package edu.internet2.middleware.grouper.permissions;

import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.attr.AttributeDefName;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.permissions.PermissionEntry;
import edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBean;
import edu.internet2.middleware.grouper.permissions.role.Role;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/grouper-5.7.1.jar:edu/internet2/middleware/grouper/permissions/PermissionFinder.class */
public class PermissionFinder {
    private Boolean enabled;
    private PermissionProcessor permissionProcessor;
    private Map<String, Object> limitEnvVars = null;
    private Collection<String> memberIds = null;
    private Collection<String> roleIds = null;
    private Collection<String> permissionDefIds = null;
    private Collection<String> permissionNameIds = null;
    private Stem permissionNameFolder = null;
    private Stem.Scope permissionNameFolderScope = null;
    private Collection<String> actions = null;
    private boolean immediateOnly = false;
    private PermissionEntry.PermissionType permissionType = PermissionEntry.PermissionType.role_subject;
    private Timestamp pointInTimeFrom = null;
    private Timestamp pointInTimeTo = null;

    public PermissionFinder addLimitEnvVar(String str, Object obj) {
        if (this.limitEnvVars == null) {
            this.limitEnvVars = new LinkedHashMap();
        }
        this.limitEnvVars.put(str, obj);
        return this;
    }

    public PermissionFinder assignLimitEnvVars(Map<String, Object> map) {
        this.limitEnvVars = map;
        return this;
    }

    public PermissionFinder addMemberId(String str) {
        if (this.memberIds == null) {
            this.memberIds = new ArrayList();
        }
        if (!this.memberIds.contains(str)) {
            this.memberIds.add(str);
        }
        return this;
    }

    public PermissionFinder assignMemberIds(Collection<String> collection) {
        this.memberIds = collection;
        return this;
    }

    public PermissionFinder addSubject(Subject subject) {
        return addMemberId(MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, true).getUuid());
    }

    public PermissionFinder addRoleId(String str) {
        if (!StringUtils.isBlank(str)) {
            if (this.roleIds == null) {
                this.roleIds = new ArrayList();
            }
            if (!this.roleIds.contains(str)) {
                this.roleIds.add(str);
            }
        }
        return this;
    }

    public PermissionFinder assignRoleIds(Collection<String> collection) {
        this.roleIds = collection;
        return this;
    }

    public PermissionFinder addRole(Role role) {
        return addRoleId(role.getId());
    }

    public PermissionFinder addRole(String str) {
        return addRoleId(GroupFinder.findByName(GrouperSession.staticGrouperSession(), str, true).getId());
    }

    public PermissionFinder addPermissionDefId(String str) {
        if (!StringUtils.isBlank(str)) {
            if (this.permissionDefIds == null) {
                this.permissionDefIds = new ArrayList();
            }
            if (!this.permissionDefIds.contains(str)) {
                this.permissionDefIds.add(str);
            }
        }
        return this;
    }

    public PermissionFinder assignPermissionDefIds(Collection<String> collection) {
        this.permissionDefIds = collection;
        return this;
    }

    public PermissionFinder assignPermissionNameFolder(Stem stem) {
        this.permissionNameFolder = stem;
        return this;
    }

    public PermissionFinder assignPermissionNameFolderScope(Stem.Scope scope) {
        this.permissionNameFolderScope = scope;
        return this;
    }

    public PermissionFinder addPermissionDef(AttributeDef attributeDef) {
        return addPermissionDefId(attributeDef.getId());
    }

    public PermissionFinder addPermissionDef(String str) {
        return addPermissionDefId(AttributeDefFinder.findByName(str, true).getId());
    }

    public PermissionFinder addPermissionNameId(String str) {
        if (!StringUtils.isBlank(str)) {
            if (this.permissionNameIds == null) {
                this.permissionNameIds = new ArrayList();
            }
            if (!this.permissionNameIds.contains(str)) {
                this.permissionNameIds.add(str);
            }
        }
        return this;
    }

    public PermissionFinder assignPermissionNameIds(Collection<String> collection) {
        this.permissionNameIds = collection;
        return this;
    }

    public PermissionFinder addPermissionName(AttributeDefName attributeDefName) {
        return addPermissionNameId(attributeDefName.getId());
    }

    public PermissionFinder addPermissionName(String str) {
        return addPermissionNameId(AttributeDefNameFinder.findByName(str, true).getId());
    }

    public PermissionFinder addAction(String str) {
        if (!StringUtils.isBlank(str)) {
            if (this.actions == null) {
                this.actions = new ArrayList();
            }
            if (!this.actions.contains(str)) {
                this.actions.add(str);
            }
        }
        return this;
    }

    public PermissionFinder assignActions(Collection<String> collection) {
        this.actions = collection;
        return this;
    }

    public PermissionFinder assignEnabled(Boolean bool) {
        this.enabled = bool;
        return this;
    }

    public PermissionFinder assignPermissionProcessor(PermissionProcessor permissionProcessor) {
        this.permissionProcessor = permissionProcessor;
        return this;
    }

    public PermissionFinder assignImmediateOnly(boolean z) {
        this.immediateOnly = z;
        return this;
    }

    public PermissionFinder assignPermissionType(PermissionEntry.PermissionType permissionType) {
        this.permissionType = permissionType;
        return this;
    }

    public boolean hasPermission() {
        if (this.permissionType == PermissionEntry.PermissionType.role_subject) {
            if (GrouperUtil.length(this.memberIds) != 1) {
                throw new RuntimeException("You need to search for 1 and only 1 subject when using hasPermission for subject permissions: " + this);
            }
        } else if (this.permissionType == PermissionEntry.PermissionType.role && GrouperUtil.length(this.roleIds) != 1) {
            throw new RuntimeException("You need to search for 1 and only 1 role when using hasPermission for role permissions: " + this);
        }
        if (this.permissionProcessor == null) {
            this.permissionProcessor = this.limitEnvVars == null ? PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES : PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS;
        } else if (this.permissionProcessor != PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES && this.permissionProcessor != PermissionProcessor.FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS) {
            throw new RuntimeException("permissionProcessor must be FILTER_REDUNDANT_PERMISSIONS_AND_ROLES or FILTER_REDUNDANT_PERMISSIONS_AND_ROLES_AND_PROCESS_LIMITS");
        }
        Set<PermissionEntry> findPermissions = findPermissions();
        if (GrouperUtil.length(findPermissions) > 1) {
            throw new RuntimeException("Why is there more than one permission entry? " + GrouperUtil.stringValue(findPermissions));
        }
        if (GrouperUtil.length(findPermissions) == 0) {
            return false;
        }
        return (this.pointInTimeTo == null && this.pointInTimeFrom == null) ? findPermissions.iterator().next().isAllowedOverall() : !findPermissions.iterator().next().isDisallowed();
    }

    public Map<PermissionEntry, Set<PermissionLimitBean>> findPermissionsAndLimits() {
        PermissionProcessor permissionProcessor = this.permissionProcessor;
        validateProcessor();
        PermissionProcessor permissionProcessor2 = permissionProcessor;
        boolean z = false;
        if (permissionProcessor != null && this.permissionProcessor.isLimitProcessor()) {
            permissionProcessor2 = this.permissionProcessor.nonLimitPermissionProcesssor();
            z = true;
        }
        assignPermissionProcessor(permissionProcessor2);
        Set<PermissionEntry> findPermissions = findPermissions();
        assignPermissionProcessor(permissionProcessor);
        Map<PermissionEntry, Set<PermissionLimitBean>> nonNull = GrouperUtil.nonNull(PermissionLimitBean.findPermissionLimits(findPermissions));
        if (z) {
            PermissionProcessor.processLimits(findPermissions, this.limitEnvVars, nonNull);
        }
        return nonNull;
    }

    public PermissionResult findPermissionResult() {
        return new PermissionResult(findPermissions());
    }

    public Set<PermissionEntry> findPermissions() {
        Set<PermissionEntry> findPermissions;
        if (GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.emptySetOfLookupsReturnsNoResults", true)) {
            if (this.memberIds != null && this.memberIds.size() == 0) {
                return new HashSet();
            }
            if (this.permissionDefIds != null && this.permissionDefIds.size() == 0) {
                return new HashSet();
            }
            if (this.permissionNameIds != null && this.permissionNameIds.size() == 0) {
                return new HashSet();
            }
        }
        validateProcessor();
        if (this.pointInTimeFrom == null && this.pointInTimeTo == null) {
            if (this.permissionType == PermissionEntry.PermissionType.role_subject) {
                findPermissions = GrouperDAOFactory.getFactory().getPermissionEntry().findPermissions(this.permissionDefIds, this.permissionNameIds, this.roleIds, this.actions, this.enabled, this.memberIds, false, this.permissionNameFolder, this.permissionNameFolderScope);
            } else {
                if (this.permissionType != PermissionEntry.PermissionType.role) {
                    throw new RuntimeException("Not expecting permission type: " + this.permissionType);
                }
                findPermissions = GrouperDAOFactory.getFactory().getPermissionEntry().findRolePermissions(this.permissionDefIds, this.permissionNameIds, this.roleIds, this.actions, this.enabled, false, this.permissionNameFolder, this.permissionNameFolderScope);
            }
        } else {
            if (this.permissionType != PermissionEntry.PermissionType.role_subject) {
                throw new RuntimeException("Not expecting permission type: " + this.permissionType);
            }
            if (this.permissionNameFolder != null) {
                throw new RuntimeException("Not implemented looking for permissions by folder and point in time");
            }
            findPermissions = GrouperDAOFactory.getFactory().getPITPermissionAllView().findPermissions(this.permissionDefIds, this.permissionNameIds, this.roleIds, this.actions, this.memberIds, this.pointInTimeFrom, this.pointInTimeTo);
        }
        if (this.permissionProcessor != null) {
            this.permissionProcessor.processPermissions(findPermissions, this.limitEnvVars);
        }
        if (this.immediateOnly) {
            Iterator it = GrouperUtil.nonNull((Set) findPermissions).iterator();
            while (it.hasNext()) {
                if (!((PermissionEntry) it.next()).isImmediate(this.permissionType)) {
                    it.remove();
                }
            }
        }
        return findPermissions;
    }

    private void validateProcessor() {
        if (this.permissionProcessor != null && this.enabled != null && !this.enabled.booleanValue()) {
            throw new RuntimeException("You cannot process the permissions (FILTER_REDUNDANT_PERMISSIONS || FILTER_REUNDANT_PERMISSIONS_AND_ROLES) without looking for enabled permissions only");
        }
        if (this.permissionProcessor != null && this.enabled == null) {
            this.enabled = true;
        }
        if (this.pointInTimeFrom == null && this.pointInTimeTo == null) {
            return;
        }
        if (this.limitEnvVars != null && this.limitEnvVars.size() > 0) {
            throw new RuntimeException("Cannot use limits for point in time queries.");
        }
        if (this.immediateOnly) {
            throw new RuntimeException("immediateOnly is not supported for point in time queries.");
        }
        if (this.enabled == null || !this.enabled.booleanValue()) {
            throw new RuntimeException("Cannot search for disabled permissions for point in time queries.");
        }
        if (this.permissionType == PermissionEntry.PermissionType.role) {
            throw new RuntimeException("Permission type " + PermissionEntry.PermissionType.role.getName() + " is not supported for point in time queries.");
        }
        if (this.permissionProcessor != null) {
            if (this.permissionProcessor.isLimitProcessor()) {
                throw new RuntimeException("limit processors are not supported for point in time queries.");
            }
            if (this.pointInTimeFrom == null || this.pointInTimeTo == null || this.pointInTimeFrom.getTime() != this.pointInTimeTo.getTime()) {
                throw new RuntimeException("When using permission processors with point in time queries, queries have to be at a single point in time.");
            }
        }
    }

    public PermissionEntry findPermission(boolean z) {
        Set<PermissionEntry> findPermissions = findPermissions();
        PermissionEntry permissionEntry = null;
        if (GrouperUtil.length(findPermissions) > 1) {
            throw new RuntimeException("Why is there more than one permission found? " + this);
        }
        if (GrouperUtil.length(findPermissions) == 1) {
            permissionEntry = findPermissions.iterator().next();
        }
        if (permissionEntry == null && z) {
            throw new RuntimeException("could not find permission: " + this);
        }
        return permissionEntry;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        if (GrouperUtil.length(this.actions) > 0) {
            sb.append("actions: ").append(GrouperUtil.toStringForLog(this.actions, 100));
        }
        if (GrouperUtil.length(this.permissionDefIds) > 0) {
            sb.append("attributeDefIds: ").append(GrouperUtil.toStringForLog(this.permissionDefIds, 100));
        }
        if (GrouperUtil.length(this.permissionNameIds) > 0) {
            sb.append("attributeDefNameIds: ").append(GrouperUtil.toStringForLog(this.permissionNameIds, 100));
        }
        if (this.enabled != null) {
            sb.append("enabled: ").append(this.enabled);
        }
        if (this.immediateOnly) {
            sb.append("immediateOnly: ").append(this.immediateOnly);
        }
        if (GrouperUtil.length(this.limitEnvVars) > 0) {
            sb.append("limitEnvVars: ").append(GrouperUtil.toStringForLog(this.limitEnvVars, 100));
        }
        if (GrouperUtil.length(this.memberIds) > 0) {
            sb.append("memberIds: ").append(GrouperUtil.toStringForLog(this.memberIds, 100));
        }
        if (this.permissionProcessor != null) {
            sb.append("permissionProcessor: ").append(this.permissionProcessor);
        }
        if (this.permissionType != null) {
            sb.append("permissionType: ").append(this.permissionType);
        }
        if (GrouperUtil.length(this.roleIds) > 0) {
            sb.append("roleIds: ").append(GrouperUtil.toStringForLog(this.roleIds, 100));
        }
        return sb.toString();
    }

    public PermissionFinder assignPointInTimeFrom(Timestamp timestamp) {
        this.pointInTimeFrom = timestamp;
        return this;
    }

    public PermissionFinder assignPointInTimeTo(Timestamp timestamp) {
        this.pointInTimeTo = timestamp;
        return this;
    }
}
