                documentAuthorizer = findInquiryAuthorizerForBusinessObject(businessObject);
            }
            businessObject2 = businessObject;
        }
        return documentAuthorizer == null ? this.permissionService.isAuthorizedByTemplate(person.getPrincipalId(), "KFS-SYS", KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD, new HashMap(getFieldPermissionDetails(cls, str)), Collections.emptyMap()) : documentAuthorizer.isAuthorizedByTemplate(businessObject2, "KFS-SYS", KimConstants.PermissionTemplateNames.FULL_UNMASK_FIELD, person.getPrincipalId(), getFieldPermissionDetails(cls, str), Collections.emptyMap());
    }

    protected boolean canPartiallyUnmaskFieldForBusinessObject(Person person, Class<?> cls, String str, BusinessObject businessObject, Document document) {
        if (isNonProductionEnvAndUnmaskingTurnedOff() || person == null || StringUtils.isEmpty(person.getPrincipalId())) {
            return false;
        }
        DocumentAuthorizer documentAuthorizer = null;
        BusinessObject businessObject2 = null;
        if (document != null) {
            documentAuthorizer = findDocumentAuthorizerForBusinessObject(document);
            businessObject2 = document;
        }
        if (documentAuthorizer == null) {
            documentAuthorizer = findDocumentAuthorizerForBusinessObject(businessObject);
            if (documentAuthorizer == null) {
                documentAuthorizer = findInquiryAuthorizerForBusinessObject(businessObject);
            }
            businessObject2 = businessObject;
        }
        return documentAuthorizer == null ? this.permissionService.isAuthorizedByTemplate(person.getPrincipalId(), "KFS-SYS", KimConstants.PermissionTemplateNames.PARTIAL_UNMASK_FIELD, new HashMap(getFieldPermissionDetails(cls, str)), Collections.emptyMap()) : documentAuthorizer.isAuthorizedByTemplate(businessObject2, "KFS-SYS", KimConstants.PermissionTemplateNames.PARTIAL_UNMASK_FIELD, person.getPrincipalId(), getFieldPermissionDetails(cls, str), Collections.emptyMap());
    }

    protected DocumentAuthorizer findDocumentAuthorizerForBusinessObject(BusinessObject businessObject) {
        if (businessObject == null) {
            return null;
        }
        if (businessObject instanceof Document) {
            return getDocumentHelperService().getDocumentAuthorizer((Document) businessObject);
        }
        String documentTypeName = getMaintenanceDocumentDictionaryService().getDocumentTypeName(businessObject.getClass());
        if (StringUtils.isBlank(documentTypeName)) {
            return null;
        }
        return getDocumentHelperService().getDocumentAuthorizer(documentTypeName);
    }

    protected DataObjectAuthorizer findInquiryAuthorizerForBusinessObject(BusinessObject businessObject) {
        BusinessObjectEntry businessObjectEntry;
        if (businessObject == null || (businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(businessObject.getClass().getName())) == null || businessObjectEntry.getInquiryDefinition() == null || businessObjectEntry.getInquiryDefinition().getAuthorizerClass() == null) {
            return null;
        }
        try {
            return (DataObjectAuthorizer) businessObjectEntry.getInquiryDefinition().getAuthorizerClass().newInstance();
        } catch (IllegalAccessException | InstantiationException e) {
            throw new RuntimeException("Could not instantiate authorizer for inquiry of " + businessObject.getClass().getName(), e);
        }
    }

    protected void considerBusinessObjectFieldViewAuthorization(BusinessObjectEntry businessObjectEntry, Object obj, BusinessObject businessObject, Person person, BusinessObjectAuthorizer businessObjectAuthorizer, InquiryOrMaintenanceDocumentRestrictions inquiryOrMaintenanceDocumentRestrictions, String str) {
        for (String str2 : businessObjectEntry.getAttributeNames()) {
            AttributeDefinition attributeDefinition = businessObjectEntry.getAttributeDefinition(str2);
            if (attributeDefinition.getAttributeSecurity() != null && attributeDefinition.getAttributeSecurity().isHide()) {
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = null;
                if (ObjectUtils.isNotNull(businessObject)) {
                    hashMap.putAll(getFieldPermissionDetails(businessObject, str2));
                    hashMap.putAll(businessObjectAuthorizer.getCollectionItemPermissionDetails(businessObject));
                    hashMap2 = new HashMap(businessObjectAuthorizer.getCollectionItemRoleQualifications(businessObject));
                } else {
                    hashMap.putAll(getFieldPermissionDetails(obj, str2));
                }
                if (!businessObjectAuthorizer.isAuthorizedByTemplate(obj, "KFS-SYS", KimConstants.PermissionTemplateNames.VIEW_MAINTENANCE_INQUIRY_FIELD, person.getPrincipalId(), hashMap, hashMap2)) {
                    inquiryOrMaintenanceDocumentRestrictions.addHiddenField(str + str2);
                }
            }
        }
    }

    protected void considerBusinessObjectFieldModifyAuthorization(BusinessObjectEntry businessObjectEntry, Object obj, BusinessObject businessObject, Person person, BusinessObjectAuthorizer businessObjectAuthorizer, MaintenanceDocumentRestrictions maintenanceDocumentRestrictions, String str) {
        for (String str2 : businessObjectEntry.getAttributeNames()) {
            AttributeDefinition attributeDefinition = businessObjectEntry.getAttributeDefinition(str2);
            if (attributeDefinition.getAttributeSecurity() != null) {
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = null;
                if (ObjectUtils.isNotNull(businessObject)) {
                    hashMap.putAll(getFieldPermissionDetails(businessObject, str2));
                    hashMap.putAll(businessObjectAuthorizer.getCollectionItemPermissionDetails(businessObject));
                    hashMap2 = new HashMap(businessObjectAuthorizer.getCollectionItemRoleQualifications(businessObject));
                } else {
                    hashMap.putAll(getFieldPermissionDetails(obj, str2));
                }
                if (attributeDefinition.getAttributeSecurity().isReadOnly() && !businessObjectAuthorizer.isAuthorizedByTemplate(obj, "KFS-SYS", KimConstants.PermissionTemplateNames.MODIFY_FIELD, person.getPrincipalId(), hashMap, hashMap2)) {
                    maintenanceDocumentRestrictions.addReadOnlyField(str + str2);
                }
            }
        }
    }

    protected void considerCustomButtonFieldAuthorization(BusinessObjectEntry businessObjectEntry, Object obj, BusinessObject businessObject, Person person, BusinessObjectAuthorizer businessObjectAuthorizer, MaintenanceDocumentRestrictions maintenanceDocumentRestrictions, String str) {
        for (String str2 : businessObjectEntry.getAttributeNames()) {
            AttributeDefinition attributeDefinition = businessObjectEntry.getAttributeDefinition(str2);
            if (attributeDefinition.getControl() != null && attributeDefinition.getControl().isButton()) {
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = null;
                if (ObjectUtils.isNotNull(businessObject)) {
                    hashMap.putAll(getButtonFieldPermissionDetails(businessObject, str2));
                    hashMap.putAll(businessObjectAuthorizer.getCollectionItemPermissionDetails(businessObject));
                    hashMap2 = new HashMap(businessObjectAuthorizer.getCollectionItemRoleQualifications(businessObject));
                } else {
                    hashMap.putAll(getButtonFieldPermissionDetails(obj, str2));
                }
                if (!businessObjectAuthorizer.isAuthorizedByTemplate(obj, "KFS-SYS", KimConstants.PermissionTemplateNames.PERFORM_CUSTOM_MAINTENANCE_DOCUMENT_FUNCTION, person.getPrincipalId(), hashMap, hashMap2)) {
                    maintenanceDocumentRestrictions.addHiddenField(str + str2);
                }
            }
        }
    }

    protected void considerKnsMaintenanceDocumentPresentationController(KnsMaintenanceDocumentPresentationController knsMaintenanceDocumentPresentationController, BusinessObject businessObject, InquiryOrMaintenanceDocumentRestrictions inquiryOrMaintenanceDocumentRestrictions) {
        Iterator<String> it = knsMaintenanceDocumentPresentationController.getConditionallyHiddenPropertyNames(businessObject).iterator();
        while (it.hasNext()) {
            inquiryOrMaintenanceDocumentRestrictions.addHiddenField(it.next());
        }
        Iterator<String> it2 = knsMaintenanceDocumentPresentationController.getConditionallyHiddenSectionIds(businessObject).iterator();
        while (it2.hasNext()) {
            inquiryOrMaintenanceDocumentRestrictions.addHiddenSectionId(it2.next());
        }
    }

    protected void considerInquiryOrMaintenanceDocumentAuthorizer(InquiryOrMaintenanceDocumentAuthorizer inquiryOrMaintenanceDocumentAuthorizer, BusinessObject businessObject, Person person, InquiryOrMaintenanceDocumentRestrictions inquiryOrMaintenanceDocumentRestrictions) {
        for (String str : inquiryOrMaintenanceDocumentAuthorizer.getSecurePotentiallyHiddenSectionIds()) {
            HashMap hashMap = new HashMap();
            hashMap.put(KimConstants.AttributeConstants.SECTION_ID, str);
            if (!inquiryOrMaintenanceDocumentAuthorizer.isAuthorizedByTemplate(businessObject, "KFS-SYS", KimConstants.PermissionTemplateNames.VIEW_SECTION, person.getPrincipalId(), hashMap, null)) {
                inquiryOrMaintenanceDocumentRestrictions.addHiddenSectionId(str);
            }
        }
    }

    protected void considerMaintenanceDocumentPresentationController(MaintenanceDocumentPresentationController maintenanceDocumentPresentationController, MaintenanceDocument maintenanceDocument, MaintenanceDocumentRestrictions maintenanceDocumentRestrictions) {
        Iterator<String> it = maintenanceDocumentPresentationController.getConditionallyReadOnlyPropertyNames(maintenanceDocument).iterator();
        while (it.hasNext()) {
            maintenanceDocumentRestrictions.addReadOnlyField(it.next());
        }
        Iterator<String> it2 = maintenanceDocumentPresentationController.getConditionallyReadOnlySectionIds(maintenanceDocument).iterator();
        while (it2.hasNext()) {
            maintenanceDocumentRestrictions.addReadOnlySectionId(it2.next());
        }
    }

    protected void considerMaintenanceDocumentAuthorizer(MaintenanceDocumentAuthorizer maintenanceDocumentAuthorizer, MaintenanceDocument maintenanceDocument, Person person, MaintenanceDocumentRestrictions maintenanceDocumentRestrictions) {
        for (String str : maintenanceDocumentAuthorizer.getSecurePotentiallyReadOnlySectionIds()) {
            HashMap hashMap = new HashMap();
            hashMap.put(KimConstants.AttributeConstants.SECTION_ID, str);
            if (!maintenanceDocumentAuthorizer.isAuthorizedByTemplate(maintenanceDocument, "KFS-SYS", KimConstants.PermissionTemplateNames.MODIFY_SECTION, person.getPrincipalId(), hashMap, null)) {
                maintenanceDocumentRestrictions.addReadOnlySectionId(str);
            }
        }
    }

    protected void addInquirableItemRestrictions(Collection collection, InquiryAuthorizer inquiryAuthorizer, InquiryRestrictions inquiryRestrictions, BusinessObject businessObject, BusinessObject businessObject2, String str, Person person) {
        for (Object obj : collection) {
            if (obj instanceof InquiryCollectionDefinition) {
                InquiryCollectionDefinition inquiryCollectionDefinition = (InquiryCollectionDefinition) obj;
                BusinessObjectEntry businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(inquiryCollectionDefinition.getBusinessObjectClass().getName());
                try {
                    Collection<BusinessObject> collection2 = (Collection) PropertyUtils.getProperty(businessObject2, inquiryCollectionDefinition.getName());
                    if (collection2 != null) {
                        int i = 0;
                        for (BusinessObject businessObject3 : collection2) {
                            String str2 = str + inquiryCollectionDefinition.getName() + "[" + i + "].";
                            considerBusinessObjectFieldUnmaskAuthorization(businessObject3, person, inquiryRestrictions, str2, null);
                            considerBusinessObjectFieldViewAuthorization(businessObjectEntry, businessObject, businessObject3, person, inquiryAuthorizer, inquiryRestrictions, str2);
                            addInquirableItemRestrictions(inquiryCollectionDefinition.getInquiryCollections(), inquiryAuthorizer, inquiryRestrictions, businessObject, businessObject3, str2, person);
                            i++;
                        }
                    }
                } catch (Exception e) {
                    throw new RuntimeException("Unable to resolve collection property: " + businessObject2.getClass() + ":" + inquiryCollectionDefinition.getName(), e);
                }
            }
        }
    }

    protected void addMaintainableItemRestrictions(List<? extends MaintainableItemDefinition> list, MaintenanceDocumentAuthorizer maintenanceDocumentAuthorizer, MaintenanceDocumentRestrictions maintenanceDocumentRestrictions, MaintenanceDocument maintenanceDocument, BusinessObject businessObject, String str, Person person) {
        for (MaintainableItemDefinition maintainableItemDefinition : list) {
            if (maintainableItemDefinition instanceof MaintainableCollectionDefinition) {
                try {
                    MaintainableCollectionDefinition maintainableCollectionDefinition = (MaintainableCollectionDefinition) maintainableItemDefinition;
                    Collection<BusinessObject> collection = (Collection) ObjectUtils.getNestedValue(businessObject, maintainableItemDefinition.getName());
                    BusinessObjectEntry businessObjectEntry = getBusinessObjectDictionaryService().getBusinessObjectEntry(maintainableCollectionDefinition.getBusinessObjectClass().getName());
                    if (CollectionUtils.isNotEmpty(collection)) {
                        int i = 0;
                        for (BusinessObject businessObject2 : collection) {
                            String str2 = str + maintainableItemDefinition.getName() + "[" + i + "].";
                            considerBusinessObjectFieldUnmaskAuthorization(businessObject2, person, maintenanceDocumentRestrictions, str2, maintenanceDocument);
                            considerBusinessObjectFieldViewAuthorization(businessObjectEntry, maintenanceDocument, businessObject2, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions, str2);
                            considerBusinessObjectFieldModifyAuthorization(businessObjectEntry, maintenanceDocument, businessObject2, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions, str2);
                            considerCustomButtonFieldAuthorization(businessObjectEntry, maintenanceDocument, businessObject2, person, maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions, str2);
                            addMaintainableItemRestrictions(((MaintainableCollectionDefinition) maintainableItemDefinition).getMaintainableCollections(), maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions, maintenanceDocument, businessObject2, str2, person);
                            addMaintainableItemRestrictions(((MaintainableCollectionDefinition) maintainableItemDefinition).getMaintainableFields(), maintenanceDocumentAuthorizer, maintenanceDocumentRestrictions, maintenanceDocument, businessObject2, str2, person);
                            i++;
                        }
                    }
                } catch (Exception e) {
                    throw new RuntimeException("Unable to resolve collection property: " + businessObject.getClass() + ":" + maintainableItemDefinition.getName(), e);
                }
            }
        }
    }

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public boolean canFullyUnmaskField(Person person, Class<?> cls, String str, Document document) {
        return canFullyUnmaskFieldForBusinessObject(person, cls, str, document, null);
    }

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public boolean canPartiallyUnmaskField(Person person, Class<?> cls, String str, Document document) {
        return canPartiallyUnmaskFieldForBusinessObject(person, cls, str, document, null);
    }

    protected Map<String, String> getFieldPermissionDetails(Class<?> cls, String str) {
        try {
            return getFieldPermissionDetails(cls.newInstance(), str);
        } catch (Exception e) {
            throw new RuntimeException("The getPermissionDetails method of BusinessObjectAuthorizationServiceImpl was unable to instantiate the dataObjectClass" + cls, e);
        }
    }

    protected Map<String, String> getFieldPermissionDetails(Object obj, String str) {
        Map<String, String> namespaceAndComponentSimpleName = KRADUtils.getNamespaceAndComponentSimpleName(obj.getClass());
        namespaceAndComponentSimpleName.put("propertyName", str);
        return namespaceAndComponentSimpleName;
    }

    protected Map<String, String> getButtonFieldPermissionDetails(Object obj, String str) {
        HashMap hashMap = new HashMap();
        if (str.contains(".")) {
            hashMap.put(KimConstants.AttributeConstants.BUTTON_NAME, str);
        } else {
            hashMap.put(KimConstants.AttributeConstants.BUTTON_NAME, str);
        }
        return hashMap;
    }

    private BusinessObjectDictionaryService getBusinessObjectDictionaryService() {
        if (this.businessObjectDictionaryService == null) {
            this.businessObjectDictionaryService = KNSServiceLocator.getBusinessObjectDictionaryService();
        }
        return this.businessObjectDictionaryService;
    }

    private MaintenanceDocumentDictionaryService getMaintenanceDocumentDictionaryService() {
        if (this.maintenanceDocumentDictionaryService == null) {
            this.maintenanceDocumentDictionaryService = KNSServiceLocator.getMaintenanceDocumentDictionaryService();
        }
        return this.maintenanceDocumentDictionaryService;
    }

    private ConfigurationService getKualiConfigurationService() {
        if (this.kualiConfigurationService == null) {
            this.kualiConfigurationService = KRADServiceLocator.getKualiConfigurationService();
        }
        return this.kualiConfigurationService;
    }

    @Override // org.kuali.kfs.kns.service.BusinessObjectAuthorizationService
    public boolean isNonProductionEnvAndUnmaskingTurnedOff() {
        ConfigurationService kualiConfigurationService = getKualiConfigurationService();
        return (kualiConfigurationService.getPropertyValueAsString(Config.PROD_ENVIRONMENT_CODE).equalsIgnoreCase(getKualiConfigurationService().getPropertyValueAsString("environment")) || kualiConfigurationService.getPropertyValueAsBoolean(KRADConstants.ENABLE_NONPRODUCTION_UNMASKING)) ? false : true;
    }

    protected DocumentHelperService getDocumentHelperService() {
        return KNSServiceLocator.getDocumentHelperService();
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }
}
