package org.apache.syncope.core.rest.data;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.syncope.common.SyncopeClientCompositeException;
import org.apache.syncope.common.SyncopeClientException;
import org.apache.syncope.common.mod.RoleMod;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.types.AttributableType;
import org.apache.syncope.common.types.ClientExceptionType;
import org.apache.syncope.common.types.ResourceOperation;
import org.apache.syncope.core.connid.ConnObjectUtil;
import org.apache.syncope.core.persistence.beans.AbstractAttrTemplate;
import org.apache.syncope.core.persistence.beans.AbstractSchema;
import org.apache.syncope.core.persistence.beans.AccountPolicy;
import org.apache.syncope.core.persistence.beans.Entitlement;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.membership.MAttrTemplate;
import org.apache.syncope.core.persistence.beans.membership.MDerAttrTemplate;
import org.apache.syncope.core.persistence.beans.membership.MDerSchema;
import org.apache.syncope.core.persistence.beans.membership.MSchema;
import org.apache.syncope.core.persistence.beans.membership.MVirAttrTemplate;
import org.apache.syncope.core.persistence.beans.membership.MVirSchema;
import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.RAttrTemplate;
import org.apache.syncope.core.persistence.beans.role.RDerAttrTemplate;
import org.apache.syncope.core.persistence.beans.role.RDerSchema;
import org.apache.syncope.core.persistence.beans.role.RSchema;
import org.apache.syncope.core.persistence.beans.role.RVirAttrTemplate;
import org.apache.syncope.core.persistence.beans.role.RVirSchema;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.EntitlementDAO;
import org.apache.syncope.core.persistence.dao.NotFoundException;
import org.apache.syncope.core.propagation.PropagationByResource;
import org.apache.syncope.core.rest.controller.UnauthorizedRoleException;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Transactional(rollbackFor = {Throwable.class})
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/rest/data/RoleDataBinder.class */
public class RoleDataBinder extends AbstractAttributableDataBinder {

    @Autowired
    private ConnObjectUtil connObjectUtil;

    @Autowired
    private EntitlementDAO entitlementDAO;

    @Transactional(readOnly = true)
    public SyncopeRole getRoleFromId(Long l) {
        if (l == null) {
            throw new NotFoundException("Null role id");
        }
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        if (EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(find.getId())) {
            return find;
        }
        throw new UnauthorizedRoleException(find.getId());
    }

    @Transactional(readOnly = true)
    public List<WorkflowResult<Long>> getUsersOnResourcesOnlyBecauseOfRole(Long l) {
        SyncopeRole roleFromId = getRoleFromId(l);
        ArrayList arrayList = new ArrayList();
        Iterator<Membership> it = this.roleDAO.findMemberships(roleFromId).iterator();
        while (it.hasNext()) {
            SyncopeUser syncopeUser = it.next().getSyncopeUser();
            PropagationByResource propagationByResource = new PropagationByResource();
            for (ExternalResource externalResource : roleFromId.getResources()) {
                if (!syncopeUser.getOwnResources().contains(externalResource)) {
                    propagationByResource.add(ResourceOperation.DELETE, externalResource.getName());
                }
                if (!propagationByResource.isEmpty()) {
                    arrayList.add(new WorkflowResult(syncopeUser.getId(), propagationByResource, (Set<String>) Collections.emptySet()));
                }
            }
        }
        return arrayList;
    }

    private <T extends AbstractAttrTemplate<K>, K extends AbstractSchema> void setAttrTemplates(SyncopeRole syncopeRole, List<String> list, Class<T> cls, Class<K> cls2) {
        AbstractSchema schema;
        ArrayList arrayList = new ArrayList();
        for (AbstractAttrTemplate abstractAttrTemplate : syncopeRole.getAttrTemplates(cls)) {
            if (!list.contains(abstractAttrTemplate.getSchema().getName())) {
                arrayList.add(abstractAttrTemplate);
            }
        }
        syncopeRole.getAttrTemplates(cls).removeAll(arrayList);
        for (String str : list) {
            if (syncopeRole.getAttrTemplate(cls, str) == null && (schema = getSchema(str, cls2)) != null) {
                try {
                    T newInstance = cls.newInstance();
                    newInstance.setSchema(schema);
                    newInstance.setOwner(syncopeRole);
                    syncopeRole.getAttrTemplates(cls).add(newInstance);
                } catch (Exception e) {
                    LOG.error("Could not create template for {}", cls, e);
                }
            }
        }
    }

    public SyncopeRole create(SyncopeRole syncopeRole, RoleTO roleTO) {
        syncopeRole.setInheritOwner(roleTO.isInheritOwner());
        syncopeRole.setInheritAttrs(roleTO.isInheritAttrs());
        syncopeRole.setInheritDerAttrs(roleTO.isInheritDerAttrs());
        syncopeRole.setInheritVirAttrs(roleTO.isInheritVirAttrs());
        syncopeRole.setInheritTemplates(roleTO.isInheritTemplates());
        syncopeRole.setInheritPasswordPolicy(roleTO.isInheritPasswordPolicy());
        syncopeRole.setInheritAccountPolicy(roleTO.isInheritAccountPolicy());
        SyncopeClientCompositeException buildComposite = SyncopeClientException.buildComposite();
        SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.InvalidRoles);
        if (roleTO.getName() == null) {
            LOG.error("No name specified for this role");
            build.getElements().add("No name specified for this role");
        } else {
            syncopeRole.setName(roleTO.getName());
        }
        Long l = null;
        if (roleTO.getParent() != 0) {
            SyncopeRole find = this.roleDAO.find(Long.valueOf(roleTO.getParent()));
            if (find == null) {
                LOG.error("Could not find role with id " + roleTO.getParent());
                build.getElements().add(String.valueOf(roleTO.getParent()));
                buildComposite.addException(build);
            } else {
                syncopeRole.setParent(find);
                l = syncopeRole.getParent().getId();
            }
        }
        SyncopeRole find2 = this.roleDAO.find(roleTO.getName(), l);
        if (find2 != null) {
            LOG.error("Another role exists with the same name and the same parent role: " + find2);
            build.getElements().add(roleTO.getName());
        }
        setAttrTemplates(syncopeRole, roleTO.getRAttrTemplates(), RAttrTemplate.class, RSchema.class);
        setAttrTemplates(syncopeRole, roleTO.getRDerAttrTemplates(), RDerAttrTemplate.class, RDerSchema.class);
        setAttrTemplates(syncopeRole, roleTO.getRVirAttrTemplates(), RVirAttrTemplate.class, RVirSchema.class);
        setAttrTemplates(syncopeRole, roleTO.getMAttrTemplates(), MAttrTemplate.class, MSchema.class);
        setAttrTemplates(syncopeRole, roleTO.getMDerAttrTemplates(), MDerAttrTemplate.class, MDerSchema.class);
        setAttrTemplates(syncopeRole, roleTO.getMVirAttrTemplates(), MVirAttrTemplate.class, MVirSchema.class);
        fill(syncopeRole, roleTO, AttributableUtil.getInstance(AttributableType.ROLE), buildComposite);
        for (String str : roleTO.getEntitlements()) {
            Entitlement find3 = this.entitlementDAO.find(str);
            if (find3 == null) {
                LOG.warn("Ignoring invalid entitlement {}", str);
            } else {
                syncopeRole.addEntitlement(find3);
            }
        }
        if (roleTO.getUserOwner() != null) {
            SyncopeUser find4 = this.userDAO.find(roleTO.getUserOwner());
            if (find4 == null) {
                LOG.warn("Ignoring invalid user specified as owner: {}", roleTO.getUserOwner());
            } else {
                syncopeRole.setUserOwner(find4);
            }
        }
        if (roleTO.getRoleOwner() != null) {
            SyncopeRole find5 = this.roleDAO.find(roleTO.getRoleOwner());
            if (find5 == null) {
                LOG.warn("Ignoring invalid role specified as owner: {}", roleTO.getRoleOwner());
            } else {
                syncopeRole.setRoleOwner(find5);
            }
        }
        if (roleTO.getPasswordPolicy() != null) {
            syncopeRole.setPasswordPolicy((PasswordPolicy) this.policyDAO.find(roleTO.getPasswordPolicy()));
        }
        if (roleTO.getAccountPolicy() != null) {
            syncopeRole.setAccountPolicy((AccountPolicy) this.policyDAO.find(roleTO.getAccountPolicy()));
        }
        return syncopeRole;
    }

    public PropagationByResource update(SyncopeRole syncopeRole, RoleMod roleMod) {
        PropagationByResource propagationByResource = new PropagationByResource();
        SyncopeClientCompositeException buildComposite = SyncopeClientException.buildComposite();
        Set<String> resourceNames = syncopeRole.getResourceNames();
        SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.InvalidRoles);
        if (roleMod.getName() != null) {
            SyncopeRole find = this.roleDAO.find(roleMod.getName(), syncopeRole.getParent() == null ? null : syncopeRole.getParent().getId());
            if (find != null && !syncopeRole.equals(find)) {
                LOG.error("Another role exists with the same name and the same parent role: " + find);
                build.getElements().add(roleMod.getName());
                buildComposite.addException(build);
            } else if (!roleMod.getName().equals(syncopeRole.getName())) {
                propagationByResource.addAll(ResourceOperation.UPDATE, resourceNames);
                Iterator<String> it = resourceNames.iterator();
                while (it.hasNext()) {
                    propagationByResource.addOldAccountId(it.next(), syncopeRole.getName());
                }
                syncopeRole.setName(roleMod.getName());
            }
        }
        if (roleMod.getInheritOwner() != null) {
            syncopeRole.setInheritOwner(roleMod.getInheritOwner().booleanValue());
        }
        if (roleMod.getInheritTemplates() != null) {
            syncopeRole.setInheritTemplates(roleMod.getInheritTemplates().booleanValue());
        }
        if (roleMod.getInheritAttrs() != null) {
            syncopeRole.setInheritAttrs(roleMod.getInheritAttrs().booleanValue());
        }
        if (roleMod.getInheritDerAttrs() != null) {
            syncopeRole.setInheritDerAttrs(roleMod.getInheritDerAttrs().booleanValue());
        }
        if (roleMod.getInheritVirAttrs() != null) {
            syncopeRole.setInheritVirAttrs(roleMod.getInheritVirAttrs().booleanValue());
        }
        if (roleMod.getInheritPasswordPolicy() != null) {
            syncopeRole.setInheritPasswordPolicy(roleMod.getInheritPasswordPolicy().booleanValue());
        }
        if (roleMod.getInheritAccountPolicy() != null) {
            syncopeRole.setInheritAccountPolicy(roleMod.getInheritAccountPolicy().booleanValue());
        }
        if (roleMod.isModEntitlements()) {
            syncopeRole.getEntitlements().clear();
            for (String str : roleMod.getEntitlements()) {
                Entitlement find2 = this.entitlementDAO.find(str);
                if (find2 == null) {
                    LOG.warn("Ignoring invalid entitlement {}", str);
                } else {
                    syncopeRole.addEntitlement(find2);
                }
            }
        }
        if (roleMod.isModRAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getRAttrTemplates(), RAttrTemplate.class, RSchema.class);
        }
        if (roleMod.isModRDerAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getRDerAttrTemplates(), RDerAttrTemplate.class, RDerSchema.class);
        }
        if (roleMod.isModRVirAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getRVirAttrTemplates(), RVirAttrTemplate.class, RVirSchema.class);
        }
        if (roleMod.isModMAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getMAttrTemplates(), MAttrTemplate.class, MSchema.class);
        }
        if (roleMod.isModMDerAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getMDerAttrTemplates(), MDerAttrTemplate.class, MDerSchema.class);
        }
        if (roleMod.isModMVirAttrTemplates()) {
            setAttrTemplates(syncopeRole, roleMod.getMVirAttrTemplates(), MVirAttrTemplate.class, MVirSchema.class);
        }
        if (roleMod.getPasswordPolicy() != null) {
            syncopeRole.setPasswordPolicy(roleMod.getPasswordPolicy().getId() == null ? null : (PasswordPolicy) this.policyDAO.find(roleMod.getPasswordPolicy().getId()));
        }
        if (roleMod.getAccountPolicy() != null) {
            syncopeRole.setAccountPolicy(roleMod.getAccountPolicy().getId() == null ? null : (AccountPolicy) this.policyDAO.find(roleMod.getAccountPolicy().getId()));
        }
        if (roleMod.getUserOwner() != null) {
            syncopeRole.setUserOwner(roleMod.getUserOwner().getId() == null ? null : this.userDAO.find(roleMod.getUserOwner().getId()));
        }
        if (roleMod.getRoleOwner() != null) {
            syncopeRole.setRoleOwner(roleMod.getRoleOwner().getId() == null ? null : this.roleDAO.find(roleMod.getRoleOwner().getId()));
        }
        propagationByResource.merge(fill(syncopeRole, roleMod, AttributableUtil.getInstance(AttributableType.ROLE), buildComposite));
        return propagationByResource;
    }

    @Transactional(readOnly = true)
    public RoleTO getRoleTO(SyncopeRole syncopeRole) {
        this.connObjectUtil.retrieveVirAttrValues(syncopeRole, AttributableUtil.getInstance(AttributableType.ROLE));
        RoleTO roleTO = new RoleTO();
        roleTO.setCreator(syncopeRole.getCreator());
        roleTO.setCreationDate(syncopeRole.getCreationDate());
        roleTO.setLastModifier(syncopeRole.getLastModifier());
        roleTO.setLastChangeDate(syncopeRole.getLastChangeDate());
        roleTO.setId(syncopeRole.getId().longValue());
        roleTO.setName(syncopeRole.getName());
        roleTO.setInheritOwner(syncopeRole.isInheritOwner());
        roleTO.setInheritTemplates(syncopeRole.isInheritTemplates());
        roleTO.setInheritAttrs(syncopeRole.isInheritAttrs());
        roleTO.setInheritDerAttrs(syncopeRole.isInheritDerAttrs());
        roleTO.setInheritVirAttrs(syncopeRole.isInheritVirAttrs());
        roleTO.setInheritPasswordPolicy(syncopeRole.isInheritPasswordPolicy());
        roleTO.setInheritAccountPolicy(syncopeRole.isInheritAccountPolicy());
        if (syncopeRole.getParent() != null) {
            roleTO.setParent(syncopeRole.getParent().getId().longValue());
        }
        if (syncopeRole.getUserOwner() != null) {
            roleTO.setUserOwner(syncopeRole.getUserOwner().getId());
        }
        if (syncopeRole.getRoleOwner() != null) {
            roleTO.setRoleOwner(syncopeRole.getRoleOwner().getId());
        }
        fillTO(roleTO, syncopeRole.findLastInheritedAncestorAttributes(), syncopeRole.findLastInheritedAncestorDerivedAttributes(), syncopeRole.findLastInheritedAncestorVirtualAttributes(), syncopeRole.getResources());
        Iterator<Entitlement> it = syncopeRole.getEntitlements().iterator();
        while (it.hasNext()) {
            roleTO.getEntitlements().add(it.next().getName());
        }
        Iterator it2 = syncopeRole.findInheritedTemplates(RAttrTemplate.class).iterator();
        while (it2.hasNext()) {
            roleTO.getRAttrTemplates().add(((RAttrTemplate) it2.next()).getSchema().getName());
        }
        Iterator it3 = syncopeRole.findInheritedTemplates(RDerAttrTemplate.class).iterator();
        while (it3.hasNext()) {
            roleTO.getRDerAttrTemplates().add(((RDerAttrTemplate) it3.next()).getSchema().getName());
        }
        Iterator it4 = syncopeRole.findInheritedTemplates(RVirAttrTemplate.class).iterator();
        while (it4.hasNext()) {
            roleTO.getRVirAttrTemplates().add(((RVirAttrTemplate) it4.next()).getSchema().getName());
        }
        Iterator it5 = syncopeRole.findInheritedTemplates(MAttrTemplate.class).iterator();
        while (it5.hasNext()) {
            roleTO.getMAttrTemplates().add(((MAttrTemplate) it5.next()).getSchema().getName());
        }
        Iterator it6 = syncopeRole.findInheritedTemplates(MDerAttrTemplate.class).iterator();
        while (it6.hasNext()) {
            roleTO.getMDerAttrTemplates().add(((MDerAttrTemplate) it6.next()).getSchema().getName());
        }
        Iterator it7 = syncopeRole.findInheritedTemplates(MVirAttrTemplate.class).iterator();
        while (it7.hasNext()) {
            roleTO.getMVirAttrTemplates().add(((MVirAttrTemplate) it7.next()).getSchema().getName());
        }
        roleTO.setPasswordPolicy(syncopeRole.getPasswordPolicy() == null ? null : syncopeRole.getPasswordPolicy().getId());
        roleTO.setAccountPolicy(syncopeRole.getAccountPolicy() == null ? null : syncopeRole.getAccountPolicy().getId());
        return roleTO;
    }

    @Transactional(readOnly = true)
    public RoleTO getRoleTO(Long l) {
        return getRoleTO(getRoleFromId(l));
    }
}
