package org.kuali.rice.kim.impl.permission;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.xml.namespace.QName;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.rice.core.api.cache.CacheKeyUtils;
import org.kuali.rice.core.api.criteria.PredicateFactory;
import org.kuali.rice.core.api.criteria.QueryByCriteria;
import org.kuali.rice.core.api.criteria.QueryResults;
import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
import org.kuali.rice.core.api.exception.RiceIllegalStateException;
import org.kuali.rice.core.api.membership.MemberType;
import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader;
import org.kuali.rice.kim.api.KimConstants;
import org.kuali.rice.kim.api.common.assignee.Assignee;
import org.kuali.rice.kim.api.common.delegate.DelegateType;
import org.kuali.rice.kim.api.common.template.Template;
import org.kuali.rice.kim.api.common.template.TemplateQueryResults;
import org.kuali.rice.kim.api.identity.principal.Principal;
import org.kuali.rice.kim.api.permission.Permission;
import org.kuali.rice.kim.api.permission.PermissionQueryResults;
import org.kuali.rice.kim.api.permission.PermissionService;
import org.kuali.rice.kim.api.role.RoleMembership;
import org.kuali.rice.kim.api.role.RoleService;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;
import org.kuali.rice.kim.api.type.KimTypeInfoService;
import org.kuali.rice.kim.framework.permission.PermissionTypeService;
import org.kuali.rice.kim.impl.common.attribute.AttributeTransform;
import org.kuali.rice.kim.impl.common.attribute.KimAttributeDataBo;
import org.kuali.rice.kim.impl.role.RolePermissionBo;
import org.kuali.rice.krad.data.DataObjectService;
import org.kuali.rice.krad.data.PersistenceOption;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.support.NoOpCacheManager;

/* loaded from: input_file:WEB-INF/lib/rice-kim-impl-2.5.3.1808.0010-kualico.jar:org/kuali/rice/kim/impl/permission/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionService {
    private static final Logger LOG = LogManager.getLogger((Class<?>) PermissionServiceImpl.class);
    protected RoleService roleService;
    protected PermissionTypeService defaultPermissionTypeService;
    protected KimTypeInfoService kimTypeInfoService;
    protected DataObjectService dataObjectService;
    private final CopyOnWriteArrayList<Template> allTemplates = new CopyOnWriteArrayList<>();
    protected CacheManager cacheManager = new NoOpCacheManager();

    protected PermissionTypeService getPermissionTypeService(Template template) {
        if (template == null) {
            throw new IllegalArgumentException("permissionTemplate may not be null");
        }
        String serviceName = this.kimTypeInfoService.getKimType(template.getKimTypeId()).getServiceName();
        if (StringUtils.isBlank(serviceName)) {
            return this.defaultPermissionTypeService;
        }
        try {
            Object service = GlobalResourceLoader.getService(QName.valueOf(serviceName));
            if (service == null) {
                throw new RuntimeException("null returned for permission type service for service name: " + serviceName);
            }
            if (service instanceof PermissionTypeService) {
                return (PermissionTypeService) service;
            }
            throw new RuntimeException("Service " + serviceName + " was not a PermissionTypeService.  Was: " + service.getClass().getName());
        } catch (Exception e) {
            throw new RuntimeException("Error retrieving service: " + serviceName + " from the KimImplServiceLocator.", e);
        }
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean hasPermission(String str, String str2, String str3) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, KimConstants.AttributeConstants.PERMISSION_NAME);
        return isAuthorized(str, str2, str3, Collections.emptyMap());
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean isAuthorized(String str, String str2, String str3, Map<String, String> map) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, KimConstants.AttributeConstants.PERMISSION_NAME);
        incomingParamCheck(map, "qualification");
        if (LOG.isDebugEnabled()) {
            logAuthorizationCheck("Permission", str, str2, str3, map);
        }
        List<String> roleIdsForPermission = getRoleIdsForPermission(str2, str3);
        if (roleIdsForPermission.isEmpty()) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Result: false");
            return false;
        }
        boolean principalHasRole = this.roleService.principalHasRole(str, roleIdsForPermission, map);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Result: " + principalHasRole);
        }
        return principalHasRole;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean hasPermissionByTemplate(String str, String str2, String str3, Map<String, String> map) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "permissionTemplateName");
        return isAuthorizedByTemplate(str, str2, str3, map, Collections.emptyMap());
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean isAuthorizedByTemplate(String str, String str2, String str3, Map<String, String> map, Map<String, String> map2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "permissionTemplateName");
        incomingParamCheck(map2, "qualification");
        if (LOG.isDebugEnabled()) {
            logAuthorizationCheckByTemplate("Perm Templ", str, str2, str3, map, map2);
        }
        List<String> roleIdsForPermissionTemplate = getRoleIdsForPermissionTemplate(str2, str3, map);
        if (roleIdsForPermissionTemplate.isEmpty()) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Result: false");
            return false;
        }
        boolean principalHasRole = this.roleService.principalHasRole(str, roleIdsForPermissionTemplate, map2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Result: " + principalHasRole);
        }
        return principalHasRole;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Permission> getAuthorizedPermissions(String str, String str2, String str3, Map<String, String> map) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, KimConstants.AttributeConstants.PERMISSION_NAME);
        incomingParamCheck(map, "qualification");
        return getPermissionsForUser(str, getMatchingPermissions(getPermissionsByName(str2, str3), null), map);
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Permission> getAuthorizedPermissionsByTemplate(String str, String str2, String str3, Map<String, String> map, Map<String, String> map2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "principalId");
        incomingParamCheck(str2, "namespaceCode");
        incomingParamCheck(str3, "permissionTemplateName");
        incomingParamCheck(map2, "qualification");
        return getPermissionsForUser(str, getMatchingPermissions(getPermissionsByTemplateName(str2, str3), map), map2);
    }

    protected List<Permission> getPermissionsForUser(String str, List<Permission> list, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        for (Permission permission : list) {
            List<String> roleIdsForPermissions = getRoleIdsForPermissions(Collections.singletonList(permission));
            if (roleIdsForPermissions != null && !roleIdsForPermissions.isEmpty() && this.roleService.principalHasRole(str, roleIdsForPermissions, map)) {
                arrayList.add(permission);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    protected Map<String, PermissionTypeService> getPermissionTypeServicesByTemplateId(Collection<Permission> collection) {
        HashMap hashMap = new HashMap(collection.size());
        for (Permission permission : collection) {
            if (!hashMap.containsKey(permission.getTemplate().getId())) {
                hashMap.put(permission.getTemplate().getId(), getPermissionTypeService(permission.getTemplate()));
            }
        }
        return hashMap;
    }

    protected Map<String, List<Permission>> groupPermissionsByTemplate(Collection<Permission> collection) {
        HashMap hashMap = new HashMap();
        for (Permission permission : collection) {
            List list = (List) hashMap.get(permission.getTemplate().getId());
            if (list == null) {
                list = new ArrayList();
                hashMap.put(permission.getTemplate().getId(), list);
            }
            list.add(permission);
        }
        return hashMap;
    }

    protected List<Permission> getMatchingPermissions(List<Permission> list, Map<String, String> map) {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        String str = "{getMatchingPermissions}permissionIds=" + CacheKeyUtils.key(arrayList) + "|permissionDetails=" + CacheKeyUtils.mapKey(map);
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        ArrayList arrayList2 = new ArrayList();
        if (map == null || map.isEmpty()) {
            Iterator<Permission> it2 = list.iterator();
            while (it2.hasNext()) {
                arrayList2.add(it2.next());
            }
        } else {
            Map<String, PermissionTypeService> permissionTypeServicesByTemplateId = getPermissionTypeServicesByTemplateId(list);
            for (Map.Entry<String, List<Permission>> entry : groupPermissionsByTemplate(list).entrySet()) {
                arrayList2.addAll(permissionTypeServicesByTemplateId.get(entry.getKey()).getMatchingPermissions(map, entry.getValue()));
            }
        }
        List<Permission> unmodifiableList = Collections.unmodifiableList(arrayList2);
        this.cacheManager.getCache(Permission.Cache.NAME).put(str, unmodifiableList);
        return unmodifiableList;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Assignee> getPermissionAssignees(String str, String str2, Map<String, String> map) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, KimConstants.AttributeConstants.PERMISSION_NAME);
        incomingParamCheck(map, "qualification");
        List<String> roleIdsForPermission = getRoleIdsForPermission(str, str2);
        if (roleIdsForPermission.isEmpty()) {
            return Collections.emptyList();
        }
        List<RoleMembership> roleMembers = this.roleService.getRoleMembers(roleIdsForPermission, map);
        ArrayList arrayList = new ArrayList();
        for (RoleMembership roleMembership : roleMembers) {
            ArrayList arrayList2 = new ArrayList();
            if (!roleMembership.getDelegates().isEmpty()) {
                Iterator<DelegateType> it = roleMembership.getDelegates().iterator();
                while (it.hasNext()) {
                    arrayList2.add(DelegateType.Builder.create(it.next()));
                }
            }
            if (MemberType.PRINCIPAL.equals(roleMembership.getType())) {
                arrayList.add(Assignee.Builder.create(roleMembership.getMemberId(), null, arrayList2).build());
            } else if (MemberType.GROUP.equals(roleMembership.getType())) {
                arrayList.add(Assignee.Builder.create(null, roleMembership.getMemberId(), arrayList2).build());
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Assignee> getPermissionAssigneesByTemplate(String str, String str2, Map<String, String> map, Map<String, String> map2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "permissionTemplateName");
        incomingParamCheck(map2, "qualification");
        List<String> roleIdsForPermissionTemplate = getRoleIdsForPermissionTemplate(str, str2, map);
        if (roleIdsForPermissionTemplate.isEmpty()) {
            return Collections.emptyList();
        }
        List<RoleMembership> roleMembers = this.roleService.getRoleMembers(roleIdsForPermissionTemplate, map2);
        ArrayList arrayList = new ArrayList();
        for (RoleMembership roleMembership : roleMembers) {
            ArrayList arrayList2 = new ArrayList();
            if (!roleMembership.getDelegates().isEmpty()) {
                Iterator<DelegateType> it = roleMembership.getDelegates().iterator();
                while (it.hasNext()) {
                    arrayList2.add(DelegateType.Builder.create(it.next()));
                }
            }
            if (MemberType.PRINCIPAL.equals(roleMembership.getType())) {
                arrayList.add(Assignee.Builder.create(roleMembership.getMemberId(), null, arrayList2).build());
            } else {
                arrayList.add(Assignee.Builder.create(null, roleMembership.getMemberId(), arrayList2).build());
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean isPermissionDefined(String str, String str2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, KimConstants.AttributeConstants.PERMISSION_NAME);
        return !getMatchingPermissions(getPermissionsByName(str, str2), null).isEmpty();
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public boolean isPermissionDefinedByTemplate(String str, String str2, Map<String, String> map) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "permissionTemplateName");
        return !getMatchingPermissions(getPermissionsByTemplateName(str, str2), map).isEmpty();
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<String> getRoleIdsForPermission(String str, String str2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, KimConstants.AttributeConstants.PERMISSION_NAME);
        String str3 = "{RoleIds}namespaceCode=" + str + "|name=" + str2;
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str3);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        List<String> roleIdsForPermissions = getRoleIdsForPermissions(getMatchingPermissions(getPermissionsByName(str, str2), null));
        this.cacheManager.getCache(Permission.Cache.NAME).put(str3, roleIdsForPermissions);
        return roleIdsForPermissions;
    }

    protected List<String> getRoleIdsForPermissionTemplate(String str, String str2, Map<String, String> map) {
        String str3 = "{getRoleIdsForPermissionTemplate}namespaceCode=" + str + "|permissionTemplateName=" + str2 + "|permissionDetails=" + CacheKeyUtils.mapKey(map);
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str3);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        List<String> roleIdsForPermissions = getRoleIdsForPermissions(getMatchingPermissions(getPermissionsByTemplateName(str, str2), map));
        this.cacheManager.getCache(Permission.Cache.NAME).put(str3, roleIdsForPermissions);
        return roleIdsForPermissions;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Permission getPermission(String str) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "permissionId");
        PermissionBo permissionImpl = getPermissionImpl(str);
        if (permissionImpl != null) {
            return PermissionBo.to(permissionImpl);
        }
        return null;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Permission> findPermissionsByTemplate(String str, String str2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "permissionTemplateName");
        List<Permission> permissionsByTemplateName = getPermissionsByTemplateName(str, str2);
        ArrayList arrayList = new ArrayList(permissionsByTemplateName.size());
        Iterator<Permission> it = permissionsByTemplateName.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return Collections.unmodifiableList(arrayList);
    }

    protected PermissionBo getPermissionImpl(String str) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "permissionId");
        return (PermissionBo) this.dataObjectService.find(PermissionBo.class, str);
    }

    protected List<Permission> getPermissionsByTemplateName(String str, String str2) {
        String str3 = "{getPermissionsByTemplateName}namespaceCode=" + str + "|permissionTemplateName=" + str2;
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str3);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        HashMap hashMap = new HashMap(3);
        hashMap.put("template.namespaceCode", str);
        hashMap.put("template.name", str2);
        hashMap.put("template.active", Boolean.TRUE);
        hashMap.put("active", Boolean.TRUE);
        List<Permission> permissions = toPermissions(this.dataObjectService.findMatching(PermissionBo.class, QueryByCriteria.Builder.andAttributes(hashMap).build()).getResults());
        this.cacheManager.getCache(Permission.Cache.NAME).put(str3, permissions);
        return permissions;
    }

    protected List<Permission> getPermissionsByName(String str, String str2) {
        String str3 = "{getPermissionsByName}namespaceCode=" + str + "|permissionName=" + str2;
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str3);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        HashMap hashMap = new HashMap(3);
        hashMap.put("namespaceCode", str);
        hashMap.put("name", str2);
        hashMap.put("active", Boolean.TRUE);
        List<Permission> permissions = toPermissions(this.dataObjectService.findMatching(PermissionBo.class, QueryByCriteria.Builder.andAttributes(hashMap).build()).getResults());
        this.cacheManager.getCache(Permission.Cache.NAME).put(str3, permissions);
        return permissions;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Template getPermissionTemplate(String str) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "permissionTemplateId");
        PermissionTemplateBo permissionTemplateBo = (PermissionTemplateBo) this.dataObjectService.find(PermissionTemplateBo.class, str);
        if (permissionTemplateBo != null) {
            return PermissionTemplateBo.to(permissionTemplateBo);
        }
        return null;
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Template findPermTemplateByNamespaceCodeAndName(String str, String str2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, "permissionTemplateName");
        HashMap hashMap = new HashMap(2);
        hashMap.put("namespaceCode", str);
        hashMap.put("name", str2);
        QueryResults findMatching = this.dataObjectService.findMatching(PermissionTemplateBo.class, QueryByCriteria.Builder.andAttributes(hashMap).build());
        if (findMatching.getResults().isEmpty()) {
            return null;
        }
        return PermissionTemplateBo.to((PermissionTemplateBo) findMatching.getResults().get(0));
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public List<Template> getAllTemplates() {
        if (this.allTemplates.isEmpty()) {
            HashMap hashMap = new HashMap(1);
            hashMap.put("active", Boolean.TRUE);
            QueryResults findMatching = this.dataObjectService.findMatching(PermissionTemplateBo.class, QueryByCriteria.Builder.andAttributes(hashMap).build());
            ArrayList arrayList = new ArrayList(findMatching.getResults().size());
            Iterator it = findMatching.getResults().iterator();
            while (it.hasNext()) {
                arrayList.add(PermissionTemplateBo.to((PermissionTemplateBo) it.next()));
            }
            Collections.sort(arrayList, new Comparator<Template>() { // from class: org.kuali.rice.kim.impl.permission.PermissionServiceImpl.1
                @Override // java.util.Comparator
                public int compare(Template template, Template template2) {
                    int compareTo = template.getNamespaceCode().compareTo(template2.getNamespaceCode());
                    return compareTo != 0 ? compareTo : template.getName().compareTo(template2.getName());
                }
            });
            this.allTemplates.addAll(arrayList);
        }
        return Collections.unmodifiableList(this.allTemplates);
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Permission createPermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException {
        incomingParamCheck(permission, PermissionQueryResults.Elements.RESULT_ELEM);
        if (StringUtils.isNotBlank(permission.getId()) && getPermission(permission.getId()) != null) {
            throw new RiceIllegalStateException("the permission to create already exists: " + permission);
        }
        List<PermissionAttributeBo> emptyList = Collections.emptyList();
        if (permission.getTemplate() != null) {
            emptyList = KimAttributeDataBo.createFrom(PermissionAttributeBo.class, permission.getAttributes(), permission.getTemplate().getKimTypeId());
        }
        PermissionBo from = PermissionBo.from(permission);
        if (from.getTemplate() == null && from.getTemplateId() != null) {
            from.setTemplate(PermissionTemplateBo.from(getPermissionTemplate(from.getTemplateId())));
        }
        from.setAttributeDetails(emptyList);
        return PermissionBo.to((PermissionBo) this.dataObjectService.save(from, new PersistenceOption[0]));
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Permission updatePermission(Permission permission) throws RiceIllegalArgumentException, RiceIllegalStateException {
        incomingParamCheck(permission, PermissionQueryResults.Elements.RESULT_ELEM);
        PermissionBo permissionImpl = getPermissionImpl(permission.getId());
        if (StringUtils.isBlank(permission.getId()) || permissionImpl == null) {
            throw new RiceIllegalStateException("the permission does not exist: " + permission);
        }
        List<PermissionAttributeBo> attributeDetails = permissionImpl.getAttributeDetails();
        HashMap hashMap = new HashMap();
        for (PermissionAttributeBo permissionAttributeBo : attributeDetails) {
            hashMap.put(permissionAttributeBo.getKimAttribute().getAttributeName(), permissionAttributeBo);
        }
        ArrayList arrayList = new ArrayList();
        for (String str : permission.getAttributes().keySet()) {
            if (hashMap.containsKey(str)) {
                PermissionAttributeBo permissionAttributeBo2 = (PermissionAttributeBo) hashMap.get(str);
                permissionAttributeBo2.setAttributeValue(permission.getAttributes().get(str));
                arrayList.add(permissionAttributeBo2);
            } else {
                arrayList.addAll(KimAttributeDataBo.createFrom(PermissionAttributeBo.class, Collections.singletonMap(str, permission.getAttributes().get(str)), permission.getTemplate().getKimTypeId()));
            }
        }
        PermissionBo from = PermissionBo.from(permission);
        if (CollectionUtils.isNotEmpty(arrayList)) {
            if (null != from.getAttributeDetails()) {
                from.getAttributeDetails().clear();
            }
            from.setAttributeDetails(arrayList);
        }
        if (from.getTemplate() == null && from.getTemplateId() != null) {
            from.setTemplate(PermissionTemplateBo.from(getPermissionTemplate(from.getTemplateId())));
        }
        return PermissionBo.to((PermissionBo) this.dataObjectService.save(from, new PersistenceOption[0]));
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public Permission findPermByNamespaceCodeAndName(String str, String str2) throws RiceIllegalArgumentException {
        incomingParamCheck(str, "namespaceCode");
        incomingParamCheck(str2, KimConstants.AttributeConstants.PERMISSION_NAME);
        PermissionBo permissionBoByName = getPermissionBoByName(str, str2);
        if (permissionBoByName != null) {
            return PermissionBo.to(permissionBoByName);
        }
        return null;
    }

    protected PermissionBo getPermissionBoByName(String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return null;
        }
        HashMap hashMap = new HashMap(3);
        hashMap.put("namespaceCode", str);
        hashMap.put("name", str2);
        hashMap.put("active", Boolean.TRUE);
        QueryResults findMatching = this.dataObjectService.findMatching(PermissionBo.class, QueryByCriteria.Builder.andAttributes(hashMap).build());
        if (findMatching.getResults().isEmpty()) {
            return null;
        }
        return (PermissionBo) findMatching.getResults().get(0);
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public PermissionQueryResults findPermissions(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException {
        incomingParamCheck(queryByCriteria, "queryByCriteria");
        QueryResults findMatching = this.dataObjectService.findMatching(PermissionBo.class, AttributeTransform.getInstance().apply(queryByCriteria));
        PermissionQueryResults.Builder create = PermissionQueryResults.Builder.create();
        create.setMoreResultsAvailable(findMatching.isMoreResultsAvailable());
        create.setTotalRowCount(findMatching.getTotalRowCount());
        ArrayList arrayList = new ArrayList();
        Iterator it = findMatching.getResults().iterator();
        while (it.hasNext()) {
            arrayList.add(Permission.Builder.create((PermissionBo) it.next()));
        }
        create.setResults(arrayList);
        return create.build();
    }

    @Override // org.kuali.rice.kim.api.permission.PermissionService
    public TemplateQueryResults findPermissionTemplates(QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException {
        incomingParamCheck(queryByCriteria, "queryByCriteria");
        QueryResults findMatching = this.dataObjectService.findMatching(PermissionTemplateBo.class, queryByCriteria);
        TemplateQueryResults.Builder create = TemplateQueryResults.Builder.create();
        create.setMoreResultsAvailable(findMatching.isMoreResultsAvailable());
        create.setTotalRowCount(findMatching.getTotalRowCount());
        ArrayList arrayList = new ArrayList();
        Iterator it = findMatching.getResults().iterator();
        while (it.hasNext()) {
            arrayList.add(Template.Builder.create((PermissionTemplateBo) it.next()));
        }
        create.setResults(arrayList);
        return create.build();
    }

    private List<String> getRoleIdsForPermissions(Collection<Permission> collection) {
        if (CollectionUtils.isEmpty(collection)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return getRoleIdsForPermissionIds(arrayList);
    }

    private List<String> getRoleIdsForPermissionIds(Collection<String> collection) {
        if (CollectionUtils.isEmpty(collection)) {
            return Collections.emptyList();
        }
        String str = "{getRoleIdsForPermissionIds}permissionIds=" + CacheKeyUtils.key(collection);
        Cache.ValueWrapper valueWrapper = this.cacheManager.getCache(Permission.Cache.NAME).get(str);
        if (valueWrapper != null && (valueWrapper.get() instanceof List)) {
            return (List) valueWrapper.get();
        }
        QueryResults findMatching = this.dataObjectService.findMatching(RolePermissionBo.class, QueryByCriteria.Builder.fromPredicates(PredicateFactory.equal("active", Boolean.TRUE), PredicateFactory.in("permissionId", collection.toArray(new String[0]))));
        ArrayList arrayList = new ArrayList();
        Iterator it = findMatching.getResults().iterator();
        while (it.hasNext()) {
            arrayList.add(((RolePermissionBo) it.next()).getRoleId());
        }
        List<String> unmodifiableList = Collections.unmodifiableList(arrayList);
        this.cacheManager.getCache(Permission.Cache.NAME).put(str, unmodifiableList);
        return unmodifiableList;
    }

    public void setKimTypeInfoService(KimTypeInfoService kimTypeInfoService) {
        this.kimTypeInfoService = kimTypeInfoService;
    }

    public void setDefaultPermissionTypeService(PermissionTypeService permissionTypeService) {
        this.defaultPermissionTypeService = permissionTypeService;
    }

    public void setRoleService(RoleService roleService) {
        this.roleService = roleService;
    }

    public void setDataObjectService(DataObjectService dataObjectService) {
        this.dataObjectService = dataObjectService;
    }

    public void setCacheManager(CacheManager cacheManager) {
        if (cacheManager == null) {
            throw new IllegalArgumentException("cacheManager must not be null");
        }
        this.cacheManager = cacheManager;
    }

    private List<Permission> toPermissions(Collection<PermissionBo> collection) {
        if (CollectionUtils.isEmpty(collection)) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<PermissionBo> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(PermissionBo.to(it.next()));
        }
        return arrayList;
    }

    protected void logAuthorizationCheck(String str, String str2, String str3, String str4, Map<String, String> map) {
        Principal principal;
        StringBuilder sb = new StringBuilder();
        sb.append('\n');
        sb.append("Is AuthZ for ").append(str).append(": ").append(str3).append("/").append(str4).append('\n');
        sb.append("             Principal:  ").append(str2);
        if (str2 != null && (principal = KimApiServiceLocator.getIdentityService().getPrincipal(str2)) != null) {
            sb.append(" (").append(principal.getPrincipalName()).append(')');
        }
        sb.append('\n');
        sb.append("             Qualifiers:\n");
        if (map == null || map.isEmpty()) {
            sb.append("                         [null]\n");
        } else {
            sb.append(map);
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace((CharSequence) sb.append(ExceptionUtils.getStackTrace(new Throwable())));
        } else {
            LOG.debug(sb.toString());
        }
    }

    protected void logAuthorizationCheckByTemplate(String str, String str2, String str3, String str4, Map<String, String> map, Map<String, String> map2) {
        Principal principal;
        StringBuilder sb = new StringBuilder();
        sb.append('\n');
        sb.append("Is AuthZ for ").append(str).append(": ").append(str3).append("/").append(str4).append('\n');
        sb.append("             Principal:  ").append(str2);
        if (str2 != null && (principal = KimApiServiceLocator.getIdentityService().getPrincipal(str2)) != null) {
            sb.append(" (").append(principal.getPrincipalName()).append(')');
        }
        sb.append('\n');
        sb.append("             Details:\n");
        if (map != null) {
            sb.append(map);
        } else {
            sb.append("                         [null]\n");
        }
        sb.append("             Qualifiers:\n");
        if (map2 == null || map2.isEmpty()) {
            sb.append("                         [null]\n");
        } else {
            sb.append(map2);
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace((CharSequence) sb.append(ExceptionUtils.getStackTrace(new Throwable())));
        } else {
            LOG.debug(sb.toString());
        }
    }

    private void incomingParamCheck(Object obj, String str) {
        if (obj == null) {
            throw new RiceIllegalArgumentException(str + " was null");
        }
        if ((obj instanceof String) && StringUtils.isBlank((String) obj)) {
            throw new RiceIllegalArgumentException(str + " was blank");
        }
    }
}
