package org.kuali.kfs.kim.document.rule;

import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.antlr.v4.runtime.IntStream;
import org.apache.commons.lang3.StringUtils;
import org.kuali.kfs.core.api.membership.MemberType;
import org.kuali.kfs.core.api.resourceloader.GlobalResourceLoader;
import org.kuali.kfs.core.api.uif.AttributeError;
import org.kuali.kfs.kim.api.KimConstants;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kim.api.type.KimAttributeField;
import org.kuali.kfs.kim.bo.ui.KimDocumentRoleMember;
import org.kuali.kfs.kim.bo.ui.KimDocumentRolePermission;
import org.kuali.kfs.kim.bo.ui.KimDocumentRoleQualifier;
import org.kuali.kfs.kim.bo.ui.KimDocumentRoleResponsibility;
import org.kuali.kfs.kim.bo.ui.KimDocumentRoleResponsibilityAction;
import org.kuali.kfs.kim.bo.ui.RoleDocumentDelegation;
import org.kuali.kfs.kim.bo.ui.RoleDocumentDelegationMember;
import org.kuali.kfs.kim.bo.ui.RoleDocumentDelegationMemberQualifier;
import org.kuali.kfs.kim.document.IdentityManagementRoleDocument;
import org.kuali.kfs.kim.framework.role.RoleTypeService;
import org.kuali.kfs.kim.framework.services.KimFrameworkServiceLocator;
import org.kuali.kfs.kim.framework.type.KimTypeService;
import org.kuali.kfs.kim.impl.common.attribute.KimAttribute;
import org.kuali.kfs.kim.impl.identity.Person;
import org.kuali.kfs.kim.impl.permission.Permission;
import org.kuali.kfs.kim.impl.responsibility.AddResponsibilityEvent;
import org.kuali.kfs.kim.impl.responsibility.AddResponsibilityRule;
import org.kuali.kfs.kim.impl.responsibility.Responsibility;
import org.kuali.kfs.kim.impl.responsibility.ResponsibilityInternalService;
import org.kuali.kfs.kim.impl.role.RoleLite;
import org.kuali.kfs.kim.impl.services.KimImplServiceLocator;
import org.kuali.kfs.kim.impl.type.KimType;
import org.kuali.kfs.kim.impl.type.KimTypeHelperService;
import org.kuali.kfs.kim.rule.event.ui.AddDelegationEvent;
import org.kuali.kfs.kim.rule.event.ui.AddDelegationMemberEvent;
import org.kuali.kfs.kim.rule.event.ui.AddMemberEvent;
import org.kuali.kfs.kim.rule.event.ui.AddPermissionEvent;
import org.kuali.kfs.kim.rule.ui.AddDelegationMemberRule;
import org.kuali.kfs.kim.rule.ui.AddDelegationRule;
import org.kuali.kfs.kim.rule.ui.AddMemberRule;
import org.kuali.kfs.kim.rule.ui.AddPermissionRule;
import org.kuali.kfs.kns.kim.type.DataDictionaryTypeServiceHelper;
import org.kuali.kfs.kns.rules.TransactionalDocumentRuleBase;
import org.kuali.kfs.krad.document.Document;
import org.kuali.kfs.krad.service.BusinessObjectService;
import org.kuali.kfs.krad.service.KRADServiceLocator;
import org.kuali.kfs.krad.util.GlobalVariables;
import org.kuali.kfs.krad.util.ObjectUtils;
import org.kuali.kfs.sys.KFSKeyConstants;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-06-26.jar:org/kuali/kfs/kim/document/rule/IdentityManagementRoleDocumentRule.class */
public class IdentityManagementRoleDocumentRule extends TransactionalDocumentRuleBase implements AddPermissionRule, AddResponsibilityRule, AddMemberRule, AddDelegationRule, AddDelegationMemberRule {
    private static final int PRIORITY_NUMBER_MIN_VALUE = 1;
    private static final int PRIORITY_NUMBER_MAX_VALUE = 11;
    private static final String DELEGATION_MEMBER_ID_ERROR_PATH = "document.delegationMember.memberId";
    private static final String ERROR_ASSIGN_ROLE_MEMBER_CIRCULAR = "error.assign.role.member.circular";
    private static final String ERROR_PRIORITY_NUMBER_RANGE = "error.prioritynumber.range";
    private static final String MEMBER_ID_ERROR_PATH = "member.memberId";
    private static final String PERMISSION_ID_ERROR_PATH = "document.permission.permissionId";
    private static final String RESPONSIBILITY_ID_ERROR_PATH = "document.responsibility.responsibilityId";
    private BusinessObjectService businessObjectService;
    private ResponsibilityInternalService responsibilityInternalService;
    private final AttributeValidationHelper attributeValidationHelper = new AttributeValidationHelper();
    private final ActiveRoleMemberHelper activeRoleMemberHelper = new ActiveRoleMemberHelper();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.kfs.krad.rules.DocumentRuleBase
    public boolean processCustomSaveDocumentBusinessRules(Document document) {
        if (!(document instanceof IdentityManagementRoleDocument)) {
            return false;
        }
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) document;
        GlobalVariables.getMessageMap().addToErrorPath("document");
        boolean validRoleNamespace = validRoleNamespace(identityManagementRoleDocument);
        boolean validRoleName = validRoleName(identityManagementRoleDocument);
        if (!validRoleNamespace || !validRoleName) {
            return false;
        }
        boolean validDuplicateRoleName = validDuplicateRoleName(identityManagementRoleDocument) & validPermissions(identityManagementRoleDocument) & validResponsibilities(identityManagementRoleDocument) & validRoleMemberPrincipalIDs(identityManagementRoleDocument.getModifiedMembers());
        getDictionaryValidationService().validateDocumentAndUpdatableReferencesRecursively(document, getMaxDictionaryValidationDepth(), true, false);
        if (!KimTypeHelperService.hasDerivedRoleTypeService(identityManagementRoleDocument.getKimType()) && canUserAssignRoleMembers(identityManagementRoleDocument)) {
            List<KimDocumentRoleMember> activeRoleMembers = this.activeRoleMemberHelper.getActiveRoleMembers(identityManagementRoleDocument.getMembers());
            List<KimDocumentRoleMember> activeRoleMembers2 = this.activeRoleMemberHelper.getActiveRoleMembers(identityManagementRoleDocument.getModifiedMembers());
            validDuplicateRoleName = validDuplicateRoleName & validateRoleQualifier(activeRoleMembers2, identityManagementRoleDocument.getKimType()) & validRoleMemberActiveDates(identityManagementRoleDocument.getModifiedMembers()) & validateDelegationMemberRoleQualifier(activeRoleMembers2, this.activeRoleMemberHelper.getActiveDelegationRoleMembers(identityManagementRoleDocument.getDelegationMembers()), identityManagementRoleDocument.getKimType(), activeRoleMembers) & validDelegationMemberActiveDates(identityManagementRoleDocument.getDelegationMembers()) & validRoleMembersResponsibilityActions(identityManagementRoleDocument.getModifiedMembers());
        }
        boolean validRoleResponsibilitiesActions = validDuplicateRoleName & validRoleResponsibilitiesActions(identityManagementRoleDocument.getResponsibilities());
        GlobalVariables.getMessageMap().removeFromErrorPath("document");
        return validRoleResponsibilitiesActions;
    }

    private static boolean validRoleNamespace(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = false;
        if (StringUtils.isNotBlank(identityManagementRoleDocument.getRoleNamespace())) {
            z = true;
        } else {
            GlobalVariables.getMessageMap().putError("document.roleNamespace", KFSKeyConstants.ERROR_EMPTY_ENTRY, "Role Namespace");
        }
        return z;
    }

    private static boolean validRoleName(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = false;
        if (StringUtils.isNotBlank(identityManagementRoleDocument.getRoleName())) {
            z = true;
        } else {
            GlobalVariables.getMessageMap().putError("document.roleName", KFSKeyConstants.ERROR_EMPTY_ENTRY, "Role Name");
        }
        return z;
    }

    private boolean canUserAssignRoleMembers(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = true;
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", identityManagementRoleDocument.getRoleNamespace());
        hashMap.put("roleName", identityManagementRoleDocument.getRoleName());
        if (((identityManagementRoleDocument.getMembers() != null && !identityManagementRoleDocument.getMembers().isEmpty()) || (identityManagementRoleDocument.getDelegationMembers() != null && !identityManagementRoleDocument.getDelegationMembers().isEmpty())) && !getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, GlobalVariables.getUserSession().getPrincipalId(), hashMap, null)) {
            z = false;
        }
        return z;
    }

    private boolean validRoleMemberPrincipalIDs(List<? extends KimDocumentRoleMember> list) {
        boolean z = true;
        ArrayList arrayList = new ArrayList();
        for (KimDocumentRoleMember kimDocumentRoleMember : list) {
            if (StringUtils.equals(kimDocumentRoleMember.getMemberTypeCode(), KimConstants.KimGroupMemberTypes.PRINCIPAL_MEMBER_TYPE.getCode())) {
                arrayList.add(kimDocumentRoleMember.getMemberId());
            }
        }
        if (!arrayList.isEmpty()) {
            List<Person> findPeople = getPersonService().findPeople(Map.of("principalId", String.join("|", arrayList)));
            for (KimDocumentRoleMember kimDocumentRoleMember2 : list) {
                if (StringUtils.equals(kimDocumentRoleMember2.getMemberTypeCode(), MemberType.PRINCIPAL.getCode())) {
                    boolean z2 = false;
                    if (findPeople != null && !findPeople.isEmpty()) {
                        Iterator<Person> it = findPeople.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (kimDocumentRoleMember2.getMemberId().equals(it.next().getPrincipalId())) {
                                z2 = true;
                                break;
                            }
                        }
                    }
                    if (!z2) {
                        GlobalVariables.getMessageMap().putError("document.member.memberId", KFSKeyConstants.ERROR_MEMBERID_MEMBERTYPE_MISMATCH, kimDocumentRoleMember2.getMemberId());
                        z = false;
                    }
                }
            }
        }
        return z;
    }

    private static boolean validDuplicateRoleName(IdentityManagementRoleDocument identityManagementRoleDocument) {
        RoleLite roleByNamespaceCodeAndName = KimApiServiceLocator.getRoleService().getRoleByNamespaceCodeAndName(identityManagementRoleDocument.getRoleNamespace(), identityManagementRoleDocument.getRoleName());
        boolean z = true;
        if (roleByNamespaceCodeAndName != null && !roleByNamespaceCodeAndName.getId().equals(identityManagementRoleDocument.getRoleId())) {
            GlobalVariables.getMessageMap().putError("document.roleName", KFSKeyConstants.ERROR_DUPLICATE_ENTRY, "Role Name");
            z = false;
        }
        return z;
    }

    private static boolean validRoleMemberActiveDates(List<? extends KimDocumentRoleMember> list) {
        boolean z = true;
        int i = 0;
        for (KimDocumentRoleMember kimDocumentRoleMember : list) {
            z &= validateActiveDate("document.members[" + i + "].activeToDate", kimDocumentRoleMember.getActiveFromDate(), kimDocumentRoleMember.getActiveToDate());
            i++;
        }
        return z;
    }

    private static boolean validDelegationMemberActiveDates(List<? extends RoleDocumentDelegationMember> list) {
        boolean z = true;
        int i = 0;
        for (RoleDocumentDelegationMember roleDocumentDelegationMember : list) {
            z &= validateActiveDate("document.delegationMembers[" + i + "].activeToDate", roleDocumentDelegationMember.getActiveFromDate(), roleDocumentDelegationMember.getActiveToDate());
            i++;
        }
        return z;
    }

    private boolean validPermissions(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = true;
        int i = 0;
        for (KimDocumentRolePermission kimDocumentRolePermission : identityManagementRoleDocument.getPermissions()) {
            Permission permission = kimDocumentRolePermission.getPermission();
            if (!kimDocumentRolePermission.isActive() && !hasPermissionToGrantPermission(kimDocumentRolePermission.getPermission(), identityManagementRoleDocument)) {
                GlobalVariables.getMessageMap().putError("permissions[" + i + "].active", KFSKeyConstants.ERROR_ASSIGN_PERMISSION, permission.getNamespaceCode(), permission.getTemplate().getName());
                z = false;
            }
            i++;
        }
        return z;
    }

    private boolean validResponsibilities(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = true;
        int i = 0;
        for (KimDocumentRoleResponsibility kimDocumentRoleResponsibility : identityManagementRoleDocument.getResponsibilities()) {
            Responsibility kimResponsibility = kimDocumentRoleResponsibility.getKimResponsibility();
            if (!kimDocumentRoleResponsibility.isActive() && !hasPermissionToGrantResponsibility(kimDocumentRoleResponsibility.getKimResponsibility(), identityManagementRoleDocument)) {
                GlobalVariables.getMessageMap().putError("responsibilities[" + i + "].active", KFSKeyConstants.ERROR_ASSIGN_RESPONSIBILITY, kimResponsibility.getNamespaceCode(), kimResponsibility.getTemplate().getName());
                z = false;
            }
            i++;
        }
        return z;
    }

    private boolean validRoleResponsibilitiesActions(List<? extends KimDocumentRoleResponsibility> list) {
        int i = 0;
        for (KimDocumentRoleResponsibility kimDocumentRoleResponsibility : list) {
            if (!getResponsibilityInternalService().areActionsAtAssignmentLevelById(kimDocumentRoleResponsibility.getResponsibilityId())) {
                validateRoleResponsibilityAction("document.responsibilities[" + i + "].roleRspActions[0].priorityNumber", kimDocumentRoleResponsibility.getRoleRspActions().get(0));
            }
            i++;
        }
        return true;
    }

    private static boolean validRoleMembersResponsibilityActions(List<? extends KimDocumentRoleMember> list) {
        int i = 0;
        for (KimDocumentRoleMember kimDocumentRoleMember : list) {
            int i2 = 0;
            if (kimDocumentRoleMember.getRoleRspActions() != null && !kimDocumentRoleMember.getRoleRspActions().isEmpty()) {
                Iterator<KimDocumentRoleResponsibilityAction> it = kimDocumentRoleMember.getRoleRspActions().iterator();
                while (it.hasNext()) {
                    validateRoleResponsibilityAction("document.members[" + i + "].roleRspActions[" + i2 + "].priorityNumber", it.next());
                    i2++;
                }
            }
            i++;
        }
        return true;
    }

    private static void validateRoleResponsibilityAction(String str, KimDocumentRoleResponsibilityAction kimDocumentRoleResponsibilityAction) {
        if (kimDocumentRoleResponsibilityAction.getPriorityNumber() != null) {
            if (kimDocumentRoleResponsibilityAction.getPriorityNumber().intValue() < 1 || kimDocumentRoleResponsibilityAction.getPriorityNumber().intValue() > 11) {
                GlobalVariables.getMessageMap().putError(str, ERROR_PRIORITY_NUMBER_RANGE, Integer.toString(1), Integer.toString(11));
            }
        }
    }

    private boolean validateRoleQualifier(List<? extends KimDocumentRoleMember> list, KimType kimType) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        int i2 = 0;
        KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(kimType);
        GlobalVariables.getMessageMap().removeFromErrorPath("document");
        Set<String> figureOutUniqueQualificationSet = figureOutUniqueQualificationSet(list, kimTypeService.getAttributeDefinitions(kimType.getId()));
        for (KimDocumentRoleMember kimDocumentRoleMember : list) {
            Map<String, String> convertQualifiersToMap = this.attributeValidationHelper.convertQualifiersToMap(kimDocumentRoleMember.getQualifiers());
            RoleTypeService roleTypeService = getRoleTypeService(kimType);
            if (!(roleTypeService != null ? roleTypeService.shouldValidateQualifiersForMemberType(MemberType.fromCode(kimDocumentRoleMember.getMemberTypeCode())) : true)) {
                arrayList.addAll(this.attributeValidationHelper.convertErrorsForMappedFields("members[" + i + "]", kimTypeService.validateAttributes(kimType.getId(), convertQualifiersToMap)));
                i++;
            }
            if (!figureOutUniqueQualificationSet.isEmpty()) {
                validateUniquePersonRoleQualifiersUniqueForRoleMembership(kimDocumentRoleMember, i2, list, figureOutUniqueQualificationSet, arrayList);
            }
            i2++;
        }
        GlobalVariables.getMessageMap().addToErrorPath("document");
        if (arrayList.isEmpty()) {
            return true;
        }
        this.attributeValidationHelper.moveValidationErrorsToErrorMap(arrayList);
        return false;
    }

    private static Set<String> figureOutUniqueQualificationSet(List<? extends KimDocumentRoleMember> list, List<KimAttributeField> list2) {
        KimAttributeField findAttributeField;
        HashSet hashSet = new HashSet();
        if (list != null && list.size() > 1) {
            for (KimDocumentRoleQualifier kimDocumentRoleQualifier : list.get(0).getQualifiers()) {
                if (kimDocumentRoleQualifier != null && kimDocumentRoleQualifier.getKimAttribute() != null && StringUtils.isNotBlank(kimDocumentRoleQualifier.getKimAttribute().getAttributeName()) && (findAttributeField = DataDictionaryTypeServiceHelper.findAttributeField(kimDocumentRoleQualifier.getKimAttribute().getAttributeName(), list2)) != null && findAttributeField.isUnique()) {
                    hashSet.add(kimDocumentRoleQualifier.getKimAttrDefnId());
                }
            }
        }
        return hashSet;
    }

    private void validateUniquePersonRoleQualifiersUniqueForRoleMembership(KimDocumentRoleMember kimDocumentRoleMember, int i, List<? extends KimDocumentRoleMember> list, Set<String> set, List<? super AttributeError> list2) {
        int i2 = 0;
        for (KimDocumentRoleMember kimDocumentRoleMember2 : list) {
            if (i != i2 && sameMembership(kimDocumentRoleMember, kimDocumentRoleMember2) && sameUniqueMembershipQualifications(kimDocumentRoleMember, kimDocumentRoleMember2, set)) {
                int i3 = 0;
                for (KimDocumentRoleQualifier kimDocumentRoleQualifier : kimDocumentRoleMember2.getQualifiers()) {
                    if (kimDocumentRoleQualifier != null && set.contains(kimDocumentRoleQualifier.getKimAttrDefnId())) {
                        KimAttribute kimAttribute = kimDocumentRoleQualifier.getKimAttribute();
                        String str = IntStream.UNKNOWN_SOURCE_NAME;
                        if (kimAttribute == null && kimDocumentRoleQualifier.getKimAttrDefnId() != null) {
                            kimAttribute = (KimAttribute) getBusinessObjectService().findBySinglePrimaryKey(KimAttribute.class, kimDocumentRoleQualifier.getKimAttrDefnId());
                        }
                        if (kimAttribute != null) {
                            str = kimAttribute.getAttributeName();
                        }
                        list2.add(AttributeError.Builder.create("document.members[" + i + "].qualifiers[" + i3 + "].attrVal", "error.document.identityManagementPerson.qualifier.valueNotUnique:" + kimDocumentRoleMember2.getMemberId() + ";" + str + ";" + kimDocumentRoleQualifier.getAttrVal()).build());
                    }
                    i3++;
                }
            }
            i2++;
        }
    }

    private static boolean sameMembership(KimDocumentRoleMember kimDocumentRoleMember, KimDocumentRoleMember kimDocumentRoleMember2) {
        return StringUtils.isNotBlank(kimDocumentRoleMember.getMemberTypeCode()) && StringUtils.isNotBlank(kimDocumentRoleMember2.getMemberTypeCode()) && StringUtils.isNotBlank(kimDocumentRoleMember.getMemberId()) && StringUtils.isNotBlank(kimDocumentRoleMember2.getMemberId()) && kimDocumentRoleMember.getMemberTypeCode().equals(kimDocumentRoleMember2.getMemberTypeCode()) && kimDocumentRoleMember.getMemberId().equals(kimDocumentRoleMember2.getMemberId());
    }

    private static boolean sameUniqueMembershipQualifications(KimDocumentRoleMember kimDocumentRoleMember, KimDocumentRoleMember kimDocumentRoleMember2, Set<String> set) {
        boolean z = true;
        for (String str : set) {
            KimDocumentRoleQualifier qualifier = kimDocumentRoleMember.getQualifier(str);
            KimDocumentRoleQualifier qualifier2 = kimDocumentRoleMember2.getQualifier(str);
            if (qualifier != null && qualifier2 != null) {
                z &= (qualifier.getAttrVal() == null && qualifier2.getAttrVal() == null) || qualifier.getAttrVal() == null || qualifier.getAttrVal().equals(qualifier2.getAttrVal());
            }
        }
        return z;
    }

    private static KimDocumentRoleMember getRoleMemberForDelegation(List<? extends KimDocumentRoleMember> list, RoleDocumentDelegationMember roleDocumentDelegationMember, List<? extends KimDocumentRoleMember> list2) {
        if ((list == null && list2 == null) || roleDocumentDelegationMember == null || roleDocumentDelegationMember.getRoleMemberId() == null) {
            return null;
        }
        for (KimDocumentRoleMember kimDocumentRoleMember : list2) {
            if (roleDocumentDelegationMember.getRoleMemberId().equals(kimDocumentRoleMember.getRoleMemberId())) {
                return kimDocumentRoleMember;
            }
        }
        for (KimDocumentRoleMember kimDocumentRoleMember2 : list) {
            if (roleDocumentDelegationMember.getRoleMemberId().equals(kimDocumentRoleMember2.getRoleMemberId())) {
                return kimDocumentRoleMember2;
            }
        }
        return null;
    }

    private boolean validateDelegationMemberRoleQualifier(List<? extends KimDocumentRoleMember> list, List<? extends RoleDocumentDelegationMember> list2, KimType kimType, List<? extends KimDocumentRoleMember> list3) {
        boolean z;
        ArrayList arrayList = new ArrayList();
        int i = 0;
        KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(kimType);
        GlobalVariables.getMessageMap().removeFromErrorPath("document");
        Set<String> figureOutUniqueQualificationSetForDelegation = figureOutUniqueQualificationSetForDelegation(list2, kimTypeService.getAttributeDefinitions(kimType.getId()));
        for (RoleDocumentDelegationMember roleDocumentDelegationMember : list2) {
            String str = "delegationMembers[" + i + "]";
            Map<String, String> convertQualifiersToMap = this.attributeValidationHelper.convertQualifiersToMap(roleDocumentDelegationMember.getQualifiers());
            if (!roleDocumentDelegationMember.isRole()) {
                arrayList.addAll(this.attributeValidationHelper.convertErrorsForMappedFields(str, kimTypeService.validateAttributes(kimType.getId(), convertQualifiersToMap)));
            }
            KimDocumentRoleMember roleMemberForDelegation = getRoleMemberForDelegation(list3, roleDocumentDelegationMember, list);
            if (roleMemberForDelegation == null) {
                GlobalVariables.getMessageMap().putError("document.delegationMembers[" + i + "]", KFSKeyConstants.ERROR_DELEGATE_ROLE_MEMBER_ASSOCIATION, new String[0]);
            } else {
                arrayList.addAll(this.attributeValidationHelper.convertErrorsForMappedFields(str, kimTypeService.validateUnmodifiableAttributes(kimType.getId(), this.attributeValidationHelper.convertQualifiersToMap(roleMemberForDelegation.getQualifiers()), convertQualifiersToMap)));
            }
            if (!figureOutUniqueQualificationSetForDelegation.isEmpty()) {
                validateUniquePersonRoleQualifiersUniqueForRoleDelegation(roleDocumentDelegationMember, i, list2, figureOutUniqueQualificationSetForDelegation, arrayList);
            }
            i++;
        }
        GlobalVariables.getMessageMap().addToErrorPath("document");
        if (arrayList.isEmpty()) {
            z = true;
        } else {
            this.attributeValidationHelper.moveValidationErrorsToErrorMap(arrayList);
            z = false;
        }
        return z;
    }

    private static Set<String> figureOutUniqueQualificationSetForDelegation(List<? extends RoleDocumentDelegationMember> list, List<KimAttributeField> list2) {
        KimAttributeField findAttributeField;
        HashSet hashSet = new HashSet();
        if (list != null && list.size() > 1) {
            for (RoleDocumentDelegationMemberQualifier roleDocumentDelegationMemberQualifier : list.get(0).getQualifiers()) {
                if (roleDocumentDelegationMemberQualifier != null && roleDocumentDelegationMemberQualifier.getKimAttribute() != null && StringUtils.isNotBlank(roleDocumentDelegationMemberQualifier.getKimAttribute().getAttributeName()) && (findAttributeField = DataDictionaryTypeServiceHelper.findAttributeField(roleDocumentDelegationMemberQualifier.getKimAttribute().getAttributeName(), list2)) != null && findAttributeField.isUnique()) {
                    hashSet.add(roleDocumentDelegationMemberQualifier.getKimAttrDefnId());
                }
            }
        }
        return hashSet;
    }

    private static void validateUniquePersonRoleQualifiersUniqueForRoleDelegation(RoleDocumentDelegationMember roleDocumentDelegationMember, int i, List<? extends RoleDocumentDelegationMember> list, Set<String> set, List<? super AttributeError> list2) {
        int i2 = 0;
        for (RoleDocumentDelegationMember roleDocumentDelegationMember2 : list) {
            if (i != i2 && sameDelegationMembership(roleDocumentDelegationMember, roleDocumentDelegationMember2) && sameUniqueDelegationMembershipQualifications(roleDocumentDelegationMember, roleDocumentDelegationMember2, set)) {
                int i3 = 0;
                for (RoleDocumentDelegationMemberQualifier roleDocumentDelegationMemberQualifier : roleDocumentDelegationMember2.getQualifiers()) {
                    if (roleDocumentDelegationMemberQualifier != null && set.contains(roleDocumentDelegationMemberQualifier.getKimAttrDefnId())) {
                        list2.add(AttributeError.Builder.create("document.delegationMembers[" + i + "].qualifiers[" + i3 + "].attrVal", "error.document.identityManagementPerson.qualifier.valueNotUnique:" + roleDocumentDelegationMemberQualifier.getKimAttribute().getAttributeName() + ";" + roleDocumentDelegationMemberQualifier.getAttrVal()).build());
                    }
                    i3++;
                }
            }
            i2++;
        }
    }

    private static boolean sameDelegationMembership(RoleDocumentDelegationMember roleDocumentDelegationMember, RoleDocumentDelegationMember roleDocumentDelegationMember2) {
        return StringUtils.isNotBlank(roleDocumentDelegationMember.getMemberTypeCode()) && StringUtils.isNotBlank(roleDocumentDelegationMember2.getMemberTypeCode()) && StringUtils.isNotBlank(roleDocumentDelegationMember.getMemberId()) && StringUtils.isNotBlank(roleDocumentDelegationMember2.getMemberId()) && roleDocumentDelegationMember.getMemberTypeCode().equals(roleDocumentDelegationMember2.getMemberTypeCode()) && roleDocumentDelegationMember.getMemberId().equals(roleDocumentDelegationMember2.getMemberId());
    }

    private static boolean sameUniqueDelegationMembershipQualifications(RoleDocumentDelegationMember roleDocumentDelegationMember, RoleDocumentDelegationMember roleDocumentDelegationMember2, Set<String> set) {
        boolean z = true;
        for (String str : set) {
            RoleDocumentDelegationMemberQualifier qualifier = roleDocumentDelegationMember.getQualifier(str);
            RoleDocumentDelegationMemberQualifier qualifier2 = roleDocumentDelegationMember2.getQualifier(str);
            if (qualifier != null && qualifier2 != null) {
                z &= (qualifier.getAttrVal() == null && qualifier2.getAttrVal() == null) || qualifier.getAttrVal() == null || qualifier.getAttrVal().equals(qualifier2.getAttrVal());
            }
        }
        return z;
    }

    private static boolean validateActiveDate(String str, Timestamp timestamp, Timestamp timestamp2) {
        boolean z = true;
        if (timestamp != null && timestamp2 != null && timestamp2.before(timestamp)) {
            GlobalVariables.getMessageMap().putError(str, KFSKeyConstants.ERROR_ACTIVE_TO_DATE_BEFORE_FROM_DATE, new String[0]);
            z = false;
        }
        return z;
    }

    private static boolean checkForCircularRoleMembership(AddMemberEvent addMemberEvent) {
        KimDocumentRoleMember member = addMemberEvent.getMember();
        if (member == null || StringUtils.isBlank(member.getMemberId())) {
            GlobalVariables.getMessageMap().putError(MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_INVALID_ROLE, "");
            return false;
        }
        if (!member.isRole() || !KimApiServiceLocator.getRoleService().getRoleTypeRoleMemberIds(member.getMemberId()).contains(((IdentityManagementRoleDocument) addMemberEvent.getDocument()).getRoleId())) {
            return true;
        }
        GlobalVariables.getMessageMap().putError(MEMBER_ID_ERROR_PATH, ERROR_ASSIGN_ROLE_MEMBER_CIRCULAR, member.getMemberId());
        return false;
    }

    @Override // org.kuali.kfs.kim.rule.ui.AddPermissionRule
    public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
        KimDocumentRolePermission permission = addPermissionEvent.getPermission();
        if (permission == null || StringUtils.isEmpty(permission.getPermissionId())) {
            GlobalVariables.getMessageMap().putError(PERMISSION_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
            return false;
        }
        Permission permission2 = permission.getPermission();
        if (permission2 == null) {
            GlobalVariables.getMessageMap().putError(PERMISSION_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
            return false;
        }
        boolean z = true;
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) addPermissionEvent.getDocument();
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", permission2.getNamespaceCode());
        hashMap.put(KimConstants.AttributeConstants.PERMISSION_NAME, permission2.getTemplate().getName());
        if (!getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.GRANT_PERMISSION, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null)) {
            GlobalVariables.getMessageMap().putError(PERMISSION_ID_ERROR_PATH, KFSKeyConstants.ERROR_ASSIGN_PERMISSION, permission2.getNamespaceCode(), permission2.getTemplate().getName());
            return false;
        }
        if (StringUtils.isBlank(permission.getPermissionId())) {
            z = false;
            GlobalVariables.getMessageMap().putError(PERMISSION_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
        } else {
            int i = 0;
            Iterator<KimDocumentRolePermission> it = identityManagementRoleDocument.getPermissions().iterator();
            while (it.hasNext()) {
                if (it.next().getPermissionId().equals(permission.getPermissionId())) {
                    z = false;
                    GlobalVariables.getMessageMap().putError("document.permissions[" + i + "].permissionId", KFSKeyConstants.ERROR_DUPLICATE_ENTRY, "Permission");
                }
                i++;
            }
        }
        return z;
    }

    @Override // org.kuali.kfs.kim.rule.ui.AddPermissionRule
    public boolean hasPermissionToGrantPermission(Permission permission, IdentityManagementRoleDocument identityManagementRoleDocument) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", permission.getNamespaceCode());
        hashMap.put(KimConstants.AttributeConstants.PERMISSION_NAME, permission.getTemplate().getName());
        return getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.GRANT_PERMISSION, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.kfs.kim.impl.responsibility.AddResponsibilityRule
    public boolean processAddResponsibility(AddResponsibilityEvent addResponsibilityEvent) {
        KimDocumentRoleResponsibility responsibility = addResponsibilityEvent.getResponsibility();
        if (responsibility == null) {
            GlobalVariables.getMessageMap().putError(RESPONSIBILITY_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Responsibility");
            return false;
        }
        Responsibility kimResponsibility = responsibility.getKimResponsibility();
        if (kimResponsibility == null) {
            GlobalVariables.getMessageMap().putError(RESPONSIBILITY_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Responsibility");
            return false;
        }
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) addResponsibilityEvent.getDocument();
        boolean z = true;
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", kimResponsibility.getNamespaceCode());
        hashMap.put(KimConstants.AttributeConstants.RESPONSIBILITY_NAME, kimResponsibility.getName());
        if (!getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.GRANT_RESPONSIBILITY, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null)) {
            GlobalVariables.getMessageMap().putError(RESPONSIBILITY_ID_ERROR_PATH, KFSKeyConstants.ERROR_ASSIGN_RESPONSIBILITY, kimResponsibility.getNamespaceCode(), kimResponsibility.getTemplate().getName());
            return false;
        }
        if (StringUtils.isBlank(responsibility.getResponsibilityId())) {
            z = false;
            GlobalVariables.getMessageMap().putError(RESPONSIBILITY_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Responsibility");
        } else {
            int i = 0;
            Iterator<KimDocumentRoleResponsibility> it = identityManagementRoleDocument.getResponsibilities().iterator();
            while (it.hasNext()) {
                if (it.next().getResponsibilityId().equals(responsibility.getResponsibilityId())) {
                    z = false;
                    GlobalVariables.getMessageMap().putError("document.responsibilities[" + i + "].responsibilityId", KFSKeyConstants.ERROR_DUPLICATE_ENTRY, "Responsibility");
                }
                i++;
            }
        }
        return z;
    }

    @Override // org.kuali.kfs.kim.impl.responsibility.AddResponsibilityRule
    public boolean hasPermissionToGrantResponsibility(Responsibility responsibility, IdentityManagementRoleDocument identityManagementRoleDocument) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", responsibility.getNamespaceCode());
        hashMap.put(KimConstants.AttributeConstants.RESPONSIBILITY_NAME, responsibility.getName());
        return getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.GRANT_RESPONSIBILITY, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.kfs.kim.rule.ui.AddMemberRule
    public boolean processAddMember(AddMemberEvent addMemberEvent) {
        return validateAddMember(addMemberEvent) & validateActiveDate("member.activeFromDate", addMemberEvent.getMember().getActiveFromDate(), addMemberEvent.getMember().getActiveToDate()) & checkForCircularRoleMembership(addMemberEvent);
    }

    private boolean validateAddMember(AddMemberEvent addMemberEvent) {
        RoleTypeService roleTypeService;
        KimDocumentRoleMember member = addMemberEvent.getMember();
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) addMemberEvent.getDocument();
        boolean z = true;
        if (member == null || StringUtils.isBlank(member.getMemberId())) {
            GlobalVariables.getMessageMap().putError(MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Member");
            return false;
        }
        if (!validAssignRole(identityManagementRoleDocument)) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(identityManagementRoleDocument.getKimType());
        long time = member.getActiveFromDate() == null ? 0L : member.getActiveFromDate().getTime();
        long time2 = member.getActiveToDate() == null ? Long.MAX_VALUE : member.getActiveToDate().getTime();
        Map<String, String> convertQualifiersToMap = this.attributeValidationHelper.convertQualifiersToMap(member.getQualifiers());
        Iterator<KimDocumentRoleMember> it = identityManagementRoleDocument.getMembers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KimDocumentRoleMember next = it.next();
            long time3 = next.getActiveFromDate() == null ? 0L : next.getActiveFromDate().getTime();
            long time4 = next.getActiveToDate() == null ? Long.MAX_VALUE : next.getActiveToDate().getTime();
            Map<String, String> convertQualifiersToMap2 = this.attributeValidationHelper.convertQualifiersToMap(next.getQualifiers());
            if (next.getMemberId().equals(member.getMemberId()) && next.getMemberTypeCode().equals(member.getMemberTypeCode()) && ((time >= time3 && time < time4) || (time2 >= time3 && time2 <= time4))) {
                List<AttributeError> validateAttributesAgainstExisting = kimTypeService.validateAttributesAgainstExisting(identityManagementRoleDocument.getKimType().getId(), convertQualifiersToMap, convertQualifiersToMap2);
                arrayList.addAll(this.attributeValidationHelper.convertErrorsForMappedFields(MEMBER_ID_ERROR_PATH, validateAttributesAgainstExisting));
                if (!validateAttributesAgainstExisting.isEmpty()) {
                    z = false;
                    GlobalVariables.getMessageMap().putError(MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_DUPLICATE_ENTRY, "Member");
                    break;
                }
            }
        }
        boolean isRole = member.isRole();
        if (kimTypeService != null && ObjectUtils.isNotNull(identityManagementRoleDocument.getKimType()) && StringUtils.isNotBlank(identityManagementRoleDocument.getKimType().getServiceName()) && (roleTypeService = getRoleTypeService(identityManagementRoleDocument.getKimType())) != null) {
            isRole = roleTypeService.shouldValidateQualifiersForMemberType(MemberType.fromCode(member.getMemberTypeCode()));
        }
        if (kimTypeService != null && !isRole) {
            arrayList.addAll(this.attributeValidationHelper.convertErrors("member", this.attributeValidationHelper.convertQualifiersToAttrIdxMap(member.getQualifiers()), kimTypeService.validateAttributes(identityManagementRoleDocument.getKimType().getId(), this.attributeValidationHelper.convertQualifiersToMap(member.getQualifiers()))));
        }
        if (!arrayList.isEmpty()) {
            this.attributeValidationHelper.moveValidationErrorsToErrorMap(arrayList);
            z = false;
        }
        return z;
    }

    private boolean validAssignRole(IdentityManagementRoleDocument identityManagementRoleDocument) {
        boolean z = true;
        if (StringUtils.isNotEmpty(identityManagementRoleDocument.getRoleNamespace())) {
            HashMap hashMap = new HashMap();
            hashMap.put("namespaceCode", identityManagementRoleDocument.getRoleNamespace());
            hashMap.put("roleName", identityManagementRoleDocument.getRoleName());
            if (!getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.ASSIGN_ROLE, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null)) {
                GlobalVariables.getMessageMap().putError(MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_ASSIGN_ROLE, identityManagementRoleDocument.getRoleNamespace(), identityManagementRoleDocument.getRoleName());
                z = false;
            }
        }
        return z;
    }

    @Override // org.kuali.kfs.kim.rule.ui.AddDelegationRule
    public boolean processAddDelegation(AddDelegationEvent addDelegationEvent) {
        RoleDocumentDelegation delegation = addDelegationEvent.getDelegation();
        boolean z = true;
        if (delegation == null || StringUtils.isBlank(delegation.getDelegationTypeCode())) {
            z = false;
            GlobalVariables.getMessageMap().putError(PERMISSION_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
        }
        return z;
    }

    @Override // org.kuali.kfs.kim.rule.ui.AddDelegationMemberRule
    public boolean processAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent) {
        boolean validateAddDelegationMember = validateAddDelegationMember(addDelegationMemberEvent);
        RoleDocumentDelegationMember delegationMember = addDelegationMemberEvent.getDelegationMember();
        return validateAddDelegationMember & validateActiveDate("delegationMember.activeFromDate", delegationMember.getActiveFromDate(), delegationMember.getActiveToDate());
    }

    private boolean validateAddDelegationMember(AddDelegationMemberEvent addDelegationMemberEvent) {
        RoleDocumentDelegationMember delegationMember = addDelegationMemberEvent.getDelegationMember();
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) addDelegationMemberEvent.getDocument();
        boolean z = true;
        if (delegationMember == null || StringUtils.isBlank(delegationMember.getMemberId())) {
            GlobalVariables.getMessageMap().putError(DELEGATION_MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Delegation Member");
            return false;
        }
        if (StringUtils.isBlank(delegationMember.getRoleMemberId())) {
            GlobalVariables.getMessageMap().putError(DELEGATION_MEMBER_ID_ERROR_PATH, KFSKeyConstants.ERROR_EMPTY_ENTRY, "Role Member");
            return false;
        }
        KimTypeService kimTypeService = KimFrameworkServiceLocator.getKimTypeService(identityManagementRoleDocument.getKimType());
        Iterator<RoleDocumentDelegationMember> it = identityManagementRoleDocument.getDelegationMembers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RoleDocumentDelegationMember next = it.next();
            if (!kimTypeService.validateUniqueAttributes(identityManagementRoleDocument.getKimType().getId(), this.attributeValidationHelper.convertQualifiersToMap(delegationMember.getQualifiers()), this.attributeValidationHelper.convertQualifiersToMap(next.getQualifiers())).isEmpty() && next.getMemberId().equals(delegationMember.getMemberId()) && next.getMemberTypeCode().equals(delegationMember.getMemberTypeCode())) {
                z = false;
                GlobalVariables.getMessageMap().putError("delegationMember.memberId", KFSKeyConstants.ERROR_DUPLICATE_ENTRY, "Delegation Member");
                break;
            }
        }
        ArrayList arrayList = new ArrayList();
        if (kimTypeService != null && !delegationMember.isRole()) {
            arrayList.addAll(this.attributeValidationHelper.convertErrors("delegationMember", this.attributeValidationHelper.convertQualifiersToAttrIdxMap(delegationMember.getQualifiers()), kimTypeService.validateAttributes(identityManagementRoleDocument.getKimType().getId(), this.attributeValidationHelper.convertQualifiersToMap(delegationMember.getQualifiers()))));
        }
        if (!arrayList.isEmpty()) {
            this.attributeValidationHelper.moveValidationErrorsToErrorMap(arrayList);
            z = false;
        }
        return z;
    }

    private static RoleTypeService getRoleTypeService(KimType kimType) {
        String serviceName = kimType.getServiceName();
        if (serviceName == null) {
            return null;
        }
        try {
            KimTypeService kimTypeService = (KimTypeService) GlobalResourceLoader.getService(serviceName);
            return kimTypeService instanceof RoleTypeService ? (RoleTypeService) kimTypeService : (RoleTypeService) KimImplServiceLocator.getService("kimNoMembersRoleTypeService");
        } catch (Exception e) {
            return (RoleTypeService) KimImplServiceLocator.getService("kimNoMembersRoleTypeService");
        }
    }

    public BusinessObjectService getBusinessObjectService() {
        if (this.businessObjectService == null) {
            this.businessObjectService = KRADServiceLocator.getBusinessObjectService();
        }
        return this.businessObjectService;
    }

    private ResponsibilityInternalService getResponsibilityInternalService() {
        if (this.responsibilityInternalService == null) {
            this.responsibilityInternalService = KimImplServiceLocator.getResponsibilityInternalService();
        }
        return this.responsibilityInternalService;
    }
}
