package com.appiancorp.expr.server.environment.epex.security;

import com.appiancorp.core.data.ImmutableDictionary;
import com.appiancorp.core.expr.Domain;
import com.appiancorp.expr.server.environment.epex.exceptions.EPExAuthorizationException;
import com.appiancorp.expr.server.environment.epex.services.ActorDefinitionStore;
import com.appiancorp.expr.server.environment.epex.services.DeploymentProvider;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.suiteapi.process.security.ProcessPermissions;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;

/* loaded from: input_file:com/appiancorp/expr/server/environment/epex/security/ProcessAuthorizer.class */
public class ProcessAuthorizer extends Authorizer<ProcessAction> {
    private static final int GET_ROLE_MAPS_BATCH_SIZE = 1000;

    public void verifyAuthorizationGivenProcessModelUuid(SecurityContext securityContext, ProcessAction processAction, String str) {
        if (!securityContext.isSysAdmin() && !isAllowed(securityContext, (SecurityContext) processAction, getOuterActorDefinitionRoleMap(str))) {
            throw new EPExAuthorizationException("User [" + securityContext.getUserRef().getUsername() + "] is not authorized to take action [" + processAction + "] on process of process model uuid [" + str + "]");
        }
    }

    public Set<String> getUuidsOfAllProcessModelsWithViewableProcesses(SecurityContext securityContext) {
        return filterProcessModelUuidsForProcessViewPermission(securityContext, getActorDefinitionStore().getAllOuterActorDefinitionUuids());
    }

    public Set<String> filterProcessModelUuidsForProcessViewPermission(SecurityContext securityContext, Collection<String> collection) {
        HashSet hashSet = new HashSet();
        if (securityContext.isSysAdmin()) {
            hashSet.addAll(collection);
            return hashSet;
        }
        ActorDefinitionStore actorDefinitionStore = getActorDefinitionStore();
        for (List<String> list : Lists.partition(new ArrayList(collection), 1000)) {
            Map<String, ImmutableDictionary> outerActorDefinitionRoleMaps = actorDefinitionStore.getOuterActorDefinitionRoleMaps((String[]) list.toArray(new String[0]));
            for (String str : list) {
                Map<Role, RoleMembers> transformToJavaMap = RoleMapTransformer.transformToJavaMap(outerActorDefinitionRoleMaps.get(str));
                if (transformToJavaMap != null && isAllowed(securityContext, (SecurityContext) ProcessAction.VIEW, transformToJavaMap)) {
                    hashSet.add(str);
                }
            }
        }
        return hashSet;
    }

    public ProcessPermissions getPermissions(SecurityContext securityContext, String str) {
        ProcessAction[] values = ProcessAction.values();
        boolean[] isEachAllowed = isEachAllowed(securityContext, values, str);
        ProcessPermissions processPermissions = new ProcessPermissions();
        for (int i = 0; i < values.length; i++) {
            setPermission(processPermissions, values[i], isEachAllowed[i]);
        }
        return processPermissions;
    }

    private void setPermission(ProcessPermissions processPermissions, ProcessAction processAction, boolean z) {
        switch (processAction) {
            case VIEW:
                processPermissions.setViewStatus(z);
                return;
            default:
                throw new IllegalArgumentException("Action not handled: " + processAction);
        }
    }

    @Override // com.appiancorp.expr.server.environment.epex.security.Authorizer
    protected Map<Role, RoleMembers> getRoleMap(String str) {
        return getOuterActorDefinitionRoleMap(getActorDefinitionUuidForProcess(str));
    }

    private String getActorDefinitionUuidForProcess(String str) {
        return DeploymentProvider.get().getDeployment().random().getScopeStore().newBindingsViaRuntimeUuid(Collections.singletonList(str), Domain.PP, Optional.empty()).getDefinitionViaRuntimeScope(str, true);
    }

    private ActorDefinitionStore getActorDefinitionStore() {
        return DeploymentProvider.get().getDeployment().random().getActorDefinitionStore();
    }
}
