package com.appiancorp.portaldesigner.functions.publish.validation;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.core.data.Dictionary;
import com.appiancorp.expr.server.fn.object.ObjectPropertyName;
import com.appiancorp.ix.analysis.index.IaType;
import com.appiancorp.ix.analysis.index.TypedUuid;
import com.appiancorp.object.AppianObjectSelection;
import com.appiancorp.object.AppianObjectService;
import com.appiancorp.object.selector.Select;
import com.appiancorp.object.selector.SelectId;
import com.appiancorp.portaldesigner.error.PublishingError;
import com.appiancorp.portaldesigner.error.PublishingErrorSanitizer;
import com.appiancorp.portaldesigner.functions.publish.PortalExportData;
import com.appiancorp.portaldesigner.functions.publish.PortalExportDataUtils;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.paging.PagingInfo;
import com.appiancorp.type.AppianTypeLong;
import com.appiancorp.type.cdt.value.PortalDto;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/appiancorp/portaldesigner/functions/publish/validation/ServiceAccountDocumentAccessValidator.class */
public class ServiceAccountDocumentAccessValidator implements PortalValidator, PublishingErrorSanitizer {
    private static final Set<ErrorCode> MOST_PRIVILEGED_ERROR_CODE_SET = Collections.singleton(ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT_USER_CAN_SEE_ALL);
    private final ExtendedUserService extendedUserService;
    private final AppianObjectService appianObjectService;

    public ServiceAccountDocumentAccessValidator(ExtendedUserService extendedUserService, AppianObjectService appianObjectService) {
        this.extendedUserService = extendedUserService;
        this.appianObjectService = appianObjectService;
    }

    @Override // com.appiancorp.portaldesigner.functions.publish.validation.PortalValidator
    public PortalValidationResult validatePortal(PortalExportData portalExportData, PortalDto portalDto, boolean z, Optional<String> optional) {
        String serviceAccountUuid = portalDto.getServiceAccountUuid();
        List<TypedUuid> listPrecedentsOfType = PortalExportDataUtils.listPrecedentsOfType(portalExportData, IaType.DOCUMENT);
        return !listPrecedentsOfType.isEmpty() ? validateDocumentAccess((Set) listPrecedentsOfType.stream().map((v0) -> {
            return v0.getUuid();
        }).collect(Collectors.toSet()), serviceAccountUuid, z, optional) : PortalValidationResult.validResult();
    }

    PortalValidationResult validateDocumentAccess(Set<String> set, String str, boolean z, Optional<String> optional) {
        ErrorCode validateServiceAccountSpecified = PortalValidatorHelper.validateServiceAccountSpecified(set.size(), str, ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT, ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT, optional, Boolean.valueOf(z));
        if (validateServiceAccountSpecified != null) {
            return PortalValidationResult.invalidResult(validateServiceAccountSpecified, new String[0]);
        }
        Set<String> documentUuidsServiceAccountCannotAccess = getDocumentUuidsServiceAccountCannotAccess(this.extendedUserService.getUsernameByUuid(str), set);
        if (documentUuidsServiceAccountCannotAccess.isEmpty()) {
            return PortalValidationResult.validResult();
        }
        PortalValidatorHelper.logMetricForObjectInaccessibleByServiceAccount(optional, z);
        return PortalValidationResult.invalidResult(ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT_USER_CAN_SEE_ALL, (String[]) documentUuidsServiceAccountCannotAccess.toArray(new String[0]));
    }

    @VisibleForTesting
    Set<String> getDocumentUuidsServiceAccountCannotAccess(String str, Set<String> set) {
        return Sets.difference(set, queryAosAndReturnProperty(set, "uuid", str));
    }

    @VisibleForTesting
    Set<String> queryAosAndReturnProperty(Set<String> set, String str, String str2) {
        if (set.isEmpty()) {
            return Collections.emptySet();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(SelectId.buildUuidReference(AppianTypeLong.DOCUMENT, it.next()));
        }
        return (Set) ((List) Arrays.stream((str2 != null ? runAosQueryAsServiceAccount(str2, arrayList) : this.appianObjectService.select((Select[]) arrayList.toArray(new Select[0]))).getSelectionResult(new PagingInfo(1, -1), new ObjectPropertyName[]{ObjectPropertyName.UUID, ObjectPropertyName.CAN_VIEW, ObjectPropertyName.NAME}).getResultPage().getResults()).map(obj -> {
            return (Dictionary) obj;
        }).collect(Collectors.toList())).stream().map(dictionary -> {
            return dictionary.getValue(str).toString();
        }).collect(Collectors.toSet());
    }

    private AppianObjectSelection runAosQueryAsServiceAccount(String str, List<SelectId> list) {
        return (AppianObjectSelection) SpringSecurityContextHelper.runAs(str, () -> {
            return this.appianObjectService.select((Select[]) list.toArray(new Select[0]));
        });
    }

    @Override // com.appiancorp.portaldesigner.error.PublishingErrorSanitizer
    public Set<ErrorCode> getMostPrivilegedErrorCodes() {
        return MOST_PRIVILEGED_ERROR_CODE_SET;
    }

    @Override // com.appiancorp.portaldesigner.error.PublishingErrorSanitizer
    public PublishingError sanitizePublishingError(PublishingError publishingError, Locale locale) {
        ErrorCode errorCode;
        List asList;
        HashSet hashSet = new HashSet(publishingError.getParams());
        Set<String> namesOfDocumentsServiceAccountCannotAccess = getNamesOfDocumentsServiceAccountCannotAccess(hashSet);
        int size = hashSet.size() - namesOfDocumentsServiceAccountCannotAccess.size();
        String valueOf = String.valueOf(size);
        String join = String.join(PortalValidatorHelper.DELIMITER, namesOfDocumentsServiceAccountCannotAccess);
        if (size == 0) {
            errorCode = ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT_USER_CAN_SEE_ALL;
            asList = Collections.singletonList(join);
        } else if (namesOfDocumentsServiceAccountCannotAccess.isEmpty()) {
            errorCode = ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT_USER_CANNOT_SEE_ANY;
            asList = Collections.singletonList(valueOf);
        } else {
            errorCode = ErrorCode.PRTL_SERVICE_ACCOUNT_DOCUMENT_USER_CAN_SEE_SOME_BUT_NOT_ALL;
            asList = Arrays.asList(join, valueOf);
        }
        return new PublishingError(errorCode, asList, PublishingError.ErrorType.PUBLISH);
    }

    @VisibleForTesting
    Set<String> getNamesOfDocumentsServiceAccountCannotAccess(Set<String> set) {
        return queryAosAndReturnProperty(set, "name", null);
    }
}
