package org.kuali.rice.kew.doctype.service.impl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.kuali.rice.kew.doctype.DocumentTypePolicyEnum;
import org.kuali.rice.kew.doctype.bo.DocumentType;
import org.kuali.rice.kew.doctype.service.DocumentTypePermissionService;
import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
import org.kuali.rice.kew.service.KEWServiceLocator;
import org.kuali.rice.kew.util.KEWConstants;
import org.kuali.rice.kim.bo.types.dto.AttributeSet;
import org.kuali.rice.kim.service.IdentityManagementService;
import org.kuali.rice.kim.service.KIMServiceLocator;
import org.kuali.rice.kim.service.PermissionService;
import org.kuali.rice.kim.util.KimCommonUtils;
import org.kuali.rice.kns.bo.Parameter;
import org.kuali.rice.kns.datadictionary.DocumentEntry;
import org.kuali.rice.kns.datadictionary.MaintenanceDocumentEntry;
import org.kuali.rice.kns.document.Document;
import org.kuali.rice.kns.document.MaintenanceDocument;
import org.kuali.rice.kns.service.KNSServiceLocator;
import org.kuali.rice.kns.util.KNSConstants;
import org.kuali.rice.ksb.cache.RiceCacheAdministrator;

/* loaded from: input_file:WEB-INF/lib/rice-impl-1.0.3.1-BX.jar:org/kuali/rice/kew/doctype/service/impl/DocumentTypePermissionServiceImpl.class */
public class DocumentTypePermissionServiceImpl implements DocumentTypePermissionService {
    private static final Logger LOG = Logger.getLogger(DocumentTypePermissionServiceImpl.class);
    public static final String DOC_TYPE_PERM_CACHE_PREFIX = "DocumentTypePerm:";
    public static final String BLANKET_APPROVE_CACHE_PREFIX = "DocumentTypePerm:BlanketApprove:";
    public static final String PRINCIPAL_ADHOC_CACHE_PREFIX = "DocumentTypePerm:PrincipalAdhoc:";
    public static final String GROUP_ADHOC_CACHE_PREFIX = "DocumentTypePerm:GroupAdhoc:";
    public static final String ADMIN_ROUTING_CACHE_PREFIX = "DocumentTypePerm:AdminRouting:";
    public static final String CANCEL_CACHE_PREFIX = "DocumentTypePerm:Cancel:";
    private RiceCacheAdministrator cacheAdministrator;
    private final AttributeSet EMPTY_ROLE_QUALIFIERS = new AttributeSet(0);

    protected RiceCacheAdministrator getCacheAdministrator() {
        if (this.cacheAdministrator == null) {
            this.cacheAdministrator = KEWServiceLocator.getCacheAdministrator();
        }
        return this.cacheAdministrator;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canBlanketApprove(String str, DocumentType documentType, String str2, String str3) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateDocumentStatus(str2);
        validatePrincipalId(str3);
        String buildBlanketApproveCacheKey = buildBlanketApproveCacheKey(str, documentType, str2, str3);
        Boolean bool = (Boolean) getCacheAdministrator().getFromCache(buildBlanketApproveCacheKey);
        if (bool == null) {
            if (documentType.isBlanketApproveGroupDefined()) {
                boolean z = true;
                if (documentType.getInitiatorMustBlanketApprovePolicy().getPolicyValue().booleanValue()) {
                    z = executeInitiatorPolicyCheck(str, str3, str2);
                }
                bool = Boolean.valueOf(z && documentType.isBlanketApprover(str));
            } else {
                bool = Boolean.valueOf(getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Blanket Approve Document", buildDocumentTypePermissionDetails(documentType), this.EMPTY_ROLE_QUALIFIERS));
            }
            getCacheAdministrator().putInCache(buildBlanketApproveCacheKey, bool, DocumentTypePermissionService.DOC_TYPE_PERM_CACHE_GROUP);
        }
        return bool.booleanValue();
    }

    protected String buildBlanketApproveCacheKey(String str, DocumentType documentType, String str2, String str3) {
        return BLANKET_APPROVE_CACHE_PREFIX + documentType.getName() + "/" + str2 + "/" + str + "/" + str3;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canReceiveAdHocRequest(String str, DocumentType documentType, String str2) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateActionRequestType(str2);
        String buildPrincipalAdhocCacheKey = buildPrincipalAdhocCacheKey(str, documentType, str2);
        Boolean bool = (Boolean) getCacheAdministrator().getFromCache(buildPrincipalAdhocCacheKey);
        if (bool == null) {
            AttributeSet buildDocumentTypeActionRequestPermissionDetails = buildDocumentTypeActionRequestPermissionDetails(documentType, str2);
            bool = useKimPermission("KR-WKFLW", "Ad Hoc Review Document", buildDocumentTypeActionRequestPermissionDetails) ? Boolean.valueOf(getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Ad Hoc Review Document", buildDocumentTypeActionRequestPermissionDetails, this.EMPTY_ROLE_QUALIFIERS)) : Boolean.TRUE;
            getCacheAdministrator().putInCache(buildPrincipalAdhocCacheKey, bool, DocumentTypePermissionService.DOC_TYPE_PERM_CACHE_GROUP);
        }
        return bool.booleanValue();
    }

    protected String buildPrincipalAdhocCacheKey(String str, DocumentType documentType, String str2) {
        return PRINCIPAL_ADHOC_CACHE_PREFIX + documentType.getName() + "/" + str2 + "/" + str;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canGroupReceiveAdHocRequest(String str, DocumentType documentType, String str2) {
        validateGroupId(str);
        validateDocumentType(documentType);
        validateActionRequestType(str2);
        String buildGroupAdhocCacheKey = buildGroupAdhocCacheKey(str, documentType, str2);
        Boolean bool = (Boolean) getCacheAdministrator().getFromCache(buildGroupAdhocCacheKey);
        if (bool == null) {
            bool = Boolean.TRUE;
            AttributeSet buildDocumentTypeActionRequestPermissionDetails = buildDocumentTypeActionRequestPermissionDetails(documentType, str2);
            if (useKimPermission("KR-WKFLW", "Ad Hoc Review Document", buildDocumentTypeActionRequestPermissionDetails)) {
                Iterator<String> it = getIdentityManagementService().getGroupMemberPrincipalIds(str).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (!getIdentityManagementService().isAuthorizedByTemplateName(it.next(), "KR-WKFLW", "Ad Hoc Review Document", buildDocumentTypeActionRequestPermissionDetails, this.EMPTY_ROLE_QUALIFIERS)) {
                        bool = Boolean.FALSE;
                        break;
                    }
                }
            }
            getCacheAdministrator().putInCache(buildGroupAdhocCacheKey, bool, DocumentTypePermissionService.DOC_TYPE_PERM_CACHE_GROUP);
        }
        return bool.booleanValue();
    }

    protected String buildGroupAdhocCacheKey(String str, DocumentType documentType, String str2) {
        return GROUP_ADHOC_CACHE_PREFIX + documentType.getName() + "/" + str2 + "/" + str;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canAdministerRouting(String str, DocumentType documentType) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        String buildAdminRoutingCacheKey = buildAdminRoutingCacheKey(str, documentType);
        Boolean bool = (Boolean) getCacheAdministrator().getFromCache(buildAdminRoutingCacheKey);
        if (bool == null) {
            if (documentType.isSuperUserGroupDefined()) {
                bool = Boolean.valueOf(documentType.isSuperUser(str));
            } else {
                bool = Boolean.valueOf(getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", KEWConstants.ADMINISTER_ROUTING_PERMISSION, buildDocumentTypePermissionDetails(documentType), this.EMPTY_ROLE_QUALIFIERS));
            }
            getCacheAdministrator().putInCache(buildAdminRoutingCacheKey, bool, DocumentTypePermissionService.DOC_TYPE_PERM_CACHE_GROUP);
        }
        return bool.booleanValue();
    }

    protected String buildAdminRoutingCacheKey(String str, DocumentType documentType) {
        return ADMIN_ROUTING_CACHE_PREFIX + documentType.getName() + "/" + str;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canCancel(String str, String str2, DocumentType documentType, List<String> list, String str3, String str4) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateRouteNodeNames(list);
        validateDocumentStatus(str3);
        validatePrincipalId(str4);
        if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_CANCEL)) {
            boolean z = false;
            for (AttributeSet attributeSet : buildDocumentTypePermissionDetails(documentType, list, str3)) {
                AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, str3, str2, attributeSet.get("routeNodeName"));
                if (useKimPermission("KR-WKFLW", "Cancel Document", attributeSet)) {
                    z = true;
                    if (getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Cancel Document", attributeSet, buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers)) {
                        return true;
                    }
                }
            }
            if (z) {
                return false;
            }
        }
        if (documentType.getInitiatorMustCancelPolicy().getPolicyValue().booleanValue()) {
            return executeInitiatorPolicyCheck(str, str4, str3);
        }
        return true;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canInitiate(String str, DocumentType documentType) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        AttributeSet buildDocumentTypePermissionDetails = buildDocumentTypePermissionDetails(documentType);
        if (useKimPermission(KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE, "Initiate Document", buildDocumentTypePermissionDetails)) {
            return getIdentityManagementService().isAuthorizedByTemplateName(str, KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE, "Initiate Document", buildDocumentTypePermissionDetails, this.EMPTY_ROLE_QUALIFIERS);
        }
        return true;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canRoute(String str, DocumentRouteHeaderValue documentRouteHeaderValue) {
        return canRoute(str, documentRouteHeaderValue.getRouteHeaderId().toString(), documentRouteHeaderValue.getDocumentType(), documentRouteHeaderValue.getDocRouteStatus(), documentRouteHeaderValue.getInitiatorWorkflowId());
    }

    public boolean canRoute(String str, String str2, DocumentType documentType, String str3, String str4) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateDocumentStatus(str3);
        validatePrincipalId(str4);
        if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_ROUTE)) {
            AttributeSet buildDocumentTypeDocumentStatusPermissionDetails = buildDocumentTypeDocumentStatusPermissionDetails(documentType, str3);
            AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, str3, str2, buildDocumentTypeDocumentStatusPermissionDetails.get("routeNodeName"));
            if (LOG.isDebugEnabled()) {
                LOG.debug("Permission details values: " + buildDocumentTypeDocumentStatusPermissionDetails.formattedDump(10));
                LOG.debug("Role qualifiers values: " + buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers.formattedDump(10));
            }
            if (useKimPermission("KR-WKFLW", "Route Document", buildDocumentTypeDocumentStatusPermissionDetails)) {
                return getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Route Document", buildDocumentTypeDocumentStatusPermissionDetails, buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers);
            }
        }
        if (documentType.getInitiatorMustRoutePolicy().getPolicyValue().booleanValue()) {
            return executeInitiatorPolicyCheck(str, str4, str3);
        }
        return true;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canAddRouteLogMessage(String str, DocumentRouteHeaderValue documentRouteHeaderValue) {
        return canAddRouteLogMessage(str, documentRouteHeaderValue.getRouteHeaderId().toString(), documentRouteHeaderValue.getDocumentType(), documentRouteHeaderValue.getDocRouteStatus(), documentRouteHeaderValue.getInitiatorWorkflowId());
    }

    public boolean canAddRouteLogMessage(String str, String str2, DocumentType documentType, String str3, String str4) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateDocumentStatus(str3);
        validatePrincipalId(str4);
        AttributeSet buildDocumentTypeDocumentStatusPermissionDetails = buildDocumentTypeDocumentStatusPermissionDetails(documentType, str3);
        AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, str3, str2, buildDocumentTypeDocumentStatusPermissionDetails.get("routeNodeName"));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Permission details values: " + buildDocumentTypeDocumentStatusPermissionDetails.formattedDump(10));
            LOG.debug("Role qualifiers values: " + buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers.formattedDump(10));
        }
        if (useKimPermission("KR-WKFLW", "Add Message to Route Log", buildDocumentTypeDocumentStatusPermissionDetails)) {
            return getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Add Message to Route Log", buildDocumentTypeDocumentStatusPermissionDetails, buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers);
        }
        return false;
    }

    @Override // org.kuali.rice.kew.doctype.service.DocumentTypePermissionService
    public boolean canSave(String str, String str2, DocumentType documentType, List<String> list, String str3, String str4) {
        validatePrincipalId(str);
        validateDocumentType(documentType);
        validateRouteNodeNames(list);
        validateDocumentStatus(str3);
        validatePrincipalId(str4);
        if (!documentType.isPolicyDefined(DocumentTypePolicyEnum.INITIATOR_MUST_SAVE)) {
            boolean z = false;
            for (AttributeSet attributeSet : buildDocumentTypePermissionDetails(documentType, list, str3)) {
                AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers = buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(documentType, str3, str2, attributeSet.get("routeNodeName"));
                if (useKimPermission("KR-WKFLW", "Save Document", attributeSet)) {
                    z = true;
                    if (getIdentityManagementService().isAuthorizedByTemplateName(str, "KR-WKFLW", "Save Document", attributeSet, buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers)) {
                        return true;
                    }
                }
            }
            if (z) {
                return false;
            }
        }
        if (documentType.getInitiatorMustSavePolicy().getPolicyValue().booleanValue()) {
            return executeInitiatorPolicyCheck(str, str4, str3);
        }
        return true;
    }

    protected AttributeSet buildDocumentTypePermissionDetails(DocumentType documentType) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put("documentTypeName", documentType.getName());
        return attributeSet;
    }

    protected AttributeSet buildDocumentTypeActionRequestPermissionDetails(DocumentType documentType, String str) {
        AttributeSet buildDocumentTypePermissionDetails = buildDocumentTypePermissionDetails(documentType);
        if (!StringUtils.isBlank(str)) {
            buildDocumentTypePermissionDetails.put("actionRequestCd", str);
        }
        return buildDocumentTypePermissionDetails;
    }

    protected AttributeSet buildDocumentTypeDocumentStatusPermissionDetails(DocumentType documentType, String str) {
        AttributeSet buildDocumentTypePermissionDetails = buildDocumentTypePermissionDetails(documentType);
        if (!StringUtils.isBlank(str)) {
            buildDocumentTypePermissionDetails.put("routeStatusCode", str);
        }
        return buildDocumentTypePermissionDetails;
    }

    protected AttributeSet buildRouteHeaderIdRoleDocumentTypeDocumentStatusQualifiers(DocumentType documentType, String str, String str2, String str3) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put("documentNumber", str2);
        if (!StringUtils.isBlank(str)) {
            attributeSet.put("routeStatusCode", str);
            if ("I".equals(str) || "S".equals(str)) {
                attributeSet.put("routeNodeName", "PreRoute");
            } else {
                attributeSet.put("routeNodeName", str3);
            }
        }
        attributeSet.put("documentTypeName", documentType.getName());
        DocumentEntry documentEntry = KNSServiceLocator.getDataDictionaryService().getDataDictionary().getDocumentEntry(documentType.getName());
        if (documentEntry != null) {
            Class<? extends Document> documentClass = documentEntry.getDocumentClass();
            attributeSet.put("namespaceCode", MaintenanceDocument.class.isAssignableFrom(documentClass) ? KimCommonUtils.getNamespaceCode(((MaintenanceDocumentEntry) documentEntry).getBusinessObjectClass()) : KimCommonUtils.getNamespaceCode(documentClass));
        }
        return attributeSet;
    }

    protected List<AttributeSet> buildDocumentTypePermissionDetails(DocumentType documentType, List<String> list, String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            AttributeSet buildDocumentTypePermissionDetails = buildDocumentTypePermissionDetails(documentType);
            if ("I".equals(str) || "S".equals(str)) {
                buildDocumentTypePermissionDetails.put("routeNodeName", "PreRoute");
            } else if (!StringUtils.isBlank(str2)) {
                buildDocumentTypePermissionDetails.put("routeNodeName", str2);
            }
            if (!StringUtils.isBlank(str)) {
                buildDocumentTypePermissionDetails.put("routeStatusCode", str);
            }
            if (null != documentType) {
                buildDocumentTypePermissionDetails.put("documentTypeName", documentType.getName());
            }
            arrayList.add(buildDocumentTypePermissionDetails);
        }
        return arrayList;
    }

    protected boolean useKimPermission(String str, String str2, AttributeSet attributeSet) {
        Parameter retrieveParameter = KNSServiceLocator.getParameterService().retrieveParameter("KR-WKFLW", "All", KEWConstants.KIM_PRIORITY_ON_DOC_TYP_PERMS_IND);
        if (retrieveParameter == null || "Y".equals(retrieveParameter.getParameterValue())) {
            return getIdentityManagementService().isPermissionDefinedForTemplateName(str, str2, attributeSet);
        }
        return false;
    }

    private boolean executeInitiatorPolicyCheck(String str, String str2, String str3) {
        return str.equals(str2) || !("S".equals(str3) || "I".equals(str3));
    }

    private void validatePrincipalId(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Invalid principal ID, value was empty");
        }
    }

    private void validateGroupId(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Invalid group ID, value was empty");
        }
    }

    private void validateDocumentType(DocumentType documentType) {
        if (documentType == null) {
            throw new IllegalArgumentException("DocumentType cannot be null");
        }
    }

    private void validateActionRequestType(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Invalid action request type, value was empty");
        }
        if (!KEWConstants.ACTION_REQUEST_CODES.containsKey(str)) {
            throw new IllegalArgumentException("Invalid action request type was given, value was: " + str);
        }
    }

    private void validateRouteNodeNames(List<String> list) {
        if (list.isEmpty()) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (StringUtils.isBlank(it.next())) {
                throw new IllegalArgumentException("List of route node names contained an invalid route node name, value was empty");
            }
        }
    }

    private void validateDocumentStatus(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Invalid document status, value was empty");
        }
        if (!KEWConstants.DOCUMENT_STATUSES.containsKey(str)) {
            throw new IllegalArgumentException("Invalid document status was given, value was: " + str);
        }
    }

    protected IdentityManagementService getIdentityManagementService() {
        return KIMServiceLocator.getIdentityManagementService();
    }

    protected PermissionService getPermissionService() {
        return KIMServiceLocator.getPermissionService();
    }
}
