package org.apache.directory.fortress.core.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.directory.fortress.annotation.AdminPermissionOperation;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.OrgUnit;
import org.apache.directory.fortress.core.model.PermObj;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.model.PermissionAttributeSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.RoleConstraint;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.fortress.core.rest.HttpIds;
import org.apache.directory.fortress.core.util.Config;
import org.apache.directory.fortress.core.util.VUtil;

/* loaded from: input_file:WEB-INF/lib/fortress-core-2.0.5.jar:org/apache/directory/fortress/core/impl/ReviewMgrImpl.class */
public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable {
    private static final String CLS_NM = ReviewMgrImpl.class.getName();
    private UserP userP = new UserP();
    private RoleP roleP = new RoleP();
    private PermP permP = new PermP();
    private SdP ssdP = new SdP();

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Permission readPermission(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "readPermission", permission, GlobalErrIds.PERM_OPERATION_NULL);
        VUtil.assertNotNullOrEmpty(permission.getObjName(), GlobalErrIds.PERM_OBJECT_NM_NULL, CLS_NM + ".readPermission");
        VUtil.assertNotNullOrEmpty(permission.getOpName(), GlobalErrIds.PERM_OPERATION_NM_NULL, CLS_NM + ".readPermission");
        checkAccess(CLS_NM, "readPermission");
        return this.permP.read(permission);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public PermObj readPermObj(PermObj permObj) throws SecurityException {
        assertContext(CLS_NM, "readPermObj", permObj, GlobalErrIds.PERM_OBJECT_NULL);
        VUtil.assertNotNull(permObj.getObjName(), GlobalErrIds.PERM_OBJECT_NM_NULL, CLS_NM + ".readPermObj");
        checkAccess(CLS_NM, "readPermObj");
        return this.permP.read(permObj);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public PermissionAttributeSet readPermAttributeSet(PermissionAttributeSet permissionAttributeSet) throws SecurityException {
        assertContext(CLS_NM, HttpIds.PERM_READ_PERM_ATTRIBUTE_SET, permissionAttributeSet, GlobalErrIds.PERM_ATTRIBUTE_SET_NULL);
        VUtil.assertNotNull(permissionAttributeSet.getName(), GlobalErrIds.PERM_ATTRIBUTE_SET_NM_NULL, CLS_NM + "." + HttpIds.PERM_READ_PERM_ATTRIBUTE_SET);
        checkAccess(CLS_NM, HttpIds.PERM_READ_PERM_ATTRIBUTE_SET);
        return this.permP.read(permissionAttributeSet);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Permission> findPermissions(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "findPermissions", permission, GlobalErrIds.PERM_OPERATION_NULL);
        checkAccess(CLS_NM, "findPermissions");
        return this.permP.search(permission);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Permission> findPermsByObj(PermObj permObj) throws SecurityException {
        assertContext(CLS_NM, "findPermsByObj", permObj, GlobalErrIds.PERM_OBJECT_NULL);
        VUtil.assertNotNullOrEmpty(permObj.getObjName(), GlobalErrIds.PERM_OBJECT_NM_NULL, CLS_NM + ".findPermsByObj");
        checkAccess(CLS_NM, "findPermsByObj");
        return this.permP.searchOperations(permObj);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Permission> findAnyPermissions(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "findAnyPermissions", permission, GlobalErrIds.PERM_OPERATION_NULL);
        checkAccess(CLS_NM, "findAnyPermissions");
        return this.permP.searchAny(permission);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<PermObj> findPermObjs(PermObj permObj) throws SecurityException {
        assertContext(CLS_NM, "findPermObjs", permObj, GlobalErrIds.PERM_OBJECT_NULL);
        checkAccess(CLS_NM, "findPermObjs");
        return this.permP.search(permObj);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<PermObj> findPermObjs(OrgUnit orgUnit) throws SecurityException {
        assertContext(CLS_NM, "findPermObjs", orgUnit, GlobalErrIds.ORG_NULL_PERM);
        checkAccess(CLS_NM, "findPermObjs");
        return this.permP.search(orgUnit, false);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Role readRole(Role role) throws SecurityException {
        assertContext(CLS_NM, "readRole", role, GlobalErrIds.ROLE_NULL);
        VUtil.assertNotNullOrEmpty(role.getName(), GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".readRole");
        checkAccess(CLS_NM, "readRole");
        return this.roleP.read(role);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Role> findRoles(String str) throws SecurityException {
        VUtil.assertNotNull(str, GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".findRoles");
        checkAccess(CLS_NM, "findRoles");
        Role role = new Role(str);
        role.setContextId(this.contextId);
        return this.roleP.search(role);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<String> findRoles(String str, int i) throws SecurityException {
        VUtil.assertNotNull(str, GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".findRoles");
        checkAccess(CLS_NM, "findRoles");
        Role role = new Role(str);
        role.setContextId(this.contextId);
        return this.roleP.search(role, i);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public final User readUser(User user) throws SecurityException {
        assertContext(CLS_NM, "readUser", user, GlobalErrIds.USER_NULL);
        VUtil.assertNotNullOrEmpty(user.getUserId(), GlobalErrIds.USER_ID_NULL, CLS_NM + ".readUser");
        checkAccess(CLS_NM, "readUser");
        return this.userP.read(user, true);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public final List<User> findUsers(User user) throws SecurityException {
        assertContext(CLS_NM, "findUsers", user, GlobalErrIds.USER_NULL);
        checkAccess(CLS_NM, "findUsers");
        return this.userP.search(user);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<User> findUsers(OrgUnit orgUnit) throws SecurityException {
        assertContext(CLS_NM, "findUsers", orgUnit, GlobalErrIds.ORG_NULL_USER);
        checkAccess(CLS_NM, "findUsers");
        return this.userP.search(orgUnit, false);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public final List<String> findUsers(User user, int i) throws SecurityException {
        assertContext(CLS_NM, "findUsers", user, GlobalErrIds.USER_NULL);
        checkAccess(CLS_NM, "findUsers");
        return this.userP.search(user, i);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<String> assignedUsers(Role role, int i) throws SecurityException {
        List<String> assignedUserIds;
        assertContext(CLS_NM, "assignedUsers", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "assignedUsers");
        if (Config.getInstance().isRoleOccupant()) {
            assignedUserIds = this.roleP.read(role).getOccupants();
            if (assignedUserIds != null && assignedUserIds.size() > i) {
                assignedUserIds = assignedUserIds.subList(0, i);
            }
        } else {
            assignedUserIds = this.userP.getAssignedUserIds(role);
        }
        if (assignedUserIds == null) {
            assignedUserIds = new ArrayList();
        }
        return assignedUserIds;
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<User> assignedUsers(Role role) throws SecurityException {
        assertContext(CLS_NM, "assignedUsers", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "assignedUsers");
        return this.userP.getAssignedUsers(role);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<User> assignedUsers(Role role, RoleConstraint roleConstraint) throws SecurityException {
        assertContext(CLS_NM, "assignedUsers", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "assignedUsers");
        return this.userP.getAssignedUsers(role, roleConstraint);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<UserRole> assignedUsers(Role role, RoleConstraint.RCType rCType, String str) throws SecurityException {
        assertContext(CLS_NM, "assignedUsers", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "assignedUsers");
        return this.userP.getAssignedUsers(role, rCType, str);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<UserRole> assignedRoles(User user) throws SecurityException {
        assertContext(CLS_NM, "assignedRoles", user, GlobalErrIds.USER_NULL);
        checkAccess(CLS_NM, "assignedRoles");
        return this.userP.read(user, true).getRoles();
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<String> assignedRoles(String str) throws SecurityException {
        VUtil.assertNotNullOrEmpty(str, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
        checkAccess(CLS_NM, "assignedRoles");
        User user = new User(str);
        user.setContextId(this.contextId);
        return this.userP.getAssignedRoles(user);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<User> authorizedUsers(Role role) throws SecurityException {
        assertContext(CLS_NM, "authorizedUsers", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "authorizedUsers");
        return this.userP.getAuthorizedUsers(role);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Set<String> authorizedRoles(User user) throws SecurityException {
        assertContext(CLS_NM, "authorizedRoles", user, GlobalErrIds.USER_NULL);
        checkAccess(CLS_NM, "authorizedRoles");
        List<UserRole> roles = this.userP.read(user, true).getRoles();
        Set<String> set = null;
        if (CollectionUtils.isNotEmpty(roles)) {
            set = RoleUtil.getInstance().getInheritedRoles(roles, this.contextId);
        }
        return set;
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    public List<Permission> rolePermissions(Role role) throws SecurityException {
        return rolePermissions(role, false);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Permission> rolePermissions(Role role, boolean z) throws SecurityException {
        assertContext(CLS_NM, "rolePermissions", role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, "rolePermissions");
        return this.permP.search(role, z);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    public List<PermissionAttributeSet> rolePermissionAttributeSets(Role role, boolean z) throws SecurityException {
        HashMap hashMap = new HashMap();
        for (Permission permission : rolePermissions(role, z)) {
            if (CollectionUtils.isNotEmpty(permission.getPaSets())) {
                for (String str : permission.getPaSets()) {
                    if (!hashMap.containsKey(str)) {
                        PermissionAttributeSet permissionAttributeSet = new PermissionAttributeSet(str);
                        permissionAttributeSet.setContextId(this.contextId);
                        hashMap.put(str, this.permP.read(permissionAttributeSet));
                    }
                }
            }
        }
        return new ArrayList(hashMap.values());
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<Permission> userPermissions(User user) throws SecurityException {
        assertContext(CLS_NM, "userPermissions", user, GlobalErrIds.USER_NULL);
        checkAccess(CLS_NM, "userPermissions");
        User readUser = readUser(user);
        readUser.setContextId(this.contextId);
        return this.permP.search(readUser);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<String> permissionRoles(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "permissionRoles", permission, GlobalErrIds.PERM_OBJECT_NULL);
        checkAccess(CLS_NM, "permissionRoles");
        Permission read = this.permP.read(permission);
        return (read == null || !CollectionUtils.isNotEmpty(read.getRoles())) ? new ArrayList() : new ArrayList(read.getRoles());
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Set<String> authorizedPermissionRoles(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "authorizedPermissionRoles", permission, GlobalErrIds.PERM_OPERATION_NULL);
        checkAccess(CLS_NM, "authorizedPermissionRoles");
        return authorizeRoles(this.permP.read(permission).getRoles());
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<String> permissionUsers(Permission permission) throws SecurityException {
        assertContext(CLS_NM, "permissionUsers", permission, GlobalErrIds.PERM_OPERATION_NULL);
        checkAccess(CLS_NM, "permissionUsers");
        Permission read = this.permP.read(permission);
        return (read == null || !CollectionUtils.isNotEmpty(read.getUsers())) ? new ArrayList() : new ArrayList(read.getUsers());
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Set<String> authorizedPermissionUsers(Permission permission) throws SecurityException {
        Set<String> set = null;
        assertContext(CLS_NM, "authorizedPermissionUsers", permission, GlobalErrIds.PERM_OPERATION_NULL);
        checkAccess(CLS_NM, "authorizedPermissionUsers");
        Permission read = this.permP.read(permission);
        Set<String> authorizeRoles = authorizeRoles(read.getRoles());
        if (authorizeRoles != null) {
            set = this.userP.getAssignedUsers(authorizeRoles, this.contextId);
        }
        Set<String> users = read.getUsers();
        if (users != null) {
            if (set == null) {
                set = new HashSet();
            }
            set.addAll(users);
        }
        return set;
    }

    private Set<String> authorizeRoles(Set<String> set) {
        Set<String> set2 = null;
        if (set != null) {
            set2 = RoleUtil.getInstance().getDescendantRoles(set, this.contextId);
        }
        return set2;
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<SDSet> ssdRoleSets(Role role) throws SecurityException {
        assertContext(CLS_NM, HttpIds.SSD_ROLE_SETS, role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, HttpIds.SSD_ROLE_SETS);
        return this.ssdP.search(role, SDSet.SDType.STATIC);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<SDSet> ssdSets(SDSet sDSet) throws SecurityException {
        sDSet.setType(SDSet.SDType.STATIC);
        assertContext(CLS_NM, HttpIds.SSD_SETS, sDSet, GlobalErrIds.SSD_NULL);
        checkAccess(CLS_NM, HttpIds.SSD_SETS);
        return this.ssdP.search(sDSet);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public SDSet ssdRoleSet(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "ssdRoleSet", sDSet, GlobalErrIds.SSD_NULL);
        checkAccess(CLS_NM, "ssdRoleSet");
        sDSet.setType(SDSet.SDType.STATIC);
        return this.ssdP.read(sDSet);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Set<String> ssdRoleSetRoles(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "ssdRoleSetRoles", sDSet, GlobalErrIds.SSD_NULL);
        checkAccess(CLS_NM, "ssdRoleSetRoles");
        sDSet.setType(SDSet.SDType.STATIC);
        return this.ssdP.read(sDSet).getMembers();
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public int ssdRoleSetCardinality(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "ssdRoleSetCardinality", sDSet, GlobalErrIds.SSD_NULL);
        checkAccess(CLS_NM, "ssdRoleSetCardinality");
        return this.ssdP.read(sDSet).getCardinality().intValue();
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<SDSet> dsdRoleSets(Role role) throws SecurityException {
        assertContext(CLS_NM, HttpIds.DSD_ROLE_SETS, role, GlobalErrIds.ROLE_NULL);
        checkAccess(CLS_NM, HttpIds.DSD_ROLE_SETS);
        return this.ssdP.search(role, SDSet.SDType.DYNAMIC);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public SDSet dsdRoleSet(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "dsdRoleSet", sDSet, GlobalErrIds.DSD_NULL);
        checkAccess(CLS_NM, "dsdRoleSet");
        sDSet.setType(SDSet.SDType.DYNAMIC);
        return this.ssdP.read(sDSet);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<SDSet> dsdSets(SDSet sDSet) throws SecurityException {
        sDSet.setType(SDSet.SDType.DYNAMIC);
        assertContext(CLS_NM, HttpIds.DSD_SETS, sDSet, GlobalErrIds.DSD_NULL);
        checkAccess(CLS_NM, HttpIds.DSD_SETS);
        return this.ssdP.search(sDSet);
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public Set<String> dsdRoleSetRoles(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "dsdRoleSetRoles", sDSet, GlobalErrIds.DSD_NULL);
        checkAccess(CLS_NM, "dsdRoleSetRoles");
        sDSet.setType(SDSet.SDType.DYNAMIC);
        return this.ssdP.read(sDSet).getMembers();
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public int dsdRoleSetCardinality(SDSet sDSet) throws SecurityException {
        assertContext(CLS_NM, "dsdRoleSetCardinality", sDSet, GlobalErrIds.DSD_NULL);
        checkAccess(CLS_NM, "dsdRoleSetCardinality");
        return this.ssdP.read(sDSet).getCardinality().intValue();
    }

    @Override // org.apache.directory.fortress.core.ReviewMgr
    @AdminPermissionOperation
    public List<RoleConstraint> findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rCType) throws SecurityException {
        assertContext(CLS_NM, HttpIds.ROLE_FIND_CONSTRAINTS, user, GlobalErrIds.USER_NULL);
        assertContext(CLS_NM, HttpIds.ROLE_FIND_CONSTRAINTS, permission, GlobalErrIds.PERM_NULL);
        checkAccess(CLS_NM, HttpIds.ROLE_FIND_CONSTRAINTS);
        Permission read = this.permP.read(permission);
        return this.userP.findRoleConstraints(authorizeRoles(read.getRoles()), user, rCType, read.getPaSets());
    }
}
