package fi.vm.sade.haku.oppija.hakemus.service.impl;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import fi.vm.sade.generic.service.AbstractPermissionService;
import fi.vm.sade.haku.oppija.hakemus.domain.Application;
import fi.vm.sade.haku.oppija.hakemus.domain.AuthorizationMeta;
import fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService;
import fi.vm.sade.haku.oppija.hakemus.service.Role;
import fi.vm.sade.haku.oppija.lomake.domain.ApplicationSystem;
import fi.vm.sade.haku.oppija.lomake.domain.elements.Element;
import fi.vm.sade.haku.oppija.lomake.domain.elements.Form;
import fi.vm.sade.haku.oppija.lomake.domain.elements.Phase;
import fi.vm.sade.haku.oppija.lomake.service.ApplicationSystemService;
import fi.vm.sade.haku.virkailija.authentication.AuthenticationService;
import fi.vm.sade.haku.virkailija.lomakkeenhallinta.util.OppijaConstants;
import fi.vm.sade.security.OrganisationHierarchyAuthorizer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Profile({"default", "vagrant"})
@Service
/* loaded from: input_file:WEB-INF/lib/hakemus-api-2016-09-SNAPSHOT.jar:fi/vm/sade/haku/oppija/hakemus/service/impl/HakuPermissionServiceImpl.class */
public class HakuPermissionServiceImpl extends AbstractPermissionService implements HakuPermissionService {
    private AuthenticationService authenticationService;
    private ApplicationSystemService applicationSystemService;
    private static final Logger log = LoggerFactory.getLogger(HakuPermissionServiceImpl.class);

    @Autowired
    public HakuPermissionServiceImpl(AuthenticationService authenticationService, ApplicationSystemService applicationSystemService, OrganisationHierarchyAuthorizer organisationHierarchyAuthorizer) {
        super("HAKEMUS");
        this.authenticationService = authenticationService;
        this.applicationSystemService = applicationSystemService;
        setAuthorizer(organisationHierarchyAuthorizer);
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userCanReadApplications() {
        return userCanReadApplications(this.authenticationService.getOrganisaatioHenkilo());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userCanReadApplications(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            log.debug("Checking read permissions as organization:{} for user:{})", str, this.authenticationService.getCurrentHenkilo().getPersonOid());
            if (checkAccess(str, getReadRole(), getReadUpdateRole(), getCreateReadUpdateDeleteRole(), getRoleLisatietoRU(), getRoleLisatietoCRUD())) {
                log.debug("Can read");
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userHasOpoRole() {
        return userHasOpoRole(this.authenticationService.getOrganisaatioHenkilo());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userHasHetuttomienKasittelyRole() {
        return userHasHetuttomienKasittelyRole(this.authenticationService.getOrganisaatioHenkilo());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userHasHetuttomienKasittelyRole(List<String> list) {
        return userHasRole(list, getRoleHetuttomienKasittely());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userHasOpoRole(List<String> list) {
        return userHasRole(list, getOpoRole());
    }

    private List<String> userHasRole(List<String> list, String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            log.debug("checking role: {} against organization: {}", str, str2);
            if (checkAccess(str2, str)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanReadApplication(Application application) {
        log.debug("Checking access for application: " + application.getOid());
        boolean userCanAccessApplication = userCanAccessApplication(application, getReadRole(), getReadUpdateRole(), getCreateReadUpdateDeleteRole(), getRoleLisatietoRU(), getRoleLisatietoCRUD());
        if (userCanAccessApplication) {
            log.debug("Can read, " + application.getOid());
            return userCanAccessApplication;
        }
        boolean userHasOpoRoleToSendingSchool = userHasOpoRoleToSendingSchool(application);
        AuthorizationMeta authorizationMeta = application.getAuthorizationMeta();
        boolean booleanValue = (authorizationMeta == null || authorizationMeta.isOpoAllowed() == null) ? false : authorizationMeta.isOpoAllowed().booleanValue();
        if (userHasOpoRoleToSendingSchool && booleanValue) {
            return true;
        }
        Set<String> allAoOrganizations = authorizationMeta.getAllAoOrganizations();
        if ((authorizationMeta == null || allAoOrganizations.isEmpty()) && userCanEnterApplication()) {
            return true;
        }
        ApplicationSystem applicationSystem = this.applicationSystemService.getApplicationSystem(application.getApplicationSystemId(), "hakutapa", "hakukausiVuosi", "hakukausiUri", "kohdejoukkoUri");
        return !userHasHetuttomienKasittelyRole().isEmpty() && OppijaConstants.HAKUTAPA_YHTEISHAKU.equals(applicationSystem.getHakutapa()) && OppijaConstants.KOHDEJOUKKO_KORKEAKOULU.equals(applicationSystem.getKohdejoukkoUri());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public Map<String, Boolean> userHasEditRoleToPhases(ApplicationSystem applicationSystem, Application application, Form form) {
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        if (name == null || name.equals(application.getPersonOid())) {
            return Maps.newHashMap();
        }
        HashMap newHashMap = Maps.newHashMap();
        ArrayList newArrayList = Lists.newArrayList();
        if (userCanAccessApplication(application, getReadUpdateRole())) {
            newArrayList.add(getReadUpdateRole());
        }
        if (userCanAccessApplication(application, getCreateReadUpdateDeleteRole())) {
            newArrayList.add(getCreateReadUpdateDeleteRole());
        }
        if (userHasOpoRoleToSendingSchool(application)) {
            newArrayList.add(getOpoRole());
        }
        if (!userHasHetuttomienKasittelyRole().isEmpty()) {
            newArrayList.add(getRoleHetuttomienKasittely());
        }
        Iterator<Element> it = form.getChildren().iterator();
        while (it.hasNext()) {
            Phase phase = (Phase) it.next();
            String id = phase.getId();
            newHashMap.put(id, Boolean.valueOf(!Boolean.valueOf(application.getMetaValue(new StringBuilder().append(id).append("_locked").toString())).booleanValue() && phase.isEditAllowedByRoles(newArrayList) && (!OppijaConstants.PHASE_GRADES.equals(id) || userIsOPHUser() || isGradesEditingAllowed(applicationSystem, application))));
        }
        return newHashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isGradesEditingAllowed(ApplicationSystem applicationSystem, Application application) {
        return !OppijaConstants.TOISEN_ASTEEN_HAKUJEN_KOHDEJOUKOT.contains(applicationSystem.getKohdejoukkoUri()) || application.isNew() || application.isDraft();
    }

    private boolean userIsOPHUser() {
        return checkAccess(getRootOrgOid(), getReadUpdateRole(), getCreateReadUpdateDeleteRole());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanDeleteApplication(Application application) {
        if (userCanAccessApplication(application, getCreateReadUpdateDeleteRole())) {
            return true;
        }
        ApplicationSystem applicationSystem = this.applicationSystemService.getApplicationSystem(application.getApplicationSystemId(), "hakutapa", "hakukausiVuosi", "hakukausiUri", "kohdejoukkoUri");
        return !userHasHetuttomienKasittelyRole().isEmpty() && OppijaConstants.HAKUTAPA_YHTEISHAKU.equals(applicationSystem.getHakutapa()) && OppijaConstants.KOHDEJOUKKO_KORKEAKOULU.equals(applicationSystem.getKohdejoukkoUri());
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanPostProcess(Application application) {
        if (checkAccess(getRootOrgOid(), getReadUpdateRole(), getCreateReadUpdateDeleteRole())) {
            return true;
        }
        return OppijaConstants.KOHDEJOUKKO_KORKEAKOULU.equals(this.applicationSystemService.getApplicationSystem(application.getApplicationSystemId(), "hakutapa", "hakukausiVuosi", "hakukausiUri", "kohdejoukkoUri").getKohdejoukkoUri()) && userCanAccessApplication(application, getReadUpdateRole(), getCreateReadUpdateDeleteRole());
    }

    public final String getRoleHetuttomienKasittely() {
        return Role.ROLE_HETUTTOMIENKASITTELY.casName;
    }

    public final String getOpoRole() {
        return Role.ROLE_OPO.casName;
    }

    public static String getRoleLisatietoRU() {
        return Role.ROLE_LISATIETORU.casName;
    }

    public static String getRoleLisatietoCRUD() {
        return Role.ROLE_LISATIETOCRUD.casName;
    }

    private boolean userHasOpoRoleToSendingSchool(Application application) {
        Set<String> sendingSchool;
        AuthorizationMeta authorizationMeta = application.getAuthorizationMeta();
        if (authorizationMeta == null || (sendingSchool = authorizationMeta.getSendingSchool()) == null) {
            return false;
        }
        for (String str : sendingSchool) {
            if (!Strings.isNullOrEmpty(str) && checkAccess(str, getOpoRole())) {
                return true;
            }
        }
        return false;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanEnterApplication() {
        Iterator<String> it = this.authenticationService.getOrganisaatioHenkilo().iterator();
        while (it.hasNext()) {
            if (checkAccess(it.next(), getCreateReadUpdateDeleteRole())) {
                return true;
            }
        }
        return false;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public List<String> userCanEnterApplications() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.authenticationService.getOrganisaatioHenkilo()) {
            if (checkAccess(str, getCreateReadUpdateDeleteRole())) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanSearchBySendingSchool() {
        return checkAccess(getRootOrgOid(), getReadRole(), getReadUpdateRole(), getCreateReadUpdateDeleteRole(), getOpoRole()) || userHasOpoRole().size() > 0;
    }

    @Override // fi.vm.sade.haku.oppija.hakemus.service.HakuPermissionService
    public boolean userCanEditApplicationAdditionalData(Application application) {
        return userCanAccessApplication(application, getRoleLisatietoCRUD(), getRoleLisatietoRU(), getReadUpdateRole(), getCreateReadUpdateDeleteRole());
    }

    private boolean userCanAccessApplication(Application application, String... strArr) {
        Set<String> allAoOrganizations;
        if (checkAccess(getRootOrgOid(), strArr)) {
            return true;
        }
        AuthorizationMeta authorizationMeta = application.getAuthorizationMeta();
        if (authorizationMeta != null && (allAoOrganizations = authorizationMeta.getAllAoOrganizations()) != null) {
            for (String str : allAoOrganizations) {
                if (StringUtils.isNotEmpty(str) && checkAccess(str, strArr)) {
                    log.debug("User can read application, org: {}", str);
                    return true;
                }
            }
            return false;
        }
        return userCanEnterApplication();
    }
}
