package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.prism.util.CloneUtil;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCampaignType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationCaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AccessCertificationWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ArchetypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationLimitationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectParentSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OwnedObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SpecialObjectSpecificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SubjectedObjectSelectorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/AuthorizationMigrator.class */
public class AuthorizationMigrator {
    private static final Map<String, ActionMigrator> MIGRATORS_MAP = Map.ofEntries(Map.entry(ModelAuthorizationAction.READ_OWN_CERTIFICATION_DECISIONS.getUrl(), (list, authorizationType) -> {
        add(list, authorizationType, readAssignedCertificationWorkItems());
        add(list, authorizationType, readAssignedCertificationCasesExceptForForeignWorkItems());
    }), Map.entry(ModelAuthorizationAction.RECORD_CERTIFICATION_DECISION.getUrl(), (list2, authorizationType2) -> {
        add(list2, authorizationType2, completeAssignedCertificationWorkItems());
    }), Map.entry(ModelAuthorizationAction.DELEGATE_OWN_WORK_ITEMS.getUrl(), (list3, authorizationType3) -> {
        add(list3, authorizationType3, delegateAssignedCaseWorkItems());
    }), Map.entry(ModelAuthorizationAction.COMPLETE_ALL_WORK_ITEMS.getUrl(), (list4, authorizationType4) -> {
        add(list4, authorizationType4, readAllCompletableCases());
        add(list4, authorizationType4, completeAllCaseWorkItems());
    }), Map.entry(ModelAuthorizationAction.DELEGATE_ALL_WORK_ITEMS.getUrl(), (list5, authorizationType5) -> {
        add(list5, authorizationType5, readAllCompletableCases());
        add(list5, authorizationType5, readAllCertificationCases());
        add(list5, authorizationType5, delegateAllWorkItems());
    }), Map.entry(ModelAuthorizationAction.EXECUTE_SCRIPT.getUrl(), (list6, authorizationType6) -> {
        add(list6, authorizationType6, new AuthorizationType().action(AuthorizationConstants.AUTZ_BULK_ALL_URL));
    }));

    /* loaded from: input_file:BOOT-INF/lib/model-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/AuthorizationMigrator$ActionMigrator.class */
    private interface ActionMigrator {
        void migrate(List<AuthorizationType> list, AuthorizationType authorizationType);
    }

    private static AuthorizationType readAllCertificationCases() {
        return new AuthorizationType().action(ModelAuthorizationAction.READ.getUrl()).object(new OwnedObjectSelectorType().parent(certificationCaseParentSelector()).type(AccessCertificationCaseType.COMPLEX_TYPE));
    }

    private static AuthorizationType readAllCompletableCases() {
        return new AuthorizationType().action(ModelAuthorizationAction.READ.getUrl()).object(new OwnedObjectSelectorType().type(CaseType.COMPLEX_TYPE).archetypeRef(SystemObjectsType.ARCHETYPE_APPROVAL_CASE.value(), ArchetypeType.COMPLEX_TYPE).archetypeRef(SystemObjectsType.ARCHETYPE_MANUAL_CASE.value(), ArchetypeType.COMPLEX_TYPE).archetypeRef(SystemObjectsType.ARCHETYPE_CORRELATION_CASE.value(), ArchetypeType.COMPLEX_TYPE));
    }

    private static AuthorizationType readAssignedCertificationCasesExceptForForeignWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.READ.getUrl()).object(new OwnedObjectSelectorType().parent(certificationCaseParentSelector()).type(AccessCertificationCaseType.COMPLEX_TYPE).assignee(self())).exceptItem(AccessCertificationCaseType.F_WORK_ITEM.toBean());
    }

    private static AuthorizationType readAssignedCertificationWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.READ.getUrl()).object(new OwnedObjectSelectorType().parent(certificationWorkItemParentSelector()).type(AccessCertificationWorkItemType.COMPLEX_TYPE).assignee(self()));
    }

    private static AuthorizationType completeAssignedCertificationWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.COMPLETE_WORK_ITEM.getUrl()).object(new OwnedObjectSelectorType().parent(certificationWorkItemParentSelector()).type(AccessCertificationWorkItemType.COMPLEX_TYPE).assignee(self()));
    }

    private static AuthorizationType completeAllCaseWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.COMPLETE_WORK_ITEM.getUrl()).object(new OwnedObjectSelectorType().parent(caseWorkItemParentSelector()).type(CaseWorkItemType.COMPLEX_TYPE));
    }

    private static AuthorizationType delegateAssignedCaseWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.DELEGATE_WORK_ITEM.getUrl()).object(new OwnedObjectSelectorType().parent(caseWorkItemParentSelector()).type(CaseWorkItemType.COMPLEX_TYPE).assignee(self()));
    }

    private static AuthorizationType delegateAllWorkItems() {
        return new AuthorizationType().action(ModelAuthorizationAction.DELEGATE_WORK_ITEM.getUrl()).object(new OwnedObjectSelectorType().parent(caseWorkItemParentSelector()).type(CaseWorkItemType.COMPLEX_TYPE)).object(new OwnedObjectSelectorType().parent(certificationWorkItemParentSelector()).type(AccessCertificationWorkItemType.COMPLEX_TYPE));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void add(List<AuthorizationType> list, AuthorizationType authorizationType, AuthorizationType authorizationType2) {
        list.add(authorizationType2.decision(authorizationType.getDecision()).phase(authorizationType.getPhase()).name(newName(authorizationType.getName())).limitations((AuthorizationLimitationsType) CloneUtil.clone(authorizationType.getLimitations())));
    }

    @NotNull
    public Collection<AuthorizationType> migrate(@NotNull AuthorizationType authorizationType) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(authorizationType);
        List<String> action = authorizationType.getAction();
        for (Map.Entry<String, ActionMigrator> entry : MIGRATORS_MAP.entrySet()) {
            if (action.contains(entry.getKey())) {
                entry.getValue().migrate(arrayList, authorizationType);
            }
        }
        return arrayList;
    }

    private static SubjectedObjectSelectorType self() {
        return new SubjectedObjectSelectorType().special(SpecialObjectSpecificationType.SELF);
    }

    private static ObjectParentSelectorType certificationWorkItemParentSelector() {
        return new ObjectParentSelectorType().type(AccessCertificationCampaignType.COMPLEX_TYPE).path(new ItemPathType(ItemPath.create(AccessCertificationCampaignType.F_CASE, AccessCertificationCaseType.F_WORK_ITEM)));
    }

    private static ObjectParentSelectorType certificationCaseParentSelector() {
        return new ObjectParentSelectorType().type(AccessCertificationCampaignType.COMPLEX_TYPE).path(new ItemPathType(AccessCertificationCampaignType.F_CASE));
    }

    private static ObjectParentSelectorType caseWorkItemParentSelector() {
        return new ObjectParentSelectorType().type(CaseType.COMPLEX_TYPE).path(new ItemPathType(CaseType.F_WORK_ITEM));
    }

    private static String newName(String str) {
        return str == null ? "migrated" : str + " (migrated)";
    }
}
