package net.bluemind.directory.service.internal;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.model.acl.Verb;
import net.bluemind.core.container.service.internal.DirEntryPermission;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.sanitizer.Sanitizer;
import net.bluemind.core.validator.Validator;
import net.bluemind.directory.api.BaseDirEntry;
import net.bluemind.directory.api.IOrgUnits;
import net.bluemind.directory.api.OrgUnit;
import net.bluemind.directory.api.OrgUnitPath;
import net.bluemind.directory.api.OrgUnitQuery;
import net.bluemind.directory.persistence.ManageableOrgUnit;
import net.bluemind.directory.service.DirEventProducer;
import net.bluemind.domain.api.Domain;
import net.bluemind.lib.vertx.VertxPlatform;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:net/bluemind/directory/service/internal/OrgUnits.class */
public class OrgUnits implements IOrgUnits {
    private OrgUnitContainerStoreService storeService;
    private RBACManager rbacManager;
    private Validator validator;
    private Sanitizer sanitizer;
    private DirEventProducer dirEventProducer;
    private BmContext context;
    private ItemValue<Domain> domain;

    public OrgUnits(BmContext bmContext, ItemValue<Domain> itemValue, Container container) {
        this.context = bmContext;
        this.domain = itemValue;
        this.storeService = new OrgUnitContainerStoreService(bmContext, container, itemValue);
        this.rbacManager = new RBACManager(bmContext).forContainer(container);
        this.sanitizer = new Sanitizer(bmContext);
        this.validator = new Validator(bmContext);
        this.dirEventProducer = new DirEventProducer(itemValue.uid, BaseDirEntry.Kind.ORG_UNIT.name(), VertxPlatform.eventBus());
    }

    public ItemValue<OrgUnit> getComplete(String str) {
        this.rbacManager.check(new String[]{Verb.Read.name()});
        return this.storeService.get(str);
    }

    public void create(String str, OrgUnit orgUnit) {
        createWithItem(ItemValue.create(str, orgUnit));
    }

    private void createWithItem(ItemValue<OrgUnit> itemValue) {
        String str = itemValue.uid;
        OrgUnit orgUnit = (OrgUnit) itemValue.value;
        if (orgUnit.parentUid != null) {
            this.rbacManager.forOrgUnit(orgUnit.parentUid).check(new String[]{"manageOU"});
        } else {
            this.rbacManager.check(new String[]{"manageOU"});
        }
        if (orgUnit.parentUid != null && this.storeService.get(orgUnit.parentUid) == null) {
            throw new ServerFault("ou " + orgUnit.parentUid + " not found", ErrorCode.NOT_FOUND);
        }
        if (this.storeService.pathExists(orgUnit.name, orgUnit.parentUid)) {
            throw new ServerFault("ou " + orgUnit.parentUid + "/ " + orgUnit.name + " already exists", ErrorCode.ALREADY_EXISTS);
        }
        this.sanitizer.create(orgUnit);
        this.validator.create(orgUnit);
        this.storeService.create(itemValue);
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public void update(String str, OrgUnit orgUnit) {
        updateWithItem(ItemValue.create(str, orgUnit));
    }

    private void updateWithItem(ItemValue<OrgUnit> itemValue) {
        String str = itemValue.uid;
        OrgUnit orgUnit = (OrgUnit) itemValue.value;
        this.rbacManager.forEntry(str).check(new String[]{"manageOU"});
        ItemValue<OrgUnit> itemValue2 = this.storeService.get(str);
        if (itemValue2 == null) {
            throw new ServerFault("ou " + str + " not found", ErrorCode.NOT_FOUND);
        }
        if (!((OrgUnit) itemValue2.value).name.equalsIgnoreCase(orgUnit.name) && this.storeService.pathExists(orgUnit.name, orgUnit.parentUid)) {
            throw new ServerFault("ou " + orgUnit.parentUid + "/ " + orgUnit.name + " already exists", ErrorCode.ALREADY_EXISTS);
        }
        this.sanitizer.update(itemValue2.value, orgUnit);
        this.validator.update(itemValue2.value, orgUnit);
        if (!StringUtils.equals(((OrgUnit) itemValue2.value).parentUid, orgUnit.parentUid)) {
            throw new ServerFault("Parent change is not allowed", ErrorCode.INVALID_PARAMETER);
        }
        this.storeService.update(itemValue);
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public void delete(String str) {
        this.rbacManager.forEntry(str).check(new String[]{"manageOU"});
        ItemValue<OrgUnit> itemValue = this.storeService.get(str);
        if (itemValue == null) {
            throw new ServerFault("ou " + str + " not found", ErrorCode.NOT_FOUND);
        }
        if (this.storeService.hasChildren(str)) {
            throw new ServerFault("ou " + ((OrgUnit) itemValue.value).name + " has children", ErrorCode.INVALID_PARAMETER);
        }
        if (this.storeService.hasMembers(str)) {
            throw new ServerFault("ou " + ((OrgUnit) itemValue.value).name + " has members", ErrorCode.INVALID_PARAMETER);
        }
        if (this.storeService.hasAdministrator(str)) {
            throw new ServerFault("ou " + ((OrgUnit) itemValue.value).name + " has administrators", ErrorCode.INVALID_PARAMETER);
        }
        this.storeService.delete(str);
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public OrgUnitPath getPath(String str) {
        this.rbacManager.check(new String[]{Verb.Read.name()});
        return this.storeService.getPath(str);
    }

    public List<ItemValue<OrgUnit>> getChildren(String str) {
        return this.storeService.getChildren(str);
    }

    public List<OrgUnitPath> search(OrgUnitQuery orgUnitQuery) {
        this.rbacManager.check(new String[]{Verb.Read.name()});
        if (orgUnitQuery.managableKinds == null || orgUnitQuery.managableKinds.isEmpty()) {
            return this.storeService.search(orgUnitQuery, null);
        }
        List<ManageableOrgUnit> manageableDirEntries = getManageableDirEntries(orgUnitQuery.managableKinds);
        return manageableDirEntries.stream().anyMatch(manageableOrgUnit -> {
            return manageableOrgUnit.ou == null;
        }) ? this.storeService.search(orgUnitQuery, null) : this.storeService.search(orgUnitQuery, (List) manageableDirEntries.stream().map(manageableOrgUnit2 -> {
            return manageableOrgUnit2.ou;
        }).collect(Collectors.toList()));
    }

    public void setAdministratorRoles(String str, String str2, Set<String> set) {
        if (this.storeService.get(str) == null) {
            throw new ServerFault("ou " + str + " not found", ErrorCode.NOT_FOUND);
        }
        Set<String> administratorRoles = this.storeService.getAdministratorRoles(str, str2);
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(administratorRoles);
        if (!this.rbacManager.forOrgUnit(str).canAll(hashSet)) {
            throw new ServerFault("not enough roles for setting roles " + hashSet, ErrorCode.PERMISSION_DENIED);
        }
        this.storeService.setAdministratorRoles(str, str2, set);
    }

    public Set<String> getAdministratorRoles(String str, String str2, List<String> list) {
        if (!this.rbacManager.forEntry(str).can(new String[]{"manageOU"}) && !this.rbacManager.forEntry(str2).can(new String[]{"self", "domainManager"})) {
            throw new ServerFault("Doesnt have roles to access adminstrator " + str2 + " of OrgUnit " + str, ErrorCode.PERMISSION_DENIED);
        }
        if (this.storeService.get(str) == null) {
            throw new ServerFault("ou " + str + " not found", ErrorCode.NOT_FOUND);
        }
        return this.storeService.getAdministratorRoles(str, str2, list);
    }

    public Set<String> getAdministrators(String str, boolean z) {
        if (!this.rbacManager.forOrgUnit(str).roles().contains("showOU")) {
            throw new ServerFault(String.format("%s@%s Doesnt have role %s", this.context.getSecurityContext().getSubject(), this.context.getSecurityContext().getContainerUid(), "showOU"), ErrorCode.PERMISSION_DENIED);
        }
        if (this.storeService.get(str) == null) {
            throw new ServerFault("ou " + str + " not found", ErrorCode.NOT_FOUND);
        }
        return this.storeService.getAdministrators(str, z);
    }

    public List<OrgUnitPath> listByAdministrator(String str, List<String> list) {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", Verb.Read.name(), "self"});
        return this.storeService.listByAdministrator(str, list);
    }

    private List<ManageableOrgUnit> getManageableDirEntries(Set<BaseDirEntry.Kind> set) {
        RBACManager forDomain = RBACManager.forContext(this.context).forDomain(this.domain.uid);
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : this.context.getSecurityContext().getRolesByOrgUnits().entrySet()) {
            Set set2 = (Set) forDomain.forOrgUnit((String) entry.getKey()).resolve().stream().filter(permission -> {
                return permission instanceof DirEntryPermission;
            }).map(permission2 -> {
                return ((DirEntryPermission) permission2).getKind();
            }).collect(Collectors.toSet());
            Iterator<BaseDirEntry.Kind> it = set.iterator();
            while (it.hasNext()) {
                if (set2.contains(it.next())) {
                    arrayList.add(new ManageableOrgUnit((String) entry.getKey(), set2));
                }
            }
        }
        Set set3 = (Set) RBACManager.forContext(this.context).forDomain(this.domain.uid).resolve().stream().filter(permission3 -> {
            return permission3 instanceof DirEntryPermission;
        }).map(permission4 -> {
            return ((DirEntryPermission) permission4).getKind();
        }).collect(Collectors.toSet());
        Iterator<BaseDirEntry.Kind> it2 = set.iterator();
        while (it2.hasNext()) {
            if (set3.contains(it2.next())) {
                arrayList.add(new ManageableOrgUnit((String) null, set3));
            }
        }
        return arrayList;
    }

    public void removeAdministrator(String str) {
        RBACManager.forContext(this.context).can(new String[]{"admin"});
        this.storeService.removeAdministrator(str);
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public OrgUnit m15get(String str) {
        ItemValue<OrgUnit> complete = getComplete(str);
        if (complete != null) {
            return (OrgUnit) complete.value;
        }
        return null;
    }

    public void restore(ItemValue<OrgUnit> itemValue, boolean z) {
        if (z) {
            createWithItem(itemValue);
        } else {
            updateWithItem(itemValue);
        }
    }
}
