package org.kuali.kfs.sec.document;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.kuali.kfs.core.api.criteria.PredicateFactory;
import org.kuali.kfs.core.api.criteria.QueryByCriteria;
import org.kuali.kfs.core.api.membership.MemberType;
import org.kuali.kfs.kim.api.role.RoleService;
import org.kuali.kfs.kim.api.services.KimApiServiceLocator;
import org.kuali.kfs.kim.impl.role.RoleLite;
import org.kuali.kfs.kim.impl.role.RoleMember;
import org.kuali.kfs.kns.document.MaintenanceDocument;
import org.kuali.kfs.krad.bo.PersistableBusinessObject;
import org.kuali.kfs.sec.businessobject.AbstractSecurityModelDefinition;
import org.kuali.kfs.sec.businessobject.SecurityModelMember;
import org.kuali.kfs.sec.identity.SecKimAttributes;
import org.kuali.kfs.sys.document.FinancialSystemMaintainable;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2025-03-05.jar:org/kuali/kfs/sec/document/AbstractSecurityModuleMaintainable.class */
public abstract class AbstractSecurityModuleMaintainable extends FinancialSystemMaintainable {
    @Override // org.kuali.kfs.kns.maintenance.MaintainableImpl, org.kuali.kfs.kns.maintenance.Maintainable
    public void refresh(String str, Map map, MaintenanceDocument maintenanceDocument) {
        super.refresh(str, map, maintenanceDocument);
        getBusinessObject().refreshNonUpdateableReferences();
        Iterator<PersistableBusinessObject> it = this.newCollectionLines.values().iterator();
        while (it.hasNext()) {
            it.next().refreshNonUpdateableReferences();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDefaultRoleTypeId() {
        return KimApiServiceLocator.getKimTypeInfoService().findKimTypeByNameAndNamespace("KFS-SYS", "Default").getId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getRoleQualifiersFromSecurityModelDefinition(AbstractSecurityModelDefinition abstractSecurityModelDefinition) {
        HashMap hashMap = new HashMap(4);
        hashMap.put(SecKimAttributes.CONSTRAINT_CODE, abstractSecurityModelDefinition.getConstraintCode());
        hashMap.put(SecKimAttributes.OPERATOR, abstractSecurityModelDefinition.getOperatorCode());
        hashMap.put("propertyValue", abstractSecurityModelDefinition.getAttributeValue());
        hashMap.put(SecKimAttributes.OVERRIDE_DENY, Boolean.toString(abstractSecurityModelDefinition.isOverrideDeny()));
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateSecurityModelRoleMember(RoleLite roleLite, SecurityModelMember securityModelMember, String str, String str2, Map<String, String> map) {
        RoleService roleService = KimApiServiceLocator.getRoleService();
        RoleMember roleMembershipForMemberType = getRoleMembershipForMemberType(roleLite.getId(), str2, str, map);
        if (roleMembershipForMemberType == null) {
            if (str.equals(MemberType.PRINCIPAL.getCode())) {
                roleService.assignPrincipalToRole(str2, roleLite.getNamespaceCode(), roleLite.getName(), map);
            } else if (str.equals(MemberType.GROUP.getCode())) {
                roleService.assignGroupToRole(str2, roleLite.getNamespaceCode(), roleLite.getName(), map);
            } else {
                if (!str.equals(MemberType.ROLE.getCode())) {
                    throw new RuntimeException("Invalid role member type code: " + str);
                }
                roleService.assignRoleToRole(str2, roleLite.getNamespaceCode(), roleLite.getName(), map);
            }
            roleMembershipForMemberType = getRoleMembershipForMemberType(roleLite.getId(), str2, str, map);
            if (roleMembershipForMemberType == null) {
                throw new RuntimeException("Role member was not saved properly.  Retrieval of role member after save failed for role: " + roleLite.getId() + " and Member Type/ID: " + str + "/" + str2);
            }
        }
        roleMembershipForMemberType.setAttributes(new HashMap(0));
        roleMembershipForMemberType.setType(MemberType.fromCode(str));
        roleMembershipForMemberType.setMemberId(str2);
        roleMembershipForMemberType.setActiveFromDateValue(securityModelMember.getActiveFromDate() == null ? null : securityModelMember.getActiveFromDate());
        roleMembershipForMemberType.setActiveToDateValue(securityModelMember.getActiveToDate() == null ? null : securityModelMember.getActiveToDate());
        roleService.updateRoleMember(roleMembershipForMemberType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RoleMember getRoleMembershipForMemberType(String str, String str2, String str3, Map<String, String> map) {
        for (RoleMember roleMember : KimApiServiceLocator.getRoleService().findRoleMembers(QueryByCriteria.Builder.fromPredicates(PredicateFactory.equal("roleId", str), PredicateFactory.equal("typeCode", str3), PredicateFactory.equal("memberId", str2))).getResults()) {
            if (map == null || map.isEmpty()) {
                return roleMember;
            }
            if (doQualificationsMatch(map, roleMember.getAttributes())) {
                return roleMember;
            }
        }
        return null;
    }

    protected boolean doQualificationsMatch(Map<String, String> map, Map<String, String> map2) {
        for (String str : map.keySet()) {
            if (!map2.containsKey(str)) {
                return false;
            }
            if (!StringUtils.equals(map.get(str), map2.get(str))) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doMembershipQualificationsMatchValues(Map<String, String> map, String str, String str2, String str3) {
        String str4 = map.get(SecKimAttributes.CONSTRAINT_CODE);
        String str5 = map.get(SecKimAttributes.OPERATOR);
        if (StringUtils.equals(map.get("propertyValue"), str3) && StringUtils.equals(str4, str)) {
            return StringUtils.equals(str5, str2);
        }
        return false;
    }
}
