package org.kuali.student.common.assembly.transform;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.kuali.rice.kim.bo.role.dto.KimPermissionInfo;
import org.kuali.rice.kim.bo.types.dto.AttributeSet;
import org.kuali.rice.kim.service.IdentityManagementService;
import org.kuali.rice.student.bo.KualiStudentKimAttributes;
import org.kuali.student.common.assembly.data.Data;
import org.kuali.student.common.assembly.data.Metadata;
import org.kuali.student.common.assembly.data.QueryPath;
import org.kuali.student.common.assembly.util.AssemblerUtils;
import org.kuali.student.common.rice.authorization.PermissionType;
import org.kuali.student.common.util.security.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/ks-common-impl-1.2.2-M2.jar:org/kuali/student/common/assembly/transform/AuthorizationFilter.class */
public class AuthorizationFilter extends AbstractDataFilter implements MetadataFilter {
    protected IdentityManagementService permissionService;
    public static final String DOC_LEVEL_PERM_CHECK = "AuthorizationFilter.DocLevelPermCheck";
    final Logger LOG = Logger.getLogger(AuthorizationFilter.class);

    /* loaded from: input_file:WEB-INF/lib/ks-common-impl-1.2.2-M2.jar:org/kuali/student/common/assembly/transform/AuthorizationFilter$Permission.class */
    public enum Permission {
        EDIT("edit"),
        VIEW("view"),
        UNMASK("unmask"),
        PARTIAL_UNMASK("partialunmask");

        final String kimName;

        Permission(String str) {
            this.kimName = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.kimName;
        }

        public static Permission kimValueOf(String str) {
            for (Permission permission : values()) {
                if (permission.kimName.equals(str)) {
                    return permission;
                }
            }
            throw new IllegalArgumentException("The value " + str + " is not enumerated in Permission");
        }
    }

    @Override // org.kuali.student.common.assembly.transform.AbstractDataFilter
    public void applyInboundDataFilter(Data data, Metadata metadata, Map<String, Object> map) throws Exception {
        Metadata metadata2;
        if (metadata != null && !metadata.isCanEdit()) {
            throw new Exception("Document is read only");
        }
        for (QueryPath queryPath : AssemblerUtils.findDirtyElements(data)) {
            if (queryPath.contains("_runtimeData") && null != (metadata2 = AssemblerUtils.get(metadata, queryPath)) && !metadata2.isCanEdit()) {
                throw new Exception("User does not have edit permission for field");
            }
        }
    }

    @Override // org.kuali.student.common.assembly.transform.AbstractDataFilter
    public void applyOutboundDataFilter(Data data, Metadata metadata, Map<String, Object> map) throws Exception {
        applyPermissionsToData(data, metadata, map);
    }

    @Override // org.kuali.student.common.assembly.transform.MetadataFilter
    public void applyMetadataFilter(String str, Metadata metadata, Map<String, Object> map) {
        applyPermissionsToMetadata(str, metadata, map);
    }

    protected void applyPermissionsToData(Data data, Metadata metadata, Map<String, Object> map) {
        if (data == null) {
            return;
        }
        for (Map.Entry<String, Metadata> entry : metadata.getProperties().entrySet()) {
            String key = entry.getKey();
            Metadata value = entry.getValue();
            Object obj = data.get(key);
            if (obj != null) {
                if (!(obj instanceof String) || value.isCanEdit()) {
                    if (obj instanceof Data) {
                        applyPermissionsToData((Data) data.get(key), value, map);
                    }
                } else if (StringUtils.isNotBlank(value.getMaskFormatter())) {
                    data.set(key, value.getMaskFormatter());
                } else if (StringUtils.isNotBlank(value.getPartialMaskFormatter())) {
                    String str = (String) obj;
                    String partialMaskFormatter = value.getPartialMaskFormatter();
                    data.set(key, partialMaskFormatter + str.substring(partialMaskFormatter.length()));
                }
            }
        }
    }

    protected void applyPermissionsToMetadata(String str, Metadata metadata, Map<String, Object> map) {
        boolean z;
        String str2 = (String) map.get(MetadataFilter.METADATA_ID_TYPE);
        String str3 = (String) map.get(MetadataFilter.METADATA_ID_VALUE);
        String str4 = (String) map.get(DOC_LEVEL_PERM_CHECK);
        String str5 = (String) map.get("ProposalWorkflowFilter.DocumentType");
        if (checkDocumentLevelPermissions(str4) && StringUtils.isNotBlank(str3)) {
            AttributeSet qualification = getQualification(str2, str3, str5);
            String currentPrincipalId = SecurityUtils.getCurrentPrincipalId();
            z = Boolean.valueOf(this.permissionService.isAuthorizedByTemplateName(currentPrincipalId, PermissionType.EDIT.getPermissionNamespace(), PermissionType.EDIT.getPermissionTemplateName(), null, qualification)).booleanValue();
            this.LOG.info("Permission '" + PermissionType.EDIT.getPermissionNamespace() + "/" + PermissionType.EDIT.getPermissionTemplateName() + "' for user '" + currentPrincipalId + "': " + z);
        } else {
            z = true;
        }
        if (!z) {
            setReadOnly(metadata, true);
            return;
        }
        Map<String, String> fieldAccessPermissions = getFieldAccessPermissions(str, str2, str3, str5);
        if (fieldAccessPermissions != null) {
            for (Map.Entry<String, String> entry : fieldAccessPermissions.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                String[] pathTokens = getPathTokens(key);
                Metadata metadata2 = metadata.getProperties().get(pathTokens[0]);
                for (int i = 1; i < pathTokens.length && metadata2 != null; i++) {
                    metadata2 = metadata2.getProperties().get(pathTokens[i]);
                }
                if (metadata2 != null) {
                    Permission kimValueOf = Permission.kimValueOf(value);
                    if (Permission.EDIT.equals(kimValueOf)) {
                        setReadOnly(metadata2, false);
                    } else if (Permission.PARTIAL_UNMASK.equals(kimValueOf)) {
                        metadata2.setCanEdit(false);
                        metadata2.setMaskFormatter("");
                    } else if (Permission.UNMASK.equals(kimValueOf)) {
                        metadata2.setMaskFormatter("");
                        metadata2.setPartialMaskFormatter("");
                    }
                }
            }
        }
    }

    protected Map<String, String> getFieldAccessPermissions(String str, String str2, String str3, String str4) {
        try {
            String currentPrincipalId = SecurityUtils.getCurrentPrincipalId();
            AttributeSet qualification = getQualification(str2, str3, str4);
            List<? extends KimPermissionInfo> authorizedPermissionsByTemplateName = this.permissionService.getAuthorizedPermissionsByTemplateName(currentPrincipalId, PermissionType.FIELD_ACCESS.getPermissionNamespace(), PermissionType.FIELD_ACCESS.getPermissionTemplateName(), new AttributeSet(KualiStudentKimAttributes.QUALIFICATION_DTO_NAME, str), qualification);
            HashMap hashMap = new HashMap();
            if (authorizedPermissionsByTemplateName != null) {
                for (KimPermissionInfo kimPermissionInfo : authorizedPermissionsByTemplateName) {
                    hashMap.put(kimPermissionInfo.getDetails().get(KualiStudentKimAttributes.QUALIFICATION_DTO_FIELD_KEY), kimPermissionInfo.getDetails().get(KualiStudentKimAttributes.QUALIFICATION_FIELD_ACCESS_LEVEL));
                }
            }
            return hashMap;
        } catch (Exception e) {
            this.LOG.warn("Error calling permission service.", e);
            return null;
        }
    }

    private void setReadOnly(Metadata metadata, boolean z) {
        metadata.setCanEdit(!z);
        Map<String, Metadata> properties = metadata.getProperties();
        if (properties == null || properties.size() <= 0) {
            return;
        }
        Iterator<Metadata> it = properties.values().iterator();
        while (it.hasNext()) {
            setReadOnly(it.next(), z);
        }
    }

    protected boolean checkDocumentLevelPermissions(String str) {
        return str != null;
    }

    private static String[] getPathTokens(String str) {
        return (str == null || !str.contains(".")) ? new String[]{str} : str.split("\\.");
    }

    protected AttributeSet getQualification(String str, String str2, String str3) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put("documentTypeName", str3);
        attributeSet.put(str, str2);
        attributeSet.put("RAND_NO_CACHE", UUID.randomUUID().toString());
        return attributeSet;
    }

    public IdentityManagementService getPermissionService() {
        return this.permissionService;
    }

    public void setPermissionService(IdentityManagementService identityManagementService) {
        this.permissionService = identityManagementService;
    }
}
