package org.kuali.kfs.sec.document;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.krad.bo.DocumentHeader;
import org.kuali.kfs.krad.service.DocumentService;
import org.kuali.kfs.sec.businessobject.SecurityDefinition;
import org.kuali.kfs.sec.businessobject.SecurityDefinitionDocumentType;
import org.kuali.kfs.sec.service.AccessSecurityService;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.rice.kew.api.exception.WorkflowException;
import org.kuali.rice.kim.api.common.template.Template;
import org.kuali.rice.kim.api.permission.Permission;
import org.kuali.rice.kim.api.role.Role;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2019-05-23.jar:org/kuali/kfs/sec/document/SecurityDefinitionMaintainableImpl.class */
public class SecurityDefinitionMaintainableImpl extends AbstractSecurityModuleMaintainable {
    private static final Logger LOG = LogManager.getLogger((Class<?>) SecurityDefinitionMaintainableImpl.class);
    private static AccessSecurityService accessSecurityService;

    @Override // org.kuali.kfs.krad.maintenance.MaintainableImpl, org.kuali.kfs.krad.maintenance.Maintainable
    public void doRouteStatusChange(DocumentHeader documentHeader) {
        super.doRouteStatusChange(documentHeader);
        if (documentHeader.getWorkflowDocument().isProcessed()) {
            try {
                MaintenanceDocument maintenanceDocument = (MaintenanceDocument) ((DocumentService) SpringContext.getBean(DocumentService.class)).getByDocumentHeaderId(documentHeader.getDocumentNumber());
                SecurityDefinition securityDefinition = (SecurityDefinition) maintenanceDocument.getOldMaintainableObject().getBusinessObject();
                SecurityDefinition securityDefinition2 = (SecurityDefinition) maintenanceDocument.getNewMaintainableObject().getBusinessObject();
                securityDefinition.refreshNonUpdateableReferences();
                securityDefinition2.refreshNonUpdateableReferences();
                boolean z = getMaintenanceAction().equalsIgnoreCase("New") || getMaintenanceAction().equalsIgnoreCase("Copy");
                createOrUpdateDefinitionRole(securityDefinition, securityDefinition2);
                createOrUpdateDocumentPermissions(securityDefinition2);
                createOrUpdateLookupPermission(securityDefinition2);
                createOrUpdateInquiryPermissions(securityDefinition2);
            } catch (WorkflowException e) {
                LOG.error("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", (Throwable) e);
                throw new RuntimeException("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
            }
        }
    }

    protected void createOrUpdateDefinitionRole(SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2) {
        Role role = null;
        if (StringUtils.isNotBlank(securityDefinition.getRoleId())) {
            role = KimApiServiceLocator.getRoleService().getRole(securityDefinition.getRoleId());
        }
        if (role != null) {
            if (securityDefinition.isActive() != securityDefinition2.isActive()) {
                Role.Builder create = Role.Builder.create(role);
                create.setActive(securityDefinition2.isActive());
                KimApiServiceLocator.getRoleService().updateRole(create.build());
                return;
            }
            return;
        }
        Role.Builder create2 = Role.Builder.create();
        create2.setNamespaceCode("KFS-SEC");
        create2.setName(securityDefinition2.getName());
        create2.setDescription(securityDefinition2.getDescription());
        create2.setActive(securityDefinition2.isActive());
        create2.setKimTypeId(getDefaultRoleTypeId());
        securityDefinition2.setRoleId(KimApiServiceLocator.getRoleService().createRole(create2.build()).getId());
    }

    protected void createOrUpdateDocumentPermissions(SecurityDefinition securityDefinition) {
        for (SecurityDefinitionDocumentType securityDefinitionDocumentType : securityDefinition.getDefinitionDocumentTypes()) {
            createOrUpdateDocumentTypePermissions(securityDefinitionDocumentType.getFinancialSystemDocumentTypeCode(), securityDefinition.isActive() && securityDefinitionDocumentType.isActive(), securityDefinition);
        }
    }

    protected void createOrUpdateLookupPermission(SecurityDefinition securityDefinition) {
        Template lookupWithFieldValueTemplate = getAccessSecurityService().getLookupWithFieldValueTemplate();
        createOrUpdatePermissionAndAssignToRole(securityDefinition.getName() + "/" + lookupWithFieldValueTemplate.getName(), securityDefinition.getRoleId(), securityDefinition.getDescription(), securityDefinition.isRestrictLookup(), lookupWithFieldValueTemplate, getLookupPermissionDetails(securityDefinition));
    }

    protected void createOrUpdateInquiryPermissions(SecurityDefinition securityDefinition) {
        Template inquiryWithFieldValueTemplate = getAccessSecurityService().getInquiryWithFieldValueTemplate();
        String str = securityDefinition.getName() + "/" + inquiryWithFieldValueTemplate.getName() + "/KFS-GL";
        String str2 = securityDefinition.getName() + "/" + inquiryWithFieldValueTemplate.getName() + "/KFS-LD";
        KimApiServiceLocator.getPermissionService().findPermByNamespaceCodeAndName("KFS-SEC", str);
        KimApiServiceLocator.getPermissionService().findPermByNamespaceCodeAndName("KFS-SEC", str2);
        createOrUpdatePermissionAndAssignToRole(str, securityDefinition.getRoleId(), securityDefinition.getDescription(), securityDefinition.isRestrictGLInquiry(), inquiryWithFieldValueTemplate, getInquiryPermissionDetails("KFS-GL", securityDefinition));
        createOrUpdatePermissionAndAssignToRole(str2, securityDefinition.getRoleId(), securityDefinition.getDescription(), securityDefinition.isRestrictLaborInquiry(), inquiryWithFieldValueTemplate, getInquiryPermissionDetails("KFS-LD", securityDefinition));
    }

    protected void createOrUpdateDocumentTypePermissions(String str, boolean z, SecurityDefinition securityDefinition) {
        Map<String, String> populateDocumentTypePermissionDetails = populateDocumentTypePermissionDetails(str, securityDefinition);
        Template viewDocumentWithFieldValueTemplate = getAccessSecurityService().getViewDocumentWithFieldValueTemplate();
        String str2 = securityDefinition.getName() + "/" + viewDocumentWithFieldValueTemplate.getName() + "/" + str;
        String description = securityDefinition.getDescription();
        createOrUpdatePermissionAndAssignToRole(str2, securityDefinition.getRoleId(), description, z && securityDefinition.isRestrictViewDocument(), viewDocumentWithFieldValueTemplate, populateDocumentTypePermissionDetails);
        Template viewAccountingLineWithFieldValueTemplate = getAccessSecurityService().getViewAccountingLineWithFieldValueTemplate();
        createOrUpdatePermissionAndAssignToRole(securityDefinition.getName() + "/" + viewAccountingLineWithFieldValueTemplate.getName() + "/" + str, securityDefinition.getRoleId(), description, z && securityDefinition.isRestrictViewAccountingLine(), viewAccountingLineWithFieldValueTemplate, populateDocumentTypePermissionDetails);
        Template viewNotesAttachmentsWithFieldValueTemplate = getAccessSecurityService().getViewNotesAttachmentsWithFieldValueTemplate();
        createOrUpdatePermissionAndAssignToRole(securityDefinition.getName() + "/" + viewNotesAttachmentsWithFieldValueTemplate.getName() + "/" + str, securityDefinition.getRoleId(), description, z && securityDefinition.isRestrictViewNotesAndAttachments(), viewNotesAttachmentsWithFieldValueTemplate, populateDocumentTypePermissionDetails);
        Template editAccountingLineWithFieldValueTemplate = getAccessSecurityService().getEditAccountingLineWithFieldValueTemplate();
        createOrUpdatePermissionAndAssignToRole(securityDefinition.getName() + "/" + editAccountingLineWithFieldValueTemplate.getName() + "/" + str, securityDefinition.getRoleId(), description, z && securityDefinition.isRestrictEditAccountingLine(), editAccountingLineWithFieldValueTemplate, populateDocumentTypePermissionDetails);
        Template editDocumentWithFieldValueTemplate = getAccessSecurityService().getEditDocumentWithFieldValueTemplate();
        createOrUpdatePermissionAndAssignToRole(securityDefinition.getName() + "/" + editDocumentWithFieldValueTemplate.getName() + "/" + str, securityDefinition.getRoleId(), description, z && securityDefinition.isRestrictEditDocument(), editDocumentWithFieldValueTemplate, populateDocumentTypePermissionDetails);
    }

    protected Map<String, String> populateDocumentTypePermissionDetails(String str, SecurityDefinition securityDefinition) {
        HashMap hashMap = new HashMap();
        hashMap.put("documentTypeName", str);
        hashMap.put("propertyName", securityDefinition.getSecurityAttribute().getName());
        return hashMap;
    }

    protected Map<String, String> getLookupPermissionDetails(SecurityDefinition securityDefinition) {
        HashMap hashMap = new HashMap();
        hashMap.put("propertyName", securityDefinition.getSecurityAttribute().getName());
        return hashMap;
    }

    protected Map<String, String> getInquiryPermissionDetails(String str, SecurityDefinition securityDefinition) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", str);
        hashMap.put("propertyName", securityDefinition.getSecurityAttribute().getName());
        return hashMap;
    }

    protected boolean isDocumentTypeInDefinition(String str, SecurityDefinition securityDefinition) {
        Iterator<SecurityDefinitionDocumentType> it = securityDefinition.getDefinitionDocumentTypes().iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(str, it.next().getFinancialSystemDocumentTypeCode())) {
                return true;
            }
        }
        return false;
    }

    protected void createOrUpdatePermissionAndAssignToRole(String str, String str2, String str3, boolean z, Template template, Map<String, String> map) {
        Permission findPermByNamespaceCodeAndName = KimApiServiceLocator.getPermissionService().findPermByNamespaceCodeAndName("KFS-SEC", str);
        if (findPermByNamespaceCodeAndName == null) {
            if (z) {
                Permission.Builder create = Permission.Builder.create("KFS-SEC", str);
                create.setTemplate(Template.Builder.create(template));
                create.setDescription(str3);
                create.setAttributes(map);
                create.setActive(true);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("About to save new permission: " + create);
                }
                findPermByNamespaceCodeAndName = KimApiServiceLocator.getPermissionService().createPermission(create.build());
            }
        } else if (findPermByNamespaceCodeAndName.isActive() != z) {
            Permission.Builder create2 = Permission.Builder.create(findPermByNamespaceCodeAndName);
            create2.setActive(z);
            findPermByNamespaceCodeAndName = KimApiServiceLocator.getPermissionService().updatePermission(create2.build());
        }
        assignPermissionToRole(findPermByNamespaceCodeAndName, str2);
    }

    protected void assignPermissionToRole(Permission permission, String str) {
        if (permission != null) {
            if (permission.isActive()) {
                KimApiServiceLocator.getRoleService().assignPermissionToRole(permission.getId(), str);
            } else {
                KimApiServiceLocator.getRoleService().revokePermissionFromRole(permission.getId(), str);
            }
        }
    }

    @Override // org.kuali.kfs.kns.maintenance.KualiMaintainableImpl, org.kuali.kfs.kns.maintenance.Maintainable
    public void processAfterCopy(MaintenanceDocument maintenanceDocument, Map<String, String[]> map) {
        ((SecurityDefinition) maintenanceDocument.getNewMaintainableObject().getBusinessObject()).setRoleId("");
        super.processAfterCopy(maintenanceDocument, map);
    }

    public static AccessSecurityService getAccessSecurityService() {
        if (accessSecurityService == null) {
            accessSecurityService = (AccessSecurityService) SpringContext.getBean(AccessSecurityService.class);
        }
        return accessSecurityService;
    }
}
