package edu.internet2.middleware.grouper.ui;

import edu.internet2.middleware.grouper.Field;
import edu.internet2.middleware.grouper.FieldFinder;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GroupType;
import edu.internet2.middleware.grouper.GrouperHelper;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.attr.AttributeDefName;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssign;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.AttributeDefNotFoundException;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.externalSubjects.ExternalSubject;
import edu.internet2.middleware.grouper.grouperUi.serviceLogic.InviteExternalSubjects;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.ui.util.GrouperUiConfig;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/internet2/middleware/grouper/ui/DefaultUIGroupPrivilegeResolver.class */
public class DefaultUIGroupPrivilegeResolver implements UIGroupPrivilegeResolver {
    protected Group group;
    protected Subject subject;
    protected GrouperSession s;
    protected boolean inited = false;
    Map privs;
    private static final Log LOG = LogFactory.getLog(DefaultUIGroupPrivilegeResolver.class);

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public void init() {
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canEditGroup() {
        try {
            return this.group.hasAdmin(this.subject);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canManageMembers() {
        try {
            if (this.group.canWriteField(FieldFinder.find("members", true))) {
                if (!this.group.isHasComposite()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canManagePrivileges() {
        try {
            return this.group.hasAdmin(this.subject);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canManageField(String str) {
        try {
            if (!str.startsWith(GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.baseStem"))) {
                return this.group.canWriteField(FieldFinder.find(str, true));
            }
            String propertyValueStringRequired = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");
            AttributeDefName findByNameSecure = GrouperDAOFactory.getFactory().getAttributeDefName().findByNameSecure(str, false);
            if (findByNameSecure == null) {
                return false;
            }
            try {
                ((AttributeAssign) this.group.internal_getGroupTypeAssignments().get(findByNameSecure.getAttributeDef().getExtension().substring(propertyValueStringRequired.length()))).getAttributeDelegate().assertCanUpdateAttributeDefName(findByNameSecure);
                return true;
            } catch (AttributeDefNotFoundException e) {
                return false;
            } catch (InsufficientPrivilegeException e2) {
                return false;
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canReadField(String str) {
        try {
            if (!str.startsWith(GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.baseStem"))) {
                return this.group.canReadField(FieldFinder.find(str, true));
            }
            String propertyValueStringRequired = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");
            AttributeDefName findByNameSecure = GrouperDAOFactory.getFactory().getAttributeDefName().findByNameSecure(str, false);
            if (findByNameSecure == null) {
                return false;
            }
            try {
                ((AttributeAssign) this.group.internal_getGroupTypeAssignments().get(findByNameSecure.getAttributeDef().getExtension().substring(propertyValueStringRequired.length()))).getAttributeDelegate().assertCanReadAttributeDefName(findByNameSecure);
                return true;
            } catch (AttributeDefNotFoundException e) {
                return false;
            } catch (InsufficientPrivilegeException e2) {
                return false;
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canManageAnyCustomField() {
        try {
            return GrouperHelper.canUserEditAnyCustomAttribute(this.group);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canOptinGroup() {
        return this.group.hasOptin(this.subject);
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canOptoutGroup() {
        return this.group.hasOptout(this.subject);
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canReadGroup() {
        try {
            return this.group.canReadField(FieldFinder.find("members", true));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canViewGroup() {
        try {
            return this.group.hasView(this.subject);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public final void setGroup(Group group) {
        if (this.group != null) {
            throw new IllegalStateException("setGroup already called");
        }
        this.group = group;
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public void setGrouperSession(GrouperSession grouperSession) {
        if (this.s != null) {
            throw new IllegalStateException("setGrouperSession already called");
        }
        this.s = grouperSession;
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public void setSubject(Subject subject) {
        if (this.subject != null) {
            throw new IllegalStateException("setSubject lready called");
        }
        this.subject = subject;
    }

    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public Map asMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("canInviteExternalPeople", Boolean.valueOf(canInviteExternalPeople()));
        hashMap.put("canEditGroup", Boolean.valueOf(canEditGroup()));
        hashMap.put("canManageMembers", Boolean.valueOf(canManageMembers()));
        hashMap.put("canManagePrivileges", Boolean.valueOf(canManagePrivileges()));
        hashMap.put("canManageAnyCustomField", Boolean.valueOf(canManageAnyCustomField()));
        hashMap.put("canOptinGroup", Boolean.valueOf(canOptinGroup()));
        hashMap.put("canOptoutGroup", Boolean.valueOf(canOptoutGroup()));
        hashMap.put("canViewGroup", Boolean.valueOf(canViewGroup()));
        hashMap.put("canReadGroup", Boolean.valueOf(canReadGroup()));
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        hashMap.put("canManageField", hashMap2);
        hashMap.put("canReadField", hashMap3);
        for (GroupType groupType : this.group.getTypes()) {
            if (!groupType.isSystemType()) {
                for (Field field : groupType.getFields()) {
                    hashMap2.put(field.getName(), Boolean.valueOf(canManageField(field.getName())));
                    hashMap3.put(field.getName(), Boolean.valueOf(canReadField(field.getName())));
                }
                for (AttributeDefName attributeDefName : groupType.getLegacyAttributes()) {
                    hashMap2.put(attributeDefName.getName(), Boolean.valueOf(canManageField(attributeDefName.getName())));
                    hashMap3.put(attributeDefName.getName(), Boolean.valueOf(canReadField(attributeDefName.getName())));
                }
            }
        }
        return hashMap;
    }

    /* JADX WARN: Finally extract failed */
    @Override // edu.internet2.middleware.grouper.ui.UIGroupPrivilegeResolver
    public boolean canInviteExternalPeople() {
        StringBuilder sb = new StringBuilder();
        try {
            boolean propertyValueBoolean = GrouperUiConfig.retrieveConfig().propertyValueBoolean("inviteExternalMembers.enableInvitation", false);
            if (LOG.isDebugEnabled()) {
                sb.append("media.properties enableInvitation: ").append(propertyValueBoolean).append(", ");
            }
            if (!propertyValueBoolean) {
                if (LOG.isDebugEnabled()) {
                    sb.append("result = ").append(false);
                    LOG.debug(sb.toString());
                }
                return false;
            }
            boolean z = this.group == null;
            boolean filterGroup = InviteExternalSubjects.filterGroup(this.group);
            if (LOG.isDebugEnabled()) {
                sb.append("groupIsNull: ").append(z).append(", filterGroup: ").append(filterGroup).append(", ");
            }
            if (z || filterGroup) {
                if (LOG.isDebugEnabled()) {
                    sb.append("result = ").append(false);
                    LOG.debug(sb.toString());
                }
                return false;
            }
            boolean canManageMembers = canManageMembers();
            if (LOG.isDebugEnabled()) {
                sb.append("canManageMembers: ").append(canManageMembers).append(", ");
            }
            if (!canManageMembers) {
                if (LOG.isDebugEnabled()) {
                    sb.append("result = ").append(false);
                    LOG.debug(sb.toString());
                }
                return false;
            }
            final String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.inviteExternalSubjects.logins");
            if (!StringUtils.isBlank(propertyValueString)) {
                GrouperSession grouperSession = this.s;
                final Subject subject = this.s.getSubject();
                if (!PrivilegeHelper.isWheelOrRoot(this.s.getSubject())) {
                    grouperSession = this.s.internal_getRootSession();
                }
                boolean booleanValue = ((Boolean) GrouperSession.callbackGrouperSession(grouperSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ui.DefaultUIGroupPrivilegeResolver.1
                    public Object callback(GrouperSession grouperSession2) throws GrouperSessionException {
                        return Boolean.valueOf(GroupFinder.findByName(grouperSession2, propertyValueString, true).hasMember(subject));
                    }
                })).booleanValue();
                if (LOG.isDebugEnabled()) {
                    sb.append("group: ").append(propertyValueString).append(", currentUser: ").append(GrouperUtil.subjectToString(subject)).append(", hasMember: ").append(booleanValue).append(", ");
                }
                if (!booleanValue) {
                    if (LOG.isDebugEnabled()) {
                        sb.append("result = ").append(false);
                        LOG.debug(sb.toString());
                    }
                    return false;
                }
            }
            String sourceId = ExternalSubject.sourceId();
            if (!StringUtils.isBlank(sourceId)) {
                SubjectFinder.RestrictSourceForGroup restrictSourceForGroup = SubjectFinder.restrictSourceForGroup(this.group.getParentStemName(), sourceId);
                if (restrictSourceForGroup.isRestrict() && restrictSourceForGroup.getGroup() == null) {
                    if (LOG.isDebugEnabled()) {
                        sb.append("result = ").append(false);
                        LOG.debug(sb.toString());
                    }
                    return false;
                }
            }
            if (LOG.isDebugEnabled()) {
                sb.append("result = ").append(true);
                LOG.debug(sb.toString());
            }
            return true;
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                sb.append("result = ").append(true);
                LOG.debug(sb.toString());
            }
            throw th;
        }
    }
}
