package net.nemerosa.ontrack.service.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import net.nemerosa.ontrack.model.security.BranchCreate;
import net.nemerosa.ontrack.model.security.BranchFilterMgt;
import net.nemerosa.ontrack.model.security.BranchTemplateMgt;
import net.nemerosa.ontrack.model.security.BranchTemplateSync;
import net.nemerosa.ontrack.model.security.BuildConfig;
import net.nemerosa.ontrack.model.security.BuildCreate;
import net.nemerosa.ontrack.model.security.GlobalFunction;
import net.nemerosa.ontrack.model.security.GlobalRole;
import net.nemerosa.ontrack.model.security.ProjectConfig;
import net.nemerosa.ontrack.model.security.ProjectCreation;
import net.nemerosa.ontrack.model.security.ProjectDelete;
import net.nemerosa.ontrack.model.security.ProjectFunction;
import net.nemerosa.ontrack.model.security.ProjectRole;
import net.nemerosa.ontrack.model.security.ProjectRoleAssociation;
import net.nemerosa.ontrack.model.security.ProjectView;
import net.nemerosa.ontrack.model.security.PromotionLevelCreate;
import net.nemerosa.ontrack.model.security.PromotionLevelEdit;
import net.nemerosa.ontrack.model.security.PromotionRunCreate;
import net.nemerosa.ontrack.model.security.PromotionRunDelete;
import net.nemerosa.ontrack.model.security.RolesService;
import net.nemerosa.ontrack.model.security.ValidationRunCreate;
import net.nemerosa.ontrack.model.security.ValidationRunStatusChange;
import net.nemerosa.ontrack.model.security.ValidationStampCreate;
import net.nemerosa.ontrack.model.security.ValidationStampDelete;
import net.nemerosa.ontrack.model.security.ValidationStampEdit;
import net.nemerosa.ontrack.model.support.StartupService;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:net/nemerosa/ontrack/service/security/RolesServiceImpl.class */
public class RolesServiceImpl implements RolesService, StartupService {
    private final Map<String, GlobalRole> globalRoles = new LinkedHashMap();
    private final Map<String, ProjectRole> projectRoles = new LinkedHashMap();

    public List<GlobalRole> getGlobalRoles() {
        return new ArrayList(this.globalRoles.values());
    }

    public Optional<GlobalRole> getGlobalRole(String str) {
        return Optional.ofNullable(this.globalRoles.get(str));
    }

    public List<ProjectRole> getProjectRoles() {
        return new ArrayList(this.projectRoles.values());
    }

    public Optional<ProjectRole> getProjectRole(String str) {
        return Optional.ofNullable(this.projectRoles.get(str));
    }

    public List<Class<? extends GlobalFunction>> getGlobalFunctions() {
        return defaultGlobalFunctions;
    }

    public List<Class<? extends ProjectFunction>> getProjectFunctions() {
        return defaultProjectFunctions;
    }

    public Optional<ProjectRoleAssociation> getProjectRoleAssociation(int i, String str) {
        return getProjectRole(str).map(projectRole -> {
            return new ProjectRoleAssociation(i, projectRole);
        });
    }

    public String getName() {
        return "Roles";
    }

    public int startupOrder() {
        return 50;
    }

    public void start() {
        initGlobalRoles();
        initProjectRoles();
    }

    private void initProjectRoles() {
        register("OWNER", "Project owner", "The project owner is allowed to all functions in a project, but for its deletion.", (List) getProjectFunctions().stream().filter(cls -> {
            return !ProjectDelete.class.isAssignableFrom(cls);
        }).collect(Collectors.toList()));
        register("PARTICIPANT", "Participant", "A participant in a project is allowed to change statuses in validation runs.", Arrays.asList(ProjectView.class, ValidationRunStatusChange.class));
        List<Class<? extends ProjectFunction>> asList = Arrays.asList(ValidationStampCreate.class, ValidationStampEdit.class, ValidationStampDelete.class, ValidationRunCreate.class, ValidationRunStatusChange.class);
        register("VALIDATION_MANAGER", "Validation manager", "The validation manager can manage the validation stamps.", asList);
        List<Class<? extends ProjectFunction>> asList2 = Arrays.asList(PromotionRunCreate.class, PromotionRunDelete.class, ValidationRunStatusChange.class);
        register("PROMOTER", "Promoter", "The promoter can promote existing builds.", asList2);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(asList);
        arrayList.addAll(asList2);
        arrayList.add(BranchFilterMgt.class);
        register("PROJECT_MANAGER", "Project manager", "The project manager can promote existing builds, manage the validation stamps, manage the shared build filters and edit some properties.", arrayList);
    }

    private void register(String str, String str2, String str3, List<Class<? extends ProjectFunction>> list) {
        register(new ProjectRole(str, str2, str3, new LinkedHashSet(list)));
    }

    private void register(ProjectRole projectRole) {
        this.projectRoles.put(projectRole.getId(), projectRole);
    }

    private void initGlobalRoles() {
        register("ADMINISTRATOR", "Administrator", "An administrator is allowed to do everything in the application.", getGlobalFunctions(), getProjectFunctions());
        register("CREATOR", "Creator", "A creator is allowed to create new projects and to configure it. Once done, its rights on the project are revoked immediately.", Collections.singletonList(ProjectCreation.class), Arrays.asList(ProjectConfig.class, BranchCreate.class, BranchTemplateMgt.class, PromotionLevelCreate.class, ValidationStampCreate.class));
        register("AUTOMATION", "Automation", "This role can be assigned to users or groups which must automate Ontrack. It aggregates both the Creator and the Controller roles into one.", Collections.singletonList(ProjectCreation.class), Arrays.asList(ProjectConfig.class, BranchCreate.class, BranchTemplateMgt.class, PromotionLevelCreate.class, PromotionLevelEdit.class, ValidationStampCreate.class, ValidationStampEdit.class, ProjectView.class, BuildCreate.class, BuildConfig.class, PromotionRunCreate.class, ValidationRunCreate.class, BranchTemplateSync.class));
        register("CONTROLLER", "Controller", "A controller, is allowed to create builds, promotion runs and validation runs. He can also synchronise templates. This role is typically granted to continuous integration tools.", Collections.emptyList(), Arrays.asList(ProjectView.class, BuildCreate.class, BuildConfig.class, PromotionRunCreate.class, ValidationRunCreate.class, BranchTemplateSync.class));
    }

    private void register(String str, String str2, String str3, List<Class<? extends GlobalFunction>> list, List<Class<? extends ProjectFunction>> list2) {
        register(new GlobalRole(str, str2, str3, new LinkedHashSet(list), new LinkedHashSet(list2)));
    }

    private void register(GlobalRole globalRole) {
        this.globalRoles.put(globalRole.getId(), globalRole);
    }
}
