package org.ametys.core.ui.right;

import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.ametys.core.ObservationConstants;
import org.ametys.core.group.GroupDirectoryDAO;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.group.GroupManager;
import org.ametys.core.observation.Event;
import org.ametys.core.observation.ObservationManager;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightAssignmentContext;
import org.ametys.core.right.RightAssignmentContextExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightsException;
import org.ametys.core.ui.Callable;
import org.ametys.core.ui.ClientSideElement;
import org.ametys.core.ui.ClientSideElementHelper;
import org.ametys.core.ui.StaticClientSideElement;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.user.UserHelper;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;

/* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement.class */
public class ProfileAssignmentsToolClientSideElement extends StaticClientSideElement {
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected RightAssignmentContextExtensionPoint _rightAssignmentContextEP;
    protected GroupDirectoryDAO _groupDirectoryDAO;
    protected GroupManager _groupManager;
    protected ObservationManager _observationManager;
    protected UserHelper _userHelper;

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AccessType.class */
    public enum AccessType {
        ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.1
            @Override // java.lang.Enum
            public String toString() {
                return "allow";
            }
        },
        DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.2
            @Override // java.lang.Enum
            public String toString() {
                return "deny";
            }
        },
        INHERITED_ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.3
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_allow";
            }
        },
        INHERITED_DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.4
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_deny";
            }
        },
        UNKNOWN { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.5
            @Override // java.lang.Enum
            public String toString() {
                return "unknown";
            }
        }
    }

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$TargetType.class */
    public enum TargetType {
        ANONYMOUS { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.1
            @Override // java.lang.Enum
            public String toString() {
                return "anonymous";
            }
        },
        ANYCONNECTED_USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.2
            @Override // java.lang.Enum
            public String toString() {
                return "anyconnected_user";
            }
        },
        USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.3
            @Override // java.lang.Enum
            public String toString() {
                return "user";
            }
        },
        GROUP { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.4
            @Override // java.lang.Enum
            public String toString() {
                return ObservationConstants.ARGS_GROUP;
            }
        }
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement
    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._rightAssignmentContextEP = (RightAssignmentContextExtensionPoint) serviceManager.lookup(RightAssignmentContextExtensionPoint.ROLE);
        this._groupDirectoryDAO = (GroupDirectoryDAO) serviceManager.lookup(GroupDirectoryDAO.ROLE);
        this._groupManager = (GroupManager) serviceManager.lookup(GroupManager.ROLE);
        this._observationManager = (ObservationManager) serviceManager.lookup(ObservationManager.ROLE);
        this._userHelper = (UserHelper) serviceManager.lookup(UserHelper.ROLE);
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement, org.ametys.core.ui.ClientSideElement
    public List<ClientSideElement.Script> getScripts(boolean z, Map<String, Object> map) {
        List<ClientSideElement.Script> scripts = super.getScripts(z, map);
        if (scripts.size() > 0) {
            ClientSideElement.Script cloneScript = ClientSideElementHelper.cloneScript(scripts.get(0));
            HashMap hashMap = new HashMap();
            cloneScript.getParameters().put("classes", hashMap);
            boolean z2 = true;
            Set<String> extensionsIds = this._rightAssignmentContextEP.getExtensionsIds();
            if (cloneScript.getParameters().containsKey("right-contexts")) {
                z2 = false;
                Object obj = ((Map) cloneScript.getParameters().get("right-contexts")).get("right-context");
                extensionsIds = obj instanceof List ? new HashSet((List) obj) : Sets.newHashSet(new String[]{(String) obj});
            }
            for (String str : extensionsIds) {
                RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
                if (!z2 || !extension.isPrivate()) {
                    int i = 0;
                    for (ClientSideElement.Script script : extension.getScripts(z, map)) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("className", script.getScriptClassname());
                        hashMap2.put("serverId", str);
                        hashMap2.put("parameters", script.getParameters());
                        int i2 = i;
                        i++;
                        hashMap.put(str + "-" + i2, hashMap2);
                        cloneScript.getScriptFiles().addAll(script.getScriptFiles());
                        cloneScript.getCSSFiles().addAll(script.getCSSFiles());
                    }
                }
            }
            scripts = new ArrayList();
            scripts.add(cloneScript);
        }
        return scripts;
    }

    @Callable
    public List<Map<String, Object>> getUserGroups(String str, String str2) {
        return (List) this._groupManager.getUserGroups(new UserIdentity(str, str2)).stream().map(this::_groupToJson).collect(Collectors.toList());
    }

    private Map<String, Object> _groupToJson(GroupIdentity groupIdentity) {
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", groupIdentity.getId());
        hashMap.put("groupDirectory", groupIdentity.getDirectoryId());
        return hashMap;
    }

    @Callable
    public void saveChanges(String str, Object obj, List<Map<String, Object>> list) {
        if (this._rightManager.hasRight(this._currentUserProvider.getUser(), "Runtime_Rights_Rights_Handle", "/${WorkspaceName}") != RightManager.RightResult.RIGHT_ALLOW) {
            throw new RightsException("The user '" + this._currentUserProvider.getUser() + "' try to assign profile without sufficient rights");
        }
        HashSet hashSet = new HashSet();
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        String contextIdentifier = extension.getContextIdentifier(convertJSContext);
        for (Map<String, Object> map : list) {
            String str2 = (String) map.get("profileId");
            hashSet.add(str2);
            _saveChange(convertJSContext, str2, (String) map.get("assignment"), (String) map.get("targetType"), (Map) map.get("identity"));
        }
        _notifyObservers(convertJSContext, contextIdentifier, hashSet);
    }

    private void _notifyObservers(Object obj, String str, Set<String> set) {
        HashMap hashMap = new HashMap();
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT, obj);
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT_IDENTIFIER, str);
        hashMap.put(ObservationConstants.ARGS_ACL_PROFILES, set);
        this._observationManager.notify(new Event(ObservationConstants.EVENT_ACL_UPDATED, this._currentUserProvider.getUser(), hashMap));
    }

    @Callable
    public Map<String, String> getInheritedAssignments(String str, Object obj, List<String> list, String str2, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        for (String str3 : list) {
            hashMap.put(str3, getInheritedAssignment(str, obj, str3, str2, map));
        }
        return hashMap;
    }

    @Callable
    public String getInheritedAssignment(String str, Object obj, String str2, String str3, Map<String, String> map) {
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                return _getInheritedAssignmentForAnonymous(extension, convertJSContext, str2);
            case ANYCONNECTED_USER:
                return _getInheritedAssignmentForAnyconnected(extension, convertJSContext, str2);
            case USER:
                return _getInheritedAssignmentForUser(extension, convertJSContext, str2, this._userHelper.json2userIdentity(map));
            case GROUP:
                return _getInheritedAssignmentForGroup(extension, convertJSContext, str2, new GroupIdentity(map.get("groupId"), map.get("groupDirectory")));
            default:
                return AccessType.UNKNOWN.toString();
        }
    }

    private String _getInheritedAssignmentForAnonymous(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                if (this._profileAssignmentStorageEP.getDeniedProfilesForAnonymous(obj2).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (this._profileAssignmentStorageEP.getAllowedProfilesForAnonymous(obj2).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnonymous = _getInheritedAssignmentForAnonymous(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnonymous)) {
                    accessType = _getInheritedAssignmentForAnonymous;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForAnyconnected(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                if (this._profileAssignmentStorageEP.getDeniedProfilesForAnyConnectedUser(obj2).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (this._profileAssignmentStorageEP.getAllowedProfilesForAnyConnectedUser(obj2).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnyconnected = _getInheritedAssignmentForAnyconnected(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnyconnected)) {
                    accessType = _getInheritedAssignmentForAnyconnected;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForUser(RightAssignmentContext rightAssignmentContext, Object obj, String str, UserIdentity userIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<UserIdentity, Set<String>> deniedProfilesForUsers = this._profileAssignmentStorageEP.getDeniedProfilesForUsers(obj2);
                if (deniedProfilesForUsers.containsKey(userIdentity) && deniedProfilesForUsers.get(userIdentity).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                Map<UserIdentity, Set<String>> allowedProfilesForUsers = this._profileAssignmentStorageEP.getAllowedProfilesForUsers(obj2);
                if (allowedProfilesForUsers.containsKey(userIdentity) && allowedProfilesForUsers.get(userIdentity).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForUser = _getInheritedAssignmentForUser(rightAssignmentContext, obj2, str, userIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForUser)) {
                    accessType = _getInheritedAssignmentForUser;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForGroup(RightAssignmentContext rightAssignmentContext, Object obj, String str, GroupIdentity groupIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<GroupIdentity, Set<String>> deniedProfilesForGroups = this._profileAssignmentStorageEP.getDeniedProfilesForGroups(obj2);
                if (deniedProfilesForGroups.containsKey(groupIdentity) && deniedProfilesForGroups.get(groupIdentity).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                Map<GroupIdentity, Set<String>> allowedProfilesForGroups = this._profileAssignmentStorageEP.getAllowedProfilesForGroups(obj2);
                if (allowedProfilesForGroups.containsKey(groupIdentity) && allowedProfilesForGroups.get(groupIdentity).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForGroup = _getInheritedAssignmentForGroup(rightAssignmentContext, obj2, str, groupIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForGroup)) {
                    accessType = _getInheritedAssignmentForGroup;
                }
            }
        }
        return accessType;
    }

    private void _saveChange(Object obj, String str, String str2, String str3, Map<String, String> map) {
        AccessType valueOf = str2 != null ? AccessType.valueOf(str2.toUpperCase()) : AccessType.UNKNOWN;
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnonymous(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnonymous(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        return;
                }
            case ANYCONNECTED_USER:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnyConnectedUser(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnyConnectedUser(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        return;
                }
            case USER:
                UserIdentity json2userIdentity = this._userHelper.json2userIdentity(map);
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToUser(json2userIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToUser(json2userIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        return;
                }
            case GROUP:
                GroupIdentity groupIdentity = new GroupIdentity(map.get("groupId"), map.get("groupDirectory"));
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToGroup(groupIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToGroup(groupIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        return;
                }
            default:
                return;
        }
    }
}
