package org.ametys.core.ui.right;

import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.ametys.core.ObservationConstants;
import org.ametys.core.group.GroupDirectoryDAO;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.group.GroupManager;
import org.ametys.core.observation.Event;
import org.ametys.core.observation.ObservationManager;
import org.ametys.core.right.ProfileAssignmentStorage;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightAssignmentContext;
import org.ametys.core.right.RightAssignmentContextExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.right.RightsException;
import org.ametys.core.schedule.AmetysJob;
import org.ametys.core.ui.Callable;
import org.ametys.core.ui.ClientSideElement;
import org.ametys.core.ui.ClientSideElementHelper;
import org.ametys.core.ui.StaticClientSideElement;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.user.UserHelper;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;

/* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement.class */
public class ProfileAssignmentsToolClientSideElement extends StaticClientSideElement {
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected RightAssignmentContextExtensionPoint _rightAssignmentContextEP;
    protected GroupDirectoryDAO _groupDirectoryDAO;
    protected GroupManager _groupManager;
    protected ObservationManager _observationManager;
    protected UserHelper _userHelper;
    protected RightProfilesDAO _profileDAO;

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AccessType.class */
    public enum AccessType {
        ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.1
            @Override // java.lang.Enum
            public String toString() {
                return "allow";
            }
        },
        DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.2
            @Override // java.lang.Enum
            public String toString() {
                return "deny";
            }
        },
        INHERITED_ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.3
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_allow";
            }
        },
        INHERITED_DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.4
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_deny";
            }
        },
        UNKNOWN { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.5
            @Override // java.lang.Enum
            public String toString() {
                return "unknown";
            }
        }
    }

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$TargetType.class */
    public enum TargetType {
        ANONYMOUS { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.1
            @Override // java.lang.Enum
            public String toString() {
                return "anonymous";
            }
        },
        ANYCONNECTED_USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.2
            @Override // java.lang.Enum
            public String toString() {
                return "anyconnected_user";
            }
        },
        USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.3
            @Override // java.lang.Enum
            public String toString() {
                return "user";
            }
        },
        GROUP { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.4
            @Override // java.lang.Enum
            public String toString() {
                return "group";
            }
        }
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement
    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._rightAssignmentContextEP = (RightAssignmentContextExtensionPoint) serviceManager.lookup(RightAssignmentContextExtensionPoint.ROLE);
        this._groupDirectoryDAO = (GroupDirectoryDAO) serviceManager.lookup(GroupDirectoryDAO.ROLE);
        this._groupManager = (GroupManager) serviceManager.lookup(GroupManager.ROLE);
        this._observationManager = (ObservationManager) serviceManager.lookup(ObservationManager.ROLE);
        this._userHelper = (UserHelper) serviceManager.lookup(UserHelper.ROLE);
        this._profileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement, org.ametys.core.ui.ClientSideElement
    public List<ClientSideElement.Script> getScripts(boolean z, Map<String, Object> map) {
        List<ClientSideElement.Script> scripts = super.getScripts(z, map);
        if (scripts.size() > 0) {
            ClientSideElement.Script cloneScript = ClientSideElementHelper.cloneScript(scripts.get(0));
            HashMap hashMap = new HashMap();
            cloneScript.getParameters().put("classes", hashMap);
            boolean z2 = true;
            Set<String> extensionsIds = this._rightAssignmentContextEP.getExtensionsIds();
            if (cloneScript.getParameters().containsKey("right-contexts")) {
                z2 = false;
                Object obj = ((Map) cloneScript.getParameters().get("right-contexts")).get("right-context");
                extensionsIds = obj instanceof List ? new HashSet((List) obj) : Sets.newHashSet(new String[]{(String) obj});
            }
            for (String str : extensionsIds) {
                RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
                if (!z2 || !extension.isPrivate()) {
                    int i = 0;
                    for (ClientSideElement.Script script : extension.getScripts(z, map)) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("className", script.getScriptClassname());
                        hashMap2.put("serverId", str);
                        hashMap2.put("parameters", script.getParameters());
                        int i2 = i;
                        i++;
                        hashMap.put(str + "-" + i2, hashMap2);
                        cloneScript.getScriptFiles().addAll(script.getScriptFiles());
                        cloneScript.getCSSFiles().addAll(script.getCSSFiles());
                    }
                }
            }
            scripts = new ArrayList();
            scripts.add(cloneScript);
        }
        return scripts;
    }

    @Callable
    public List<Map<String, Object>> getUserGroups(String str, String str2) {
        return (List) this._groupManager.getUserGroups(new UserIdentity(str, str2)).stream().map(this::_groupToJson).collect(Collectors.toList());
    }

    private Map<String, Object> _groupToJson(GroupIdentity groupIdentity) {
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", groupIdentity.getId());
        hashMap.put("groupDirectory", groupIdentity.getDirectoryId());
        return hashMap;
    }

    @Callable
    public Map<String, Object> saveChanges(String str, Object obj, List<Map<String, Object>> list) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        UserIdentity user = this._currentUserProvider.getUser();
        Set<GroupIdentity> userGroups = this._groupManager.getUserGroups(user);
        if (!hasRight(getRights(Collections.EMPTY_MAP))) {
            throw new RightsException("The user '" + user + "' try to assign profile without sufficient rights");
        }
        boolean z = this._rightManager.hasRight(user, "Runtime_Rights_Rights_Handle", "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW;
        HashSet hashSet = new HashSet();
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        String contextIdentifier = extension.getContextIdentifier(convertJSContext);
        for (Map<String, Object> map : list) {
            String str2 = (String) map.get("profileId");
            String str3 = (String) map.get("assignment");
            String str4 = (String) map.get("targetType");
            map.put("profileLabel", this._profileDAO.getProfile(str2).getLabel());
            if (z || canDelegateRights(user, userGroups, str2, str3, convertJSContext)) {
                hashSet.add(str2);
                _saveChange(convertJSContext, str2, str3, str4, (Map) map.get("identity"));
                arrayList.add(map);
            } else {
                arrayList2.add(map);
            }
        }
        _notifyObservers(convertJSContext, contextIdentifier, hashSet);
        hashMap.put("successInfos", arrayList);
        hashMap.put("errorInfos", arrayList2);
        hashMap.put(AmetysJob.KEY_SUCCESS, Boolean.valueOf(arrayList2.isEmpty()));
        return hashMap;
    }

    protected boolean canDelegateRights(UserIdentity userIdentity, Set<GroupIdentity> set, String str, String str2, Object obj) {
        return (str2 != null ? AccessType.valueOf(str2.toUpperCase()) : AccessType.UNKNOWN) == AccessType.ALLOW && this._rightManager.hasRight(userIdentity, "CMS_Rights_Delegate_Rights", "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW && this._profileAssignmentStorageEP.getPermissions(userIdentity, set, Set.of(str), obj).get(str).toRightResult() == RightManager.RightResult.RIGHT_ALLOW;
    }

    protected void _notifyObservers(Object obj, String str, Set<String> set) {
        this._observationManager.notify(new Event(ObservationConstants.EVENT_ACL_UPDATED, this._currentUserProvider.getUser(), _getEventParams(obj, str, set)));
    }

    protected Map<String, Object> _getEventParams(Object obj, String str, Set<String> set) {
        HashMap hashMap = new HashMap();
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT, obj);
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT_IDENTIFIER, str);
        hashMap.put(ObservationConstants.ARGS_ACL_PROFILES, set);
        return hashMap;
    }

    @Callable
    public boolean isInheritanceDisallowed(String str, Object obj) {
        return this._profileAssignmentStorageEP.isInheritanceDisallowed(this._rightAssignmentContextEP.getExtension(str).convertJSContext(obj));
    }

    @Callable
    public void disallowInheritance(String str, Object obj, boolean z) {
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        String contextIdentifier = extension.getContextIdentifier(convertJSContext);
        this._profileAssignmentStorageEP.disallowInheritance(convertJSContext, z);
        _notifyObservers(convertJSContext, contextIdentifier, (Set) this._profileDAO.getProfiles().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
    }

    @Callable
    public Map<String, String> getInheritedAssignments(String str, Object obj, List<String> list, String str2, Map<String, String> map) {
        return this._profileAssignmentStorageEP.isInheritanceDisallowed(this._rightAssignmentContextEP.getExtension(str).convertJSContext(obj)) ? (Map) list.stream().collect(Collectors.toMap(str3 -> {
            return str3;
        }, str4 -> {
            return AccessType.UNKNOWN.toString();
        })) : (Map) list.stream().collect(Collectors.toMap(str5 -> {
            return str5;
        }, str6 -> {
            return getInheritedAssignment(str, obj, str6, str2, map);
        }));
    }

    @Callable
    public String getInheritedAssignment(String str, Object obj, String str2, String str3, Map<String, String> map) {
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        if (this._profileAssignmentStorageEP.isInheritanceDisallowed(convertJSContext)) {
            return AccessType.UNKNOWN.toString();
        }
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                return _getInheritedAssignmentForAnonymous(extension, convertJSContext, str2);
            case ANYCONNECTED_USER:
                return _getInheritedAssignmentForAnyconnected(extension, convertJSContext, str2);
            case USER:
                return _getInheritedAssignmentForUser(extension, convertJSContext, str2, this._userHelper.json2userIdentity(map));
            case GROUP:
                return _getInheritedAssignmentForGroup(extension, convertJSContext, str2, new GroupIdentity(map.get("groupId"), map.get("groupDirectory")));
            default:
                return AccessType.UNKNOWN.toString();
        }
    }

    private String _getInheritedAssignmentForAnonymous(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts);
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED)).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED)).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnonymous = _getInheritedAssignmentForAnonymous(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnonymous)) {
                    accessType = _getInheritedAssignmentForAnonymous;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForAnyconnected(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts);
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED)).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED)).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnyconnected = _getInheritedAssignmentForAnyconnected(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnyconnected)) {
                    accessType = _getInheritedAssignmentForAnyconnected;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForUser(RightAssignmentContext rightAssignmentContext, Object obj, String str, UserIdentity userIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<UserIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForUsers = this._profileAssignmentStorageEP.getProfilesForUsers(obj2, userIdentity);
                if (((Set) Optional.ofNullable(profilesForUsers.get(userIdentity)).map(map -> {
                    return (Set) map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
                }).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForUsers.get(userIdentity)).map(map2 -> {
                    return (Set) map2.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
                }).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForUser = _getInheritedAssignmentForUser(rightAssignmentContext, obj2, str, userIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForUser)) {
                    accessType = _getInheritedAssignmentForUser;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForGroup(RightAssignmentContext rightAssignmentContext, Object obj, String str, GroupIdentity groupIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<GroupIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForGroups = this._profileAssignmentStorageEP.getProfilesForGroups(obj2, Set.of(groupIdentity));
                if (((Set) Optional.ofNullable(profilesForGroups.get(groupIdentity)).map(map -> {
                    return (Set) map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
                }).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForGroups.get(groupIdentity)).map(map2 -> {
                    return (Set) map2.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
                }).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForGroup = _getInheritedAssignmentForGroup(rightAssignmentContext, obj2, str, groupIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForGroup)) {
                    accessType = _getInheritedAssignmentForGroup;
                }
            }
        }
        return accessType;
    }

    private void _saveChange(Object obj, String str, String str2, String str3, Map<String, String> map) {
        AccessType valueOf = str2 != null ? AccessType.valueOf(str2.toUpperCase()) : AccessType.UNKNOWN;
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnonymous(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnonymous(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        return;
                }
            case ANYCONNECTED_USER:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnyConnectedUser(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnyConnectedUser(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        return;
                }
            case USER:
                UserIdentity json2userIdentity = this._userHelper.json2userIdentity(map);
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToUser(json2userIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToUser(json2userIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        return;
                }
            case GROUP:
                GroupIdentity groupIdentity = new GroupIdentity(map.get("groupId"), map.get("groupDirectory"));
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToGroup(groupIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToGroup(groupIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        return;
                }
            default:
                return;
        }
    }
}
