package org.theospi.portfolio.admin.service;

import java.util.HashSet;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.AuthzPermissionException;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.api.RoleAlreadyDefinedException;
import org.sakaiproject.authz.cover.AuthzGroupService;
import org.sakaiproject.javax.PagingPosition;
import org.sakaiproject.metaobj.worksite.mgt.WorksiteManager;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.site.cover.SiteService;
import org.theospi.portfolio.admin.model.IntegrationOption;
import org.theospi.portfolio.shared.model.OspException;

/* loaded from: input_file:org/theospi/portfolio/admin/service/SakaiRoleCreationIntegrationPlugin.class */
public class SakaiRoleCreationIntegrationPlugin extends IntegrationPluginBase {
    protected final transient Log logger = LogFactory.getLog(getClass());
    private WorksiteManager worksiteManager;

    protected boolean currentlyIncluded(IntegrationOption integrationOption) {
        RoleIntegrationOption roleIntegrationOption = (RoleIntegrationOption) integrationOption;
        if (roleIntegrationOption instanceof ExistingWorksitesRoleIntegrationOption) {
            return existingWorksitesHasRole((ExistingWorksitesRoleIntegrationOption) roleIntegrationOption);
        }
        try {
            return AuthzGroupService.getAuthzGroup(roleIntegrationOption.getRealm()).getRole(roleIntegrationOption.getRoleId()) != null;
        } catch (GroupNotDefinedException e) {
            this.logger.error("", e);
            throw new OspException(e);
        }
    }

    protected boolean existingWorksitesHasRole(ExistingWorksitesRoleIntegrationOption existingWorksitesRoleIntegrationOption) {
        for (Site site : SiteService.getSites(SiteService.SelectionType.ANY, (Object) null, (String) null, (Map) null, SiteService.SortType.NONE, (PagingPosition) null)) {
            if (site.isType(existingWorksitesRoleIntegrationOption.getWorksiteType()) && !checkSite(site, existingWorksitesRoleIntegrationOption)) {
                return false;
            }
        }
        return true;
    }

    protected boolean checkSite(Site site, ExistingWorksitesRoleIntegrationOption existingWorksitesRoleIntegrationOption) {
        return getWorksiteManager().getSiteRealm(site.getId()).getRole(existingWorksitesRoleIntegrationOption.getRoleId()) != null;
    }

    public IntegrationOption updateOption(IntegrationOption integrationOption) {
        RoleIntegrationOption roleIntegrationOption = (RoleIntegrationOption) integrationOption;
        if (integrationOption.isInclude() && !currentlyIncluded(roleIntegrationOption)) {
            addRole(roleIntegrationOption);
        } else if (currentlyIncluded(roleIntegrationOption)) {
            removeRole(roleIntegrationOption);
        }
        return integrationOption;
    }

    public boolean executeOption(IntegrationOption integrationOption) {
        updateOption(integrationOption);
        return true;
    }

    protected void addRole(RoleIntegrationOption roleIntegrationOption) {
        if (roleIntegrationOption instanceof ExistingWorksitesRoleIntegrationOption) {
            addRoleToAllWorksites((ExistingWorksitesRoleIntegrationOption) roleIntegrationOption);
            return;
        }
        try {
            addRole(AuthzGroupService.getAuthzGroup(roleIntegrationOption.getRealm()), roleIntegrationOption);
        } catch (GroupNotDefinedException e) {
            this.logger.error("", e);
            throw new OspException(e);
        }
    }

    protected void addRoleToAllWorksites(ExistingWorksitesRoleIntegrationOption existingWorksitesRoleIntegrationOption) {
        for (Site site : org.sakaiproject.site.cover.SiteService.getSites(SiteService.SelectionType.ANY, (Object) null, (String) null, (Map) null, SiteService.SortType.NONE, (PagingPosition) null)) {
            if (site.isType(existingWorksitesRoleIntegrationOption.getWorksiteType())) {
                addRole(getWorksiteManager().getSiteRealm(site.getId()), existingWorksitesRoleIntegrationOption);
            }
        }
    }

    protected void addRole(AuthzGroup authzGroup, RoleIntegrationOption roleIntegrationOption) {
        Role role = authzGroup.getRole(roleIntegrationOption.getCopyOf());
        try {
            AuthzGroup authzGroup2 = AuthzGroupService.getAuthzGroup(authzGroup.getId());
            Role addRole = authzGroup2.addRole(roleIntegrationOption.getRoleId(), role);
            if (roleIntegrationOption.getPermissionsOn() != null) {
                addRole.allowFunctions(new HashSet(roleIntegrationOption.getPermissionsOn()));
            }
            if (roleIntegrationOption.getPermissionsOff() != null) {
                addRole.disallowFunctions(new HashSet(roleIntegrationOption.getPermissionsOff()));
            }
            AuthzGroupService.save(authzGroup2);
        } catch (AuthzPermissionException e) {
            this.logger.error("", e);
            throw new OspException(e);
        } catch (GroupNotDefinedException e2) {
            this.logger.error("", e2);
            throw new OspException(e2);
        } catch (RoleAlreadyDefinedException e3) {
            this.logger.error("", e3);
            throw new OspException(e3);
        }
    }

    protected void removeRole(RoleIntegrationOption roleIntegrationOption) {
        if (roleIntegrationOption instanceof ExistingWorksitesRoleIntegrationOption) {
            removeRoleFromAllWorksites((ExistingWorksitesRoleIntegrationOption) roleIntegrationOption);
            return;
        }
        try {
            removeRole(AuthzGroupService.getAuthzGroup(roleIntegrationOption.getRealm()), roleIntegrationOption);
        } catch (GroupNotDefinedException e) {
            this.logger.error("", e);
            throw new OspException(e);
        }
    }

    protected void removeRoleFromAllWorksites(ExistingWorksitesRoleIntegrationOption existingWorksitesRoleIntegrationOption) {
        for (Site site : org.sakaiproject.site.cover.SiteService.getSites(SiteService.SelectionType.ANY, (Object) null, (String) null, (Map) null, SiteService.SortType.NONE, (PagingPosition) null)) {
            if (site.isType(existingWorksitesRoleIntegrationOption.getWorksiteType())) {
                removeRole(getWorksiteManager().getSiteRealm(site.getId()), existingWorksitesRoleIntegrationOption);
            }
        }
    }

    protected void removeRole(AuthzGroup authzGroup, RoleIntegrationOption roleIntegrationOption) {
        Role role = authzGroup.getRole(roleIntegrationOption.getRoleId());
        try {
            AuthzGroup authzGroup2 = AuthzGroupService.getAuthzGroup(authzGroup.getId());
            authzGroup2.removeRole(role.getDescription());
            AuthzGroupService.save(authzGroup2);
        } catch (GroupNotDefinedException e) {
            this.logger.error("", e);
            throw new OspException(e);
        } catch (AuthzPermissionException e2) {
            this.logger.error("", e2);
            throw new OspException(e2);
        }
    }

    public WorksiteManager getWorksiteManager() {
        return this.worksiteManager;
    }

    public void setWorksiteManager(WorksiteManager worksiteManager) {
        this.worksiteManager = worksiteManager;
    }
}
