package com.appiancorp.portaldesigner.functions.publish.validation;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ix.analysis.index.IaType;
import com.appiancorp.ix.analysis.index.TypedUuid;
import com.appiancorp.portaldesigner.error.PublishingError;
import com.appiancorp.portaldesigner.error.PublishingErrorSanitizer;
import com.appiancorp.portaldesigner.functions.publish.PortalExportData;
import com.appiancorp.portaldesigner.functions.publish.PortalExportDataUtils;
import com.appiancorp.security.auth.SecurityEscalator;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.InvalidProcessModelException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.process.ProcessDesignService;
import com.appiancorp.type.cdt.value.PortalDto;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:com/appiancorp/portaldesigner/functions/publish/validation/ServiceAccountProcessModelAccessValidator.class */
public class ServiceAccountProcessModelAccessValidator implements PortalValidator, PublishingErrorSanitizer {
    private static final Set<ErrorCode> MOST_PRIVILEGED_ERROR_CODE_SET = new HashSet(Arrays.asList(ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_SINGULAR_ERROR_KEY, ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_PLURAL_ERROR_KEY));
    public static final Map<String, ErrorCode> processModelPublishErrorCodes = initErrorCodeMapping();
    private final ProcessDesignService processDesignService;
    private final ExtendedUserService extendedUserService;
    private final SecurityEscalator securityEscalator;
    private final SecurityContextRunner securityContextRunner;

    public ServiceAccountProcessModelAccessValidator(ProcessDesignService processDesignService, SecurityContextRunner securityContextRunner, ExtendedUserService extendedUserService, SecurityEscalator securityEscalator) {
        this.processDesignService = processDesignService;
        this.securityContextRunner = securityContextRunner;
        this.extendedUserService = extendedUserService;
        this.securityEscalator = securityEscalator;
    }

    @Override // com.appiancorp.portaldesigner.functions.publish.validation.PortalValidator
    public PortalValidationResult validatePortal(PortalExportData portalExportData, PortalDto portalDto, boolean z, Optional<String> optional) {
        List<TypedUuid> listPrecedentsOfType = PortalExportDataUtils.listPrecedentsOfType(portalExportData, IaType.PROCESS_MODEL);
        return !listPrecedentsOfType.isEmpty() ? validateProcessModelAccess(listPrecedentsOfType, portalDto.getServiceAccountUuid(), optional, z) : PortalValidationResult.validResult();
    }

    private List<String> getProcessModelsInaccessibleByServiceAccount(List<TypedUuid> list, String str) {
        String usernameByUuid = this.extendedUserService.getUsernameByUuid(str);
        ArrayList arrayList = new ArrayList();
        Iterator<TypedUuid> it = list.iterator();
        while (it.hasNext()) {
            String uuid = it.next().getUuid();
            try {
                Long processModelId = getProcessModelId(uuid);
                AtomicBoolean atomicBoolean = new AtomicBoolean(true);
                this.securityContextRunner.runAs(usernameByUuid, () -> {
                    try {
                        atomicBoolean.set(this.processDesignService.getPermissionsForProcessModel(processModelId).isInitiateProcess());
                    } catch (InvalidProcessModelException e) {
                        throw new RuntimeException((Throwable) e);
                    }
                });
                if (!atomicBoolean.get()) {
                    arrayList.add(uuid);
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return arrayList;
    }

    PortalValidationResult validateProcessModelAccess(List<TypedUuid> list, String str, Optional<String> optional, boolean z) {
        ErrorCode validateServiceAccountSpecified = PortalValidatorHelper.validateServiceAccountSpecified(list.size(), str, ErrorCode.PRTL_NO_USER_SELECTED_PROCESS_MODEL_SINGULAR_ERROR_KEY, ErrorCode.PRTL_NO_USER_SELECTED_PROCESS_MODEL_PLURAL_ERROR_KEY, optional, Boolean.valueOf(z));
        if (validateServiceAccountSpecified != null) {
            return PortalValidationResult.invalidResult(validateServiceAccountSpecified, new String[0]);
        }
        List<String> processModelsInaccessibleByServiceAccount = getProcessModelsInaccessibleByServiceAccount(list, str);
        if (processModelsInaccessibleByServiceAccount.isEmpty()) {
            return PortalValidationResult.validResult();
        }
        PortalValidatorHelper.logMetricForObjectInaccessibleByServiceAccount(optional, z);
        return getProcessModelPermissionsErrorWithUuids(processModelsInaccessibleByServiceAccount);
    }

    private PortalValidationResult getProcessModelPermissionsErrorWithUuids(List<String> list) {
        String[] strArr = (String[]) list.toArray(new String[0]);
        return list.size() == 1 ? PortalValidationResult.invalidResult(ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_SINGULAR_ERROR_KEY, strArr) : PortalValidationResult.invalidResult(ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_PLURAL_ERROR_KEY, strArr);
    }

    private Long getProcessModelId(String str) {
        AtomicReference atomicReference = new AtomicReference();
        atomicReference.set(this.securityEscalator.runAsAdmin(() -> {
            try {
                return this.processDesignService.getProcessModelIdByUuid(str);
            } catch (InvalidProcessModelException | PrivilegeException e) {
                throw new RuntimeException((Throwable) e);
            }
        }));
        return (Long) atomicReference.get();
    }

    @Override // com.appiancorp.portaldesigner.error.PublishingErrorSanitizer
    public Set<ErrorCode> getMostPrivilegedErrorCodes() {
        return MOST_PRIVILEGED_ERROR_CODE_SET;
    }

    @Override // com.appiancorp.portaldesigner.error.PublishingErrorSanitizer
    public PublishingError sanitizePublishingError(PublishingError publishingError, Locale locale) {
        List<String> params = publishingError.getParams();
        ArrayList arrayList = new ArrayList();
        int i = 0;
        Iterator<String> it = params.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(this.processDesignService.getProcessModelByUuid(it.next()).getName().get(locale));
            } catch (PrivilegeException e) {
                i++;
            } catch (InvalidProcessModelException e2) {
                throw new RuntimeException((Throwable) e2);
            }
        }
        return PortalValidatorHelper.getPermissionsError(processModelPublishErrorCodes, arrayList, i);
    }

    private static Map<String, ErrorCode> initErrorCodeMapping() {
        HashMap hashMap = new HashMap();
        String join = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.MULTIPLE_OBJECTS_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.SINGLE_OBJECT_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        String join2 = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.MULTIPLE_OBJECTS_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.MULTIPLE_OBJECTS_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        String join3 = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.NO_OBJECTS_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.SINGLE_OBJECT_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        String join4 = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.NO_OBJECTS_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.MULTIPLE_OBJECTS_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        String join5 = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.SINGLE_OBJECT_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.NO_OBJECTS_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        String join6 = String.join(PortalValidatorHelper.DELIMITER, PortalValidatorHelper.MULTIPLE_OBJECTS_MISSING_SERVICE_ACCOUNT_ACCESS_ONLY, PortalValidatorHelper.NO_OBJECTS_MISSING_SERVICE_AND_DESIGNER_ACCOUNT_ACCESS);
        hashMap.put(join, ErrorCode.PRTL_MIXED_PROCESS_MODEL_PERMISSIONS_SINGULAR_ERROR_KEY);
        hashMap.put(join2, ErrorCode.PRTL_MIXED_PROCESS_MODEL_PERMISSIONS_PLURAL_ERROR_KEY);
        hashMap.put(join3, ErrorCode.PRTL_NO_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_SINGULAR_ERROR_KEY);
        hashMap.put(join4, ErrorCode.PRTL_NO_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_PLURAL_ERROR_KEY);
        hashMap.put(join5, ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_SINGULAR_ERROR_KEY);
        hashMap.put(join6, ErrorCode.PRTL_YES_DESIGNER_NO_SERVICE_ACCOUNT_PROCESS_MODEL_PERMISSIONS_PLURAL_ERROR_KEY);
        return hashMap;
    }
}
