package com.evolveum.midpoint.cases.impl.helpers;

import com.evolveum.midpoint.model.api.ModelAuthorizationAction;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.OtherPrivilegesLimitations;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.security.enforcer.api.ValueAuthorizationParameters;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CaseWorkItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Iterator;
import java.util.Set;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/cases-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/cases/impl/helpers/AuthorizationHelper.class */
public class AuthorizationHelper {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AuthorizationHelper.class);

    @Autowired
    private SecurityEnforcer securityEnforcer;

    @Autowired
    private SecurityContextManager securityContextManager;

    /* loaded from: input_file:BOOT-INF/lib/cases-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/cases/impl/helpers/AuthorizationHelper$RequestedOperation.class */
    public enum RequestedOperation {
        COMPLETE(ModelAuthorizationAction.COMPLETE_WORK_ITEM),
        DELEGATE(ModelAuthorizationAction.DELEGATE_WORK_ITEM);

        final ModelAuthorizationAction action;

        RequestedOperation(ModelAuthorizationAction modelAuthorizationAction) {
            this.action = modelAuthorizationAction;
        }
    }

    public boolean isAuthorized(@NotNull CaseWorkItemType caseWorkItemType, @NotNull RequestedOperation requestedOperation, @NotNull Task task, @NotNull OperationResult operationResult) throws ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        try {
            if (this.securityContextManager.getPrincipal().getOid() == null) {
                return false;
            }
            try {
                ObjectTypeUtil.checkIn(caseWorkItemType, (Class<?>) CaseType.class);
                return this.securityEnforcer.isAuthorized(requestedOperation.action.getUrl(), null, ValueAuthorizationParameters.of(caseWorkItemType), SecurityEnforcer.Options.create(), task, operationResult);
            } catch (CommonException e) {
                throw new SystemException(e.getMessage(), e);
            }
        } catch (SecurityViolationException e2) {
            LoggingUtils.logException(LOGGER, "Couldn't get principal", e2, new Object[0]);
            return false;
        }
    }

    public boolean isAuthorizedToClaim(CaseWorkItemType caseWorkItemType) {
        try {
            MidPointPrincipal principal = this.securityContextManager.getPrincipal();
            return principal.getOid() != null && isAmongCandidates(principal, caseWorkItemType);
        } catch (SecurityViolationException e) {
            LoggingUtils.logException(LOGGER, "Couldn't get principal", e, new Object[0]);
            return false;
        }
    }

    private boolean isAmongCandidates(@NotNull MidPointPrincipal midPointPrincipal, @NotNull CaseWorkItemType caseWorkItemType) {
        String oid = midPointPrincipal.getOid();
        Set<String> oidsFromRefs = ObjectTypeUtil.getOidsFromRefs(midPointPrincipal.getFocus().getRoleMembershipRef());
        Set<String> delegatedMembershipFor = midPointPrincipal.getDelegatedMembershipFor(OtherPrivilegesLimitations.Type.CASES);
        Iterator<ObjectReferenceType> it = caseWorkItemType.getCandidateRef().iterator();
        while (it.hasNext()) {
            String oid2 = it.next().getOid();
            if (oid2 != null && (oid2.equals(oid) || oidsFromRefs.contains(oid2) || delegatedMembershipFor.contains(oid2))) {
                return true;
            }
        }
        return false;
    }
}
