package edu.internet2.middleware.grouper.hooks.examples;

import edu.internet2.middleware.grouper.FieldType;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.attr.AttributeDefName;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
import edu.internet2.middleware.grouper.cache.GrouperCache;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.hooks.MembershipHooks;
import edu.internet2.middleware.grouper.hooks.beans.HooksContext;
import edu.internet2.middleware.grouper.hooks.beans.HooksMembershipChangeBean;
import edu.internet2.middleware.grouper.hooks.logic.GrouperHookType;
import edu.internet2.middleware.grouper.hooks.logic.GrouperHooksUtils;
import edu.internet2.middleware.grouper.hooks.logic.HookVeto;
import edu.internet2.middleware.grouper.misc.GrouperCheckConfig;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.subj.SubjectHelper;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.7.2.jar:edu/internet2/middleware/grouper/hooks/examples/MembershipCannotAddSelfToGroupHook.class */
public class MembershipCannotAddSelfToGroupHook extends MembershipHooks {
    public static final String HOOK_VETO_CANNOT_ADD_SELF_TO_GROUP = "hook.veto.cannotAddSelfToGroup";
    public static final String membershipOneFolderExtensionOfAttributeDefName = "hookMembershipOneInFolder";
    private static final Log LOG = GrouperUtil.getLog(MembershipCannotAddSelfToGroupHook.class);
    private static GrouperCache<String, Boolean> stemHasMembershipOneAttribute = new GrouperCache<>(MembershipCannotAddSelfToGroupHook.class.getName() + ".membershipOneAttribute", 5000, false, 60, 60, false);
    private static boolean registered = false;

    public static void clearHook() {
        registered = false;
        stemHasMembershipOneAttribute.clear();
    }

    public static boolean cannotAddSelfEnabled() {
        return GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.enable.rule.cannotAddSelfToGroup", false);
    }

    public static boolean cannotAddSelfAssignedToGroup(final Group group) {
        if (cannotAddSelfEnabled()) {
            return ((Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(Group.this.getAttributeDelegate().hasAttribute(MembershipCannotAddSelfToGroupHook.cannotAddSelfAttributeDefName()));
                }
            })).booleanValue();
        }
        return false;
    }

    public static boolean cannotAddSelfAssign(final Group group) {
        return ((Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.2
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                return Boolean.valueOf(Group.this.getAttributeDelegate().assignAttribute(MembershipCannotAddSelfToGroupHook.cannotAddSelfAttributeDefName()).isChanged());
            }
        })).booleanValue();
    }

    public static boolean cannotAddSelfRevoke(final Group group) {
        return ((Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.3
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                return Boolean.valueOf(Group.this.getAttributeDelegate().removeAttribute(MembershipCannotAddSelfToGroupHook.cannotAddSelfAttributeDefName()).isChanged());
            }
        })).booleanValue();
    }

    public static boolean cannotAddSelfUserCanEdit(final Group group, final Subject subject) {
        if (!cannotAddSelfEnabled()) {
            return false;
        }
        if (PrivilegeHelper.isWheelOrRoot(subject)) {
            return true;
        }
        return ((Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.4
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                boolean canHavePrivilege = Group.this.canHavePrivilege(subject, AccessPrivilege.ADMIN.getName(), false);
                if (!canHavePrivilege) {
                    return false;
                }
                boolean cannotAddSelfAssignedToGroup = MembershipCannotAddSelfToGroupHook.cannotAddSelfAssignedToGroup(Group.this);
                if (cannotAddSelfAssignedToGroup && canHavePrivilege && GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.cannotAddSelfToGroup.allowRevokeByGroupAdmins", false)) {
                    return true;
                }
                if (!cannotAddSelfAssignedToGroup && canHavePrivilege && GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.cannotAddSelfToGroup.allowAssignByGroupAdmins", true)) {
                    return true;
                }
                Group findByName = GroupFinder.findByName(grouperSession, cannotAddSelfAssignedToGroup ? MembershipCannotAddSelfToGroupHook.cannotAddSelfRevokeGroupName() : MembershipCannotAddSelfToGroupHook.cannotAddSelfAssignGroupName(), false);
                if (findByName == null) {
                    return false;
                }
                return Boolean.valueOf(findByName.hasMember(subject));
            }
        })).booleanValue();
    }

    public static boolean cannotAddSelfUserCanView(Group group, Subject subject) {
        if (cannotAddSelfEnabled()) {
            return PrivilegeHelper.isWheelOrRoot(subject) || group.canHavePrivilege(subject, AccessPrivilege.VIEW.getName(), false);
        }
        return false;
    }

    public static String cannotAddSelfStemName() {
        return GrouperCheckConfig.attributeRootStemName() + ":cannotAddSelfToGroup";
    }

    public static String cannotAddSelfAssignGroupName() {
        return cannotAddSelfStemName() + ":canAssignCannotAddSelf";
    }

    public static String cannotAddSelfRevokeGroupName() {
        return cannotAddSelfStemName() + ":canRevokeCannotAddSelf";
    }

    public static String cannotAddSelfNameOfAttributeDef() {
        return cannotAddSelfStemName() + ":cannotAddSelfAttributeDef";
    }

    public static String cannotAddSelfNameOfAttributeDefName() {
        return cannotAddSelfStemName() + ":cannotAddSelfAttributeDefName";
    }

    public static AttributeDefName cannotAddSelfAttributeDefName() {
        return (AttributeDefName) GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.5
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                return AttributeDefNameFinder.findByName(MembershipCannotAddSelfToGroupHook.cannotAddSelfNameOfAttributeDefName(), true);
            }
        });
    }

    @Override // edu.internet2.middleware.grouper.hooks.MembershipHooks
    public void membershipPreAddMember(HooksContext hooksContext, final HooksMembershipChangeBean hooksMembershipChangeBean) {
        if (FieldType.LIST.equals(hooksMembershipChangeBean.getField().getType()) && !GrouperCheckConfig.inCheckConfig && GrouperStartup.isFinishedStartupSuccessfully() && SubjectHelper.eq(hooksMembershipChangeBean.getMember().getSubject(), GrouperSession.staticGrouperSession().getSubject())) {
            GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.hooks.examples.MembershipCannotAddSelfToGroupHook.6
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    if (hooksMembershipChangeBean.getGroup().getAttributeDelegate().hasAttribute(MembershipCannotAddSelfToGroupHook.cannotAddSelfAttributeDefName())) {
                        throw new HookVeto(MembershipCannotAddSelfToGroupHook.HOOK_VETO_CANNOT_ADD_SELF_TO_GROUP, "You cannot add yourself to this group: " + GrouperUtil.xmlEscape(hooksMembershipChangeBean.getGroup().getName()) + ".  Someone else must add you.");
                    }
                    return null;
                }
            });
        }
    }

    public static void registerHookIfNecessary() {
        if (registered) {
            return;
        }
        GrouperHooksUtils.addHookManual(GrouperHookType.MEMBERSHIP.getPropertyFileKey(), MembershipCannotAddSelfToGroupHook.class);
        registered = true;
    }
}
