package org.apache.syncope.core.logic;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.IterableUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.patch.GroupPatch;
import org.apache.syncope.common.lib.patch.StringPatchItem;
import org.apache.syncope.common.lib.to.AnyTO;
import org.apache.syncope.common.lib.to.ExecTO;
import org.apache.syncope.common.lib.to.GroupTO;
import org.apache.syncope.common.lib.to.PropagationStatus;
import org.apache.syncope.common.lib.to.ProvisioningResult;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.BulkMembersActionType;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.JobType;
import org.apache.syncope.common.lib.types.PatchOperation;
import org.apache.syncope.core.persistence.api.dao.AnySearchDAO;
import org.apache.syncope.core.persistence.api.dao.ConfDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.TaskDAO;
import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
import org.apache.syncope.core.persistence.api.entity.EntityFactory;
import org.apache.syncope.core.persistence.api.entity.group.Group;
import org.apache.syncope.core.persistence.api.entity.task.SchedTask;
import org.apache.syncope.core.provisioning.api.GroupProvisioningManager;
import org.apache.syncope.core.provisioning.api.LogicActions;
import org.apache.syncope.core.provisioning.api.data.GroupDataBinder;
import org.apache.syncope.core.provisioning.api.data.TaskDataBinder;
import org.apache.syncope.core.provisioning.api.job.JobManager;
import org.apache.syncope.core.provisioning.api.job.JobNamer;
import org.apache.syncope.core.provisioning.api.utils.RealmUtils;
import org.apache.syncope.core.provisioning.java.job.GroupMemberProvisionTaskJobDelegate;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.apache.syncope.core.spring.security.DelegatedAdministrationException;
import org.quartz.JobDataMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.quartz.SchedulerFactoryBean;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/logic/GroupLogic.class */
public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> {

    @Resource(name = "adminUser")
    protected String adminUser;

    @Autowired
    protected AnySearchDAO searchDAO;

    @Autowired
    protected TaskDAO taskDAO;

    @Autowired
    protected ConfDAO confDAO;

    @Autowired
    protected GroupDataBinder binder;

    @Autowired
    protected GroupProvisioningManager provisioningManager;

    @Autowired
    protected TaskDataBinder taskDataBinder;

    @Autowired
    protected JobManager jobManager;

    @Autowired
    protected SchedulerFactoryBean scheduler;

    @Autowired
    protected EntityFactory entityFactory;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    public boolean securityChecks(Set<String> set, final String str, final String str2) {
        boolean matchesAny = IterableUtils.matchesAny(set, new Predicate<String>() { // from class: org.apache.syncope.core.logic.GroupLogic.1
            public boolean evaluate(String str3) {
                return str.startsWith(str3) || str3.equals(RealmUtils.getGroupOwnerRealm(str, str2));
            }
        });
        if (!matchesAny) {
            matchesAny = !CollectionUtils.intersection(this.groupDAO.findDynRealms(str2), set).isEmpty();
        }
        if (matchesAny) {
            return IterableUtils.matchesAny(set, new RealmUtils.DynRealmsPredicate());
        }
        throw new DelegatedAdministrationException(str, AnyTypeKind.GROUP.name(), str2);
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('GROUP_READ')")
    public GroupTO read(String str) {
        return this.binder.getGroupTO(str);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))")
    public List<GroupTO> own() {
        return this.adminUser.equals(AuthContextUtils.getUsername()) ? Collections.emptyList() : (List) CollectionUtils.collect(this.userDAO.findAllGroups(this.userDAO.findByUsername(AuthContextUtils.getUsername())), new Transformer<Group, GroupTO>() { // from class: org.apache.syncope.core.logic.GroupLogic.2
            @Transactional(readOnly = true)
            public GroupTO transform(Group group) {
                return GroupLogic.this.binder.getGroupTO(group, true);
            }
        }, new ArrayList());
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('GROUP_SEARCH')")
    public Pair<Integer, List<GroupTO>> search(SearchCond searchCond, int i, int i2, List<OrderByClause> list, String str, final boolean z) {
        return Pair.of(Integer.valueOf(this.searchDAO.count(RealmUtils.getEffective(SyncopeConstants.FULL_ADMIN_REALMS, str), searchCond == null ? this.groupDAO.getAllMatchingCond() : searchCond, AnyTypeKind.GROUP)), (List) CollectionUtils.collect(this.searchDAO.search(RealmUtils.getEffective(SyncopeConstants.FULL_ADMIN_REALMS, str), searchCond == null ? this.groupDAO.getAllMatchingCond() : searchCond, i, i2, list, AnyTypeKind.GROUP), new Transformer<Group, GroupTO>() { // from class: org.apache.syncope.core.logic.GroupLogic.3
            @Transactional(readOnly = true)
            public GroupTO transform(Group group) {
                return GroupLogic.this.binder.getGroupTO(group, z);
            }
        }, new ArrayList()));
    }

    @PreAuthorize("hasRole('GROUP_CREATE')")
    public ProvisioningResult<GroupTO> create(GroupTO groupTO, boolean z) {
        Pair<GroupTO, List<LogicActions>> beforeCreate = beforeCreate(groupTO);
        if (((GroupTO) beforeCreate.getLeft()).getRealm() == null) {
            throw SyncopeClientException.build(ClientExceptionType.InvalidRealm);
        }
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_CREATE"), ((GroupTO) beforeCreate.getLeft()).getRealm()), ((GroupTO) beforeCreate.getLeft()).getRealm(), null);
        Pair create = this.provisioningManager.create((AnyTO) beforeCreate.getLeft(), z);
        return afterCreate(this.binder.getGroupTO((String) create.getKey()), (List) create.getRight(), (List) beforeCreate.getRight());
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public ProvisioningResult<GroupTO> update(GroupPatch groupPatch, boolean z) {
        GroupTO groupTO = this.binder.getGroupTO(groupPatch.getKey());
        HashSet hashSet = new HashSet(groupTO.getDynRealms());
        Pair<GroupPatch, List<LogicActions>> beforeUpdate = beforeUpdate(groupPatch, groupTO.getRealm());
        String realm = (((GroupPatch) beforeUpdate.getLeft()).getRealm() == null || !StringUtils.isNotBlank((CharSequence) ((GroupPatch) beforeUpdate.getLeft()).getRealm().getValue())) ? groupTO.getRealm() : (String) ((GroupPatch) beforeUpdate.getLeft()).getRealm().getValue();
        boolean securityChecks = securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), realm), realm, ((GroupPatch) beforeUpdate.getLeft()).getKey());
        Pair update = this.provisioningManager.update(groupPatch, z);
        return afterUpdate(this.binder.getGroupTO(((GroupPatch) update.getLeft()).getKey()), (List) update.getRight(), (List) beforeUpdate.getRight(), securityChecks, hashSet);
    }

    @Override // org.apache.syncope.core.logic.AbstractAnyLogic
    @PreAuthorize("hasRole('GROUP_DELETE')")
    public ProvisioningResult<GroupTO> delete(String str, boolean z) {
        Pair<GroupTO, List<LogicActions>> beforeDelete = beforeDelete(this.binder.getGroupTO(str));
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_DELETE"), ((GroupTO) beforeDelete.getLeft()).getRealm()), ((GroupTO) beforeDelete.getLeft()).getRealm(), ((GroupTO) beforeDelete.getLeft()).getKey());
        List findOwnedByGroup = this.groupDAO.findOwnedByGroup(((GroupTO) beforeDelete.getLeft()).getKey());
        if (!findOwnedByGroup.isEmpty()) {
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.GroupOwnership);
            build.getElements().addAll(CollectionUtils.collect(findOwnedByGroup, new Transformer<Group, String>() { // from class: org.apache.syncope.core.logic.GroupLogic.4
                @Transactional(readOnly = true)
                public String transform(Group group) {
                    return group.getKey() + " " + group.getName();
                }
            }, new ArrayList()));
            throw build;
        }
        List<PropagationStatus> delete = this.provisioningManager.delete(((GroupTO) beforeDelete.getLeft()).getKey(), z);
        GroupTO groupTO = new GroupTO();
        groupTO.setKey(((GroupTO) beforeDelete.getLeft()).getKey());
        return afterDelete(groupTO, delete, (List) beforeDelete.getRight());
    }

    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public GroupTO unlink(String str, Collection<String> collection) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(str);
        groupPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.GroupLogic.5
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(str2).build();
            }
        }));
        groupPatch.setUDynMembershipCond(groupTO.getUDynMembershipCond());
        groupPatch.getADynMembershipConds().putAll(groupTO.getADynMembershipConds());
        return this.binder.getGroupTO(this.provisioningManager.unlink(groupPatch));
    }

    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public GroupTO link(String str, Collection<String> collection) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(str);
        groupPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.GroupLogic.6
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(str2).build();
            }
        }));
        groupPatch.getADynMembershipConds().putAll(groupTO.getADynMembershipConds());
        groupPatch.setUDynMembershipCond(groupTO.getUDynMembershipCond());
        return this.binder.getGroupTO(this.provisioningManager.link(groupPatch));
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public ProvisioningResult<GroupTO> unassign(String str, Collection<String> collection, boolean z) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(str);
        groupPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.GroupLogic.7
            public StringPatchItem transform(String str2) {
                return new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(str2).build();
            }
        }));
        groupPatch.getADynMembershipConds().putAll(groupTO.getADynMembershipConds());
        groupPatch.setUDynMembershipCond(groupTO.getUDynMembershipCond());
        return update(groupPatch, z);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public ProvisioningResult<GroupTO> assign(String str, Collection<String> collection, boolean z, String str2, boolean z2) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        GroupPatch groupPatch = new GroupPatch();
        groupPatch.setKey(str);
        groupPatch.getResources().addAll(CollectionUtils.collect(collection, new Transformer<String, StringPatchItem>() { // from class: org.apache.syncope.core.logic.GroupLogic.8
            public StringPatchItem transform(String str3) {
                return new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(str3).build();
            }
        }));
        groupPatch.getADynMembershipConds().putAll(groupTO.getADynMembershipConds());
        groupPatch.setUDynMembershipCond(groupTO.getUDynMembershipCond());
        return update(groupPatch, z2);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public ProvisioningResult<GroupTO> deprovision(String str, Collection<String> collection, boolean z) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        List deprovision = this.provisioningManager.deprovision(str, collection, z);
        ProvisioningResult<GroupTO> provisioningResult = new ProvisioningResult<>();
        provisioningResult.setEntity(this.binder.getGroupTO(str));
        provisioningResult.getPropagationStatuses().addAll(deprovision);
        return provisioningResult;
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    public ProvisioningResult<GroupTO> provision(String str, Collection<String> collection, boolean z, String str2, boolean z2) {
        GroupTO groupTO = this.binder.getGroupTO(str);
        securityChecks(RealmUtils.getEffective((Set) AuthContextUtils.getAuthorizations().get("GROUP_UPDATE"), groupTO.getRealm()), groupTO.getRealm(), groupTO.getKey());
        List provision = this.provisioningManager.provision(str, collection, z2);
        ProvisioningResult<GroupTO> provisioningResult = new ProvisioningResult<>();
        provisioningResult.setEntity(this.binder.getGroupTO(str));
        provisioningResult.getPropagationStatuses().addAll(provision);
        return provisioningResult;
    }

    @Transactional
    @PreAuthorize("hasRole('TASK_CREATE') and hasRole('TASK_EXECUTE')")
    public ExecTO bulkMembersAction(String str, BulkMembersActionType bulkMembersActionType) {
        Group find = this.groupDAO.find(str);
        if (find == null) {
            throw new NotFoundException("Group " + str);
        }
        SchedTask newEntity = this.entityFactory.newEntity(SchedTask.class);
        newEntity.setName("Bulk member provision for group " + find.getName());
        newEntity.setActive(true);
        newEntity.setJobDelegateClassName(GroupMemberProvisionTaskJobDelegate.class.getName());
        SchedTask save = this.taskDAO.save(newEntity);
        try {
            Map register = this.jobManager.register(save, (Date) null, ((Long) this.confDAO.find("tasks.interruptMaxRetries", 1L)).longValue());
            register.put("dryRun", false);
            register.put("groupKey", str);
            register.put("actionType", bulkMembersActionType);
            this.scheduler.getScheduler().triggerJob(JobNamer.getJobKey(save), new JobDataMap(register));
            ExecTO execTO = new ExecTO();
            execTO.setJobType(JobType.TASK);
            execTO.setRefKey(save.getKey());
            execTO.setRefDesc(this.taskDataBinder.buildRefDesc(save));
            execTO.setStart(new Date());
            execTO.setStatus("JOB_FIRED");
            execTO.setMessage("Job fired; waiting for results...");
            return execTO;
        } catch (Exception e) {
            LOG.error("While executing task {}", save, e);
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.Scheduling);
            build.getElements().add(e.getMessage());
            throw build;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.logic.AbstractLogic
    /* renamed from: resolveReference, reason: merged with bridge method [inline-methods] */
    public GroupTO mo3resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        String str = null;
        if (ArrayUtils.isNotEmpty(objArr)) {
            for (int i = 0; str == null && i < objArr.length; i++) {
                if (objArr[i] instanceof String) {
                    str = (String) objArr[i];
                } else if (objArr[i] instanceof GroupTO) {
                    str = ((GroupTO) objArr[i]).getKey();
                } else if (objArr[i] instanceof GroupPatch) {
                    str = ((GroupPatch) objArr[i]).getKey();
                }
            }
        }
        if (str == null) {
            throw new UnresolvedReferenceException();
        }
        try {
            return this.binder.getGroupTO(str);
        } catch (Throwable th) {
            LOG.debug("Unresolved reference", th);
            throw new UnresolvedReferenceException(th);
        }
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    /* renamed from: link */
    public /* bridge */ /* synthetic */ AnyTO mo4link(String str, Collection collection) {
        return link(str, (Collection<String>) collection);
    }

    @Override // org.apache.syncope.core.logic.AbstractResourceAssociator
    @PreAuthorize("hasRole('GROUP_UPDATE')")
    /* renamed from: unlink */
    public /* bridge */ /* synthetic */ AnyTO mo5unlink(String str, Collection collection) {
        return unlink(str, (Collection<String>) collection);
    }
}
