package org.imixs.marty.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.imixs.workflow.ItemCollection;
import org.imixs.workflow.engine.DocumentService;
import org.imixs.workflow.engine.plugins.AbstractPlugin;
import org.imixs.workflow.engine.scheduler.Scheduler;
import org.imixs.workflow.exceptions.PluginException;

/* loaded from: input_file:WEB-INF/lib/imixs-marty-4.2.1.jar:org/imixs/marty/security/UserGroupPlugin.class */
public class UserGroupPlugin extends AbstractPlugin {
    public static final String INVALID_CONTEXT = "INVALID_CONTEXT";
    static final int EVENT_PROFILE_LOCK = 90;
    static final int TASK_PPROFILE_ACTIVE = 210;

    @EJB
    DocumentService documentService;

    @Inject
    @ConfigProperty(name = "security.setup.mode", defaultValue = "auto")
    String setupMode;
    private static Logger logger = Logger.getLogger(UserGroupPlugin.class.getName());

    @EJB
    UserGroupService userGroupService = null;
    int sequenceNumber = -1;
    ItemCollection workitem = null;

    @Override // org.imixs.workflow.Plugin
    public ItemCollection run(ItemCollection itemCollection, ItemCollection itemCollection2) throws PluginException {
        if (this.userGroupService == null) {
            return itemCollection;
        }
        this.workitem = itemCollection;
        if ("profile".equals(this.workitem.getItemValueString("Type")) && "auto".equalsIgnoreCase(this.setupMode)) {
            int itemValueInteger = this.workitem.getItemValueInteger("$ProcessID");
            int itemValueInteger2 = itemCollection2.getItemValueInteger("numActivityID");
            if (!"admin".equalsIgnoreCase(this.workitem.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME)) && itemValueInteger >= TASK_PPROFILE_ACTIVE && itemValueInteger2 == 90) {
                logger.info("Lock profile '" + this.workitem.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME) + "'");
                this.workitem.replaceItemValue("txtGroups", UserGroupService.ACCESSLEVEL_NOACCESS);
            }
            logger.fine("......update profile '" + this.workitem.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME) + "'....");
            migrateDeprecatedUserRoles();
            this.userGroupService.updateUser(this.workitem);
            return itemCollection;
        }
        return itemCollection;
    }

    private void migrateDeprecatedUserRoles() {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.addAll(this.workitem.getItemValue("txtGroups"));
        List asList = Arrays.asList(UserGroupService.DEPRECATED_CORE_GROUPS);
        for (String str : arrayList) {
            if (asList.contains(str) && !arrayList.contains(this.userGroupService.getCoreGroupName(str))) {
                String coreGroupName = this.userGroupService.getCoreGroupName(str);
                logger.warning("...Your Application provides deprecated userroles! This should not happen - check your application!!");
                logger.warning("..." + this.workitem.getItemValueString(Scheduler.ITEM_SCHEDULER_NAME) + " contains depreacted userrole " + str);
                logger.warning("... Group will be automatically migrated to " + coreGroupName);
                this.workitem.appendItemValueUnique("txtGroups", coreGroupName);
            }
        }
    }
}
