package com.vertexinc.oseries.security.service;

import com.ibm.db2.cmx.runtime.internal.StaticProfileConstants;
import com.vertexinc.common.fw.rba.domain.AccessType;
import com.vertexinc.common.fw.rba.domain.AppRole;
import com.vertexinc.common.fw.rba.domain.AppUser;
import com.vertexinc.common.fw.rba.domain.ResourceAccess;
import com.vertexinc.common.fw.rba.ipersist.AppRolePersister;
import com.vertexinc.common.fw.rba.ipersist.AppRolePersisterException;
import com.vertexinc.util.log.Log;
import com.vertexinc.util.log.LogLevel;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:patchedFiles.zip:web/vertex-ws.war:WEB-INF/lib/vertex-oseries-security-lib.jar:com/vertexinc/oseries/security/service/RoleCreationDeterminer.class */
public class RoleCreationDeterminer {
    private AppRolePersister appRolePersister;

    public RoleCreationDeterminer(AppRolePersister appRolePersister) {
        this.appRolePersister = appRolePersister;
    }

    public boolean canCreateRole(AppUser appUser, AppRole appRole, Long l) {
        if (appRole == null) {
            return false;
        }
        try {
            AppRole findByName = this.appRolePersister.findByName("Master Administrator");
            if (findByName != null) {
                if (appUser.getPartitionRoles().hasPartitionRole(l.longValue(), findByName.getId())) {
                    return true;
                }
            }
            if (appUser.getPartitionRoles().hasPartitionRole(l.longValue(), appRole.getId())) {
                return true;
            }
            Set<Long> roles = appUser.getPartitionRoles().getRoles(l.longValue());
            if (roles == null || roles.isEmpty()) {
                return false;
            }
            Collection<AppRole> values = this.appRolePersister.find(roles).values();
            boolean z = true;
            Iterator<ResourceAccess> it = appRole.getResources().values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ResourceAccess next = it.next();
                if (!next.getAccess().equals(AccessType.READ) && !isResourceAccessible(next, values)) {
                    z = false;
                    if (Log.isLevelOn(RoleCreationDeterminer.class, LogLevel.DEBUG)) {
                        Log.logDebug(RoleCreationDeterminer.class, "The role " + appRole.getName() + " is not accessible.");
                    }
                }
            }
            return z;
        } catch (AppRolePersisterException e) {
            Log.logException(RoleCreationDeterminer.class, e.getMessage(), e);
            return false;
        }
    }

    private boolean isResourceAccessible(ResourceAccess resourceAccess, Collection<AppRole> collection) {
        boolean z = false;
        Iterator<AppRole> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AppRole next = it.next();
            ResourceAccess resourceAccess2 = next.getResources().get(Long.valueOf(resourceAccess.getResource().getId()));
            if (resourceAccess2 != null && check(resourceAccess, resourceAccess2)) {
                z = true;
                break;
            }
            if (Log.isLevelOn(RoleCreationDeterminer.class, LogLevel.DEBUG)) {
                Log.logDebug(RoleCreationDeterminer.class, "The resource " + resourceAccess.getResource().getName() + StaticProfileConstants.OPEN_PAREN_TOKEN + resourceAccess.getResource().getId() + ") with access " + resourceAccess.getAccess().getName() + " is not accessible by the user in the role " + next.getName() + ".  The user role has access type " + resourceAccess2.getAccess().getName() + " for this resource.");
            }
        }
        return z;
    }

    public boolean check(ResourceAccess resourceAccess, ResourceAccess resourceAccess2) {
        boolean z = true;
        if (resourceAccess.getAccess().equals(AccessType.MODIFY) && !resourceAccess2.getAccess().equals(AccessType.MODIFY)) {
            z = false;
        }
        return z;
    }
}
