package org.molgenis.data.security.auth;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.data.DataService;
import org.molgenis.data.Fetch;
import org.molgenis.data.UnknownEntityException;
import org.molgenis.data.meta.model.Package;
import org.molgenis.data.meta.model.PackageFactory;
import org.molgenis.data.security.exception.IsAlreadyMemberException;
import org.molgenis.data.security.exception.NotAValidGroupRoleException;
import org.molgenis.data.security.permission.RoleMembershipService;
import org.molgenis.security.core.SidUtils;
import org.molgenis.security.core.model.GroupValue;
import org.molgenis.security.core.runas.RunAsSystem;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:org/molgenis/data/security/auth/GroupService.class */
public class GroupService {
    private final DataService dataService;
    private final PackageFactory packageFactory;
    private final GroupMetadata groupMetadata;
    private final RoleMembershipService roleMembershipService;
    private final RoleMembershipMetadata roleMembershipMetadata;
    public static final String MANAGER = "Manager";
    public static final String AUTHORITY_MANAGER = SidUtils.createRoleAuthority(MANAGER.toUpperCase());
    public static final String EDITOR = "Editor";
    public static final String AUTHORITY_EDITOR = SidUtils.createRoleAuthority(EDITOR.toUpperCase());
    public static final String VIEWER = "Viewer";
    public static final String AUTHORITY_VIEWER = SidUtils.createRoleAuthority(VIEWER.toUpperCase());
    public static final Set<String> DEFAULT_ROLES = ImmutableSet.of(MANAGER, EDITOR, VIEWER);

    GroupService(PackageFactory packageFactory, DataService dataService, GroupMetadata groupMetadata, RoleMembershipService roleMembershipService, RoleMembershipMetadata roleMembershipMetadata) {
        this.packageFactory = (PackageFactory) Objects.requireNonNull(packageFactory);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.groupMetadata = (GroupMetadata) Objects.requireNonNull(groupMetadata);
        this.roleMembershipService = (RoleMembershipService) Objects.requireNonNull(roleMembershipService);
        this.roleMembershipMetadata = (RoleMembershipMetadata) Objects.requireNonNull(roleMembershipMetadata);
    }

    @Transactional
    public void persist(GroupValue groupValue) {
        this.dataService.add("sys_md_Package", this.packageFactory.create(groupValue.getRootPackage()));
    }

    @RunAsSystem
    public Collection<Group> getGroups() {
        return (Collection) this.dataService.findAll(GroupMetadata.GROUP, Group.class).collect(Collectors.toList());
    }

    @RunAsSystem
    public Group getGroup(String str) {
        Group findOne = this.dataService.query(GroupMetadata.GROUP, Group.class).eq("name", str).fetch(new Fetch().field(GroupMetadata.ROLES, new Fetch().field("name").field("label")).field("name").field("label").field("description").field("id").field(GroupMetadata.PUBLIC).field(GroupMetadata.ROOT_PACKAGE)).findOne();
        if (findOne == null) {
            throw new UnknownEntityException(this.groupMetadata, this.groupMetadata.getAttribute("name"), str);
        }
        return findOne;
    }

    @RunAsSystem
    public void addMember(Group group, User user, Role role) {
        ArrayList<Role> newArrayList = Lists.newArrayList(group.getRoles());
        Collection<RoleMembership> memberships = this.roleMembershipService.getMemberships(newArrayList);
        if (!isGroupRole(role, newArrayList)) {
            throw new NotAValidGroupRoleException(role, group);
        }
        if (((Stream) memberships.stream().parallel()).anyMatch(roleMembership -> {
            return roleMembership.getUser().equals(user);
        })) {
            throw new IsAlreadyMemberException(user, group);
        }
        this.roleMembershipService.addUserToRole(user, role);
    }

    private boolean isGroupRole(Role role, ArrayList<Role> arrayList) {
        return arrayList.stream().anyMatch(role2 -> {
            return role2.getName().equals(role.getName());
        });
    }

    @RunAsSystem
    public void removeMember(Group group, User user) {
        this.roleMembershipService.removeMembership(findRoleMembership(user, Lists.newArrayList(group.getRoles())));
    }

    @RunAsSystem
    public void updateMemberRole(Group group, User user, Role role) {
        ArrayList<Role> newArrayList = Lists.newArrayList(group.getRoles());
        if (!isGroupRole(role, newArrayList)) {
            throw new NotAValidGroupRoleException(role, group);
        }
        this.roleMembershipService.updateMembership(findRoleMembership(user, newArrayList), role);
    }

    @RunAsSystem
    public boolean isGroupNameAvailable(GroupValue groupValue) {
        return this.dataService.query("sys_md_Package", Package.class).eq("id", groupValue.getRootPackage().getName()).findOne() == null;
    }

    private UnknownEntityException unknownMembershipForUser(User user) {
        return new UnknownEntityException(this.roleMembershipMetadata, this.roleMembershipMetadata.getAttribute("user"), user.getUsername());
    }

    private RoleMembership findRoleMembership(User user, List<Role> list) {
        return this.roleMembershipService.getMemberships(list).stream().filter(roleMembership -> {
            return roleMembership.getUser().getId().equals(user.getId());
        }).findFirst().orElseThrow(() -> {
            return unknownMembershipForUser(user);
        });
    }

    public void deleteGroup(String str) {
        Group findOne = this.dataService.query(GroupMetadata.GROUP, Group.class).eq("name", str).findOne();
        if (findOne == null) {
            throw new UnknownEntityException(this.groupMetadata, this.groupMetadata.getAttribute("name"), str);
        }
        this.dataService.delete("sys_md_Package", findOne.getRootPackage());
    }

    public void updateExtendsRole(Group group, Role role, Role role2) {
        List<Role> removeIncludedGroupRoles = removeIncludedGroupRoles(group, role2);
        if (!isGroupRole(role, Lists.newArrayList(group.getRoles()))) {
            throw new NotAValidGroupRoleException(role, group);
        }
        removeIncludedGroupRoles.add(role);
        role2.setIncludes(removeIncludedGroupRoles);
        this.dataService.update(RoleMetadata.ROLE, role2);
    }

    public void removeExtendsRole(Group group, Role role) {
        role.setIncludes(removeIncludedGroupRoles(group, role));
        this.dataService.update(RoleMetadata.ROLE, role);
    }

    private List<Role> removeIncludedGroupRoles(Group group, Role role) {
        ArrayList newArrayList = Lists.newArrayList(role.getIncludes());
        ArrayList newArrayList2 = Lists.newArrayList(group.getRoles());
        return (List) newArrayList.stream().filter(role2 -> {
            return !isGroupRole(role2, newArrayList2);
        }).collect(Collectors.toList());
    }
}
