package org.eclipse.osee.framework.core.access;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import org.eclipse.osee.framework.core.access.object.AccessObject;
import org.eclipse.osee.framework.core.access.object.ArtifactAccessObject;
import org.eclipse.osee.framework.core.access.object.BranchAccessObject;
import org.eclipse.osee.framework.core.access.operation.AccessCache;
import org.eclipse.osee.framework.core.access.operation.AccessRankOperations;
import org.eclipse.osee.framework.core.access.operation.ArtifactAclOperations;
import org.eclipse.osee.framework.core.access.operation.BranchAclOperations;
import org.eclipse.osee.framework.core.access.operation.ContextIdOperations;
import org.eclipse.osee.framework.core.access.operation.IAccessStoreOperations;
import org.eclipse.osee.framework.core.access.operation.UserGroupOperations;
import org.eclipse.osee.framework.core.data.ArtifactId;
import org.eclipse.osee.framework.core.data.ArtifactToken;
import org.eclipse.osee.framework.core.data.AttributeTypeToken;
import org.eclipse.osee.framework.core.data.BranchId;
import org.eclipse.osee.framework.core.data.BranchToken;
import org.eclipse.osee.framework.core.data.RelationTypeToken;
import org.eclipse.osee.framework.core.data.UserService;
import org.eclipse.osee.framework.core.enums.CoreBranches;
import org.eclipse.osee.framework.core.enums.CoreUserGroups;
import org.eclipse.osee.framework.core.enums.PermissionEnum;
import org.eclipse.osee.framework.jdk.core.result.XResultData;
import org.eclipse.osee.framework.jdk.core.type.OseeCoreException;
import org.eclipse.osee.framework.jdk.core.util.Conditions;
import org.eclipse.osee.framework.jdk.core.util.Lib;
import org.eclipse.osee.framework.logging.OseeLog;

/* loaded from: input_file:org/eclipse/osee/framework/core/access/AbstractAccessControlService.class */
public abstract class AbstractAccessControlService implements IAccessControlService {
    protected static final Collection<IOseeAccessProvider> oseeAccessProviders = new HashSet();
    protected final BranchAclOperations brchAclOps;
    protected UserGroupOperations userGrpOps;
    protected ArtifactAclOperations artAclOps;
    protected IAccessStoreOperations storeOps;
    private UserService userService;
    private final AtomicBoolean ensurePopulated = new AtomicBoolean(false);
    private final List<ArtifactCheck> artifactChecks = new ArrayList();
    protected AccessCache cache = new AccessCache(this);
    private final AccessRankOperations rankOps = new AccessRankOperations(this.cache);
    protected final ContextIdOperations contextIdOps = new ContextIdOperations(this);

    public AbstractAccessControlService() {
        this.cache.setUserGrpOps(this.userGrpOps);
        this.cache.setArtAclOps(this.artAclOps);
        this.brchAclOps = new BranchAclOperations(this.cache, this.rankOps, this);
        this.cache.setBrchAclOps(this.brchAclOps);
    }

    public void setStoreOperations(IAccessStoreOperations iAccessStoreOperations) {
        this.storeOps = iAccessStoreOperations;
        this.artAclOps = new ArtifactAclOperations(this.cache, iAccessStoreOperations, this, this.rankOps);
    }

    public synchronized void addArtifactCheck(ArtifactCheck artifactCheck) {
        this.artifactChecks.add(artifactCheck);
    }

    public void bindUserService(UserService userService) {
        this.userService = userService;
        this.userGrpOps = new UserGroupOperations(this.cache, this, userService);
    }

    public synchronized void addOseeAccessProvider(IOseeAccessProvider iOseeAccessProvider) {
        AccessControlUtil.errorf("%s - Register: %s", getClass().getSimpleName(), iOseeAccessProvider.getClass().getSimpleName());
        oseeAccessProviders.add(iOseeAccessProvider);
        this.artifactChecks.clear();
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void persistPermission(AccessControlData accessControlData) {
        ensurePopulated();
        this.storeOps.persistPermission(accessControlData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void persistPermission(AccessControlData accessControlData, boolean z) {
        ensurePopulated();
        this.storeOps.persistPermission(accessControlData, z);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void setPermission(ArtifactToken artifactToken, ArtifactToken artifactToken2, PermissionEnum permissionEnum) {
        ensurePopulated();
        this.storeOps.setPermission(artifactToken, artifactToken2, permissionEnum);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void removeAccessControlDataIf(boolean z, AccessControlData accessControlData) {
        ensurePopulated();
        this.storeOps.removeAccessControlDataIf(z, accessControlData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData isModifyAccessEnabled(ArtifactToken artifactToken, BranchToken branchToken, XResultData xResultData) {
        if (xResultData == null) {
            xResultData = new XResultData();
        }
        try {
            if (this.userService.getUserGroup(CoreUserGroups.OseeAccessAdmin).isMember(artifactToken.getId())) {
                xResultData.logf("User %s DOES have Access Modify rights for Branch %s: Reason [%s]", new Object[]{artifactToken.getName(), branchToken.toStringWithId(), CoreUserGroups.OseeAccessAdmin.getName()});
            } else {
                if (!(!getAccessControlList(branchToken).isEmpty())) {
                    xResultData.errorf("User %s DOES NOT have Access Modify rights for Branch %s: Reason [Access Not Set]", new Object[]{artifactToken.getName(), branchToken.toStringWithId()});
                } else if (hasBranchPermission(artifactToken, branchToken, PermissionEnum.FULLACCESS, null).isErrors()) {
                    xResultData.errorf("User %s DOES NOT have Access Modify rights for Branch %s: Reason [No FULL_ACCESS]", new Object[]{artifactToken.getName(), branchToken.toStringWithId()});
                } else {
                    xResultData.logf("User %s DOES have Access Modify rights for Branch %s: Reason [Branch FULL_ACCESS]", new Object[]{artifactToken.getName(), branchToken.toStringWithId()});
                }
            }
        } catch (OseeCoreException e) {
            xResultData.errorf("User %s DOES NOT have Access Modify rights for Branch %s: Reason Exception [%s]", new Object[]{artifactToken.getName(), branchToken.toStringWithId(), Lib.exceptionToString(e)});
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public PermissionEnum getPermission(BranchToken branchToken) {
        ensurePopulated();
        return this.brchAclOps.getBranchPermission(getUser(), branchToken);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void removePermissions(BranchId branchId) {
        ensurePopulated();
        this.storeOps.removePermissions(branchId);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void setPermission(ArtifactToken artifactToken, BranchId branchId, PermissionEnum permissionEnum) {
        ensurePopulated();
        this.storeOps.setPermission(artifactToken, branchId, permissionEnum);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasBranchPermission(BranchToken branchToken, PermissionEnum permissionEnum, XResultData xResultData) {
        return hasBranchPermission(getUser(), branchToken, permissionEnum, xResultData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasBranchPermission(ArtifactToken artifactToken, BranchToken branchToken, PermissionEnum permissionEnum, XResultData xResultData) {
        ensurePopulated();
        if (xResultData == null) {
            xResultData = new XResultData();
        }
        if (branchToken.isInvalid()) {
            xResultData.errorf("Branch %s is InValid\n", new Object[]{branchToken.toStringWithId()});
            return xResultData;
        }
        XResultData hasBranchAclPermission = this.brchAclOps.hasBranchAclPermission(artifactToken, branchToken, PermissionEnum.FULLACCESS, new XResultData());
        if (isBaselineBranch(branchToken) && hasBranchAclPermission.isSuccess()) {
            xResultData.merge(hasBranchAclPermission);
            return xResultData;
        }
        this.brchAclOps.hasBranchAclPermission(artifactToken, branchToken, permissionEnum, xResultData);
        return xResultData.isErrors() ? xResultData : xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public abstract boolean isBaselineBranch(BranchToken branchToken);

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData isModifyAccessEnabled(ArtifactToken artifactToken, ArtifactToken artifactToken2, XResultData xResultData) {
        if (xResultData == null) {
            xResultData = new XResultData();
        }
        try {
            if (this.userService.getUserGroup(CoreUserGroups.OseeAccessAdmin).isMember(artifactToken.getId())) {
                xResultData.logf("User %s DOES have Access Modify rights for Artifact %s: Reason [%s]", new Object[]{artifactToken.getName(), artifactToken2.toStringWithId(), CoreUserGroups.OseeAccessAdmin.getName()});
            } else {
                boolean z = true;
                boolean z2 = !getAccessControlList(artifactToken2).isEmpty();
                if (!z2) {
                    z2 = !getAccessControlList(artifactToken2.getBranch()).isEmpty();
                    z = false;
                }
                if (!z2) {
                    xResultData.errorf("User %s DOES NOT have Access Modify rights for Artifact %s: Reason [Access Not Set]", new Object[]{artifactToken.getName(), artifactToken2.toStringWithId()});
                } else if (hasArtifactPermission(artifactToken, Collections.singleton(artifactToken2), PermissionEnum.FULLACCESS, null).isErrors()) {
                    xResultData.errorf("User %s DOES NOT have Access Modify rights for Artifact %s: Reason [No FULL_ACCESS]", new Object[]{artifactToken.getName(), artifactToken2.toStringWithId()});
                } else {
                    XResultData xResultData2 = xResultData;
                    Object[] objArr = new Object[3];
                    objArr[0] = artifactToken.getName();
                    objArr[1] = artifactToken2.toStringWithId();
                    objArr[2] = z ? "Artifact" : "Branch";
                    xResultData2.logf("User %s DOES have Access Modify rights for Artifact %s: Reason [%s FULL_ACCESS]", objArr);
                }
            }
        } catch (OseeCoreException e) {
            xResultData.errorf("User %s DOES NOT have Access Modify rights for Artifact %s: Reason Exception [%s]", new Object[]{artifactToken.getName(), artifactToken2.toStringWithId(), Lib.exceptionToString(e)});
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public PermissionEnum getPermission(ArtifactToken artifactToken) {
        ensurePopulated();
        return this.artAclOps.getArtifactPermission(getUser(), artifactToken);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasArtifactPermission(ArtifactToken artifactToken, PermissionEnum permissionEnum, XResultData xResultData) {
        return hasArtifactPermission(getUser(), Collections.singleton(artifactToken), permissionEnum, xResultData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasArtifactPermission(Collection<? extends ArtifactToken> collection, PermissionEnum permissionEnum, XResultData xResultData) {
        return hasArtifactPermission(getUser(), collection, permissionEnum, xResultData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasArtifactPermission(ArtifactToken artifactToken, Collection<? extends ArtifactToken> collection, PermissionEnum permissionEnum, XResultData xResultData) {
        ensurePopulated();
        if (xResultData == null) {
            xResultData = new XResultData();
        }
        Iterator<? extends ArtifactToken> it = collection.iterator();
        while (it.hasNext()) {
            AccessResult checkBaseBranchAndArtAcl = checkBaseBranchAndArtAcl(artifactToken, permissionEnum, xResultData, it.next());
            if (xResultData.isErrors() || checkBaseBranchAndArtAcl.isFullAccess()) {
                return xResultData;
            }
        }
        if (permissionEnum.matches(PermissionEnum.WRITE) || permissionEnum.matches(PermissionEnum.FULLACCESS)) {
            this.contextIdOps.hasArtifactContextWriteAccess(artifactToken, collection, xResultData);
        } else {
            xResultData.logf("Context Id: Subject [%s] DOES have [%s] access for artifacts with permission [%s]\n", new Object[]{artifactToken.getName(), permissionEnum, "Context Id: Only Checked for Write or Full Access"});
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public ArtifactToken getSubjectFromLockedObject(ArtifactToken artifactToken) {
        ensurePopulated();
        return this.artAclOps.getSubjectFromLockedObject(artifactToken);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public boolean canUnlockObject(ArtifactToken artifactToken, ArtifactToken artifactToken2) {
        ensurePopulated();
        return this.artAclOps.canUnlockObject(artifactToken, artifactToken2);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public boolean hasLock(ArtifactToken artifactToken) {
        ensurePopulated();
        return this.artAclOps.hasLock(artifactToken);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void lockArtifacts(ArtifactToken artifactToken, Collection<? extends ArtifactToken> collection) {
        ensurePopulated();
        this.artAclOps.lockArtifacts(artifactToken, collection);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void unLockArtifacts(ArtifactToken artifactToken, Collection<? extends ArtifactToken> collection) {
        ensurePopulated();
        this.artAclOps.unLockArtifacts(artifactToken, collection);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasAttributeTypePermission(Collection<? extends ArtifactToken> collection, AttributeTypeToken attributeTypeToken, PermissionEnum permissionEnum, XResultData xResultData) {
        return hasAttributeTypePermission(getUser(), collection, attributeTypeToken, permissionEnum, xResultData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasAttributeTypePermission(ArtifactToken artifactToken, Collection<? extends ArtifactToken> collection, AttributeTypeToken attributeTypeToken, PermissionEnum permissionEnum, XResultData xResultData) {
        ensurePopulated();
        if (isInDbInit()) {
            xResultData.log("In DB Init; All permission enabled");
        } else {
            if (artifactToken.isInvalid()) {
                xResultData.errorf("Subject [%s] is InValid\n", new Object[]{artifactToken.getIdString()});
                return xResultData;
            }
            if (collection != null) {
                Iterator<? extends ArtifactToken> it = collection.iterator();
                while (it.hasNext()) {
                    AccessResult checkBaseBranchAndArtAcl = checkBaseBranchAndArtAcl(artifactToken, permissionEnum, xResultData, it.next());
                    if (xResultData.isErrors() || checkBaseBranchAndArtAcl.isFullAccess()) {
                        return xResultData;
                    }
                }
                if (permissionEnum.matches(PermissionEnum.WRITE) || permissionEnum.matches(PermissionEnum.FULLACCESS)) {
                    this.contextIdOps.hasAttributeTypeContextWriteAccess(artifactToken, collection, attributeTypeToken, xResultData);
                } else {
                    xResultData.logf("Context Id: Subject [%s] DOES have [%s] access for artifacts with permission [%s]\n", new Object[]{artifactToken.getName(), permissionEnum, "Context Id: Only Checked for Write or Full Access"});
                }
            }
        }
        return xResultData;
    }

    protected abstract boolean isInDbInit();

    private AccessResult checkBaseBranchAndArtAcl(ArtifactToken artifactToken, PermissionEnum permissionEnum, XResultData xResultData, ArtifactToken artifactToken2) {
        ensurePopulated();
        AccessResult accessResult = new AccessResult(xResultData);
        if (artifactToken2.isInvalid()) {
            xResultData.errorf("Artifact [%s] is InValid\n", new Object[]{artifactToken2.getIdString()});
            return accessResult;
        }
        XResultData hasBranchAclPermission = this.brchAclOps.hasBranchAclPermission(artifactToken, artifactToken2.getBranch(), PermissionEnum.FULLACCESS, new XResultData());
        if (isBaselineBranch(artifactToken2.getBranch()) && hasBranchAclPermission.isSuccess()) {
            xResultData.merge(hasBranchAclPermission);
            accessResult.setFullAccess(true);
            return accessResult;
        }
        this.brchAclOps.hasBranchAclPermission(artifactToken, artifactToken2.getBranch(), permissionEnum, xResultData);
        if (xResultData.isErrors()) {
            return accessResult;
        }
        this.artAclOps.hasArtifactAclPermission(artifactToken, artifactToken2, permissionEnum, xResultData);
        return xResultData.isErrors() ? accessResult : accessResult;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasRelationTypePermission(ArtifactToken artifactToken, RelationTypeToken relationTypeToken, Collection<? extends ArtifactToken> collection, PermissionEnum permissionEnum, XResultData xResultData) {
        return hasRelationTypePermission(getUser(), artifactToken, relationTypeToken, collection, permissionEnum, xResultData);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public XResultData hasRelationTypePermission(ArtifactToken artifactToken, ArtifactToken artifactToken2, RelationTypeToken relationTypeToken, Collection<? extends ArtifactToken> collection, PermissionEnum permissionEnum, XResultData xResultData) {
        Conditions.assertNotNull(collection, "Related should be collection or empty collection, not null", new Object[0]);
        ensurePopulated();
        if (xResultData == null) {
            xResultData = new XResultData();
        }
        BranchToken branch = artifactToken2.getBranch();
        if (branch == null || branch.isInvalid()) {
            xResultData.errorf("Invalid branch for artifact %s", new Object[]{artifactToken2.toStringWithId()});
            return xResultData;
        }
        AccessResult checkBaseBranchAndArtAcl = checkBaseBranchAndArtAcl(artifactToken, permissionEnum, xResultData, artifactToken2);
        if (xResultData.isErrors() || checkBaseBranchAndArtAcl.isFullAccess()) {
            return xResultData;
        }
        this.artAclOps.hasArtifactAclPermission(artifactToken2, permissionEnum, xResultData);
        Iterator<? extends ArtifactToken> it = collection.iterator();
        while (it.hasNext()) {
            this.artAclOps.hasArtifactAclPermission(it.next(), permissionEnum, xResultData);
        }
        if (permissionEnum.matches(PermissionEnum.WRITE) || permissionEnum.matches(PermissionEnum.FULLACCESS)) {
            this.contextIdOps.hasRelationContextWriteAccess(artifactToken, artifactToken2, relationTypeToken, collection, xResultData);
        } else {
            xResultData.logf("Context Id: Subject [%s] DOES have [%s] access for artifacts with permission [%s]\n", new Object[]{artifactToken.getName(), permissionEnum, "Context Id: Only Checked for Write or Full Access"});
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public abstract boolean isInDb(ArtifactToken artifactToken);

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public abstract ArtifactToken getUser();

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void reloadCache() {
        this.ensurePopulated.set(false);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public synchronized void ensurePopulated() {
        if (this.ensurePopulated.compareAndSet(false, true)) {
            this.cache.initializeCaches();
            populateArtifactAccessControlList();
            populateBranchAccessControlList();
        }
    }

    public abstract void populateBranchAccessControlList();

    public abstract void populateArtifactAccessControlList();

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public abstract void populateGroupMembers(ArtifactId artifactId);

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public void clearCaches() {
        this.cache.initializeCaches();
        this.ensurePopulated.set(false);
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public List<AccessControlData> getAccessControlList(Object obj) {
        AccessObject valueOf;
        List<AccessControlData> linkedList = new LinkedList();
        try {
            valueOf = AccessObject.valueOf(obj);
        } catch (Exception e) {
            OseeLog.log(AbstractAccessControlService.class, Level.SEVERE, e);
        }
        if (valueOf == null) {
            return linkedList;
        }
        linkedList = generateAccessControlList(valueOf);
        return linkedList;
    }

    public List<AccessControlData> generateAccessControlList(AccessObject accessObject) {
        ensurePopulated();
        LinkedList linkedList = new LinkedList();
        Collection<ArtifactId> values = this.cache.objectToSubjectCache.getValues(accessObject);
        if (values == null) {
            return linkedList;
        }
        for (ArtifactId artifactId : values) {
            ArtifactToken artifactFromId = getArtifactFromId(artifactId, CoreBranches.COMMON);
            PermissionEnum permissionEnum = (PermissionEnum) this.cache.accessControlListCache.get(artifactId.getId(), accessObject);
            AccessControlData accessControlData = new AccessControlData(artifactFromId, accessObject, permissionEnum, false, false);
            if (accessObject instanceof ArtifactAccessObject) {
                accessControlData.setArtifactPermission(permissionEnum);
                accessControlData.setBranchPermission(this.brchAclOps.getBranchPermission(artifactFromId, accessObject.getBranch()));
            } else if (accessObject instanceof BranchAccessObject) {
                accessControlData.setBranchPermission(this.brchAclOps.getBranchPermission(artifactFromId, accessObject.getBranch()));
            }
            linkedList.add(accessControlData);
        }
        return linkedList;
    }

    public abstract ArtifactToken getArtifactFromId(ArtifactId artifactId, BranchToken branchToken);

    public Collection<ArtifactCheck> getArtifactChecks() {
        if (this.artifactChecks.isEmpty()) {
            Iterator<IOseeAccessProvider> it = oseeAccessProviders.iterator();
            while (it.hasNext()) {
                this.artifactChecks.addAll(it.next().getArtifactChecks());
            }
        }
        return this.artifactChecks;
    }

    @Override // org.eclipse.osee.framework.core.access.ArtifactCheck
    public XResultData isDeleteable(Collection<? extends ArtifactToken> collection, XResultData xResultData) {
        Iterator<ArtifactCheck> it = getArtifactChecks().iterator();
        while (it.hasNext()) {
            it.next().isDeleteable(collection, xResultData);
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.ArtifactCheck
    public XResultData isRenamable(Collection<? extends ArtifactToken> collection, XResultData xResultData) {
        Iterator<ArtifactCheck> it = getArtifactChecks().iterator();
        while (it.hasNext()) {
            it.next().isRenamable(collection, xResultData);
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.ArtifactCheck
    public XResultData isDeleteableRelation(ArtifactToken artifactToken, RelationTypeToken relationTypeToken, XResultData xResultData) {
        Iterator<ArtifactCheck> it = getArtifactChecks().iterator();
        while (it.hasNext()) {
            it.next().isDeleteableRelation(artifactToken, relationTypeToken, xResultData);
        }
        return xResultData;
    }

    @Override // org.eclipse.osee.framework.core.access.IAccessControlService
    public Collection<IOseeAccessProvider> getOseeAccessProviders() {
        return oseeAccessProviders;
    }
}
