package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.interceptor.api.Pointcut;
import ca.uhn.fhir.model.primitive.IdDt;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.api.server.bulk.BulkExportJobParameters;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBulkExportImpl.class */
public class RuleBulkExportImpl extends BaseRule {
    private static final Logger ourLog = LoggerFactory.getLogger(RuleBulkExportImpl.class);
    private String myGroupId;
    private final Collection<String> myPatientIds;
    private boolean myAppliesToAllPatients;
    private BulkExportJobParameters.ExportStyle myWantExportStyle;
    private Collection<String> myResourceTypes;
    private boolean myWantAnyStyle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleBulkExportImpl(String str) {
        super(str);
        this.myPatientIds = new ArrayList();
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule
    public AuthorizationInterceptor.Verdict applyRule(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, IRuleApplier iRuleApplier, Set<AuthorizationFlagsEnum> set, Pointcut pointcut) {
        if (pointcut != Pointcut.STORAGE_INITIATE_BULK_EXPORT || requestDetails == null) {
            return null;
        }
        BulkExportJobParameters bulkExportJobParameters = (BulkExportJobParameters) requestDetails.getAttribute(AuthorizationInterceptor.REQUEST_ATTRIBUTE_BULK_DATA_EXPORT_OPTIONS);
        if (!this.myWantAnyStyle && bulkExportJobParameters.getExportStyle() != this.myWantExportStyle) {
            return null;
        }
        if (!CollectionUtils.isNotEmpty(this.myResourceTypes) || (!CollectionUtils.isEmpty(bulkExportJobParameters.getResourceTypes()) && this.myResourceTypes.containsAll(bulkExportJobParameters.getResourceTypes()))) {
            AuthorizationInterceptor.Verdict newVerdict = newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
            if (this.myWantAnyStyle || this.myWantExportStyle == BulkExportJobParameters.ExportStyle.SYSTEM) {
                return newVerdict;
            }
            if (StringUtils.isNotBlank(this.myGroupId) && bulkExportJobParameters.getGroupId() != null && Objects.equals(new IdDt(this.myGroupId).toUnqualifiedVersionless().getValue(), new IdDt(bulkExportJobParameters.getGroupId()).toUnqualifiedVersionless().getValue())) {
                return newVerdict;
            }
            if (this.myWantExportStyle == BulkExportJobParameters.ExportStyle.PATIENT && this.myAppliesToAllPatients) {
                return newVerdict;
            }
            if (!CollectionUtils.isNotEmpty(this.myPatientIds) || bulkExportJobParameters.getPatientIds().isEmpty()) {
                return null;
            }
            ourLog.debug("options.getPatientIds() != null");
            return sanitizeIds(this.myPatientIds).containsAll(sanitizeIds(bulkExportJobParameters.getPatientIds())) ? newVerdict : new AuthorizationInterceptor.Verdict(PolicyEnum.DENY, this);
        }
        return new AuthorizationInterceptor.Verdict(PolicyEnum.DENY, this);
    }

    private Set<String> sanitizeIds(Collection<String> collection) {
        return (Set) collection.stream().map(str -> {
            return new IdDt(str).toUnqualifiedVersionless().getValue();
        }).collect(Collectors.toSet());
    }

    public void setAppliesToGroupExportOnGroup(String str) {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.GROUP;
        this.myGroupId = str;
    }

    public void setAppliesToPatientExportOnGroup(String str) {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.PATIENT;
        this.myGroupId = str;
    }

    public void setAppliesToPatientExport(String str) {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.PATIENT;
        this.myPatientIds.add(str);
    }

    public void setAppliesToPatientExport(Collection<String> collection) {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.PATIENT;
        this.myPatientIds.addAll(collection);
    }

    public void setAppliesToPatientExportAllPatients() {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.PATIENT;
        this.myAppliesToAllPatients = true;
    }

    public void setAppliesToSystem() {
        this.myWantExportStyle = BulkExportJobParameters.ExportStyle.SYSTEM;
    }

    public void setResourceTypes(Collection<String> collection) {
        this.myResourceTypes = collection;
    }

    public void setAppliesToAny() {
        this.myWantAnyStyle = true;
    }

    String getGroupId() {
        return this.myGroupId;
    }

    BulkExportJobParameters.ExportStyle getWantExportStyle() {
        return this.myWantExportStyle;
    }

    @VisibleForTesting
    Collection<String> getPatientIds() {
        return this.myPatientIds;
    }

    @VisibleForTesting
    Collection<String> getResourceTypes() {
        return this.myResourceTypes;
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule
    public /* bridge */ /* synthetic */ String toString() {
        return super.toString();
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule
    public /* bridge */ /* synthetic */ List getTesters() {
        return super.getTesters();
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule
    public /* bridge */ /* synthetic */ String getName() {
        return super.getName();
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule
    public /* bridge */ /* synthetic */ void addTesters(List list) {
        super.addTesters(list);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule
    public /* bridge */ /* synthetic */ void addTester(IAuthRuleTester iAuthRuleTester) {
        super.addTester(iAuthRuleTester);
    }
}
