package net.bluemind.group.service.internal;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import net.bluemind.config.InstallationId;
import net.bluemind.core.api.ParametersValidator;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.Item;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.email.EmailHelper;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.rest.IServiceProvider;
import net.bluemind.core.sanitizer.Sanitizer;
import net.bluemind.core.task.api.TaskRef;
import net.bluemind.core.task.service.ITasksManager;
import net.bluemind.core.utils.JsonUtils;
import net.bluemind.core.utils.ValidationResult;
import net.bluemind.core.validator.Validator;
import net.bluemind.directory.api.BaseDirEntry;
import net.bluemind.directory.service.DirDomainValue;
import net.bluemind.directory.service.DirEntryAndValue;
import net.bluemind.directory.service.DirEventProducer;
import net.bluemind.domain.api.Domain;
import net.bluemind.externaluser.service.IInCoreExternalUser;
import net.bluemind.group.api.Group;
import net.bluemind.group.api.GroupSearchQuery;
import net.bluemind.group.api.IGroup;
import net.bluemind.group.api.Member;
import net.bluemind.group.hook.GroupMessage;
import net.bluemind.group.hook.IGroupHook;
import net.bluemind.group.service.GroupHelper;
import net.bluemind.group.service.IInCoreGroup;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.mailbox.service.IInCoreMailboxes;
import net.bluemind.role.api.IRoles;
import net.bluemind.role.api.RoleDescriptor;
import net.bluemind.server.api.IServer;
import net.bluemind.user.service.IInCoreUser;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/group/service/internal/GroupService.class */
public class GroupService implements IGroup, IInCoreGroup {
    private static final Logger logger = LoggerFactory.getLogger(GroupService.class);
    private final ContainerGroupStoreService storeService;
    private final SecurityContext securityContext;
    private final Container groupContainer;
    private final List<IGroupHook> groupsHooks;
    private final IInCoreMailboxes mailboxes;
    private final IServiceProvider serviceProvider;
    private final BmContext context;
    private final String domainUid;
    private final Sanitizer sanitizer;
    private final GroupValidator groupValidator;
    private final Validator validator;
    private RBACManager rbacManager;
    private DirEventProducer dirEventProducer;

    public GroupService(BmContext bmContext, ItemValue<Domain> itemValue, Container container, List<IGroupHook> list) throws ServerFault {
        this.context = bmContext;
        this.domainUid = itemValue.uid;
        this.serviceProvider = bmContext.getServiceProvider();
        this.groupsHooks = list;
        this.groupContainer = container;
        this.securityContext = bmContext.getSecurityContext();
        this.storeService = new ContainerGroupStoreService(bmContext, container, itemValue);
        this.mailboxes = (IInCoreMailboxes) bmContext.su().provider().instance(IInCoreMailboxes.class, new String[]{this.domainUid});
        this.groupValidator = new GroupValidator((IServer) bmContext.su().getServiceProvider().instance(IServer.class, new String[]{InstallationId.getIdentifier()}), this.domainUid);
        this.sanitizer = new Sanitizer(bmContext);
        this.validator = new Validator(bmContext);
        this.rbacManager = new RBACManager(bmContext).forContainer(container);
        this.dirEventProducer = new DirEventProducer(this.domainUid, BaseDirEntry.Kind.GROUP.name(), VertxPlatform.eventBus());
    }

    public void create(String str, Group group) throws ServerFault {
        createWithExtId(str, null, group);
    }

    public void createWithExtId(String str, String str2, Group group) throws ServerFault {
        ItemValue<Group> create = ItemValue.create(str, group);
        create.externalId = str2;
        createWithItem(create);
    }

    private void createWithItem(ItemValue<Group> itemValue) throws ServerFault {
        String str = itemValue.uid;
        Group group = (Group) itemValue.value;
        this.sanitizer.create(group);
        this.sanitizer.create(new DirDomainValue(this.domainUid, str, group));
        this.groupValidator.validate(str, itemValue.externalId, group);
        this.validator.create(group);
        this.rbacManager.forOrgUnit(group.orgUnitUid).check(new String[]{"manageGroup"});
        if (this.storeService.nameAlreadyUsed(null, group)) {
            throw new ServerFault("Group name: " + group.name + " already used", ErrorCode.ALREADY_EXISTS);
        }
        group.emails = EmailHelper.sanitizeAndValidate(group.emails);
        this.mailboxes.validate(str, GroupHelper.groupToMailbox(group));
        this.storeService.create(itemValue);
        this.mailboxes.created(str, GroupHelper.groupToMailbox(group));
        logger.debug("Created {}", str);
        Iterator<IGroupHook> it = this.groupsHooks.iterator();
        while (it.hasNext()) {
            it.next().onGroupCreated(new GroupMessage(iv(str, group), this.context, this.groupContainer));
        }
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    ItemValue<Group> iv(String str, Group group) {
        return ItemValue.create(Item.create(str, (String) null), group);
    }

    public void update(String str, Group group) throws ServerFault {
        updateWithItem(ItemValue.create(str, group));
    }

    private void updateWithItem(ItemValue<Group> itemValue) throws ServerFault {
        String str = itemValue.uid;
        this.rbacManager.forEntry(str).check(new String[]{"manageGroup"});
        Group group = (Group) itemValue.value;
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        Group group2 = (Group) full.value;
        if (!StringUtils.equals(group.orgUnitUid, group2.orgUnitUid)) {
            this.rbacManager.forOrgUnit(group.orgUnitUid).check(new String[]{"manageGroup"});
        }
        this.sanitizer.update(group2, group);
        this.sanitizer.update(new DirDomainValue(this.domainUid, str, group2), new DirDomainValue(this.domainUid, str, group));
        this.groupValidator.validate(str, group);
        this.validator.update(group2, group);
        group.emails = EmailHelper.sanitizeAndValidate(group.emails);
        this.mailboxes.validate(str, GroupHelper.groupToMailbox(group));
        this.storeService.update(itemValue);
        this.mailboxes.updated(str, GroupHelper.groupToMailbox(group2), GroupHelper.groupToMailbox(group));
        Iterator<IGroupHook> it = this.groupsHooks.iterator();
        while (it.hasNext()) {
            it.next().onGroupUpdated(new GroupMessage(iv(str, group2), this.context, this.groupContainer), new GroupMessage(iv(str, group), this.context, this.groupContainer));
        }
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public void touch(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageGroup"});
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        this.storeService.update(str, (Group) full.value);
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public ItemValue<Group> getComplete(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        return getFull(str);
    }

    private ItemValue<Group> getFull(String str) throws ServerFault {
        ParametersValidator.notNullAndNotEmpty(str);
        return asGroup(this.storeService.get(str, null));
    }

    private ItemValue<Group> asGroup(ItemValue<DirEntryAndValue<Group>> itemValue) {
        if (itemValue == null) {
            return null;
        }
        return ItemValue.create(itemValue, (Group) ((DirEntryAndValue) itemValue.value).value);
    }

    public ItemValue<Group> byEmail(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"manageGroup"});
        return asGroup(this.storeService.findByEmailFull(str));
    }

    public ItemValue<Group> byName(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageGroup"});
        return asGroup(this.storeService.byName(str));
    }

    public TaskRef delete(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageGroup"});
        return ((ITasksManager) this.context.provider().instance(ITasksManager.class, new String[0])).run(iServerTaskMonitor -> {
            iServerTaskMonitor.begin(2.0d, "Deleting group " + str + "@" + this.domainUid);
            ParametersValidator.notNullAndNotEmpty(str);
            ItemValue itemValue = this.storeService.get(str, null);
            if (itemValue == null) {
                logger.warn("delete non existing group {}@{}", str, this.domainUid);
                return;
            }
            Group group = (Group) asGroup(itemValue).value;
            Iterator<String> it = this.storeService.getMemberOfGroup(str).iterator();
            while (it.hasNext()) {
                remove(it.next(), Arrays.asList(Member.group(str)));
            }
            iServerTaskMonitor.progress(1.0d, "Deleting group mailbox ...");
            this.mailboxes.deleted(str, GroupHelper.groupToMailbox(group));
            iServerTaskMonitor.progress(2.0d, "Group mailbox deleted");
            this.storeService.delete(str);
            this.dirEventProducer.deleted(str, this.storeService.getVersion());
            Iterator<IGroupHook> it2 = this.groupsHooks.iterator();
            while (it2.hasNext()) {
                it2.next().onGroupDeleted(new GroupMessage(iv(str, group), this.context, this.groupContainer));
            }
            iServerTaskMonitor.end(true, "Group deleted", JsonUtils.asString(""));
        });
    }

    public ItemValue<Group> getByExtId(String str) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        return asGroup(this.storeService.getByExtId(str));
    }

    public void add(String str, List<Member> list) throws ServerFault {
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        validMembers(list);
        if (list.isEmpty()) {
            return;
        }
        checkCanManageGroupMembers(full, list);
        Set set = (Set) this.storeService.getMembers(str).stream().map(member -> {
            return member.uid;
        }).collect(Collectors.toSet());
        List list2 = (List) list.stream().filter(member2 -> {
            return set.contains(member2.uid);
        }).collect(Collectors.toList());
        if (!list2.isEmpty()) {
            logger.error("Group uid: {}: members ({}) are already in group", str, list2);
            if (list.size() == list2.size()) {
                throw new ServerFault("Group uid: " + str + " all users are already in the group.", ErrorCode.INVALID_PARAMETER);
            }
            list.removeAll(list2);
        }
        this.storeService.addMembers(str, list);
        Iterator<IGroupHook> it = this.groupsHooks.iterator();
        while (it.hasNext()) {
            it.next().onAddMembers(new GroupMessage(full, this.context, this.groupContainer, list));
        }
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    private void checkCanManageGroupMembers(ItemValue<Group> itemValue, List<Member> list) {
        if (!((Group) itemValue.value).profile()) {
            this.rbacManager.forEntry(itemValue.uid).check(new String[]{"manageGroupMembers"});
            return;
        }
        if (this.rbacManager.forEntry(itemValue.uid).can(new String[]{"manageGroupMembers"})) {
            return;
        }
        if (!this.securityContext.getMemberOf().contains(itemValue.uid)) {
            throw new ServerFault(String.format("%s@%s Doesnt have role %s on dirEntry %s@%s ", this.context.getSecurityContext().getSubject(), this.context.getSecurityContext().getContainerUid(), "manageGroupMembers", itemValue.uid, this.domainUid), ErrorCode.PERMISSION_DENIED);
        }
        Iterator<Member> it = list.iterator();
        while (it.hasNext()) {
            this.rbacManager.forEntry(it.next().uid).check(new String[]{"manageUser"});
        }
    }

    private void validMembers(List<Member> list) throws ServerFault {
        ArrayList<String> arrayList = new ArrayList<>();
        ArrayList<String> arrayList2 = new ArrayList<>();
        ArrayList<String> arrayList3 = new ArrayList<>();
        for (Member member : list) {
            if (member.type == null || member.uid == null || member.uid.isEmpty()) {
                logger.error("Invalid member");
                throw new ServerFault("Invalid member", ErrorCode.INVALID_PARAMETER);
            }
            if (member.type == Member.Type.user) {
                arrayList.add(member.uid);
            } else if (member.type == Member.Type.group) {
                arrayList2.add(member.uid);
            } else {
                if (member.type != Member.Type.external_user) {
                    throw new ServerFault("Unknown type of member", ErrorCode.INVALID_PARAMETER);
                }
                arrayList3.add(member.uid);
            }
        }
        StringBuilder sb = new StringBuilder();
        ValidationResult validateGroup = validateGroup(arrayList2, sb);
        ValidationResult validateUser = validateUser(arrayList, sb);
        ValidationResult validateExternalUser = validateExternalUser(arrayList3, sb);
        if (validateGroup.valid && validateExternalUser.valid && validateUser.valid) {
            return;
        }
        String sb2 = sb.toString();
        logger.warn(sb2);
        throw new ServerFault(sb2, ErrorCode.INVALID_PARAMETER);
    }

    private ValidationResult validateExternalUser(ArrayList<String> arrayList, StringBuilder sb) {
        return logValidationResult("external user", ((IInCoreExternalUser) this.serviceProvider.instance(IInCoreExternalUser.class, new String[]{this.domainUid})).validate((String[]) arrayList.toArray(new String[0])), sb);
    }

    private ValidationResult validateUser(ArrayList<String> arrayList, StringBuilder sb) {
        return logValidationResult("user", ((IInCoreUser) this.serviceProvider.instance(IInCoreUser.class, new String[]{this.domainUid})).validate((String[]) arrayList.toArray(new String[0])), sb);
    }

    private ValidationResult validateGroup(ArrayList<String> arrayList, StringBuilder sb) {
        return logValidationResult("group", validate((String[]) arrayList.toArray(new String[0])), sb);
    }

    private ValidationResult logValidationResult(String str, ValidationResult validationResult, StringBuilder sb) {
        if (!validationResult.valid) {
            validationResult.validationResults.entrySet().stream().filter(entry -> {
                return !((Boolean) entry.getValue()).booleanValue();
            }).forEach(entry2 -> {
                sb.append(String.format("No %s with uid %s found%s", str, entry2.getKey(), "\r\n"));
            });
        }
        return validationResult;
    }

    public List<Member> getMembers(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        return this.storeService.getMembers(str);
    }

    public List<Member> getExpandedMembers(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        return this.storeService.getFlatUsersMembers(str);
    }

    public List<Member> getExpandedUserMembers(String str) throws ServerFault {
        return (List) getExpandedMembers(str).stream().filter(member -> {
            return member.type == Member.Type.user;
        }).collect(Collectors.toList());
    }

    public void remove(String str, List<Member> list) throws ServerFault {
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        validMembers(list);
        if (list.isEmpty()) {
            return;
        }
        checkCanManageGroupMembers(full, list);
        this.storeService.removeMembers(str, list);
        Iterator<IGroupHook> it = this.groupsHooks.iterator();
        while (it.hasNext()) {
            it.next().onRemoveMembers(new GroupMessage(full, this.context, this.groupContainer, list));
        }
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public List<ItemValue<Group>> getParents(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        ItemValue<Group> full = getFull(str);
        if (full == null || full.value == null) {
            throwNotFoundServerFault(str);
        }
        return this.storeService.getMultipleValues(this.storeService.getParents(str));
    }

    public List<String> allUids() throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageGroup"});
        return this.storeService.allUids();
    }

    public Set<String> getRoles(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageGroup", "domainManager"});
        return this.storeService.getRoles(str);
    }

    public void setRoles(String str, Set<String> set) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageGroup"});
        if (set == null) {
            set = Collections.emptySet();
        }
        HashSet hashSet = new HashSet(set);
        for (RoleDescriptor roleDescriptor : ((IRoles) this.context.provider().instance(IRoles.class, new String[0])).getRoles()) {
            if (roleDescriptor.delegable) {
                hashSet.remove(roleDescriptor.id);
            }
        }
        hashSet.removeAll(this.storeService.getRoles(str));
        if (!hashSet.isEmpty() && !this.rbacManager.can(new String[]{"systemManagement"}) && !this.rbacManager.roles().containsAll(hashSet)) {
            HashSet hashSet2 = new HashSet(hashSet);
            hashSet2.removeAll(this.rbacManager.roles());
            throw new ServerFault("cannot assign roles which current user doesnt have (needed roles {" + String.join(",", hashSet2) + "} )", ErrorCode.PERMISSION_DENIED);
        }
        if (this.storeService.get(str) == null) {
            throw new ServerFault("group " + str + " not found", ErrorCode.NOT_FOUND);
        }
        this.storeService.setRoles(str, set);
    }

    public Set<String> getGroupsWithRoles(List<String> list) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageGroupMembers"});
        return this.storeService.getGroupsWithRoles(list);
    }

    public List<ItemValue<Group>> search(GroupSearchQuery groupSearchQuery) throws ServerFault {
        this.rbacManager.check(new String[]{"domainManager", "manageGroup"});
        this.sanitizer.create(groupSearchQuery);
        return (List) this.storeService.search(groupSearchQuery).stream().map(this::asGroup).collect(Collectors.toList());
    }

    public void setExtId(String str, String str2) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"manageUser"});
        if (getFull(str) == null) {
            throw new ServerFault("group " + str + " not found in domain " + this.domainUid, ErrorCode.NOT_FOUND);
        }
        this.storeService.setExtId(str, str2);
        this.dirEventProducer.changed(str, this.storeService.getVersion());
    }

    public ValidationResult validate(String[] strArr) throws ServerFault {
        boolean allValid = this.storeService.allValid(strArr);
        if (allValid) {
            return new ValidationResult(allValid, strArr);
        }
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            hashMap.put(str, Boolean.valueOf(this.storeService.allValid(new String[]{str})));
        }
        return new ValidationResult(allValid, hashMap);
    }

    private void throwNotFoundServerFault(String str) {
        logger.error("Group uid: {} doesn't exist !", str);
        throw new ServerFault("Group uid:" + str + " doesn't exist !", ErrorCode.NOT_FOUND);
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public Group m4get(String str) {
        ItemValue<Group> complete = getComplete(str);
        if (complete != null) {
            return (Group) complete.value;
        }
        return null;
    }

    public void restore(ItemValue<Group> itemValue, boolean z) {
        if (z) {
            createWithItem(itemValue);
        } else {
            updateWithItem(itemValue);
        }
    }

    public List<ItemValue<Group>> memberOf(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        return (List) memberOfGroups(str).stream().map(this::getComplete).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    public List<String> memberOfGroups(String str) throws ServerFault {
        this.rbacManager.forEntry(str).check(new String[]{"domainManager", "manageGroup"});
        ParametersValidator.notNullAndNotEmpty(str);
        return this.storeService.getMemberOfGroup(str);
    }
}
