package org.kuali.rice.kim.rules.ui;

import java.util.HashMap;
import java.util.Iterator;
import org.apache.commons.lang.StringUtils;
import org.kuali.rice.core.api.util.RiceKeyConstants;
import org.kuali.rice.kim.api.KimConstants;
import org.kuali.rice.kim.api.permission.Permission;
import org.kuali.rice.kim.bo.ui.KimDocumentRolePermission;
import org.kuali.rice.kim.document.IdentityManagementRoleDocument;
import org.kuali.rice.kim.rule.event.ui.AddPermissionEvent;
import org.kuali.rice.kim.rule.ui.AddPermissionRule;
import org.kuali.rice.kns.rules.DocumentRuleBase;
import org.kuali.rice.krad.util.GlobalVariables;

/* loaded from: input_file:WEB-INF/lib/rice-impl-2408.0005.jar:org/kuali/rice/kim/rules/ui/KimDocumentPermissionRule.class */
public class KimDocumentPermissionRule extends DocumentRuleBase implements AddPermissionRule {
    public static final String ERROR_PATH = "document.permission.permissionId";

    @Override // org.kuali.rice.kim.rule.ui.AddPermissionRule
    public boolean processAddPermission(AddPermissionEvent addPermissionEvent) {
        KimDocumentRolePermission permission = addPermissionEvent.getPermission();
        if (permission == null || StringUtils.isEmpty(permission.getPermissionId())) {
            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
            return false;
        }
        Permission permission2 = permission.getPermission();
        if (permission2 == null) {
            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
            return false;
        }
        boolean z = true;
        IdentityManagementRoleDocument identityManagementRoleDocument = (IdentityManagementRoleDocument) addPermissionEvent.getDocument();
        if (!hasPermissionToGrantPermission(permission2, identityManagementRoleDocument)) {
            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_ASSIGN_PERMISSION, permission2.getNamespaceCode(), permission2.getTemplate().getName());
            return false;
        }
        if (permission == null || StringUtils.isBlank(permission.getPermissionId())) {
            z = false;
            GlobalVariables.getMessageMap().putError(ERROR_PATH, RiceKeyConstants.ERROR_EMPTY_ENTRY, "Permission");
        } else {
            int i = 0;
            Iterator<KimDocumentRolePermission> it = identityManagementRoleDocument.getPermissions().iterator();
            while (it.hasNext()) {
                if (it.next().getPermissionId().equals(permission.getPermissionId())) {
                    z = false;
                    GlobalVariables.getMessageMap().putError("document.permissions[" + i + "].permissionId", RiceKeyConstants.ERROR_DUPLICATE_ENTRY, "Permission");
                }
                i++;
            }
        }
        return z;
    }

    @Override // org.kuali.rice.kim.rule.ui.AddPermissionRule
    public boolean hasPermissionToGrantPermission(Permission permission, IdentityManagementRoleDocument identityManagementRoleDocument) {
        HashMap hashMap = new HashMap();
        hashMap.put("namespaceCode", permission.getNamespaceCode());
        hashMap.put(KimConstants.AttributeConstants.PERMISSION_NAME, permission.getTemplate().getName());
        return getDocumentDictionaryService().getDocumentAuthorizer(identityManagementRoleDocument).isAuthorizedByTemplate(identityManagementRoleDocument, KimConstants.NAMESPACE_CODE, KimConstants.PermissionTemplateNames.GRANT_PERMISSION, GlobalVariables.getUserSession().getPerson().getPrincipalId(), hashMap, null);
    }
}
