package com.openblocks.domain.permission.service;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.openblocks.domain.group.service.GroupMemberService;
import com.openblocks.domain.organization.service.OrgMemberService;
import com.openblocks.domain.permission.model.ResourceAction;
import com.openblocks.domain.permission.model.ResourceHolder;
import com.openblocks.domain.permission.model.ResourcePermission;
import com.openblocks.domain.permission.model.ResourceRole;
import com.openblocks.domain.permission.model.ResourceType;
import com.openblocks.domain.permission.model.UserPermissionOnResourceStatus;
import com.openblocks.sdk.constants.Authentication;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.ListUtils;
import org.springframework.beans.factory.annotation.Autowired;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/openblocks/domain/permission/service/ResourcePermissionHandler.class */
public abstract class ResourcePermissionHandler {

    @Autowired
    private ResourcePermissionService resourcePermissionService;

    @Autowired
    private GroupMemberService groupMemberService;

    @Autowired
    private OrgMemberService orgMemberService;

    public Mono<Map<String, List<ResourcePermission>>> getAllMatchingPermissions(String str, Collection<String> collection, ResourceAction resourceAction) {
        ResourceType resourceType = resourceAction.getResourceType();
        return CollectionUtils.isEmpty(collection) ? Mono.just(Collections.emptyMap()) : Authentication.isAnonymousUser(str) ? getAnonymousUserPermissions(collection, resourceAction) : getOrgId(collection.iterator().next()).flatMap(str2 -> {
            return this.orgMemberService.getOrgMember(str2, str);
        }).flatMap(orgMember -> {
            return orgMember.isAdmin() ? Mono.just(buildAdminPermissions(resourceType, collection, str)) : getAllMatchingPermissions0(str, orgMember.getOrgId(), resourceType, collection, resourceAction);
        }).switchIfEmpty(Mono.just(Maps.newHashMap())).zipWith(getAnonymousUserPermissions(collection, resourceAction)).flatMap(tuple2 -> {
            Map map = (Map) tuple2.getT1();
            ((Map) tuple2.getT2()).forEach((str3, list) -> {
                map.merge(str3, list, ListUtils::union);
            });
            return Mono.just(map);
        });
    }

    public Mono<UserPermissionOnResourceStatus> checkUserPermissionStatusOnResource(String str, String str2, ResourceAction resourceAction) {
        ResourceType resourceType = resourceAction.getResourceType();
        Mono<UserPermissionOnResourceStatus> map = getAnonymousUserPermissions(Collections.singletonList(str2), resourceAction).map(map2 -> {
            return (List) map2.getOrDefault(str2, Collections.emptyList());
        }).map(list -> {
            return !list.isEmpty() ? UserPermissionOnResourceStatus.success((ResourcePermission) list.get(0)) : Authentication.isAnonymousUser(str) ? UserPermissionOnResourceStatus.anonymousUser() : UserPermissionOnResourceStatus.notInOrg();
        });
        return Authentication.isAnonymousUser(str) ? map : Mono.zip(map, getOrgId(str2).flatMap(str3 -> {
            return this.orgMemberService.getOrgMember(str3, str);
        }).flatMap(orgMember -> {
            return orgMember.isAdmin() ? Mono.just(UserPermissionOnResourceStatus.success(buildAdminPermission(resourceType, str2, str))) : getAllMatchingPermissions0(str, orgMember.getOrgId(), resourceType, Collections.singleton(str2), resourceAction).map(map3 -> {
                return (List) map3.getOrDefault(str2, Collections.emptyList());
            }).map(list2 -> {
                return list2.isEmpty() ? UserPermissionOnResourceStatus.notEnoughPermission() : UserPermissionOnResourceStatus.success(getMaxPermission(list2));
            });
        }).defaultIfEmpty(UserPermissionOnResourceStatus.notInOrg())).map(tuple2 -> {
            UserPermissionOnResourceStatus userPermissionOnResourceStatus = (UserPermissionOnResourceStatus) tuple2.getT1();
            UserPermissionOnResourceStatus userPermissionOnResourceStatus2 = (UserPermissionOnResourceStatus) tuple2.getT2();
            if (!userPermissionOnResourceStatus2.hasPermission() && userPermissionOnResourceStatus.hasPermission()) {
                return userPermissionOnResourceStatus;
            }
            return userPermissionOnResourceStatus2;
        });
    }

    @Nonnull
    private ResourcePermission getMaxPermission(List<ResourcePermission> list) {
        return list.stream().max(Comparator.comparingInt(resourcePermission -> {
            return resourcePermission.getResourceRole().getRoleWeight();
        })).get();
    }

    protected abstract Mono<Map<String, List<ResourcePermission>>> getAnonymousUserPermissions(Collection<String> collection, ResourceAction resourceAction);

    private Mono<Map<String, List<ResourcePermission>>> getAllMatchingPermissions0(String str, String str2, ResourceType resourceType, Collection<String> collection, ResourceAction resourceAction) {
        return Mono.zip(getUserGroupIds(str2, str), this.resourcePermissionService.getByResourceTypeAndResourceIds(resourceType, collection)).map(tuple2 -> {
            Set set = (Set) tuple2.getT1();
            Map map = (Map) tuple2.getT2();
            return (Map) collection.stream().collect(Collectors.toMap(Function.identity(), str3 -> {
                return filterMatchingPermissions(str, set, (Collection) map.getOrDefault(str3, Collections.emptyList()), resourceAction);
            }));
        });
    }

    private List<ResourcePermission> filterMatchingPermissions(String str, Set<String> set, Collection<ResourcePermission> collection, ResourceAction resourceAction) {
        return CollectionUtils.isEmpty(collection) ? Collections.emptyList() : collection.stream().filter(resourcePermission -> {
            return resourcePermission.matchUser(str, resourceAction) || resourcePermission.matchGroup(set, resourceAction);
        }).toList();
    }

    private Map<String, List<ResourcePermission>> buildAdminPermissions(ResourceType resourceType, Collection<String> collection, String str) {
        return (Map) collection.stream().distinct().collect(Collectors.toMap(str2 -> {
            return str2;
        }, str3 -> {
            return Collections.singletonList(buildAdminPermission(resourceType, str, str3));
        }));
    }

    private ResourcePermission buildAdminPermission(ResourceType resourceType, String str, String str2) {
        return ResourcePermission.builder().resourceType(resourceType).resourceId(str2).resourceHolder(ResourceHolder.USER).resourceHolderId(str).resourceRole(ResourceRole.OWNER).build();
    }

    private Mono<Set<String>> getUserGroupIds(String str, String str2) {
        return this.groupMemberService.getUserGroupIdsInOrg(str, str2).map((v0) -> {
            return Sets.newHashSet(v0);
        });
    }

    protected abstract Mono<String> getOrgId(String str);
}
