package org.kuali.kfs.sec.document.validation.impl;

import java.util.HashMap;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.kuali.kfs.core.api.membership.MemberType;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.kns.maintenance.rules.MaintenanceDocumentRuleBase;
import org.kuali.kfs.krad.bo.PersistableBusinessObject;
import org.kuali.kfs.krad.service.BusinessObjectService;
import org.kuali.kfs.krad.util.GlobalVariables;
import org.kuali.kfs.krad.util.ObjectUtils;
import org.kuali.kfs.sec.SecConstants;
import org.kuali.kfs.sec.SecKeyConstants;
import org.kuali.kfs.sec.SecPropertyConstants;
import org.kuali.kfs.sec.businessobject.SecurityDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModel;
import org.kuali.kfs.sec.businessobject.SecurityModelDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModelMember;
import org.kuali.kfs.sys.context.SpringContext;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2023-05-31.jar:org/kuali/kfs/sec/document/validation/impl/SecurityModelRule.class */
public class SecurityModelRule extends MaintenanceDocumentRuleBase {
    private SecurityModel newSecurityModel;
    protected static volatile BusinessObjectService businessObjectService;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.kfs.kns.maintenance.rules.MaintenanceDocumentRuleBase
    public boolean processCustomApproveDocumentBusinessRules(MaintenanceDocument maintenanceDocument) {
        if (super.processCustomApproveDocumentBusinessRules(maintenanceDocument)) {
            return validateSecurityModel(maintenanceDocument.isEdit());
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.kfs.kns.maintenance.rules.MaintenanceDocumentRuleBase
    public boolean processCustomRouteDocumentBusinessRules(MaintenanceDocument maintenanceDocument) {
        if (super.processCustomRouteDocumentBusinessRules(maintenanceDocument)) {
            return validateSecurityModel(maintenanceDocument.isEdit());
        }
        return false;
    }

    @Override // org.kuali.kfs.kns.maintenance.rules.MaintenanceDocumentRuleBase
    public boolean processCustomAddCollectionLineBusinessRules(MaintenanceDocument maintenanceDocument, String str, PersistableBusinessObject persistableBusinessObject) {
        boolean processCustomAddCollectionLineBusinessRules = super.processCustomAddCollectionLineBusinessRules(maintenanceDocument, str, persistableBusinessObject);
        if (!processCustomAddCollectionLineBusinessRules) {
            return false;
        }
        if (SecPropertyConstants.MODEL_DEFINITIONS.equals(str)) {
            processCustomAddCollectionLineBusinessRules = validateModelDefinition((SecurityModelDefinition) persistableBusinessObject, "");
        }
        if (SecPropertyConstants.MODEL_MEMBERS.equals(str)) {
            processCustomAddCollectionLineBusinessRules = validateModelMember((SecurityModelMember) persistableBusinessObject, "");
        }
        return processCustomAddCollectionLineBusinessRules;
    }

    @Override // org.kuali.kfs.kns.maintenance.rules.MaintenanceDocumentRuleBase, org.kuali.kfs.kns.rules.MaintenanceDocumentRule
    public void setupConvenienceObjects() {
        this.newSecurityModel = (SecurityModel) super.getNewBo();
    }

    protected boolean validateSecurityModel(boolean z) {
        boolean z2 = true;
        if (!z && !verifyModelNameIsUnique(this.newSecurityModel, "document.newMaintainableObject.")) {
            z2 = false;
        }
        if (this.newSecurityModel.getModelDefinitions() == null || this.newSecurityModel.getModelDefinitions().size() == 0) {
            GlobalVariables.getMessageMap().putError("GLOBAL_ERRORS", SecKeyConstants.ERROR_MODEL_DEFINITION_MISSING, new String[0]);
        }
        int i = 0;
        Iterator<SecurityModelDefinition> it = this.newSecurityModel.getModelDefinitions().iterator();
        while (it.hasNext()) {
            if (!validateModelDefinition(it.next(), "document.newMaintainableObject.modelDefinitions[" + i + "].")) {
                z2 = false;
            }
            i++;
        }
        int i2 = 0;
        Iterator<SecurityModelMember> it2 = this.newSecurityModel.getModelMembers().iterator();
        while (it2.hasNext()) {
            if (!validateModelMember(it2.next(), "document.newMaintainableObject.modelMembers[" + i2 + "].")) {
                z2 = false;
            }
            i2++;
        }
        return z2;
    }

    protected boolean verifyModelNameIsUnique(SecurityModel securityModel, String str) {
        boolean z = true;
        HashMap hashMap = new HashMap();
        hashMap.put("name", securityModel.getName());
        if (getBusinessObjectService().countMatching(SecurityModel.class, hashMap) > 0) {
            GlobalVariables.getMessageMap().putError(str + "name", SecKeyConstants.ERROR_MODEL_NAME_NON_UNIQUE, securityModel.getName());
            z = false;
        }
        if (getBusinessObjectService().countMatching(SecurityDefinition.class, hashMap) > 0) {
            GlobalVariables.getMessageMap().putError(str + "name", SecKeyConstants.ERROR_MODEL_NAME_NON_UNIQUE, securityModel.getName());
            z = false;
        }
        return z;
    }

    protected boolean validateModelDefinition(SecurityModelDefinition securityModelDefinition, String str) {
        boolean z = true;
        securityModelDefinition.refreshNonUpdateableReferences();
        if (ObjectUtils.isNull(securityModelDefinition.getSecurityDefinition())) {
            return false;
        }
        String name = securityModelDefinition.getSecurityDefinition().getSecurityAttribute().getName();
        String attributeValue = securityModelDefinition.getAttributeValue();
        if (StringUtils.isBlank(attributeValue)) {
            return true;
        }
        if (SecConstants.SecurityAttributeNames.CHART_DESCEND_HIERARCHY.equals(name) || SecConstants.SecurityAttributeNames.ORGANIZATION_DESCEND_HIERARCHY.equals(name)) {
            if (StringUtils.contains(attributeValue, ";")) {
                GlobalVariables.getMessageMap().putError(str + "attributeValue", SecKeyConstants.ERROR_MODEL_DEFINITION_MULTI_ATTR_VALUE, name);
                z = false;
            }
            if (StringUtils.contains(attributeValue, "*")) {
                GlobalVariables.getMessageMap().putError(str + "attributeValue", SecKeyConstants.ERROR_MODEL_DEFINITION_WILDCARD_ATTR_VALUE, name);
                z = false;
            }
            if (!"=".equals(securityModelDefinition.getOperatorCode())) {
                GlobalVariables.getMessageMap().putError(str + "operatorCode", SecKeyConstants.ERROR_MODEL_DEFINITION_OPERATOR_CODE_NOT_EQUAL, name);
                z = false;
            }
        }
        return z && SecurityValidationUtil.validateAttributeValue(name, attributeValue, str);
    }

    protected boolean validateModelMember(SecurityModelMember securityModelMember, String str) {
        boolean z = true;
        String memberId = securityModelMember.getMemberId();
        String memberTypeCode = securityModelMember.getMemberTypeCode();
        if (StringUtils.isBlank(memberId) || StringUtils.isBlank(memberTypeCode)) {
            return false;
        }
        if (MemberType.PRINCIPAL.getCode().equals(memberTypeCode)) {
            if (KimApiServiceLocator.getPersonService().getPerson(memberId) == null) {
                GlobalVariables.getMessageMap().putError(str + "memberId", SecKeyConstants.ERROR_MODEL_MEMBER_ID_NOT_VALID, memberId, memberTypeCode);
                z = false;
            }
        } else if (MemberType.ROLE.getCode().equals(memberTypeCode)) {
            if (KimApiServiceLocator.getRoleService().getRoleWithoutMembers(memberId) == null) {
                GlobalVariables.getMessageMap().putError(str + "memberId", SecKeyConstants.ERROR_MODEL_MEMBER_ID_NOT_VALID, memberId, memberTypeCode);
                z = false;
            }
        } else if (MemberType.GROUP.getCode().equals(memberTypeCode) && KimApiServiceLocator.getGroupService().getGroup(memberId) == null) {
            GlobalVariables.getMessageMap().putError(str + "memberId", SecKeyConstants.ERROR_MODEL_MEMBER_ID_NOT_VALID, memberId, memberTypeCode);
            z = false;
        }
        return z;
    }

    protected BusinessObjectService getBusinessObjectService() {
        if (businessObjectService == null) {
            businessObjectService = (BusinessObjectService) SpringContext.getBean(BusinessObjectService.class);
        }
        return businessObjectService;
    }
}
