package edu.internet2.middleware.grouper.app.deprovisioning;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.AttributeDefPrivilege;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privs.Privilege;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.CompareToBuilder;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-5.0.1.jar:edu/internet2/middleware/grouper/app/deprovisioning/GrouperDeprovisioningAffiliation.class */
public class GrouperDeprovisioningAffiliation implements Comparable<GrouperDeprovisioningAffiliation> {
    private String label;
    private String groupNameMeansInAffiliation;
    private static final Log LOG = GrouperUtil.getLog(GrouperDeprovisioningAffiliation.class);

    public String getLabel() {
        return this.label;
    }

    public void setLabel(String str) {
        this.label = str;
    }

    public String getGroupNameMeansInAffiliation() {
        return this.groupNameMeansInAffiliation;
    }

    public void setGroupNameMeansInAffiliation(String str) {
        this.groupNameMeansInAffiliation = str;
    }

    @Override // java.lang.Comparable
    public int compareTo(GrouperDeprovisioningAffiliation grouperDeprovisioningAffiliation) {
        if (grouperDeprovisioningAffiliation == null) {
            return 1;
        }
        if (this == grouperDeprovisioningAffiliation) {
            return 0;
        }
        return new CompareToBuilder().append(this.label, grouperDeprovisioningAffiliation.label).toComparison();
    }

    public String getManagersGroupName() {
        return GrouperDeprovisioningSettings.deprovisioningStemName() + ":managersWhoCanDeprovision_" + this.label;
    }

    public String getUsersWhoHaveBeenDeprovisionedGroupName() {
        return GrouperDeprovisioningSettings.deprovisioningStemName() + ":usersWhoHaveBeenDeprovisioned_" + this.label;
    }

    public Boolean deprovisionMembership(final Membership membership) {
        return (Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.1
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Boolean callback(GrouperSession grouperSession) throws GrouperSessionException {
                Subject subject = membership.getMember().getSubject();
                Group ownerGroup = membership.getOwnerGroupId() != null ? membership.getOwnerGroup() : null;
                if (ownerGroup != null) {
                    ownerGroup.deleteMember(membership.getMember(), false);
                    Iterator<Privilege> it = AccessPrivilege.ALL_PRIVILEGES.iterator();
                    while (it.hasNext()) {
                        ownerGroup.revokePriv(subject, it.next(), false);
                    }
                }
                AttributeDef ownerAttributeDef = membership.getOwnerAttrDefId() != null ? membership.getOwnerAttributeDef() : null;
                if (ownerAttributeDef != null) {
                    Iterator<Privilege> it2 = AttributeDefPrivilege.ALL_PRIVILEGES.iterator();
                    while (it2.hasNext()) {
                        ownerAttributeDef.getPrivilegeDelegate().revokePriv(subject, it2.next(), false);
                    }
                }
                Stem ownerStem = membership.getOwnerStemId() != null ? membership.getOwnerStem() : null;
                if (ownerStem != null) {
                    Iterator<Privilege> it3 = NamingPrivilege.ALL_PRIVILEGES.iterator();
                    while (it3.hasNext()) {
                        ownerStem.revokePriv(subject, it3.next(), false);
                    }
                }
                return Boolean.valueOf(GrouperDeprovisioningAffiliation.this.getUsersWhoHaveBeenDeprovisionedGroup().addMember(subject, false));
            }
        });
    }

    public Set<Member> getUsersWhoHaveBeenDeprovisioned() {
        return (Set) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.2
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Group findByName = GroupFinder.findByName(grouperSession, GrouperDeprovisioningAffiliation.this.getUsersWhoHaveBeenDeprovisionedGroupName(), false);
                if (findByName == null) {
                    throw new RuntimeException("users group deprovisioned is not found '" + GrouperDeprovisioningAffiliation.this.getUsersWhoHaveBeenDeprovisionedGroupName() + "', for affiliation: '" + GrouperDeprovisioningAffiliation.this.getLabel() + "'");
                }
                return findByName.getMembers();
            }
        });
    }

    public Group getUsersWhoHaveBeenDeprovisionedGroup() {
        return (Group) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.3
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Group findByName = GroupFinder.findByName(grouperSession, GrouperDeprovisioningAffiliation.this.getUsersWhoHaveBeenDeprovisionedGroupName(), false);
                if (findByName == null) {
                    GrouperDeprovisioningAffiliation.LOG.info("users group deprovisioned is not found '" + GrouperDeprovisioningAffiliation.this.getUsersWhoHaveBeenDeprovisionedGroupName() + "', for affiliation: '" + GrouperDeprovisioningAffiliation.this.getLabel() + "'");
                }
                return findByName;
            }
        });
    }

    public Group getManagersGroup() {
        return (Group) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.4
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Group findByName = GroupFinder.findByName(grouperSession, GrouperDeprovisioningAffiliation.this.getManagersGroupName(), false);
                if (findByName == null) {
                    GrouperDeprovisioningAffiliation.LOG.info("managers group is not found '" + GrouperDeprovisioningAffiliation.this.getManagersGroupName() + "', for affiliation: '" + GrouperDeprovisioningAffiliation.this.getLabel() + "'");
                }
                return findByName;
            }
        });
    }

    public boolean subjectIsManager(final Subject subject) {
        return ((Boolean) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.5
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                if (PrivilegeHelper.isWheelOrRoot(subject)) {
                    return true;
                }
                Group managersGroup = GrouperDeprovisioningAffiliation.this.getManagersGroup();
                if (managersGroup == null) {
                    return false;
                }
                return Boolean.valueOf(managersGroup.hasMember(subject));
            }
        })).booleanValue();
    }

    public static Map<String, GrouperDeprovisioningAffiliation> retrieveAllAffiliations() {
        TreeMap treeMap = new TreeMap();
        if (GrouperDeprovisioningSettings.deprovisioningEnabled()) {
            String propertyValueString = GrouperConfig.retrieveConfig().propertyValueString("deprovisioning.affiliations");
            if (!StringUtils.isBlank(propertyValueString)) {
                for (String str : GrouperUtil.splitTrimToSet(propertyValueString, ",")) {
                    GrouperDeprovisioningAffiliation grouperDeprovisioningAffiliation = new GrouperDeprovisioningAffiliation();
                    grouperDeprovisioningAffiliation.setLabel(str);
                    grouperDeprovisioningAffiliation.setGroupNameMeansInAffiliation(GrouperConfig.retrieveConfig().propertyValueString("deprovisioning.affiliation_" + str + ".groupNameMeansInAffiliation"));
                    treeMap.put(str, grouperDeprovisioningAffiliation);
                }
            }
        }
        return treeMap;
    }

    public static Set<String> retrieveDeprovisioningAffiliations() {
        return !GrouperConfig.retrieveConfig().propertyValueBoolean("deprovisioning.enable", true) ? new HashSet() : GrouperConfig.retrieveConfig().deprovisioningAffiliations();
    }

    public static Map<String, GrouperDeprovisioningAffiliation> retrieveAffiliationsForUserManager(final Subject subject) {
        return (Map) GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.app.deprovisioning.GrouperDeprovisioningAffiliation.6
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Map<String, GrouperDeprovisioningAffiliation> retrieveAllAffiliations = GrouperDeprovisioningAffiliation.retrieveAllAffiliations();
                if (PrivilegeHelper.isWheelOrRoot(Subject.this)) {
                    return retrieveAllAffiliations;
                }
                TreeMap treeMap = new TreeMap();
                for (String str : retrieveAllAffiliations.keySet()) {
                    GrouperDeprovisioningAffiliation grouperDeprovisioningAffiliation = retrieveAllAffiliations.get(str);
                    if (grouperDeprovisioningAffiliation.getManagersGroup().hasMember(Subject.this)) {
                        treeMap.put(str, grouperDeprovisioningAffiliation);
                    }
                }
                return treeMap;
            }
        });
    }
}
