package io.imunity.upman.rest;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.group.Group;
import pl.edu.icm.unity.base.group.GroupDelegationConfiguration;
import pl.edu.icm.unity.base.registration.BaseForm;
import pl.edu.icm.unity.engine.api.EnquiryManagement;
import pl.edu.icm.unity.engine.api.GroupsManagement;
import pl.edu.icm.unity.engine.api.RegistrationsManagement;
import pl.edu.icm.unity.engine.api.authn.AuthorizationException;
import pl.edu.icm.unity.engine.api.idp.IdpPolicyAgreementContentChecker;

@Component
/* loaded from: input_file:io/imunity/upman/rest/UpmanRestPolicyDocumentAuthorizationManager.class */
class UpmanRestPolicyDocumentAuthorizationManager {
    private final RegistrationsManagement registrationsManagement;
    private final EnquiryManagement enquiryManagement;
    private final List<IdpPolicyAgreementContentChecker> idpPolicyAgreementContentCheckers;
    private final GroupsManagement groupMan;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/imunity/upman/rest/UpmanRestPolicyDocumentAuthorizationManager$PolicyAuthorizationException.class */
    public class PolicyAuthorizationException extends AuthorizationException {
        public PolicyAuthorizationException() {
            super("Access to policy document is denied. The policy document is also used in other than this project context.");
        }
    }

    UpmanRestPolicyDocumentAuthorizationManager(RegistrationsManagement registrationsManagement, EnquiryManagement enquiryManagement, List<IdpPolicyAgreementContentChecker> list, GroupsManagement groupsManagement) {
        this.registrationsManagement = registrationsManagement;
        this.enquiryManagement = enquiryManagement;
        this.idpPolicyAgreementContentCheckers = list;
        this.groupMan = groupsManagement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertGetProjectPolicyAuthorization(GroupDelegationConfiguration groupDelegationConfiguration, Long l) throws AuthorizationException {
        if (!groupDelegationConfiguration.policyDocumentsIds.contains(l)) {
            throw new AuthorizationException("Access to policy document is denied. The policy document is not in project scope.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertUpdateOrRemoveProjectPolicyAuthorization(Group group, Long l) throws EngineException {
        if (group.getDelegationConfiguration().policyDocumentsIds == null || !group.getDelegationConfiguration().policyDocumentsIds.contains(l)) {
            throw new AuthorizationException("Access to policy document is denied. The policy document is not in project scope.");
        }
        assertIdPsContainsPolicyDocument(l);
        assertOtherGroupsContainsPolicyDocument(group, l);
        GroupDelegationConfiguration delegationConfiguration = group.getDelegationConfiguration();
        ArrayList arrayList = new ArrayList(this.registrationsManagement.getForms());
        if (delegationConfiguration.registrationForm != null) {
            arrayList.removeIf(registrationForm -> {
                return registrationForm.getName().equals(delegationConfiguration.registrationForm);
            });
        }
        assertFormsContainsPolicyDocument(arrayList, l);
        ArrayList arrayList2 = new ArrayList(this.enquiryManagement.getEnquires());
        if (delegationConfiguration.signupEnquiryForm != null) {
            arrayList2.removeIf(enquiryForm -> {
                return enquiryForm.getName().equals(delegationConfiguration.signupEnquiryForm);
            });
        }
        if (delegationConfiguration.membershipUpdateEnquiryForm != null) {
            arrayList2.removeIf(enquiryForm2 -> {
                return enquiryForm2.getName().equals(delegationConfiguration.membershipUpdateEnquiryForm);
            });
        }
        assertFormsContainsPolicyDocument(arrayList2, l);
    }

    void assertOtherGroupsContainsPolicyDocument(Group group, Long l) throws EngineException {
        for (Group group2 : (List) this.groupMan.getAllGroups().values().stream().filter(group3 -> {
            return (group3.equals(group) || group3.getDelegationConfiguration() == null) ? false : true;
        }).collect(Collectors.toList())) {
            if (group2.getDelegationConfiguration().policyDocumentsIds != null && group2.getDelegationConfiguration().policyDocumentsIds.contains(l)) {
                throw new PolicyAuthorizationException();
            }
        }
    }

    void assertIdPsContainsPolicyDocument(Long l) throws EngineException {
        Iterator<IdpPolicyAgreementContentChecker> it = this.idpPolicyAgreementContentCheckers.iterator();
        while (it.hasNext()) {
            if (it.next().isPolicyUsedOnEndpoints(l)) {
                throw new PolicyAuthorizationException();
            }
        }
    }

    void assertFormsContainsPolicyDocument(List<? extends BaseForm> list, Long l) throws AuthorizationException {
        Iterator<? extends BaseForm> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getPolicyAgreements().stream().map(policyAgreementConfiguration -> {
                return policyAgreementConfiguration.documentsIdsToAccept;
            }).flatMap((v0) -> {
                return v0.stream();
            }).anyMatch(l2 -> {
                return l2.equals(l);
            })) {
                throw new AuthorizationException("Access to policy document is denied. The policy document is used in other context.");
            }
        }
    }
}
