package com.appiancorp.processHq.function.utils;

import com.appiancorp.record.service.DataStewardPrivilegeEscalator;
import com.appiancorp.record.service.RecordTypeDefinitionService;
import com.appiancorp.security.acl.RoleMap;
import com.appiancorp.security.acl.RoleMapEntry;
import com.appiancorp.security.acl.Roles;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.auth.SecurityEscalator;
import com.appiancorp.security.user.service.KdbRdbmsIdBinder;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;

/* loaded from: input_file:com/appiancorp/processHq/function/utils/CurrentUserRecordAccessCheckerForProcessHq.class */
public class CurrentUserRecordAccessCheckerForProcessHq implements DataStewardPrivilegeEscalator.CurrentUserRecordAccessChecker {
    private final SecurityEscalator securityEscalator;
    private final RecordTypeDefinitionService recordTypeDefinitionService;
    private final SecurityContextProvider securityContextProvider;
    private final KdbRdbmsIdBinder kdbRdbmsIdBinder;
    private final Map<String, Boolean> recordTypeUuidToCachedAnswer = new ConcurrentHashMap();

    public CurrentUserRecordAccessCheckerForProcessHq(SecurityEscalator securityEscalator, RecordTypeDefinitionService recordTypeDefinitionService, SecurityContextProvider securityContextProvider, KdbRdbmsIdBinder kdbRdbmsIdBinder) {
        this.securityEscalator = securityEscalator;
        this.recordTypeDefinitionService = recordTypeDefinitionService;
        this.securityContextProvider = securityContextProvider;
        this.kdbRdbmsIdBinder = kdbRdbmsIdBinder;
    }

    public boolean doesCurrentUserHaveFullRecordViewerAccess(String str) {
        Boolean bool = this.recordTypeUuidToCachedAnswer.get(str);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean isCurrentUserDataStewardOfRecordType = isCurrentUserDataStewardOfRecordType(str);
        this.recordTypeUuidToCachedAnswer.put(str, Boolean.valueOf(isCurrentUserDataStewardOfRecordType));
        return isCurrentUserDataStewardOfRecordType;
    }

    private boolean isCurrentUserDataStewardOfRecordType(String str) {
        try {
            RoleMap roleMap = (RoleMap) this.securityEscalator.runAsAdmin(() -> {
                return this.recordTypeDefinitionService.getRoleMapWithProdDataSteward(this.recordTypeDefinitionService.getByUuid(str).getId());
            });
            if (roleMap == null) {
                return false;
            }
            Map entriesByRole = roleMap.getEntriesByRole();
            RoleMapEntry roleMapEntry = (RoleMapEntry) entriesByRole.get(Roles.RECORD_TYPE_DATA_STEWARD);
            RoleMapEntry roleMapEntry2 = (RoleMapEntry) entriesByRole.get(Roles.RECORD_TYPE_PROD_DATA_STEWARD);
            if (roleMapEntry == null && roleMapEntry2 == null) {
                return false;
            }
            SecurityContext securityContext = this.securityContextProvider.get();
            Set set = (Set) this.kdbRdbmsIdBinder.fromRdbmsGroupRefToK(securityContext.getMemberGroupRefs()).values().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
            String username = securityContext.getUserRef().getUsername();
            return (roleMapEntry != null && roleMapEntry.hasPermissionInRole(username, set)) || (roleMapEntry2 != null && roleMapEntry2.hasPermissionInRole(username, set));
        } catch (Exception e) {
            return false;
        }
    }
}
