package org.ametys.core.ui.right;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.ametys.core.ObservationConstants;
import org.ametys.core.group.GroupDirectoryDAO;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.group.GroupManager;
import org.ametys.core.observation.Event;
import org.ametys.core.observation.ObservationManager;
import org.ametys.core.right.ProfileAssignmentStorage;
import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
import org.ametys.core.right.RightAssignmentContext;
import org.ametys.core.right.RightAssignmentContextExtensionPoint;
import org.ametys.core.right.RightManager;
import org.ametys.core.right.RightProfilesDAO;
import org.ametys.core.right.RightsException;
import org.ametys.core.schedule.AmetysJob;
import org.ametys.core.ui.Callable;
import org.ametys.core.ui.ClientSideElement;
import org.ametys.core.ui.ClientSideElementHelper;
import org.ametys.core.ui.StaticClientSideElement;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.core.user.UserHelper;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;

/* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement.class */
public class ProfileAssignmentsToolClientSideElement extends StaticClientSideElement {
    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
    protected RightAssignmentContextExtensionPoint _rightAssignmentContextEP;
    protected GroupDirectoryDAO _groupDirectoryDAO;
    protected GroupManager _groupManager;
    protected ObservationManager _observationManager;
    protected UserHelper _userHelper;
    protected RightProfilesDAO _profileDAO;
    private Set<String> _rightContexts;
    private boolean _readerProfileOnly;

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AccessType.class */
    public enum AccessType {
        ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.1
            @Override // java.lang.Enum
            public String toString() {
                return "allow";
            }
        },
        DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.2
            @Override // java.lang.Enum
            public String toString() {
                return "deny";
            }
        },
        INHERITED_ALLOW { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.3
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_allow";
            }
        },
        INHERITED_DENY { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.4
            @Override // java.lang.Enum
            public String toString() {
                return "inherited_deny";
            }
        },
        UNKNOWN { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.AccessType.5
            @Override // java.lang.Enum
            public String toString() {
                return "unknown";
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget.class */
    public static final class AssignmentTarget extends Record {
        private final String targetType;
        private final Map<String, String> identity;

        AssignmentTarget(String str, Map<String, String> map) {
            this.targetType = str;
            this.identity = map;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, AssignmentTarget.class), AssignmentTarget.class, "targetType;identity", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->targetType:Ljava/lang/String;", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->identity:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, AssignmentTarget.class), AssignmentTarget.class, "targetType;identity", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->targetType:Ljava/lang/String;", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->identity:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, AssignmentTarget.class, Object.class), AssignmentTarget.class, "targetType;identity", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->targetType:Ljava/lang/String;", "FIELD:Lorg/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$AssignmentTarget;->identity:Ljava/util/Map;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String targetType() {
            return this.targetType;
        }

        public Map<String, String> identity() {
            return this.identity;
        }
    }

    /* loaded from: input_file:org/ametys/core/ui/right/ProfileAssignmentsToolClientSideElement$TargetType.class */
    public enum TargetType {
        ANONYMOUS { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.1
            @Override // java.lang.Enum
            public String toString() {
                return "anonymous";
            }
        },
        ANYCONNECTED_USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.2
            @Override // java.lang.Enum
            public String toString() {
                return "anyconnected_user";
            }
        },
        USER { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.3
            @Override // java.lang.Enum
            public String toString() {
                return "user";
            }
        },
        GROUP { // from class: org.ametys.core.ui.right.ProfileAssignmentsToolClientSideElement.TargetType.4
            @Override // java.lang.Enum
            public String toString() {
                return "group";
            }
        }
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement
    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) serviceManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
        this._rightAssignmentContextEP = (RightAssignmentContextExtensionPoint) serviceManager.lookup(RightAssignmentContextExtensionPoint.ROLE);
        this._groupDirectoryDAO = (GroupDirectoryDAO) serviceManager.lookup(GroupDirectoryDAO.ROLE);
        this._groupManager = (GroupManager) serviceManager.lookup(GroupManager.ROLE);
        this._observationManager = (ObservationManager) serviceManager.lookup(ObservationManager.ROLE);
        this._userHelper = (UserHelper) serviceManager.lookup(UserHelper.ROLE);
        this._profileDAO = (RightProfilesDAO) serviceManager.lookup(RightProfilesDAO.ROLE);
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement
    public void configure(Configuration configuration) throws ConfigurationException {
        super.configure(configuration);
        _configureRightContextIds(configuration);
        this._readerProfileOnly = configuration.getChild("class").getChild("reader-profile-only").getValueAsBoolean(false);
    }

    protected void _configureRightContextIds(Configuration configuration) throws ConfigurationException {
        this._rightContexts = new HashSet();
        for (Configuration configuration2 : configuration.getChild("class").getChild("right-contexts").getChildren("right-context")) {
            this._rightContexts.add(configuration2.getValue());
        }
    }

    protected Set<RightAssignmentContext> getRightAssignmentContexts() {
        return !this._rightContexts.isEmpty() ? (Set) this._rightContexts.stream().map(str -> {
            return this._rightAssignmentContextEP.getExtension(str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet()) : (Set) this._rightAssignmentContextEP.getExtensionsIds().stream().map(str2 -> {
            return this._rightAssignmentContextEP.getExtension(str2);
        }).filter(rightAssignmentContext -> {
            return !rightAssignmentContext.isPrivate();
        }).collect(Collectors.toSet());
    }

    @Override // org.ametys.core.ui.StaticFileImportsClientSideElement, org.ametys.core.ui.ClientSideElement
    public List<ClientSideElement.Script> getScripts(boolean z, Map<String, Object> map) {
        List<ClientSideElement.Script> scripts = super.getScripts(z, map);
        if (scripts.size() > 0) {
            ClientSideElement.Script cloneScript = ClientSideElementHelper.cloneScript(scripts.get(0));
            HashMap hashMap = new HashMap();
            cloneScript.getParameters().put("classes", hashMap);
            for (RightAssignmentContext rightAssignmentContext : getRightAssignmentContexts()) {
                int i = 0;
                for (ClientSideElement.Script script : rightAssignmentContext.getScripts(z, map)) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("className", script.getScriptClassname());
                    hashMap2.put("serverId", rightAssignmentContext.getId());
                    hashMap2.put("parameters", script.getParameters());
                    int i2 = i;
                    i++;
                    hashMap.put(rightAssignmentContext.getId() + "-" + i2, hashMap2);
                    cloneScript.getScriptFiles().addAll(script.getScriptFiles());
                    cloneScript.getCSSFiles().addAll(script.getCSSFiles());
                }
            }
            scripts = new ArrayList();
            scripts.add(cloneScript);
        }
        return scripts;
    }

    @Callable(rights = {""})
    public List<Map<String, Object>> getUserGroups(String str, String str2) {
        return (List) this._groupManager.getUserGroups(new UserIdentity(str, str2)).stream().map(this::_groupToJson).collect(Collectors.toList());
    }

    private Map<String, Object> _groupToJson(GroupIdentity groupIdentity) {
        HashMap hashMap = new HashMap();
        hashMap.put("groupId", groupIdentity.getId());
        hashMap.put("groupDirectory", groupIdentity.getDirectoryId());
        return hashMap;
    }

    @Callable(rights = {""})
    public Map<String, Object> saveChanges(String str, Object obj, List<Map<String, Object>> list) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        UserIdentity user = this._currentUserProvider.getUser();
        Set<GroupIdentity> userGroups = this._groupManager.getUserGroups(user);
        if (!_checkRightAssignmentContext(str)) {
            throw new RightsException("The user '" + user + "' try to assign profile on unauthorized context '" + str + "'");
        }
        Map<String, String> rights = getRights(Map.of());
        rights.remove("CMS_Rights_Delegate_Rights");
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        boolean hasRight = hasRight(rights, convertJSContext);
        HashSet hashSet = new HashSet();
        String contextIdentifier = extension.getContextIdentifier(convertJSContext);
        for (Map<String, Object> map : list) {
            String str2 = (String) map.get("profileId");
            if (this._readerProfileOnly && !RightManager.READER_PROFILE_ID.equals(str2)) {
                throw new RightsException("The user '" + user + "' try to the assign profile '" + str2 + "' on the object context '" + obj + "' but only the reader profile is allowed for the right assignment context '" + str + "'");
            }
            String str3 = (String) map.get("assignment");
            String str4 = (String) map.get("targetType");
            map.put("profileLabel", this._profileDAO.getProfile(str2).getLabel());
            if (hasRight || canDelegateRights(user, userGroups, str2, str3, convertJSContext)) {
                hashSet.add(str2);
                _saveChange(convertJSContext, str2, str3, str4, (Map) map.get("identity"));
                arrayList.add(map);
            } else {
                arrayList2.add(map);
            }
        }
        _notifyObservers(convertJSContext, contextIdentifier, hashSet);
        hashMap.put("successInfos", arrayList);
        hashMap.put("errorInfos", arrayList2);
        hashMap.put(AmetysJob.KEY_SUCCESS, Boolean.valueOf(arrayList2.isEmpty()));
        return hashMap;
    }

    protected boolean hasRight(Map<String, String> map, Object obj) {
        return hasRight(map);
    }

    protected boolean _checkRightAssignmentContext(String str) {
        return ((Set) getRightAssignmentContexts().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet())).contains(str);
    }

    @Callable(rights = {""})
    public boolean applyAssignments(String str, List<Map<String, Object>> list, List<Map<String, Object>> list2, boolean z) {
        UserIdentity user = this._currentUserProvider.getUser();
        if (!hasRight(getRights(Map.of()))) {
            getLogger().error("The user '" + user + "' try to apply assignments without sufficient rights");
            return false;
        }
        if (!_checkRightAssignmentContext(str)) {
            throw new RightsException("The user '" + user + "' tries to apply assignments on an unauthorized context '" + str + "'");
        }
        Set<String> set = (Set) this._profileDAO.getProfiles().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        Set<AssignmentTarget> _getAssignmentTargets = _getAssignmentTargets(list2);
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        for (Map<String, Object> map : list) {
            String str2 = (String) map.get("context");
            Object convertJSContext = extension.convertJSContext(str2);
            for (AssignmentTarget assignmentTarget : _getAssignmentTargets) {
                _resetAssignments(set, convertJSContext, assignmentTarget.targetType(), assignmentTarget.identity());
            }
            for (Map<String, Object> map2 : list2) {
                String str3 = (String) map2.get("profileId");
                if (this._readerProfileOnly && !RightManager.READER_PROFILE_ID.equals(str3)) {
                    throw new RightsException("The user '" + user + "' try to apply the profile '" + str3 + "' on the object context '" + str2 + "' but only the reader profile is allowed for the right assignment context '" + str + "'");
                }
                _saveChange(convertJSContext, str3, (String) map2.get("assignment"), (String) map2.get("targetType"), (Map) map2.get("identity"));
            }
            if (((Boolean) map.get("inheritanceAvailable")).booleanValue()) {
                this._profileAssignmentStorageEP.disallowInheritance(convertJSContext, z);
            }
            _notifyObservers(convertJSContext, extension.getContextIdentifier(convertJSContext), set);
        }
        return true;
    }

    private Set<AssignmentTarget> _getAssignmentTargets(List<Map<String, Object>> list) {
        HashSet hashSet = new HashSet();
        for (Map<String, Object> map : list) {
            String str = (String) map.get("targetType");
            switch (TargetType.valueOf(str.toUpperCase())) {
                case ANONYMOUS:
                case ANYCONNECTED_USER:
                    hashSet.add(new AssignmentTarget(str, null));
                    break;
                case USER:
                case GROUP:
                    hashSet.add(new AssignmentTarget(str, (Map) map.get("identity")));
                    break;
            }
        }
        return hashSet;
    }

    protected boolean canDelegateRights(UserIdentity userIdentity, Set<GroupIdentity> set, String str, String str2, Object obj) {
        return (str2 != null ? AccessType.valueOf(str2.toUpperCase()) : AccessType.UNKNOWN) == AccessType.ALLOW && this._rightManager.hasRight(userIdentity, "CMS_Rights_Delegate_Rights", "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW && this._profileAssignmentStorageEP.getPermissions(userIdentity, set, Set.of(str), obj).get(str).toRightResult() == RightManager.RightResult.RIGHT_ALLOW;
    }

    protected void _notifyObservers(Object obj, String str, Set<String> set) {
        this._observationManager.notify(new Event(ObservationConstants.EVENT_ACL_UPDATED, this._currentUserProvider.getUser(), _getEventParams(obj, str, set)));
    }

    protected Map<String, Object> _getEventParams(Object obj, String str, Set<String> set) {
        HashMap hashMap = new HashMap();
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT, obj);
        hashMap.put(ObservationConstants.ARGS_ACL_CONTEXT_IDENTIFIER, str);
        hashMap.put(ObservationConstants.ARGS_ACL_PROFILES, set);
        return hashMap;
    }

    @Callable(rights = {""})
    public boolean isInheritanceDisallowed(String str, Object obj) {
        return this._profileAssignmentStorageEP.isInheritanceDisallowed(this._rightAssignmentContextEP.getExtension(str).convertJSContext(obj));
    }

    @Callable(rights = {"Runtime_Rights_Rights_Handle"})
    public void disallowInheritance(String str, Object obj, boolean z) {
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        String contextIdentifier = extension.getContextIdentifier(convertJSContext);
        this._profileAssignmentStorageEP.disallowInheritance(convertJSContext, z);
        _notifyObservers(convertJSContext, contextIdentifier, (Set) this._profileDAO.getProfiles().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
    }

    @Callable(rights = {""})
    public Map<String, String> getInheritedAssignments(String str, Object obj, List<String> list, String str2, Map<String, String> map) {
        return this._profileAssignmentStorageEP.isInheritanceDisallowed(this._rightAssignmentContextEP.getExtension(str).convertJSContext(obj)) ? (Map) list.stream().collect(Collectors.toMap(str3 -> {
            return str3;
        }, str4 -> {
            return AccessType.UNKNOWN.toString();
        })) : (Map) list.stream().collect(Collectors.toMap(str5 -> {
            return str5;
        }, str6 -> {
            return getInheritedAssignment(str, obj, str6, str2, map);
        }));
    }

    @Callable(rights = {""})
    public String getInheritedAssignment(String str, Object obj, String str2, String str3, Map<String, String> map) {
        RightAssignmentContext extension = this._rightAssignmentContextEP.getExtension(str);
        Object convertJSContext = extension.convertJSContext(obj);
        if (this._profileAssignmentStorageEP.isInheritanceDisallowed(convertJSContext)) {
            return AccessType.UNKNOWN.toString();
        }
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                return _getInheritedAssignmentForAnonymous(extension, convertJSContext, str2);
            case ANYCONNECTED_USER:
                return _getInheritedAssignmentForAnyconnected(extension, convertJSContext, str2);
            case USER:
                return _getInheritedAssignmentForUser(extension, convertJSContext, str2, this._userHelper.json2userIdentity(map));
            case GROUP:
                return _getInheritedAssignmentForGroup(extension, convertJSContext, str2, new GroupIdentity(map.get("groupId"), map.get("groupDirectory")));
            default:
                return AccessType.UNKNOWN.toString();
        }
    }

    private String _getInheritedAssignmentForAnonymous(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts);
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED)).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED)).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnonymous = _getInheritedAssignmentForAnonymous(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnonymous)) {
                    accessType = _getInheritedAssignmentForAnonymous;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForAnyconnected(RightAssignmentContext rightAssignmentContext, Object obj, String str) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = this._profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts);
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED)).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED)).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForAnyconnected = _getInheritedAssignmentForAnyconnected(rightAssignmentContext, obj2, str);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForAnyconnected)) {
                    accessType = _getInheritedAssignmentForAnyconnected;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForUser(RightAssignmentContext rightAssignmentContext, Object obj, String str, UserIdentity userIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<UserIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForUsers = this._profileAssignmentStorageEP.getProfilesForUsers(obj2, userIdentity);
                if (((Set) Optional.ofNullable(profilesForUsers.get(userIdentity)).map(map -> {
                    return (Set) map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
                }).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForUsers.get(userIdentity)).map(map2 -> {
                    return (Set) map2.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
                }).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForUser = _getInheritedAssignmentForUser(rightAssignmentContext, obj2, str, userIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForUser)) {
                    accessType = _getInheritedAssignmentForUser;
                }
            }
        }
        return accessType;
    }

    private String _getInheritedAssignmentForGroup(RightAssignmentContext rightAssignmentContext, Object obj, String str, GroupIdentity groupIdentity) {
        String accessType = AccessType.UNKNOWN.toString();
        Set<Object> parentContexts = rightAssignmentContext.getParentContexts(obj);
        if (parentContexts != null) {
            for (Object obj2 : parentContexts) {
                Map<GroupIdentity, Map<ProfileAssignmentStorage.UserOrGroup, Set<String>>> profilesForGroups = this._profileAssignmentStorageEP.getProfilesForGroups(obj2, Set.of(groupIdentity));
                if (((Set) Optional.ofNullable(profilesForGroups.get(groupIdentity)).map(map -> {
                    return (Set) map.get(ProfileAssignmentStorage.UserOrGroup.DENIED);
                }).orElse(Set.of())).contains(str)) {
                    return AccessType.INHERITED_DENY.toString();
                }
                if (((Set) Optional.ofNullable(profilesForGroups.get(groupIdentity)).map(map2 -> {
                    return (Set) map2.get(ProfileAssignmentStorage.UserOrGroup.ALLOWED);
                }).orElse(Set.of())).contains(str)) {
                    accessType = AccessType.INHERITED_ALLOW.toString();
                }
                String _getInheritedAssignmentForGroup = _getInheritedAssignmentForGroup(rightAssignmentContext, obj2, str, groupIdentity);
                if (!AccessType.UNKNOWN.toString().equals(_getInheritedAssignmentForGroup)) {
                    accessType = _getInheritedAssignmentForGroup;
                }
            }
        }
        return accessType;
    }

    private void _resetAssignments(Set<String> set, Object obj, String str, Map<String, String> map) {
        TargetType valueOf = TargetType.valueOf(str.toUpperCase());
        for (String str2 : set) {
            switch (valueOf) {
                case ANONYMOUS:
                    this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str2, obj);
                    this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str2, obj);
                    break;
                case ANYCONNECTED_USER:
                    this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str2, obj);
                    this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str2, obj);
                    break;
                case USER:
                    UserIdentity json2userIdentity = this._userHelper.json2userIdentity(map);
                    this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str2, obj);
                    this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str2, obj);
                    break;
                case GROUP:
                    GroupIdentity groupIdentity = new GroupIdentity(map.get("groupId"), map.get("groupDirectory"));
                    this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str2, obj);
                    this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str2, obj);
                    break;
            }
        }
    }

    private void _saveChange(Object obj, String str, String str2, String str3, Map<String, String> map) {
        AccessType valueOf = str2 != null ? AccessType.valueOf(str2.toUpperCase()) : AccessType.UNKNOWN;
        switch (TargetType.valueOf(str3.toUpperCase())) {
            case ANONYMOUS:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnonymous(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnonymous(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(str, obj);
                        return;
                }
            case ANYCONNECTED_USER:
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.allowProfileToAnyConnectedUser(str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.denyProfileToAnyConnectedUser(str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(str, obj);
                        return;
                }
            case USER:
                UserIdentity json2userIdentity = this._userHelper.json2userIdentity(map);
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToUser(json2userIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToUser(json2userIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromUser(json2userIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromUser(json2userIdentity, str, obj);
                        return;
                }
            case GROUP:
                GroupIdentity groupIdentity = new GroupIdentity(map.get("groupId"), map.get("groupDirectory"));
                switch (valueOf) {
                    case ALLOW:
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.allowProfileToGroup(groupIdentity, str, obj);
                        return;
                    case DENY:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.denyProfileToGroup(groupIdentity, str, obj);
                        return;
                    default:
                        this._profileAssignmentStorageEP.removeAllowedProfileFromGroup(groupIdentity, str, obj);
                        this._profileAssignmentStorageEP.removeDeniedProfileFromGroup(groupIdentity, str, obj);
                        return;
                }
            default:
                return;
        }
    }
}
