package org.ametys.core.ui.right;

import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.ametys.core.group.Group;
import org.ametys.core.group.GroupDirectoryDAO;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.group.GroupManager;
import org.ametys.core.right.AccessController;
import org.ametys.core.right.AccessExplanation;
import org.ametys.core.right.Profile;
import org.ametys.core.right.Right;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.right.RightsExtensionPoint;
import org.ametys.core.ui.Callable;
import org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement;
import org.ametys.core.ui.right.TargetToContextConvertor;
import org.ametys.core.user.User;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.user.UserManager;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.plugins.core.schedule.Scheduler;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.util.AmetysHomeHelper;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;

/* loaded from: input_file:org/ametys/core/ui/right/ContextPermissionsToolClientSideElement.class */
public class ContextPermissionsToolClientSideElement extends TargetToContextConvertorClientSideElement {
    protected GroupDirectoryDAO _groupDirectoryDAO;
    protected GroupManager _groupManager;
    protected UserPopulationDAO _populationDAO;
    protected RightProfilesDAO _profileDAO;
    protected RightsExtensionPoint _rightsEP;
    protected UserManager _userManager;

    @Override // org.ametys.core.ui.right.TargetToContextConvertorClientSideElement, org.ametys.core.ui.StaticFileImportsClientSideElement
    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._groupDirectoryDAO = (GroupDirectoryDAO) serviceManager.lookup(GroupDirectoryDAO.ROLE);
        this._groupManager = (GroupManager) serviceManager.lookup(GroupManager.ROLE);
        this._populationDAO = (UserPopulationDAO) serviceManager.lookup(UserPopulationDAO.ROLE);
        this._profileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
        this._rightsEP = (RightsExtensionPoint) serviceManager.lookup(RightsExtensionPoint.ROLE);
        this._userManager = (UserManager) serviceManager.lookup(UserManager.ROLE);
    }

    @Callable(rights = {"Runtime_Rights_ContextPermissions"})
    public Map<String, Object> getContextPermissions(String str, String str2) {
        Object convertJSContext;
        if (str2 == null) {
            convertJSContext = "/${WorkspaceName}";
        } else {
            TargetToContextConvertor extension = this._targetToContextConvertorEP.getExtension(str2);
            if (extension == null) {
                throw new IllegalArgumentException("There is no convertor with id " + str2 + ". Context permission can not be determined");
            }
            try {
                convertJSContext = extension.convertJSContext(str);
            } catch (TargetToContextConvertor.UnsupportedContextException e) {
                throw new IllegalArgumentException("The context " + str + " is not a valid context for convertor " + str2 + ". Context permission can not be determined", e);
            }
        }
        RightManager.ContextPermissions explainAllPermissions = this._rightManager.explainAllPermissions(convertJSContext);
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        Map<String, Object> _contextPermissionsToJSON = _contextPermissionsToJSON(explainAllPermissions.permissionsForAnonymous());
        _contextPermissionsToJSON.put("targetType", ProfileAssignmentsToolClientSideElement.TargetType.ANONYMOUS.toString());
        arrayList.add(_contextPermissionsToJSON);
        hashSet.addAll(explainAllPermissions.permissionsForAnonymous().keySet());
        Map<String, Object> _contextPermissionsToJSON2 = _contextPermissionsToJSON(explainAllPermissions.permissionsForAnyConnected());
        _contextPermissionsToJSON2.put("targetType", ProfileAssignmentsToolClientSideElement.TargetType.ANYCONNECTED_USER.toString());
        arrayList.add(_contextPermissionsToJSON2);
        hashSet.addAll(explainAllPermissions.permissionsForAnyConnected().keySet());
        Map<UserIdentity, Map<AccessController.Permission, List<AccessExplanation>>> permissionsByUser = explainAllPermissions.permissionsByUser();
        for (UserIdentity userIdentity : permissionsByUser.keySet()) {
            User user = this._userManager.getUser(userIdentity);
            if (user != null) {
                Map<String, Object> _contextPermissionsToJSON3 = _contextPermissionsToJSON(permissionsByUser.get(userIdentity));
                _contextPermissionsToJSON3.put("targetType", ProfileAssignmentsToolClientSideElement.TargetType.USER.toString());
                _contextPermissionsToJSON3.put("login", userIdentity.getLogin());
                _contextPermissionsToJSON3.put("populationId", userIdentity.getPopulationId());
                _contextPermissionsToJSON3.put("populationLabel", this._populationDAO.getUserPopulation(userIdentity.getPopulationId()).getLabel());
                _contextPermissionsToJSON3.put("groups", this._groupManager.getUserGroups(userIdentity).stream().map(this::_userGroup2json).collect(Collectors.toList()));
                _contextPermissionsToJSON3.put("userSortableName", user.getSortableName());
                arrayList.add(_contextPermissionsToJSON3);
                hashSet.addAll(permissionsByUser.get(userIdentity).keySet());
            }
        }
        Map<GroupIdentity, Map<AccessController.Permission, List<AccessExplanation>>> permissionsByGroup = explainAllPermissions.permissionsByGroup();
        for (GroupIdentity groupIdentity : permissionsByGroup.keySet()) {
            Group group = this._groupManager.getGroup(groupIdentity);
            if (group != null) {
                Map<String, Object> _contextPermissionsToJSON4 = _contextPermissionsToJSON(permissionsByGroup.get(groupIdentity));
                _contextPermissionsToJSON4.put("targetType", ProfileAssignmentsToolClientSideElement.TargetType.GROUP.toString());
                String id = groupIdentity.getId();
                String directoryId = groupIdentity.getDirectoryId();
                _contextPermissionsToJSON4.put("groupId", id);
                _contextPermissionsToJSON4.put("groupDirectory", directoryId);
                _contextPermissionsToJSON4.put("groupDirectoryLabel", this._groupDirectoryDAO.getGroupDirectory(directoryId).getLabel());
                _contextPermissionsToJSON4.put("groupLabel", group.getLabel());
                arrayList.add(_contextPermissionsToJSON4);
                hashSet.addAll(permissionsByGroup.get(groupIdentity).keySet());
            }
        }
        return Map.of(AmetysHomeHelper.AMETYS_HOME_DATA_DIR, arrayList, "metaData", Map.of("permissions", hashSet.stream().map(this::_permissionToJSON).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toList()));
    }

    private Map<String, Object> _contextPermissionsToJSON(Map<AccessController.Permission, List<AccessExplanation>> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<AccessController.Permission, List<AccessExplanation>> entry : map.entrySet()) {
            List<AccessExplanation> value = entry.getValue();
            if (!value.isEmpty()) {
                value.sort(Comparator.naturalOrder());
                hashMap.put(entry.getKey().toString(), Map.of("accessResult", value.get(0).accessResult(), "accessExplanations", value));
            }
        }
        return hashMap;
    }

    private Map<String, Object> _permissionToJSON(AccessController.Permission permission) {
        switch (permission.type()) {
            case READ:
                return Map.of("key", permission.toString(), "type", permission.type().name(), Scheduler.KEY_RUNNABLE_LABEL, new I18nizableText("plugin.core", "PLUGINS_CORE_RIGHTS_READER_LABEL"), "rights", List.of());
            case ALL_RIGHTS:
                return Map.of("key", permission.toString(), "type", permission.type().name(), Scheduler.KEY_RUNNABLE_LABEL, new I18nizableText("plugin.core-ui", "PLUGINS_CORE_UI_TOOL_USER_PROFILES_ALL_RIGHTS_COLUMN_LABEL"), "rights", List.of());
            case PROFILE:
                Profile profile = this._profileDAO.getProfile(permission.id());
                if (profile != null) {
                    return Map.of("key", permission.toString(), Scheduler.KEY_RUNNABLE_ID, permission.id(), "type", permission.type().name(), Scheduler.KEY_RUNNABLE_LABEL, profile.getLabel(), "rights", this._profileDAO.getRights(permission.id()));
                }
                getLogger().info("No profile with id '" + permission.id() + "'. The permission is ignored.");
                return null;
            case RIGHT:
                Right extension = this._rightsEP.getExtension(permission.id());
                if (extension != null) {
                    return Map.of("key", permission.toString(), Scheduler.KEY_RUNNABLE_ID, permission.id(), "type", permission.type().name(), Scheduler.KEY_RUNNABLE_LABEL, extension.getLabel(), "rights", List.of(permission.id()));
                }
                getLogger().info("No right with id '" + permission.id() + "'. The permission is ignored.");
                return null;
            default:
                return null;
        }
    }

    private Map<String, Object> _userGroup2json(GroupIdentity groupIdentity) {
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", groupIdentity.getId());
        hashMap.put("groupDirectory", groupIdentity.getDirectoryId());
        return hashMap;
    }
}
