package org.kuali.kfs.sec.document;

import java.util.HashMap;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.membership.MemberType;
import org.kuali.kfs.kim.api.role.RoleService;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kim.impl.role.RoleLite;
import org.kuali.kfs.kim.impl.role.RoleMember;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.krad.service.DocumentService;
import org.kuali.kfs.sec.businessobject.AbstractSecurityModelDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModelMember;
import org.kuali.kfs.sec.businessobject.SecurityPrincipal;
import org.kuali.kfs.sec.businessobject.SecurityPrincipalDefinition;
import org.kuali.kfs.sys.businessobject.DocumentHeader;
import org.kuali.kfs.sys.context.SpringContext;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-06-26.jar:org/kuali/kfs/sec/document/SecurityPrincipalMaintainableImpl.class */
public class SecurityPrincipalMaintainableImpl extends AbstractSecurityModuleMaintainable {
    private static final Logger LOG = LogManager.getLogger();

    @Override // org.kuali.kfs.kns.maintenance.MaintainableImpl, org.kuali.kfs.kns.maintenance.Maintainable
    public void doRouteStatusChange(DocumentHeader documentHeader) {
        super.doRouteStatusChange(documentHeader);
        if (documentHeader.getWorkflowDocument().isProcessed()) {
            MaintenanceDocument maintenanceDocument = (MaintenanceDocument) ((DocumentService) SpringContext.getBean(DocumentService.class)).getByDocumentHeaderId(documentHeader.getDocumentNumber());
            SecurityPrincipal securityPrincipal = (SecurityPrincipal) maintenanceDocument.getOldMaintainableObject().getBusinessObject();
            SecurityPrincipal securityPrincipal2 = (SecurityPrincipal) maintenanceDocument.getNewMaintainableObject().getBusinessObject();
            assignOrUpdatePrincipalMembershipToDefinitionRoles(securityPrincipal, securityPrincipal2, getMaintenanceAction().equalsIgnoreCase("New") || getMaintenanceAction().equalsIgnoreCase("Copy"));
            assignOrUpdatePrincipalModelRoles(securityPrincipal2);
        }
    }

    protected void assignOrUpdatePrincipalMembershipToDefinitionRoles(SecurityPrincipal securityPrincipal, SecurityPrincipal securityPrincipal2, boolean z) {
        RoleService roleService = KimApiServiceLocator.getRoleService();
        String principalId = securityPrincipal2.getPrincipalId();
        for (SecurityPrincipalDefinition securityPrincipalDefinition : securityPrincipal2.getPrincipalDefinitions()) {
            RoleLite roleWithoutMembers = roleService.getRoleWithoutMembers(securityPrincipalDefinition.getSecurityDefinition().getRoleId());
            RoleMember roleMember = null;
            if (!z) {
                AbstractSecurityModelDefinition abstractSecurityModelDefinition = null;
                for (SecurityPrincipalDefinition securityPrincipalDefinition2 : securityPrincipal.getPrincipalDefinitions()) {
                    if (securityPrincipalDefinition2.getPrincipalDefinitionId() != null && securityPrincipalDefinition2.getPrincipalDefinitionId().equals(securityPrincipalDefinition.getPrincipalDefinitionId())) {
                        abstractSecurityModelDefinition = securityPrincipalDefinition2;
                    }
                }
                if (abstractSecurityModelDefinition != null) {
                    roleMember = getRoleMembershipForMemberType(roleWithoutMembers.getId(), principalId, MemberType.PRINCIPAL.getCode(), getRoleQualifiersFromSecurityModelDefinition(abstractSecurityModelDefinition));
                }
            }
            boolean isActive = securityPrincipalDefinition.isActive();
            if (roleMember != null) {
                boolean doMembershipQualificationsMatchValues = doMembershipQualificationsMatchValues(roleMember.getAttributes(), securityPrincipalDefinition.getConstraintCode(), securityPrincipalDefinition.getOperatorCode(), securityPrincipalDefinition.getAttributeValue());
                if (!isActive || !doMembershipQualificationsMatchValues) {
                    roleService.removePrincipalFromRole(roleMember.getMemberId(), roleWithoutMembers.getNamespaceCode(), roleWithoutMembers.getName(), roleMember.getAttributes());
                }
            }
            if (isActive) {
                if (roleMember == null) {
                    roleService.assignPrincipalToRole(principalId, roleWithoutMembers.getNamespaceCode(), roleWithoutMembers.getName(), getRoleQualifiersFromSecurityModelDefinition(securityPrincipalDefinition));
                } else {
                    roleMember.setAttributes(getRoleQualifiersFromSecurityModelDefinition(securityPrincipalDefinition));
                    roleMember.setMemberId(principalId);
                    roleService.updateRoleMember(roleMember);
                }
            }
        }
    }

    protected void assignOrUpdatePrincipalModelRoles(SecurityPrincipal securityPrincipal) {
        RoleService roleService = KimApiServiceLocator.getRoleService();
        String principalId = securityPrincipal.getPrincipalId();
        for (SecurityModelMember securityModelMember : securityPrincipal.getPrincipalModels()) {
            updateSecurityModelRoleMember(roleService.getRoleWithoutMembers(securityModelMember.getSecurityModel().getRoleId()), securityModelMember, MemberType.PRINCIPAL.getCode(), principalId, new HashMap(0));
        }
    }
}
