package org.kuali.kfs.sec.document;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.kuali.kfs.sec.SecConstants;
import org.kuali.kfs.sec.businessobject.SecurityDefinition;
import org.kuali.kfs.sec.businessobject.SecurityDefinitionDocumentType;
import org.kuali.kfs.sec.service.AccessSecurityService;
import org.kuali.kfs.sys.KFSConstants;
import org.kuali.kfs.sys.KFSPropertyConstants;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.kfs.sys.document.FinancialSystemMaintainable;
import org.kuali.rice.kew.exception.WorkflowException;
import org.kuali.rice.kim.bo.role.dto.KimPermissionInfo;
import org.kuali.rice.kim.bo.types.dto.AttributeSet;
import org.kuali.rice.kim.service.IdentityManagementService;
import org.kuali.rice.kim.service.PermissionService;
import org.kuali.rice.kim.service.PermissionUpdateService;
import org.kuali.rice.kim.service.impl.RoleManagementServiceImpl;
import org.kuali.rice.kns.bo.DocumentHeader;
import org.kuali.rice.kns.document.MaintenanceDocument;
import org.kuali.rice.kns.service.DocumentService;

/* loaded from: input_file:org/kuali/kfs/sec/document/SecurityDefinitionMaintainableImpl.class */
public class SecurityDefinitionMaintainableImpl extends FinancialSystemMaintainable {
    private static final Logger LOG = Logger.getLogger(SecurityDefinitionMaintainableImpl.class);

    public void refresh(String str, Map map, MaintenanceDocument maintenanceDocument) {
        super.refresh(str, map, maintenanceDocument);
        getBusinessObject().refreshNonUpdateableReferences();
    }

    public void doRouteStatusChange(DocumentHeader documentHeader) {
        super.doRouteStatusChange(documentHeader);
        if (documentHeader.getWorkflowDocument().stateIsProcessed()) {
            try {
                MaintenanceDocument byDocumentHeaderId = ((DocumentService) SpringContext.getBean(DocumentService.class)).getByDocumentHeaderId(documentHeader.getDocumentNumber());
                SecurityDefinition securityDefinition = (SecurityDefinition) byDocumentHeaderId.getOldMaintainableObject().getBusinessObject();
                SecurityDefinition securityDefinition2 = (SecurityDefinition) byDocumentHeaderId.getNewMaintainableObject().getBusinessObject();
                securityDefinition.refreshNonUpdateableReferences();
                securityDefinition2.refreshNonUpdateableReferences();
                boolean z = getMaintenanceAction().equalsIgnoreCase("New") || getMaintenanceAction().equalsIgnoreCase(KFSConstants.MAINTENANCE_COPY_ACTION);
                createOrUpdateDocumentPermissions(securityDefinition, securityDefinition2, z);
                createOrUpdateLookupPermission(securityDefinition, securityDefinition2, z);
                createOrUpdateInquiryPermissions(securityDefinition, securityDefinition2, z);
                createOrUpdateDefinitionRole(securityDefinition, securityDefinition2);
                ((IdentityManagementService) SpringContext.getBean(IdentityManagementService.class)).flushAllCaches();
            } catch (WorkflowException e) {
                LOG.error("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
                throw new RuntimeException("caught exception while handling handleRouteStatusChange -> documentService.getByDocumentHeaderId(" + documentHeader.getDocumentNumber() + "). ", e);
            }
        }
    }

    protected void createOrUpdateDefinitionRole(SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2) {
        RoleManagementServiceImpl roleManagementServiceImpl = (RoleManagementServiceImpl) SpringContext.getBean(RoleManagementServiceImpl.class);
        PermissionService permissionService = (PermissionService) SpringContext.getBean(PermissionService.class);
        String roleId = securityDefinition.getRoleId();
        String name = securityDefinition2.getName();
        if (StringUtils.isBlank(roleId)) {
            roleId = roleManagementServiceImpl.getNextAvailableRoleId();
            securityDefinition2.setRoleId(roleId);
            roleManagementServiceImpl.saveRole(roleId, name, securityDefinition2.getDescription(), securityDefinition2.isActive(), SecConstants.SecurityTypes.SECURITY_DEFINITION_ROLE_TYPE, "KFS-SEC");
        } else if ((securityDefinition.isActive() && !securityDefinition2.isActive()) || (!securityDefinition.isActive() && securityDefinition2.isActive())) {
            roleManagementServiceImpl.saveRole(roleId, name, securityDefinition2.getDescription(), securityDefinition2.isActive(), SecConstants.SecurityTypes.SECURITY_DEFINITION_ROLE_TYPE, "KFS-SEC");
        }
        for (KimPermissionInfo kimPermissionInfo : permissionService.getPermissionsByName("KFS-SEC", name)) {
            if (!permissionService.getRoleIdsForPermissionId(kimPermissionInfo.getPermissionId()).contains(roleId)) {
                roleManagementServiceImpl.assignPermissionToRole(kimPermissionInfo.getPermissionId(), roleId);
            }
        }
    }

    protected void createOrUpdateDocumentPermissions(SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2, boolean z) {
        for (SecurityDefinitionDocumentType securityDefinitionDocumentType : securityDefinition2.getDefinitionDocumentTypes()) {
            String financialSystemDocumentTypeCode = securityDefinitionDocumentType.getFinancialSystemDocumentTypeCode();
            boolean z2 = securityDefinition2.isActive() && securityDefinitionDocumentType.isActive();
            if (z || !isDocumentTypeInDefinition(financialSystemDocumentTypeCode, securityDefinition)) {
                createNewDocumentTypePermissions(financialSystemDocumentTypeCode, z2, securityDefinition2);
            } else {
                createOrUpdateDocumentTypePermissions(financialSystemDocumentTypeCode, z2, securityDefinition, securityDefinition2);
            }
        }
    }

    protected void createOrUpdateLookupPermission(SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2, boolean z) {
        List<KimPermissionInfo> findSecurityPermissionsByNameAndTemplate;
        AttributeSet populateLookupPermissionDetails = populateLookupPermissionDetails(securityDefinition2);
        String str = "";
        if (!z && (findSecurityPermissionsByNameAndTemplate = findSecurityPermissionsByNameAndTemplate(securityDefinition.getName(), ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getLookupWithFieldValueTemplateId())) != null && !findSecurityPermissionsByNameAndTemplate.isEmpty()) {
            str = findSecurityPermissionsByNameAndTemplate.get(0).getPermissionId();
        }
        if (securityDefinition2.isRestrictLookup() || StringUtils.isNotBlank(str)) {
            savePermission(securityDefinition2, str, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getLookupWithFieldValueTemplateId(), securityDefinition2.isActive() && securityDefinition2.isRestrictLookup(), populateLookupPermissionDetails);
        }
    }

    protected void createOrUpdateInquiryPermissions(SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2, boolean z) {
        List<KimPermissionInfo> findSecurityPermissionsByNameAndTemplate;
        String str = "";
        String str2 = "";
        if (!z && (findSecurityPermissionsByNameAndTemplate = findSecurityPermissionsByNameAndTemplate(securityDefinition.getName(), ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getInquiryWithFieldValueTemplateId())) != null) {
            for (KimPermissionInfo kimPermissionInfo : findSecurityPermissionsByNameAndTemplate) {
                String str3 = (String) kimPermissionInfo.getDetails().get(KFSPropertyConstants.NAMESPACE_CODE);
                if (StringUtils.equals("KFS-GL", str3)) {
                    str = kimPermissionInfo.getPermissionId();
                } else if (StringUtils.equals("KFS-LD", str3)) {
                    str2 = kimPermissionInfo.getPermissionId();
                }
            }
        }
        if (securityDefinition2.isRestrictGLInquiry() || StringUtils.isNotBlank(str)) {
            savePermission(securityDefinition2, str, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getInquiryWithFieldValueTemplateId(), securityDefinition2.isActive() && securityDefinition2.isRestrictGLInquiry(), populateInquiryPermissionDetails("KFS-GL", securityDefinition2));
        }
        if (securityDefinition2.isRestrictLaborInquiry() || StringUtils.isNotBlank(str2)) {
            savePermission(securityDefinition2, str2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getInquiryWithFieldValueTemplateId(), securityDefinition2.isActive() && securityDefinition2.isRestrictLaborInquiry(), populateInquiryPermissionDetails("KFS-LD", securityDefinition2));
        }
    }

    protected void createNewDocumentTypePermissions(String str, boolean z, SecurityDefinition securityDefinition) {
        AttributeSet populateDocumentTypePermissionDetails = populateDocumentTypePermissionDetails(str, securityDefinition);
        if (securityDefinition.isRestrictViewDocument()) {
            savePermission(securityDefinition, "", ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewDocumentWithFieldValueTemplateId(), z, populateDocumentTypePermissionDetails);
        }
        if (securityDefinition.isRestrictViewAccountingLine()) {
            savePermission(securityDefinition, "", ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewAccountingLineWithFieldValueTemplateId(), z, populateDocumentTypePermissionDetails);
        }
        if (securityDefinition.isRestrictViewNotesAndAttachments()) {
            savePermission(securityDefinition, "", ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewNotesAttachmentsWithFieldValueTemplateId(), z, populateDocumentTypePermissionDetails);
        }
        if (securityDefinition.isRestrictEditAccountingLine()) {
            savePermission(securityDefinition, "", ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getEditAccountingLineWithFieldValueTemplateId(), z, populateDocumentTypePermissionDetails);
        }
        if (securityDefinition.isRestrictEditDocument()) {
            savePermission(securityDefinition, "", ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getEditDocumentWithFieldValueTemplateId(), z, populateDocumentTypePermissionDetails);
        }
    }

    protected void createOrUpdateDocumentTypePermissions(String str, boolean z, SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2) {
        createOrUpdateDocumentTypePermission(str, z && securityDefinition2.isRestrictViewDocument(), securityDefinition, securityDefinition2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewDocumentWithFieldValueTemplateId());
        createOrUpdateDocumentTypePermission(str, z && securityDefinition2.isRestrictViewAccountingLine(), securityDefinition, securityDefinition2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewAccountingLineWithFieldValueTemplateId());
        createOrUpdateDocumentTypePermission(str, z && securityDefinition2.isRestrictViewNotesAndAttachments(), securityDefinition, securityDefinition2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getViewNotesAttachmentsWithFieldValueTemplateId());
        createOrUpdateDocumentTypePermission(str, z && securityDefinition2.isRestrictEditAccountingLine(), securityDefinition, securityDefinition2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getEditAccountingLineWithFieldValueTemplateId());
        createOrUpdateDocumentTypePermission(str, z && securityDefinition2.isRestrictEditDocument(), securityDefinition, securityDefinition2, ((AccessSecurityService) SpringContext.getBean(AccessSecurityService.class)).getEditDocumentWithFieldValueTemplateId());
    }

    protected void createOrUpdateDocumentTypePermission(String str, boolean z, SecurityDefinition securityDefinition, SecurityDefinition securityDefinition2, String str2) {
        AttributeSet populateDocumentTypePermissionDetails = populateDocumentTypePermissionDetails(str, securityDefinition2);
        KimPermissionInfo findDocumentPermission = findDocumentPermission(securityDefinition, str2, str);
        savePermission(securityDefinition2, findDocumentPermission != null ? findDocumentPermission.getPermissionId() : "", str2, z, populateDocumentTypePermissionDetails);
    }

    protected AttributeSet populateDocumentTypePermissionDetails(String str, SecurityDefinition securityDefinition) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put("documentTypeName", str);
        attributeSet.put(KFSPropertyConstants.PROPERTY_NAME, securityDefinition.getSecurityAttribute().getName());
        return attributeSet;
    }

    protected AttributeSet populateLookupPermissionDetails(SecurityDefinition securityDefinition) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put(KFSPropertyConstants.PROPERTY_NAME, securityDefinition.getSecurityAttribute().getName());
        return attributeSet;
    }

    protected AttributeSet populateInquiryPermissionDetails(String str, SecurityDefinition securityDefinition) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put(KFSPropertyConstants.NAMESPACE_CODE, str);
        attributeSet.put(KFSPropertyConstants.PROPERTY_NAME, securityDefinition.getSecurityAttribute().getName());
        return attributeSet;
    }

    protected KimPermissionInfo findDocumentPermission(SecurityDefinition securityDefinition, String str, String str2) {
        KimPermissionInfo kimPermissionInfo = null;
        Iterator<KimPermissionInfo> it = findSecurityPermissionsByNameAndTemplate(securityDefinition.getName(), str).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KimPermissionInfo next = it.next();
            if (StringUtils.equalsIgnoreCase(str2, (String) next.getDetails().get("documentTypeName"))) {
                kimPermissionInfo = next;
                break;
            }
        }
        return kimPermissionInfo;
    }

    protected List<KimPermissionInfo> findSecurityPermissionsByNameAndTemplate(String str, String str2) {
        List<KimPermissionInfo> permissionsByNameIncludingInactive = ((PermissionService) SpringContext.getBean(PermissionService.class)).getPermissionsByNameIncludingInactive("KFS-SEC", str);
        ArrayList arrayList = new ArrayList();
        for (KimPermissionInfo kimPermissionInfo : permissionsByNameIncludingInactive) {
            if (StringUtils.equals(str2, kimPermissionInfo.getTemplateId())) {
                arrayList.add(kimPermissionInfo);
            }
        }
        return arrayList;
    }

    protected boolean isDocumentTypeInDefinition(String str, SecurityDefinition securityDefinition) {
        Iterator<SecurityDefinitionDocumentType> it = securityDefinition.getDefinitionDocumentTypes().iterator();
        while (it.hasNext()) {
            if (StringUtils.equalsIgnoreCase(str, it.next().getFinancialSystemDocumentTypeCode())) {
                return true;
            }
        }
        return false;
    }

    protected void savePermission(SecurityDefinition securityDefinition, String str, String str2, boolean z, AttributeSet attributeSet) {
        LOG.info(String.format("saving permission with id: %s, template ID: %s, name: %s, active: %s", str, str2, securityDefinition.getName(), Boolean.valueOf(z)));
        PermissionUpdateService permissionUpdateService = (PermissionUpdateService) SpringContext.getBean(PermissionUpdateService.class);
        if (StringUtils.isBlank(str)) {
            str = permissionUpdateService.getNextAvailablePermissionId();
        }
        permissionUpdateService.savePermission(str, str2, "KFS-SEC", securityDefinition.getName(), securityDefinition.getDescription(), z, attributeSet);
    }

    public void processAfterCopy(MaintenanceDocument maintenanceDocument, Map<String, String[]> map) {
        maintenanceDocument.getNewMaintainableObject().getBusinessObject().setRoleId("");
        super.processAfterCopy(maintenanceDocument, map);
    }
}
