package com.appiancorp.miningdatasync.data;

import com.appiancorp.record.service.RecordTypeDefinitionService;
import com.appiancorp.security.acl.RoleMap;
import com.appiancorp.security.acl.RoleMapEntry;
import com.appiancorp.security.acl.Roles;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.auth.SecurityEscalator;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.user.service.KdbRdbmsIdBinder;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/appiancorp/miningdatasync/data/DataStewardAccessValidatorImpl.class */
public class DataStewardAccessValidatorImpl implements DataStewardAccessValidator {
    private final SecurityEscalator securityEscalator;
    private final RecordTypeDefinitionService recordTypeDefinitionService;
    private final SecurityContextProvider scp;
    private final KdbRdbmsIdBinder kdbRdbmsIdBinder;

    public DataStewardAccessValidatorImpl(SecurityEscalator securityEscalator, RecordTypeDefinitionService recordTypeDefinitionService, SecurityContextProvider securityContextProvider, KdbRdbmsIdBinder kdbRdbmsIdBinder) {
        this.securityEscalator = securityEscalator;
        this.recordTypeDefinitionService = recordTypeDefinitionService;
        this.scp = securityContextProvider;
        this.kdbRdbmsIdBinder = kdbRdbmsIdBinder;
    }

    public boolean isCurrentUserDataStewardOfRecordType(String str) {
        return isUserDataStewardOfRecordType(str, this.scp.get().getUserRef().getUsername(), getMemberGroupIds());
    }

    public boolean isSelectedUserDataStewardOfRecordType(String str, String str2) {
        return isUserDataStewardOfRecordType(str, str2, (Set) SpringSecurityContextHelper.runAs(str2, this::getMemberGroupIds));
    }

    private Set<Long> getMemberGroupIds() {
        return (Set) this.kdbRdbmsIdBinder.fromRdbmsGroupRefToK(this.scp.get().getMemberGroupRefs()).values().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
    }

    private boolean isUserDataStewardOfRecordType(String str, String str2, Set<Long> set) {
        Long l = (Long) this.securityEscalator.runAsAdmin(() -> {
            return this.recordTypeDefinitionService.getByUuid_readOnly(str).getId();
        });
        Map entriesByRole = ((RoleMap) this.securityEscalator.runAsAdmin(() -> {
            return this.recordTypeDefinitionService.getRoleMapWithProdDataSteward(l);
        })).getEntriesByRole();
        RoleMapEntry roleMapEntry = (RoleMapEntry) entriesByRole.get(Roles.RECORD_TYPE_DATA_STEWARD);
        RoleMapEntry roleMapEntry2 = (RoleMapEntry) entriesByRole.get(Roles.RECORD_TYPE_PROD_DATA_STEWARD);
        if (roleMapEntry == null || !roleMapEntry.hasPermissionInRole(str2, set)) {
            return roleMapEntry2 != null && roleMapEntry2.hasPermissionInRole(str2, set);
        }
        return true;
    }
}
