package org.molgenis.security.permission;

import com.google.common.base.Function;
import com.google.common.collect.Lists;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.auth.Authority;
import org.molgenis.auth.Group;
import org.molgenis.auth.GroupAuthority;
import org.molgenis.auth.GroupAuthorityMetaData;
import org.molgenis.auth.GroupMember;
import org.molgenis.auth.GroupMemberMetaData;
import org.molgenis.auth.GroupMetaData;
import org.molgenis.auth.User;
import org.molgenis.auth.UserAuthority;
import org.molgenis.auth.UserAuthorityMetaData;
import org.molgenis.auth.UserMetaData;
import org.molgenis.data.DataService;
import org.molgenis.data.Fetch;
import org.molgenis.data.meta.model.EntityType;
import org.molgenis.data.meta.model.EntityTypeMetadata;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.framework.ui.MolgenisPlugin;
import org.molgenis.framework.ui.MolgenisPluginRegistry;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:WEB-INF/lib/molgenis-security-3.0.0.jar:org/molgenis/security/permission/PermissionManagerServiceImpl.class */
public class PermissionManagerServiceImpl implements PermissionManagerService {
    private final DataService dataService;
    private final MolgenisPluginRegistry molgenisPluginRegistry;
    private final GrantedAuthoritiesMapper grantedAuthoritiesMapper;

    @Autowired
    public PermissionManagerServiceImpl(DataService dataService, MolgenisPluginRegistry molgenisPluginRegistry, GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        if (dataService == null) {
            throw new IllegalArgumentException("DataService is null");
        }
        if (molgenisPluginRegistry == null) {
            throw new IllegalArgumentException("Molgenis plugin registry is null");
        }
        if (grantedAuthoritiesMapper == null) {
            throw new IllegalArgumentException("Granted authorities mapper is null");
        }
        this.dataService = dataService;
        this.molgenisPluginRegistry = molgenisPluginRegistry;
        this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public List<User> getUsers() {
        return (List) this.dataService.findAll(UserMetaData.USER, User.class).collect(Collectors.toList());
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public List<Group> getGroups() {
        return (List) this.dataService.findAll(GroupMetaData.GROUP, Group.class).collect(Collectors.toList());
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public List<MolgenisPlugin> getPlugins() {
        return Lists.newArrayList(this.molgenisPluginRegistry);
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public List<Object> getEntityClassIds() {
        return (List) this.dataService.findAll(EntityTypeMetadata.ENTITY_TYPE_META_DATA).map(entity -> {
            return entity.getIdValue();
        }).collect(Collectors.toList());
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public Permissions getGroupPluginPermissions(String str) {
        Group group = (Group) this.dataService.findOneById(GroupMetaData.GROUP, str, Group.class);
        if (group == null) {
            throw new RuntimeException("unknown group id [" + str + "]");
        }
        Permissions createPermissions = createPermissions(getGroupPermissions(group), SecurityUtils.AUTHORITY_PLUGIN_PREFIX);
        createPermissions.setGroupId(str);
        return createPermissions;
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public Permissions getGroupEntityClassPermissions(String str) {
        Group group = (Group) this.dataService.findOneById(GroupMetaData.GROUP, str, Group.class);
        if (group == null) {
            throw new RuntimeException("unknown group id [" + str + "]");
        }
        Permissions createPermissions = createPermissions(getGroupPermissions(group), SecurityUtils.AUTHORITY_ENTITY_PREFIX);
        createPermissions.setGroupId(str);
        return createPermissions;
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public Permissions getUserPluginPermissions(String str) {
        Permissions createPermissions = createPermissions(getUserPermissions(str), SecurityUtils.AUTHORITY_PLUGIN_PREFIX);
        createPermissions.setUserId(str);
        return createPermissions;
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public Permissions getUserEntityClassPermissions(String str) {
        Permissions createPermissions = createPermissions(getUserPermissions(str), SecurityUtils.AUTHORITY_ENTITY_PREFIX);
        createPermissions.setUserId(str);
        return createPermissions;
    }

    private List<? extends Authority> getUserPermissions(String str) {
        return getUserPermissions(str, (String) null);
    }

    private List<? extends Authority> getUserPermissions(String str, String str2) {
        List<Authority> groupPermissions;
        User user = (User) this.dataService.findOneById(UserMetaData.USER, str, User.class);
        if (user == null) {
            throw new RuntimeException("unknown user id [" + str + "]");
        }
        List<Authority> userPermissions = getUserPermissions(user, str2);
        List list = (List) this.dataService.findAll(GroupMemberMetaData.GROUP_MEMBER, new QueryImpl().eq("User", user), GroupMember.class).collect(Collectors.toList());
        if (!list.isEmpty() && (groupPermissions = getGroupPermissions(Lists.transform(list, new Function<GroupMember, Group>() { // from class: org.molgenis.security.permission.PermissionManagerServiceImpl.1
            @Override // com.google.common.base.Function
            public Group apply(GroupMember groupMember) {
                return groupMember.getGroup();
            }
        }), str2)) != null && !groupPermissions.isEmpty()) {
            userPermissions.addAll(groupPermissions);
        }
        return userPermissions;
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public void replaceGroupPluginPermissions(List<GroupAuthority> list, String str) {
        replaceGroupPermissions(list, str, SecurityUtils.AUTHORITY_PLUGIN_PREFIX);
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public void replaceGroupEntityClassPermissions(List<GroupAuthority> list, String str) {
        replaceGroupPermissions(list, str, SecurityUtils.AUTHORITY_ENTITY_PREFIX);
    }

    private void replaceGroupPermissions(List<GroupAuthority> list, String str, String str2) {
        Group group = (Group) this.dataService.findOneById(GroupMetaData.GROUP, str, Group.class);
        if (group == null) {
            throw new RuntimeException("unknown group id [" + str + "]");
        }
        Iterator<GroupAuthority> it = list.iterator();
        while (it.hasNext()) {
            it.next().setGroup(group);
        }
        Stream<Authority> stream = getGroupPermissions(group, str2).stream();
        if (stream != null) {
            this.dataService.delete(GroupAuthorityMetaData.GROUP_AUTHORITY, stream);
        }
        if (list.isEmpty()) {
            return;
        }
        this.dataService.add(GroupAuthorityMetaData.GROUP_AUTHORITY, list.stream());
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public void replaceUserPluginPermissions(List<UserAuthority> list, String str) {
        replaceUserPermissions(list, str, SecurityUtils.AUTHORITY_PLUGIN_PREFIX);
    }

    @Override // org.molgenis.security.permission.PermissionManagerService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU')")
    public void replaceUserEntityClassPermissions(List<UserAuthority> list, String str) {
        replaceUserPermissions(list, str, SecurityUtils.AUTHORITY_ENTITY_PREFIX);
    }

    private void replaceUserPermissions(List<UserAuthority> list, String str, String str2) {
        User user = (User) this.dataService.findOneById(UserMetaData.USER, str, User.class);
        if (user == null) {
            throw new RuntimeException("unknown user id [" + str + "]");
        }
        Iterator<UserAuthority> it = list.iterator();
        while (it.hasNext()) {
            it.next().setUser(user);
        }
        List<Authority> userPermissions = getUserPermissions(user, str2);
        if (userPermissions != null && !userPermissions.isEmpty()) {
            this.dataService.delete(UserAuthorityMetaData.USER_AUTHORITY, userPermissions.stream());
        }
        if (list.isEmpty()) {
            return;
        }
        this.dataService.add(UserAuthorityMetaData.USER_AUTHORITY, list.stream());
    }

    private List<Authority> getUserPermissions(User user, String str) {
        return (List) this.dataService.findAll(UserAuthorityMetaData.USER_AUTHORITY, new QueryImpl().eq("User", user), UserAuthority.class).filter(userAuthority -> {
            if (str != null) {
                return userAuthority.getRole().startsWith(str);
            }
            return true;
        }).collect(Collectors.toList());
    }

    private List<Authority> getGroupPermissions(Group group) {
        return getGroupPermissions(Arrays.asList(group));
    }

    private List<Authority> getGroupPermissions(Group group, String str) {
        return getGroupPermissions(Arrays.asList(group), str);
    }

    private List<Authority> getGroupPermissions(List<Group> list) {
        return getGroupPermissions(list, (String) null);
    }

    private List<Authority> getGroupPermissions(List<Group> list, String str) {
        return (List) this.dataService.findAll(GroupAuthorityMetaData.GROUP_AUTHORITY, new QueryImpl().in("Group", list), GroupAuthority.class).filter(groupAuthority -> {
            if (str != null) {
                return groupAuthority.getRole().startsWith(str);
            }
            return true;
        }).collect(Collectors.toList());
    }

    private Permissions createPermissions(List<? extends Authority> list, String str) {
        Permissions permissions = new Permissions();
        if (str.equals(SecurityUtils.AUTHORITY_PLUGIN_PREFIX)) {
            List<MolgenisPlugin> plugins = getPlugins();
            if (plugins != null) {
                Collections.sort(plugins, new Comparator<MolgenisPlugin>() { // from class: org.molgenis.security.permission.PermissionManagerServiceImpl.2
                    @Override // java.util.Comparator
                    public int compare(MolgenisPlugin molgenisPlugin, MolgenisPlugin molgenisPlugin2) {
                        return molgenisPlugin.getName().compareTo(molgenisPlugin2.getName());
                    }
                });
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                for (MolgenisPlugin molgenisPlugin : plugins) {
                    linkedHashMap.put(molgenisPlugin.getId(), molgenisPlugin.getName());
                }
                permissions.setEntityIds(linkedHashMap);
            }
        } else {
            if (!str.equals(SecurityUtils.AUTHORITY_ENTITY_PREFIX)) {
                throw new RuntimeException("Invalid authority prefix [" + str + "]");
            }
            List<Object> entityClassIds = getEntityClassIds();
            List<EntityType> list2 = (List) this.dataService.findAll(EntityTypeMetadata.ENTITY_TYPE_META_DATA, entityClassIds.stream(), new Fetch().field("name").field("id").field("package"), EntityType.class).collect(Collectors.toList());
            if (entityClassIds != null) {
                TreeMap treeMap = new TreeMap();
                for (EntityType entityType : list2) {
                    treeMap.put(entityType.getId(), entityType.getFullyQualifiedName());
                }
                permissions.setEntityIds(treeMap);
            }
        }
        for (Authority authority : list) {
            if (authority.getRole().startsWith(str)) {
                Permission permission = new Permission();
                String authorityType = getAuthorityType(authority.getRole(), str);
                String authorityEntityId = getAuthorityEntityId(authority.getRole(), str);
                permission.setType(authorityType);
                if (authority instanceof GroupAuthority) {
                    permission.setGroup(((GroupAuthority) authority).getGroup().getName());
                    permissions.addGroupPermission(authorityEntityId, permission);
                } else {
                    permissions.addUserPermission(authorityEntityId, permission);
                }
            }
            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(authority.getRole());
            Collection<? extends GrantedAuthority> mapAuthorities = this.grantedAuthoritiesMapper.mapAuthorities(Collections.singletonList(simpleGrantedAuthority));
            mapAuthorities.remove(simpleGrantedAuthority);
            for (GrantedAuthority grantedAuthority : mapAuthorities) {
                if (grantedAuthority.getAuthority().startsWith(str)) {
                    String authorityEntityId2 = getAuthorityEntityId(grantedAuthority.getAuthority(), str);
                    Permission permission2 = new Permission();
                    permission2.setType(getAuthorityType(grantedAuthority.getAuthority(), str));
                    permissions.addHierarchyPermission(authorityEntityId2, permission2);
                }
            }
        }
        permissions.sort();
        return permissions;
    }

    private String getAuthorityEntityId(String str, String str2) {
        String substring = str.substring(str2.length());
        return substring.substring(substring.indexOf(95) + 1).toLowerCase();
    }

    private String getAuthorityType(String str, String str2) {
        String substring = str.substring(str2.length());
        return substring.substring(0, substring.indexOf(95)).toLowerCase();
    }
}
