package com.vertexinc.common.fw.rba.domain;

import com.ibm.db2.cmx.runtime.internal.StaticProfileConstants;
import com.vertexinc.common.AppRoleEnum;
import com.vertexinc.common.fw.license.domain.LicenseManager;
import com.vertexinc.common.fw.license.domain.LicenseResourceType;
import com.vertexinc.common.fw.rba.idomain.PartitionRoles;
import com.vertexinc.common.fw.rba.ipersist.AppRolePersister;
import com.vertexinc.common.fw.rba.ipersist.AppRolePersisterException;
import com.vertexinc.oseries.security.evaluator.IPermissionEvaluator;
import com.vertexinc.util.config.SysConfig;
import com.vertexinc.util.error.VertexApplicationException;
import com.vertexinc.util.error.VertexResourceNotFoundException;
import com.vertexinc.util.i18n.Message;
import com.vertexinc.util.iface.IThreadContext;
import com.vertexinc.util.log.Log;
import com.vertexinc.util.log.LogLevel;
import java.security.Permission;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/vertexinc/common/fw/rba/domain/VertexPermission.class
  input_file:patchedFiles.zip:lib/vertex-oseries-components-common.jar:com/vertexinc/common/fw/rba/domain/VertexPermission.class
 */
/* loaded from: input_file:patchedFiles.zip:web/vertex-ws.war:WEB-INF/lib/vertex-oseries-components-common.jar:com/vertexinc/common/fw/rba/domain/VertexPermission.class */
public abstract class VertexPermission extends Permission {
    public static final boolean _VTXDEF_SECURITY = true;
    public static final String _VTXPRM_SECURITY = "common.fw.rba.securityEnabled";
    public static String MASTERADMIN = "masteradministrator";
    public static String PARTITION_SYSTEMADMIN = "partitionsystemadministrator";
    public static String USERS = IPermissionEvaluator.USERS;
    public static String USERS_FULL_NAME = "system.security.users";

    private VertexPermission(String str, AccessType accessType) {
        super(str);
    }

    public static boolean canAssignRole(AppUser appUser, long j, AppRole appRole) throws VertexApplicationException {
        if (appRole == null) {
            return false;
        }
        if (hadMasterAdminRoleAccess()) {
            return true;
        }
        if (!hasResourceAccessForPartition(PARTITION_SYSTEMADMIN, AccessType.MODIFY, appUser.getPartitionRoles(), Long.valueOf(j)) && !hasResourceAccessForPartition(USERS_FULL_NAME, AccessType.MODIFY, appUser.getPartitionRoles(), Long.valueOf(j))) {
            return false;
        }
        if (appUser.getPartitionRoles().hasPartitionRole(j, appRole.getId())) {
            return true;
        }
        return canAssignRole(appRole, appUser.getPartitionRoles().getRoles(j));
    }

    public static boolean canAssignRole(AppRole appRole, Set<Long> set) throws VertexApplicationException {
        if (set == null || set.isEmpty()) {
            return false;
        }
        boolean z = true;
        Collection<AppRole> values = AppRolePersister.getInstance().find(set).values();
        Iterator<ResourceAccess> it = appRole.getResources().values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourceAccess next = it.next();
            if (!next.getAccess().equals(AccessType.READ) && !isResourceAccessible(next, values)) {
                z = false;
                if (Log.isLevelOn(VertexPermission.class, LogLevel.DEBUG)) {
                    Log.logDebug(VertexPermission.class, "The role " + appRole.getName() + " is not accessible.");
                }
            }
        }
        return z;
    }

    public static boolean hasUserManagementAccess(boolean z) {
        return hadMasterAdminRoleAccess() || hasAccess(PARTITION_SYSTEMADMIN, z) || hasAccess(USERS_FULL_NAME, z);
    }

    public static boolean isResourceAccessible(ResourceAccess resourceAccess, Collection<AppRole> collection) throws AppRolePersisterException {
        boolean z = false;
        Iterator<AppRole> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AppRole next = it.next();
            ResourceAccess resourceAccess2 = next.getResources().get(Long.valueOf(resourceAccess.getResource().getId()));
            if (resourceAccess2 != null && check(resourceAccess, resourceAccess2)) {
                z = true;
                break;
            }
            if (Log.isLevelOn(VertexPermission.class, LogLevel.DEBUG)) {
                Log.logDebug(VertexPermission.class, "The resource " + resourceAccess.getResource().getName() + StaticProfileConstants.OPEN_PAREN_TOKEN + resourceAccess.getResource().getId() + ") with access " + resourceAccess.getAccess().getName() + " is not accessible by the user in the role " + next.getName() + ".  The user role has access type " + resourceAccess2.getAccess().getName() + " for this resource.");
            }
        }
        return z;
    }

    public static boolean check(ResourceAccess resourceAccess, ResourceAccess resourceAccess2) {
        boolean z = true;
        if (resourceAccess.getAccess().equals(AccessType.MODIFY) && !resourceAccess2.getAccess().equals(AccessType.MODIFY)) {
            z = false;
        }
        return z;
    }

    public static boolean check(String str, AccessType accessType) {
        return check(str, accessType, false);
    }

    public static boolean check(String str, AccessType accessType, boolean z) {
        boolean z2 = true;
        if (SysConfig.getEnv(_VTXPRM_SECURITY, true)) {
            AppUser contextAppUser = getContextAppUser();
            if (contextAppUser == null || contextAppUser.getSourceId() == null) {
                return false;
            }
            z2 = !z ? hasResourceAccess(str, accessType, contextAppUser, null) : contextAppUser.getPartitionRoles().getPartitions().stream().anyMatch(l -> {
                return hasResourceAccess(str, accessType, contextAppUser, l);
            });
        }
        return z2;
    }

    public static boolean hasResourceAccess(String str, AccessType accessType, AppUser appUser) {
        return hasResourceAccess(str, accessType, appUser, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasResourceAccess(String str, AccessType accessType, AppUser appUser, Long l) {
        return ((List) appUser.getRoleIds(l != null ? l : appUser.getSourceId()).stream().map(l2 -> {
            try {
                return AppRolePersister.getInstance().findByPK(l2.longValue());
            } catch (AppRolePersisterException e) {
                Log.logException(VertexPermission.class, e.getMessage(), e);
                return null;
            }
        }).collect(Collectors.toList())).stream().filter(appRole -> {
            return appRole.hasAccess(str, accessType);
        }).findAny().isPresent();
    }

    public static boolean loginUserHasEditRightToAppUser(AppUser appUser) {
        boolean z = false;
        if (null == appUser) {
            throw new VertexResourceNotFoundException(String.format("AppUser Can Not be null...", new Object[0]));
        }
        AppUser contextAppUser = getContextAppUser();
        if (contextAppUser == null) {
            throw new VertexResourceNotFoundException(String.format("Login User not found...", new Object[0]));
        }
        if (hasAccess(MASTERADMIN)) {
            z = true;
        } else if (getPartitionsMAorPSAOrUsersResource(contextAppUser.getPartitionRoles()).containsAll(appUser.getPartitionRoles().getPartitions())) {
            z = true;
        }
        return z;
    }

    public static boolean hasResourceAccessForPartition(String str, AccessType accessType, PartitionRoles partitionRoles, Long l) {
        return ((List) partitionRoles.getRoles(l.longValue()).stream().map(l2 -> {
            try {
                return AppRolePersister.getInstance().findByPK(l2.longValue());
            } catch (AppRolePersisterException e) {
                Log.logException(VertexPermission.class, e.getMessage(), e);
                return null;
            }
        }).collect(Collectors.toList())).stream().filter(appRole -> {
            return appRole.hasAccess(str, accessType);
        }).findAny().isPresent();
    }

    public static Set<Long> getPartitionsMAorPSAOrUsersResource(PartitionRoles partitionRoles) {
        return (Set) partitionRoles.getPartitions().stream().filter(l -> {
            return hasResourceAccessForPartition(MASTERADMIN, AccessType.MODIFY, partitionRoles, l) || hasResourceAccessForPartition(PARTITION_SYSTEMADMIN, AccessType.MODIFY, partitionRoles, l) || hasResourceAccessForPartition(USERS_FULL_NAME, AccessType.MODIFY, partitionRoles, l) || hasResourceAccessForPartition(USERS, AccessType.MODIFY, partitionRoles, l);
        }).collect(Collectors.toSet());
    }

    public static boolean hasAccess(String str) {
        return hasAccess(str, false);
    }

    public static boolean hasAccess(String str, boolean z) {
        boolean check = check(str, AccessType.MODIFY, z);
        if (!check) {
            check = LicenseManager.check(str, LicenseResourceType.FEATURE);
        }
        return check;
    }

    private static boolean hasAccess(List<String> list, boolean z) {
        if (list == null || list.isEmpty()) {
            return false;
        }
        boolean allMatch = list.stream().allMatch(str -> {
            return check(str, AccessType.MODIFY, z);
        });
        if (!allMatch) {
            allMatch = list.stream().allMatch(str2 -> {
                return LicenseManager.check(str2, LicenseResourceType.FEATURE);
            });
        }
        return allMatch;
    }

    public static boolean hadMasterAdminRoleAccess() {
        boolean z = false;
        if (SysConfig.getEnv(_VTXPRM_SECURITY, true)) {
            try {
                AppUser contextAppUser = getContextAppUser();
                AppRole findByPK = AppRolePersister.getInstance().findByPK(AppRoleEnum.MASTER_ADMIN.roleId);
                if (findByPK != null && contextAppUser != null) {
                    if (contextAppUser.getPartitionRoles().hasPartitionRole(11L, findByPK.getId())) {
                        z = true;
                    }
                }
            } catch (VertexApplicationException e) {
                Log.logException(VertexPermission.class, e.getMessage(), e);
            }
        }
        return z;
    }

    public static AppUser getContextAppUser() {
        Principal user;
        Object obj = IThreadContext.CONTEXT.get();
        if (obj == null || !(obj instanceof IThreadContext) || (user = ((IThreadContext) obj).getUser()) == null || !(user instanceof AppUser)) {
            return null;
        }
        return (AppUser) user;
    }

    public static Set<Long> getContextUserAccessiblePartitions(AppUser appUser, boolean z) {
        AppUser contextAppUser = getContextAppUser();
        if (contextAppUser == null) {
            return Collections.emptySet();
        }
        Set<Long> partitions = appUser.getPartitionRoles().getPartitions();
        if ((z || contextAppUser.getId() != appUser.getId()) && !hasAccess(MASTERADMIN)) {
            Set<Long> partitionsMAorPSAOrUsersResource = getPartitionsMAorPSAOrUsersResource(contextAppUser.getPartitionRoles());
            partitionsMAorPSAOrUsersResource.retainAll(partitions);
            return partitionsMAorPSAOrUsersResource;
        }
        return partitions;
    }

    public static boolean checkPartitionAccess(Long l) throws AppRolePersisterException {
        AppUser contextAppUser;
        AppRole systemAppRole;
        boolean z = false;
        if (l != null && l.longValue() > 0 && (contextAppUser = getContextAppUser()) != null) {
            if (contextAppUser.getSourceId() == null) {
                return false;
            }
            long longValue = contextAppUser.getSourceId().longValue();
            z = longValue == l.longValue();
            if (!z && (systemAppRole = AppRolePersister.getInstance().getSystemAppRole(AppRoleEnum.MASTER_ADMIN)) != null && contextAppUser.getPartitionRoles().hasPartitionRole(longValue, systemAppRole.getId())) {
                z = true;
            }
        }
        return z;
    }

    public static boolean check(String str) {
        return check(str, AccessType.READ);
    }

    public static void require(String str, AccessType accessType) throws VertexSecurityException {
        if (!check(str, accessType)) {
            throw new VertexSecurityException(Message.format(VertexPermission.class, "VertexPermission.require.accessDenied", "Access denied to Vertex resource.  Contact system administrator if access is required.  (resource={0}, access={1})", str, accessType));
        }
    }

    public static void require(String str) throws VertexSecurityException {
        require(str, AccessType.READ);
    }
}
