package dev.dsf.fhir.authorization;

import dev.dsf.common.auth.conf.Identity;
import dev.dsf.fhir.authentication.FhirServerRole;
import dev.dsf.fhir.authentication.OrganizationProvider;
import dev.dsf.fhir.authorization.read.ReadAccessHelper;
import dev.dsf.fhir.dao.QuestionnaireResponseDao;
import dev.dsf.fhir.dao.provider.DaoProvider;
import dev.dsf.fhir.help.ParameterConverter;
import dev.dsf.fhir.service.ReferenceResolver;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import org.hl7.fhir.r4.model.QuestionnaireResponse;
import org.hl7.fhir.r4.model.StringType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/fhir/authorization/QuestionnaireResponseAuthorizationRule.class */
public class QuestionnaireResponseAuthorizationRule extends AbstractAuthorizationRule<QuestionnaireResponse, QuestionnaireResponseDao> {
    private static final Logger logger = LoggerFactory.getLogger(QuestionnaireResponseAuthorizationRule.class);
    private static final String CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_BUSINESS_KEY = "business-key";
    private static final String CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_USER_TASK_ID = "user-task-id";

    public QuestionnaireResponseAuthorizationRule(DaoProvider daoProvider, String str, ReferenceResolver referenceResolver, OrganizationProvider organizationProvider, ReadAccessHelper readAccessHelper, ParameterConverter parameterConverter) {
        super(QuestionnaireResponse.class, daoProvider, str, referenceResolver, organizationProvider, readAccessHelper, parameterConverter);
    }

    @Override // dev.dsf.fhir.authorization.AuthorizationRule
    public Optional<String> reasonCreateAllowed(Connection connection, Identity identity, QuestionnaireResponse questionnaireResponse) {
        if (!identity.isLocalIdentity() || !identity.hasDsfRole(FhirServerRole.CREATE)) {
            logger.warn("Create of QuestionnaireResponse unauthorized, not a local user");
            return Optional.empty();
        }
        Optional<String> newResourceOk = newResourceOk(connection, identity, questionnaireResponse, EnumSet.of(QuestionnaireResponse.QuestionnaireResponseStatus.INPROGRESS));
        if (!newResourceOk.isEmpty()) {
            logger.warn("Create of QuestionnaireResponse unauthorized, {}", newResourceOk.get());
            return Optional.empty();
        }
        if (resourceExists(connection, questionnaireResponse)) {
            logger.warn("Create of QuestionnaireResponse unauthorized, QuestionnaireResponse already exists");
            return Optional.empty();
        }
        logger.info("Create of QuestionnaireResponse authorized for local user '{}', QuestionnaireResponse does not exist", identity.getName());
        return Optional.of("local user, QuestionnaireResponse does not exist yet");
    }

    private Optional<String> newResourceOk(Connection connection, Identity identity, QuestionnaireResponse questionnaireResponse, EnumSet<QuestionnaireResponse.QuestionnaireResponseStatus> enumSet) {
        ArrayList arrayList = new ArrayList();
        if (!questionnaireResponse.hasStatus()) {
            arrayList.add("QuestionnaireResponse.status missing");
        } else if (!enumSet.contains(questionnaireResponse.getStatus())) {
            arrayList.add("QuestionnaireResponse.status not one of " + enumSet);
        }
        getItemAndValidate(questionnaireResponse, CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_USER_TASK_ID, arrayList);
        return arrayList.isEmpty() ? Optional.empty() : Optional.of((String) arrayList.stream().collect(Collectors.joining(", ")));
    }

    private Optional<String> getItemAndValidate(QuestionnaireResponse questionnaireResponse, String str, List<String> list) {
        List list2 = (List) questionnaireResponse.getItem().stream().filter((v0) -> {
            return v0.hasLinkId();
        }).filter(questionnaireResponseItemComponent -> {
            return str.equals(questionnaireResponseItemComponent.getLinkId());
        }).collect(Collectors.toList());
        if (list2.size() != 1) {
            if (list != null) {
                list.add("QuestionnaireResponse.item('user-task-id') missing or more than one");
            }
            return Optional.empty();
        }
        QuestionnaireResponse.QuestionnaireResponseItemComponent questionnaireResponseItemComponent2 = (QuestionnaireResponse.QuestionnaireResponseItemComponent) list2.get(0);
        if (!questionnaireResponseItemComponent2.hasAnswer() || questionnaireResponseItemComponent2.getAnswer().size() != 1) {
            if (list != null) {
                list.add("QuestionnaireResponse.item('user-task-id').answer missing or more than one");
            }
            return Optional.empty();
        }
        QuestionnaireResponse.QuestionnaireResponseItemAnswerComponent answerFirstRep = questionnaireResponseItemComponent2.getAnswerFirstRep();
        if (!answerFirstRep.hasValue() || !(answerFirstRep.getValue() instanceof StringType)) {
            if (list != null) {
                list.add("QuestionnaireResponse.item('user-task-id').answer.value missing or not a string");
            }
            return Optional.empty();
        }
        StringType value = answerFirstRep.getValue();
        if (value.hasValue()) {
            return Optional.of((String) value.getValue());
        }
        if (list != null) {
            list.add("QuestionnaireResponse.item('user-task-id').answer.value is blank");
        }
        return Optional.empty();
    }

    private boolean resourceExists(Connection connection, QuestionnaireResponse questionnaireResponse) {
        return false;
    }

    @Override // dev.dsf.fhir.authorization.AuthorizationRule
    public Optional<String> reasonReadAllowed(Connection connection, Identity identity, QuestionnaireResponse questionnaireResponse) {
        if (identity.isLocalIdentity() && identity.hasDsfRole(FhirServerRole.READ)) {
            logger.info("Read of QuestionnaireResponse authorized for local user '{}'", identity.getName());
            return Optional.of("task.restriction.recipient resolved and local user part of referenced organization");
        }
        logger.warn("Read of QuestionnaireResponse unauthorized, not a local user");
        return Optional.empty();
    }

    @Override // dev.dsf.fhir.authorization.AuthorizationRule
    public Optional<String> reasonUpdateAllowed(Connection connection, Identity identity, QuestionnaireResponse questionnaireResponse, QuestionnaireResponse questionnaireResponse2) {
        if (!identity.isLocalIdentity() || !identity.hasDsfRole(FhirServerRole.UPDATE)) {
            logger.warn("Update of QuestionnaireResponse unauthorized, not a local user");
            return Optional.empty();
        }
        Optional<String> newResourceOk = newResourceOk(connection, identity, questionnaireResponse2, EnumSet.of(QuestionnaireResponse.QuestionnaireResponseStatus.COMPLETED, QuestionnaireResponse.QuestionnaireResponseStatus.STOPPED));
        if (!newResourceOk.isEmpty()) {
            logger.warn("Update of QuestionnaireResponse unauthorized, {}", newResourceOk.get());
            return Optional.empty();
        }
        if (modificationsOk(connection, questionnaireResponse, questionnaireResponse2)) {
            logger.info("Update of QuestionnaireResponse authorized for local user '{}', modification allowed", identity.getName());
            return Optional.of("local user; modification allowed");
        }
        logger.warn("Update of QuestionnaireResponse unauthorized, modification not allowed");
        return Optional.empty();
    }

    private boolean modificationsOk(Connection connection, QuestionnaireResponse questionnaireResponse, QuestionnaireResponse questionnaireResponse2) {
        boolean z = QuestionnaireResponse.QuestionnaireResponseStatus.INPROGRESS.equals(questionnaireResponse.getStatus()) && (QuestionnaireResponse.QuestionnaireResponseStatus.COMPLETED.equals(questionnaireResponse2.getStatus()) || QuestionnaireResponse.QuestionnaireResponseStatus.STOPPED.equals(questionnaireResponse2.getStatus()));
        if (!z) {
            logger.warn("Modifications only allowed if status changes from '{}' to '{}', current status of old resource is '{}' and of new resource is '{}'", new Object[]{QuestionnaireResponse.QuestionnaireResponseStatus.INPROGRESS, QuestionnaireResponse.QuestionnaireResponseStatus.COMPLETED + "|" + QuestionnaireResponse.QuestionnaireResponseStatus.STOPPED, questionnaireResponse.getStatus(), questionnaireResponse2.getStatus()});
        }
        String orElse = getItemAndValidate(questionnaireResponse, CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_USER_TASK_ID, new ArrayList()).orElse(null);
        String orElse2 = getItemAndValidate(questionnaireResponse2, CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_USER_TASK_ID, new ArrayList()).orElse(null);
        boolean equals = Objects.equals(orElse, orElse2);
        if (!equals) {
            logger.warn("Modifications only allowed if item.answer with linkId '{}' not changed, change from '{}' to '{}' not allowed", new Object[]{CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_USER_TASK_ID, orElse, orElse2});
        }
        boolean equals2 = Objects.equals(getItemAndValidate(questionnaireResponse, CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_BUSINESS_KEY, new ArrayList()).orElse(null), getItemAndValidate(questionnaireResponse2, CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_BUSINESS_KEY, new ArrayList()).orElse(null));
        if (!equals) {
            logger.warn("Modifications only allowed if item.answer with linkId '{}' not changed, change from '{}' to '{}' not allowed", new Object[]{CODESYSTEM_DSF_BPMN_USER_TASK_VALUE_BUSINESS_KEY, orElse, orElse2});
        }
        return z && equals && equals2;
    }

    @Override // dev.dsf.fhir.authorization.AuthorizationRule
    public Optional<String> reasonDeleteAllowed(Connection connection, Identity identity, QuestionnaireResponse questionnaireResponse) {
        if (identity.isLocalIdentity() && identity.hasDsfRole(FhirServerRole.DELETE)) {
            logger.info("Delete of QuestionnaireResponse authorized for local user '{}'", identity.getName());
            return Optional.of("local user");
        }
        logger.warn("Delete of QuestionnaireResponse unauthorized, not a local user");
        return Optional.empty();
    }
}
