package io.datarouter.auth.service;

import io.datarouter.auth.model.dto.RoleApprovalRequirementStatus;
import io.datarouter.auth.model.dto.UserRoleMetadata;
import io.datarouter.auth.role.DatarouterUserRole;
import io.datarouter.auth.role.Role;
import io.datarouter.auth.role.RoleApprovalType;
import io.datarouter.auth.role.RoleManager;
import io.datarouter.auth.session.Session;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserKey;
import io.datarouter.auth.storage.user.datarouteruser.cache.DatarouterUserByIdCache;
import io.datarouter.auth.storage.user.datarouteruser.cache.DatarouterUserByUserTokenCache;
import io.datarouter.auth.storage.user.datarouteruser.cache.DatarouterUserByUsernameCache;
import io.datarouter.auth.storage.user.roleapprovals.DatarouterUserRoleApprovalDao;
import io.datarouter.auth.util.PasswordTool;
import io.datarouter.scanner.Scanner;
import io.datarouter.scanner.WarnOnModifyList;
import io.datarouter.util.Require;
import io.datarouter.util.string.StringTool;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterUserService.class */
public class DatarouterUserService implements UserInfo {

    @Inject
    private DatarouterUserDao userDao;

    @Inject
    private DatarouterUserByUsernameCache datarouterUserByUsernameCache;

    @Inject
    private DatarouterUserByUserTokenCache datarouterUserByUserTokenCache;

    @Inject
    private DatarouterUserByIdCache datarouterUserByIdCache;

    @Inject
    private DatarouterUserRoleApprovalDao roleApprovalDao;

    @Inject
    private RoleManager roleManager;

    @Override // io.datarouter.auth.service.UserInfo
    public Scanner<DatarouterUser> scanAllUsers(boolean z, Set<Role> set) {
        return set.isEmpty() ? Scanner.empty() : this.userDao.scan().include(datarouterUser -> {
            return !z || datarouterUser.getEnabled().booleanValue();
        }).include(datarouterUser2 -> {
            Stream<Role> stream = datarouterUser2.getRolesIgnoreSaml().stream();
            set.getClass();
            return stream.anyMatch((v1) -> {
                return r1.contains(v1);
            });
        });
    }

    @Override // io.datarouter.auth.service.UserInfo
    public Optional<DatarouterUser> findUserByUsername(String str, boolean z) {
        return StringTool.isEmptyOrWhitespace(str) ? Optional.empty() : z ? this.datarouterUserByUsernameCache.get(str) : Optional.ofNullable(this.userDao.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str)));
    }

    public DatarouterUser getUserByUsername(String str, boolean z) {
        return findUserByUsername(str, z).orElseThrow(() -> {
            return new RuntimeException("User not found for username=" + str);
        });
    }

    @Override // io.datarouter.auth.service.UserInfo
    public Optional<DatarouterUser> findUserByToken(String str, boolean z) {
        return StringTool.isEmptyOrWhitespace(str) ? Optional.empty() : z ? this.datarouterUserByUserTokenCache.get(str) : this.userDao.find(new DatarouterUser.DatarouterUserByUserTokenLookup(str));
    }

    public DatarouterUser getUserByToken(String str, boolean z) {
        return findUserByToken(str, z).orElseThrow(() -> {
            return new RuntimeException("User not found for userToken=" + str);
        });
    }

    @Override // io.datarouter.auth.service.UserInfo
    public Optional<DatarouterUser> findUserById(Long l, boolean z) {
        return l == null ? Optional.empty() : z ? this.datarouterUserByIdCache.get(l) : this.userDao.find(new DatarouterUserKey(l));
    }

    public DatarouterUser getUserById(Long l, boolean z) {
        return findUserById(l, z).orElseThrow(() -> {
            return new RuntimeException("User not found for id=" + String.valueOf(l));
        });
    }

    public Set<Role> getUserRolesWithSamlGroups(DatarouterUser datarouterUser) {
        return getUserRolesWithSamlGroups(Optional.ofNullable(datarouterUser));
    }

    public Set<Role> getUserRolesWithSamlGroups(Optional<DatarouterUser> optional) {
        return (Set) optional.map(datarouterUser -> {
            return datarouterUser.getRolesWithSamlGroups(this.roleManager);
        }).map((v1) -> {
            return new HashSet(v1);
        }).orElseGet(HashSet::new);
    }

    @Override // io.datarouter.auth.service.UserInfo
    public Set<Role> getRolesByUsername(String str, boolean z) {
        return getUserRolesWithSamlGroups(findUserByUsername(str, z));
    }

    public DatarouterUser getAndValidateCurrentUser(Session session) {
        DatarouterUser userBySession = getUserBySession(session);
        if (userBySession == null || !userBySession.getEnabled().booleanValue()) {
            throw new RuntimeException("Current user does not exist or is not enabled.");
        }
        return userBySession;
    }

    public DatarouterUser getUserBySession(Session session) {
        if (session == null || session.getUserId() == null) {
            return null;
        }
        return this.userDao.get(new DatarouterUserKey(session.getUserId()));
    }

    public boolean canEditUserPassword(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        if (datarouterUser2.equals(datarouterUser)) {
            return true;
        }
        return !isDatarouterAdmin(datarouterUser2) && isDatarouterAdmin(datarouterUser) && datarouterUser.getEnabled().booleanValue();
    }

    public boolean canEditUser(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        if (datarouterUser2.equals(datarouterUser)) {
            return true;
        }
        return isDatarouterAdmin(datarouterUser) && datarouterUser.getEnabled().booleanValue();
    }

    public boolean canHavePassword(DatarouterUser datarouterUser) {
        return datarouterUser.getPasswordDigest() != null || isDatarouterAdmin(datarouterUser);
    }

    public boolean isPasswordCorrect(DatarouterUser datarouterUser, String str) {
        if (datarouterUser == null || str == null) {
            return false;
        }
        return Objects.equals(datarouterUser.getPasswordDigest(), PasswordTool.digest(datarouterUser.getPasswordSalt(), str));
    }

    public void assertUserDoesNotExist(Long l, String str, String str2) {
        Require.isEmpty(findUserById(l, false), "DatarouterUser already exists with id=" + String.valueOf(l));
        Require.isEmpty(findUserByToken(str, false), "DatarouterUser already exists with userToken=" + str);
        Require.isEmpty(findUserByUsername(str2, false), "DatarouterUser already exists with username=" + str2);
    }

    public boolean isDatarouterAdmin(DatarouterUser datarouterUser) {
        return getUserRolesWithSamlGroups(datarouterUser).contains(DatarouterUserRole.DATAROUTER_ADMIN.getRole());
    }

    public Map<Role, Map<RoleApprovalType, Set<String>>> getCurrentRoleApprovals(DatarouterUser datarouterUser) {
        return (Map) Scanner.of(this.roleApprovalDao.getAllOutstandingApprovalsForUser(datarouterUser)).exclude(datarouterUserRoleApproval -> {
            return this.roleManager.findRoleFromPersistentString(datarouterUserRoleApproval.getKey().getRequestedRole()).isEmpty();
        }).exclude(datarouterUserRoleApproval2 -> {
            return this.roleManager.findRoleApprovalTypeFromPersistentString(datarouterUserRoleApproval2.getApprovalType()).isEmpty();
        }).collect(Collectors.groupingBy(datarouterUserRoleApproval3 -> {
            return this.roleManager.findRoleFromPersistentString(datarouterUserRoleApproval3.getKey().getRequestedRole()).get();
        }, Collectors.groupingBy(datarouterUserRoleApproval4 -> {
            return this.roleManager.findRoleApprovalTypeFromPersistentString(datarouterUserRoleApproval4.getApprovalType()).get();
        }, Collectors.mapping(datarouterUserRoleApproval5 -> {
            return datarouterUserRoleApproval5.getKey().getApproverUsername();
        }, Collectors.toSet()))));
    }

    public List<UserRoleMetadata> getRoleMetadataForUser(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        HashSet hashSet = new HashSet(datarouterUser2.getRolesIgnoreSaml());
        Set<Role> allRoles = this.roleManager.getAllRoles();
        Map<Role, Map<RoleApprovalType, Integer>> allRoleApprovalRequirements = this.roleManager.getAllRoleApprovalRequirements();
        Map<Role, Map<RoleApprovalType, Set<String>>> currentRoleApprovals = getCurrentRoleApprovals(datarouterUser2);
        HashSet hashSet2 = new HashSet();
        Scanner map = Scanner.of(allRoleApprovalRequirements.values()).map((v0) -> {
            return v0.keySet();
        });
        hashSet2.getClass();
        map.forEach((v1) -> {
            r1.addAll(v1);
        });
        List<RoleApprovalType> prioritizedRoleApprovalTypes = this.roleManager.getPrioritizedRoleApprovalTypes(datarouterUser, datarouterUser2, hashSet2);
        Map<Role, List<String>> groupsByRole = this.roleManager.getGroupsByRole(datarouterUser2.getSamlGroups());
        return (List) Scanner.of(allRoles).map(role -> {
            Optional findFirst;
            Map map2 = (Map) allRoleApprovalRequirements.getOrDefault(role, new HashMap());
            Map map3 = (Map) currentRoleApprovals.getOrDefault(role, new HashMap());
            Map map4 = Scanner.of(map2.keySet()).toMap(Function.identity(), roleApprovalType -> {
                return new RoleApprovalRequirementStatus(((Integer) map2.get(roleApprovalType)).intValue(), (Set) map3.getOrDefault(roleApprovalType, new HashSet()));
            });
            boolean contains = hashSet.contains(role);
            Optional empty = Optional.empty();
            for (RoleApprovalType roleApprovalType2 : map3.keySet()) {
                if (((Set) map3.get(roleApprovalType2)).contains(datarouterUser.getUsername())) {
                    if (map4.containsKey(roleApprovalType2)) {
                        empty = Optional.of(roleApprovalType2);
                    } else {
                        this.roleApprovalDao.deleteOutstandingApprovalsOfApprovalTypeForRole(role.persistentString, roleApprovalType2.persistentString());
                    }
                }
            }
            if (contains) {
                Stream stream = prioritizedRoleApprovalTypes.stream();
                map4.getClass();
                findFirst = stream.filter((v1) -> {
                    return r1.containsKey(v1);
                }).findFirst();
            } else {
                findFirst = empty.isPresent() ? empty : prioritizedRoleApprovalTypes.stream().filter(roleApprovalType3 -> {
                    return map4.containsKey(roleApprovalType3) && ((RoleApprovalRequirementStatus) map4.get(roleApprovalType3)).currentApprovers().size() < ((RoleApprovalRequirementStatus) map4.get(roleApprovalType3)).requiredApprovals();
                }).findFirst();
            }
            return new UserRoleMetadata(role, hashSet.contains(role), map4, findFirst, Optional.of(Boolean.valueOf((!DatarouterUserRole.DATAROUTER_ADMIN.getPersistentString().equals(role.getPersistentString()) && isDatarouterAdmin(datarouterUser)) || datarouterUser2.equals(datarouterUser))), (List) groupsByRole.get(role));
        }).collect(WarnOnModifyList.deprecatedCollector());
    }
}
