package org.opensingular.requirement.module.spring.security;

import com.google.common.base.Joiner;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.transaction.Transactional;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensingular.flow.persistence.entity.TaskInstanceHistoryEntity;
import org.opensingular.form.context.SFormConfig;
import org.opensingular.lib.commons.base.SingularProperties;
import org.opensingular.requirement.module.box.action.BoxItemActionList;
import org.opensingular.requirement.module.config.IServerContext;
import org.opensingular.requirement.module.form.FormAction;
import org.opensingular.requirement.module.persistence.entity.form.RequirementEntity;
import org.opensingular.requirement.module.service.RequirementInstance;
import org.opensingular.requirement.module.service.RequirementService;
import org.opensingular.requirement.module.service.dto.BoxConfigurationData;
import org.opensingular.requirement.module.service.dto.BoxItemAction;
import org.opensingular.requirement.module.service.dto.FormDTO;
import org.opensingular.requirement.module.wicket.SingularSession;

/* loaded from: input_file:org/opensingular/requirement/module/spring/security/AuthorizationServiceImpl.class */
public class AuthorizationServiceImpl implements AuthorizationService {

    @Inject
    protected PermissionResolverService permissionResolverService;

    @Inject
    protected RequirementService<RequirementEntity, RequirementInstance> requirementService;

    @Inject
    @Named("peticionamentoUserDetailService")
    private SingularUserDetailsService peticionamentoUserDetailService;

    @Inject
    @Named("formConfigWithDatabase")
    private Optional<SFormConfig<String>> singularFormConfig;

    @Override // org.opensingular.requirement.module.spring.security.AuthorizationService
    public void filterBoxWithPermissions(List<BoxConfigurationData> list, String str) {
        List<SingularPermission> searchPermissions = searchPermissions(str);
        Iterator<BoxConfigurationData> it = list.iterator();
        while (it.hasNext()) {
            BoxConfigurationData next = it.next();
            if (hasPermission(str, next.getId().toUpperCase(), searchPermissions)) {
                filterForms(next, searchPermissions, str);
            } else {
                it.remove();
            }
        }
    }

    @Override // org.opensingular.requirement.module.spring.security.AuthorizationService
    public void filterActions(String str, Long l, BoxItemActionList boxItemActionList, String str2) {
        filterActions(str, l, boxItemActionList, str2, searchPermissions(str2));
    }

    private void filterActions(String str, Long l, BoxItemActionList boxItemActionList, String str2, List<SingularPermission> list) {
        RequirementAuthMetadataDTO requirementAuthMetadataDTO = null;
        if (l != null) {
            requirementAuthMetadataDTO = this.requirementService.findRequirementAuthMetadata(l);
        }
        Iterator<BoxItemAction> it = boxItemActionList.iterator();
        while (it.hasNext()) {
            BoxItemAction next = it.next();
            String formSimpleName = getFormSimpleName(str);
            if (!hasPermission(str2, next.getFormAction() != null ? buildPermissionKey(requirementAuthMetadataDTO, formSimpleName, next.getFormAction().name()) : buildPermissionKey(requirementAuthMetadataDTO, formSimpleName, next.getName()), list)) {
                it.remove();
            }
        }
    }

    @Override // org.opensingular.requirement.module.spring.security.AuthorizationService
    public List<SingularPermission> filterListTaskPermissions(List<SingularPermission> list) {
        return (List) list.stream().filter(singularPermission -> {
            return (singularPermission == null || singularPermission.getSingularId() == null || !singularPermission.getSingularId().startsWith(AuthorizationService.LIST_TASKS_PERMISSION_PREFIX)) ? false : true;
        }).collect(Collectors.toList());
    }

    private List<SingularPermission> searchPermissions(String str) {
        SingularRequirementUserDetails userDetails;
        if (!SingularSession.exists() || (userDetails = SingularSession.get().getUserDetails()) == null || str == null || !str.equals(userDetails.getApplicantId())) {
            return this.permissionResolverService.searchPermissions(str);
        }
        if (CollectionUtils.isEmpty(userDetails.getPermissions())) {
            userDetails.addPermissions(this.peticionamentoUserDetailService.searchPermissions(userDetails.getApplicantId()));
        }
        return userDetails.getPermissions();
    }

    private void filterForms(BoxConfigurationData boxConfigurationData, List<SingularPermission> list, String str) {
        Iterator<FormDTO> it = boxConfigurationData.getForms().iterator();
        while (it.hasNext()) {
            if (!hasPermission(str, buildPermissionKey(null, it.next().getAbbreviation(), FormAction.FORM_FILL.name()), list)) {
                it.remove();
            }
        }
    }

    private String buildPermissionKey(RequirementAuthMetadataDTO requirementAuthMetadataDTO, String str, String str2) {
        String upperCase = Joiner.on(AuthorizationService.SEPARATOR).skipNulls().join(upperCaseOrNull(str2), upperCaseOrNull(str), new Object[]{getDefinitionKey(requirementAuthMetadataDTO), getCurrentTaskAbbreviation(requirementAuthMetadataDTO)}).toUpperCase();
        if (getLogger().isTraceEnabled()) {
            getLogger().debug(String.format("Nome de permissão computada %s", upperCase));
        }
        return upperCase;
    }

    private String getDefinitionKey(RequirementAuthMetadataDTO requirementAuthMetadataDTO) {
        if (requirementAuthMetadataDTO != null) {
            return requirementAuthMetadataDTO.getDefinitionKey();
        }
        return null;
    }

    private String getCurrentTaskAbbreviation(RequirementAuthMetadataDTO requirementAuthMetadataDTO) {
        if (requirementAuthMetadataDTO != null) {
            return requirementAuthMetadataDTO.getCurrentTaskAbbreviation();
        }
        return null;
    }

    private String upperCaseOrNull(String str) {
        if (str != null) {
            return str.toUpperCase();
        }
        return null;
    }

    @Override // org.opensingular.requirement.module.spring.security.AuthorizationService
    public boolean hasPermission(Long l, String str, String str2, String str3) {
        RequirementAuthMetadataDTO requirementAuthMetadataDTO = null;
        if (l != null) {
            requirementAuthMetadataDTO = this.requirementService.findRequirementAuthMetadata(l);
        }
        return hasPermission(requirementAuthMetadataDTO, str, str2, str3);
    }

    private boolean hasPermission(RequirementAuthMetadataDTO requirementAuthMetadataDTO, String str, String str2, String str3) {
        String formSimpleName = getFormSimpleName(str);
        if (requirementAuthMetadataDTO != null) {
            formSimpleName = getFormSimpleName(requirementAuthMetadataDTO.getFormTypeAbbreviation());
        }
        return hasPermission(str2, buildPermissionKey(requirementAuthMetadataDTO, formSimpleName, str3));
    }

    private boolean hasPermission(String str, String str2) {
        return hasPermission(str, str2, searchPermissions(str));
    }

    private String removeTask(String str) {
        int lastIndexOf = str.lastIndexOf(AuthorizationService.SEPARATOR);
        return lastIndexOf > -1 ? str.substring(0, lastIndexOf) : str;
    }

    private boolean hasPermission(String str, String str2, List<SingularPermission> list) {
        if (SingularProperties.get().isTrue("singular.auth.disable") || list.stream().anyMatch(singularPermission -> {
            return singularPermission.getSingularId().equals(str2);
        })) {
            return true;
        }
        String removeTask = removeTask(str2);
        if (list.stream().anyMatch(singularPermission2 -> {
            return singularPermission2.getSingularId().equals(removeTask);
        })) {
            return true;
        }
        getLogger().info(" Usuário logado {} não possui a permissão {} ", str, str2);
        return false;
    }

    private String getFormSimpleName(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return (String) this.singularFormConfig.flatMap(sFormConfig -> {
            return sFormConfig.getTypeLoader().loadType(str);
        }).map(sType -> {
            return sType.getNameSimple();
        }).map((v0) -> {
            return v0.toUpperCase();
        }).orElse(null);
    }

    @Override // org.opensingular.requirement.module.spring.security.AuthorizationService
    @Transactional
    public boolean hasPermission(Long l, String str, String str2, String str3, String str4, IServerContext iServerContext, boolean z) {
        boolean hasPermission = hasPermission(l, str, str2, str4);
        boolean z2 = false;
        boolean z3 = l == null;
        if (l != null) {
            if (iServerContext.checkOwner()) {
                z2 = isOwner(l, str2, str3);
            } else {
                z3 = z || !isTaskAssignedToAnotherUser(l, str2);
            }
        }
        return hasPermission && (z2 || z3);
    }

    protected boolean isOwner(Long l, String str, String str2) {
        RequirementInstance requirement = this.requirementService.getRequirement(l);
        boolean equals = Objects.equals(requirement.getApplicant().getIdPessoa(), str2);
        if (!equals) {
            getLogger().info("User {} (SingularRequirementUserDetails::getApplicantId={}) is not owner of Requirement with id={}. Expected owner id={} ", new Object[]{str, str2, l, requirement.getApplicant().getIdPessoa()});
        }
        return equals;
    }

    protected boolean isTaskAssignedToAnotherUser(Long l, String str) {
        if (l == null || str == null) {
            return false;
        }
        return ((Boolean) this.requirementService.findCurrentTaskEntityByRequirementId(l).map((v0) -> {
            return v0.getTaskHistory();
        }).filter(list -> {
            return !list.isEmpty();
        }).map(list2 -> {
            return (TaskInstanceHistoryEntity) list2.get(list2.size() - 1);
        }).map(taskInstanceHistoryEntity -> {
            return Boolean.valueOf((taskInstanceHistoryEntity.getAllocatedUser() == null || taskInstanceHistoryEntity.getAllocationEndDate() != null || str.equalsIgnoreCase(taskInstanceHistoryEntity.getAllocatedUser().getCodUsuario())) ? false : true);
        }).orElse(Boolean.FALSE)).booleanValue();
    }
}
