package com.appiancorp.ag;

import com.appiancorp.eventobservers.ObserverRegistration;
import com.appiancorp.exceptions.InsufficientPrivilegesException;
import com.appiancorp.exceptions.ObjectNotFoundException;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.record.data.recordloaders.ReplicaLoadContextBuilderFactory;
import com.appiancorp.record.domain.ReadOnlyRecordTypeDefinition;
import com.appiancorp.record.domain.RecordTypeDefinition;
import com.appiancorp.record.service.ContextSpecificRunner;
import com.appiancorp.record.service.RecordDataLoadUpdate;
import com.appiancorp.record.service.RecordTypeDefinitionService;
import com.appiancorp.record.service.RecordUpdateService;
import com.appiancorp.record.service.ReplicaLoadCause;
import com.appiancorp.record.service.ReplicaSourceWriteOrigin;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.GroupService;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/ag/UserRecordServiceAccountGroupEventObserver.class */
public class UserRecordServiceAccountGroupEventObserver implements GroupServiceEventObserver {
    public static final Logger LOG = Logger.getLogger(UserRecordServiceAccountGroupEventObserver.class);
    private final RecordTypeDefinitionService recordTypeDefinitionService;
    private final RecordUpdateService recordUpdateService;
    private final GroupService groupService;
    private final ContextSpecificRunner adminContextRunner;
    private final Supplier<Long> serviceAccountGroupIdSupplier;
    private final FeatureToggleClient featureToggleClient;
    private final ReplicaLoadContextBuilderFactory replicaLoadContextBuilderFactory;

    public UserRecordServiceAccountGroupEventObserver(RecordTypeDefinitionService recordTypeDefinitionService, RecordUpdateService recordUpdateService, GroupService groupService, ContextSpecificRunner contextSpecificRunner, Supplier<Long> supplier, FeatureToggleClient featureToggleClient, ReplicaLoadContextBuilderFactory replicaLoadContextBuilderFactory) {
        this.recordTypeDefinitionService = recordTypeDefinitionService;
        this.recordUpdateService = recordUpdateService;
        this.groupService = groupService;
        this.adminContextRunner = contextSpecificRunner;
        this.serviceAccountGroupIdSupplier = supplier;
        this.featureToggleClient = featureToggleClient;
        this.replicaLoadContextBuilderFactory = replicaLoadContextBuilderFactory;
    }

    public List<ObserverRegistration<?>> getRegistrations() {
        return Lists.newArrayList(new ObserverRegistration[]{ObserverRegistration.create(GroupServiceEventType.ADD_USERS_TO_GROUPS, this::syncUser), ObserverRegistration.create(GroupServiceEventType.REMOVE_USERS_FROM_GROUPS, this::syncUser), ObserverRegistration.create(GroupServiceEventType.ADD_GROUPS_TO_GROUPS, this::syncMembersOfGroups), ObserverRegistration.create(GroupServiceEventType.REMOVE_GROUPS_FROM_GROUPS, this::syncMembersOfGroups)});
    }

    private void syncUser(UserAndGroupIdentifiers userAndGroupIdentifiers) {
        this.adminContextRunner.runVoid(() -> {
            ReadOnlyRecordTypeDefinition userRecordType = getUserRecordType();
            if (shouldSyncUsers(userRecordType) && containsServiceAccountGroupOrMemberGroup(userAndGroupIdentifiers.getGroupIds())) {
                syncUsers(userRecordType, Sets.newHashSet(userAndGroupIdentifiers.getUsernames()));
            }
        });
    }

    private void syncMembersOfGroups(MemberGroupIdentifiers memberGroupIdentifiers) {
        this.adminContextRunner.runVoid(() -> {
            ReadOnlyRecordTypeDefinition userRecordType = getUserRecordType();
            if (shouldSyncUsers(userRecordType) && containsServiceAccountGroupOrMemberGroup(Collections.singletonList(memberGroupIdentifiers.getParentGroup()))) {
                List<Long> modifiedMemberGroups = memberGroupIdentifiers.getModifiedMemberGroups();
                try {
                    syncUsers(userRecordType, (Set) Arrays.stream(this.groupService.getMemberUsers((Long[]) modifiedMemberGroups.toArray(new Long[0]))).map((v0) -> {
                        return v0.getUsername();
                    }).collect(Collectors.toSet()));
                } catch (InvalidGroupException | PrivilegeException e) {
                    LOG.debug(String.format("Could not get member users of groups with ids %s", modifiedMemberGroups), e);
                }
            }
        });
    }

    private ReadOnlyRecordTypeDefinition getUserRecordType() {
        try {
            return this.recordTypeDefinitionService.mo3738getByUuid_readOnly(RecordTypeDefinition.SYSTEM_RECORD_TYPE_USER_UUID);
        } catch (InsufficientPrivilegesException | ObjectNotFoundException e) {
            LOG.debug("The user record type was not found", e);
            return null;
        }
    }

    private boolean shouldSyncUsers(ReadOnlyRecordTypeDefinition readOnlyRecordTypeDefinition) {
        return readOnlyRecordTypeDefinition != null && readOnlyRecordTypeDefinition.getIsReplicaEnabled();
    }

    private void syncUsers(ReadOnlyRecordTypeDefinition readOnlyRecordTypeDefinition, Set<Object> set) {
        this.recordUpdateService.loadUpdates(Collections.singletonList(new RecordDataLoadUpdate(readOnlyRecordTypeDefinition, set)), this.replicaLoadContextBuilderFactory.create().cause(ReplicaLoadCause.SOURCE_WRITE).sourceWriteOrigin(ReplicaSourceWriteOrigin.USER_PROFILE_UPDATE).build());
    }

    private boolean containsServiceAccountGroupOrMemberGroup(Collection<Long> collection) {
        Long l = this.serviceAccountGroupIdSupplier.get();
        HashSet newHashSet = Sets.newHashSet(new Long[]{l});
        if (this.featureToggleClient.isFeatureEnabled("ae.record-access-management.service-accounts-nested-groups")) {
            try {
                newHashSet.addAll((Collection) Arrays.stream(this.groupService.getMemberGroups(l)).map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet()));
            } catch (InvalidGroupException | PrivilegeException e) {
                LOG.debug("Could not determine member groups of the Service Account group for synced User Record RYOW. Checking against the Service Account group only.", e);
            }
        }
        return !Collections.disjoint(newHashSet, collection);
    }
}
