package org.kuali.rice.kns.document.authorization;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.kuali.rice.kew.dto.ProcessDTO;
import org.kuali.rice.kew.exception.WorkflowException;
import org.kuali.rice.kew.routeheader.service.RouteHeaderService;
import org.kuali.rice.kew.service.KEWServiceLocator;
import org.kuali.rice.kim.bo.Person;
import org.kuali.rice.kim.bo.impl.KimAttributes;
import org.kuali.rice.kim.bo.types.dto.AttributeSet;
import org.kuali.rice.kim.util.KimConstants;
import org.kuali.rice.kns.authorization.BusinessObjectAuthorizerBase;
import org.kuali.rice.kns.bo.BusinessObject;
import org.kuali.rice.kns.document.Document;
import org.kuali.rice.kns.service.KNSServiceLocator;
import org.kuali.rice.kns.util.KNSConstants;
import org.kuali.rice.kns.workflow.service.KualiWorkflowDocument;

/* loaded from: input_file:WEB-INF/lib/rice-impl-1.0.3.3.jar:org/kuali/rice/kns/document/authorization/DocumentAuthorizerBase.class */
public class DocumentAuthorizerBase extends BusinessObjectAuthorizerBase implements DocumentAuthorizer {
    protected static Log LOG = LogFactory.getLog(DocumentAuthorizerBase.class);
    public static final String PRE_ROUTING_ROUTE_NAME = "PreRoute";
    public static final String EDIT_MODE_DEFAULT_TRUE_VALUE = "TRUE";
    public static final String USER_SESSION_METHOD_TO_CALL_OBJECT_KEY = "METHOD_TO_CALL_KEYS_METHOD_OBJECT_KEY";
    public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_OBJECT_KEY = "METHOD_TO_CALL_KEYS_COMPLETE_OBJECT_KEY";
    public static final String USER_SESSION_METHOD_TO_CALL_COMPLETE_MARKER = "_EXITING";

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public Set<String> getDocumentActions(Document document, Person person, Set<String> set) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("calling DocumentAuthorizerBase.getDocumentActionFlags for document '" + document.getDocumentNumber() + "'. user '" + person.getPrincipalName() + KNSConstants.SINGLE_QUOTE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_EDIT) && !isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.EDIT_DOCUMENT, person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_EDIT);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_COPY) && !isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.COPY_DOCUMENT, person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_COPY);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE) && !isAuthorizedByTemplate(document, "KR-WKFLW", "Blanket Approve Document", person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_BLANKET_APPROVE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_CANCEL) && !isAuthorizedByTemplate(document, "KR-WKFLW", "Cancel Document", person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_CANCEL);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_SAVE) && !isAuthorizedByTemplate(document, "KR-WKFLW", "Save Document", person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_SAVE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_ROUTE) && !isAuthorizedByTemplate(document, "KR-WKFLW", "Route Document", person.getPrincipalId())) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_ROUTE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE) && !canTakeRequestedAction(document, "K", person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_ACKNOWLEDGE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_FYI) && !canTakeRequestedAction(document, "F", person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_FYI);
        }
        if ((set.contains(KNSConstants.KUALI_ACTION_CAN_APPROVE) || set.contains(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE)) && !canTakeRequestedAction(document, "A", person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_APPROVE);
            set.remove(KNSConstants.KUALI_ACTION_CAN_DISAPPROVE);
        }
        if (!canSendAnyTypeAdHocRequests(document, person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_ADD_ADHOC_REQUESTS);
            set.remove(KNSConstants.KUALI_ACTION_CAN_SEND_ADHOC_REQUESTS);
            set.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI) && !canSendAdHocRequests(document, "F", person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_SEND_NOTE_FYI);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_ANNOTATE) && !set.contains(KNSConstants.KUALI_ACTION_CAN_EDIT)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_ANNOTATE);
        }
        if (set.contains(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW) && !canEditDocumentOverview(document, person)) {
            set.remove(KNSConstants.KUALI_ACTION_CAN_EDIT__DOCUMENT_OVERVIEW);
        }
        return set;
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canInitiate(String str, Person person) {
        AttributeSet attributeSet = new AttributeSet();
        attributeSet.put("documentTypeName", str);
        return getIdentityManagementService().isAuthorizedByTemplateName(person.getPrincipalId(), KNSConstants.KUALI_RICE_SYSTEM_NAMESPACE, "Initiate Document", attributeSet, null);
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canReceiveAdHoc(Document document, Person person, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("actionRequestCd", str);
        return isAuthorizedByTemplate(document, "KR-WKFLW", "Ad Hoc Review Document", person.getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canOpen(Document document, Person person) {
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.OPEN_DOCUMENT, person.getPrincipalId());
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canAddNoteAttachment(Document document, String str, Person person) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put(KimAttributes.ATTACHMENT_TYPE_CODE, str);
        }
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.ADD_NOTE_ATTACHMENT, person.getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canDeleteNoteAttachment(Document document, String str, String str2, Person person) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put(KimAttributes.ATTACHMENT_TYPE_CODE, str);
        }
        hashMap.put(KimAttributes.CREATED_BY_SELF, str2);
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.DELETE_NOTE_ATTACHMENT, person.getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canViewNoteAttachment(Document document, String str, Person person) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put(KimAttributes.ATTACHMENT_TYPE_CODE, str);
        }
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.VIEW_NOTE_ATTACHMENT, person.getPrincipalId(), hashMap, null);
    }

    @Override // org.kuali.rice.kns.document.authorization.DocumentAuthorizer
    public final boolean canSendAdHocRequests(Document document, String str, Person person) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put("actionRequestCd", str);
        }
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.SEND_AD_HOC_REQUEST, person.getPrincipalId(), hashMap, null);
    }

    public boolean canEditDocumentOverview(Document document, Person person) {
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.EDIT_DOCUMENT, person.getPrincipalId()) && isDocumentInitiator(document, person);
    }

    protected final boolean canSendAnyTypeAdHocRequests(Document document, Person person) {
        if (!canSendAdHocRequests(document, "F", person)) {
            if (canSendAdHocRequests(document, "K", person)) {
                return true;
            }
            return canSendAdHocRequests(document, "A", person);
        }
        try {
            ProcessDTO primaryProcess = KNSServiceLocator.getWorkflowInfoService().getDocType(document.getDocumentHeader().getWorkflowDocument().getDocumentType()).getRoutePath().getPrimaryProcess();
            if (primaryProcess != null) {
                return primaryProcess.getInitialRouteNode() != null;
            }
            return false;
        } catch (WorkflowException e) {
            return false;
        }
    }

    protected boolean canTakeRequestedAction(Document document, String str, Person person) {
        HashMap hashMap = new HashMap();
        hashMap.put("actionRequestCd", str);
        return isAuthorizedByTemplate(document, "KR-NS", KimConstants.PermissionTemplateNames.TAKE_REQUESTED_ACTION, person.getPrincipalId(), hashMap, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.rice.kns.authorization.BusinessObjectAuthorizerBase
    public void addPermissionDetails(BusinessObject businessObject, Map<String, String> map) {
        super.addPermissionDetails(businessObject, map);
        if (businessObject instanceof Document) {
            addStandardAttributes((Document) businessObject, map);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.rice.kns.authorization.BusinessObjectAuthorizerBase
    public void addRoleQualification(BusinessObject businessObject, Map<String, String> map) {
        super.addRoleQualification(businessObject, map);
        if (businessObject instanceof Document) {
            addStandardAttributes((Document) businessObject, map);
        }
    }

    protected void addStandardAttributes(Document document, Map<String, String> map) {
        KualiWorkflowDocument workflowDocument = document.getDocumentHeader().getWorkflowDocument();
        map.put("documentNumber", document.getDocumentNumber());
        map.put("documentTypeName", workflowDocument.getDocumentType());
        if (workflowDocument.stateIsInitiated() || workflowDocument.stateIsSaved()) {
            map.put("routeNodeName", PRE_ROUTING_ROUTE_NAME);
        } else {
            map.put("routeNodeName", workflowDocument.getCurrentRouteNodeNames());
        }
        map.put("routeStatusCode", workflowDocument.getRouteHeader().getDocRouteStatus());
    }

    protected boolean isDocumentInitiator(Document document, Person person) {
        return document.getDocumentHeader().getWorkflowDocument().getInitiatorPrincipalId().equalsIgnoreCase(person.getPrincipalId());
    }

    protected RouteHeaderService getRouteHeaderService() {
        return (RouteHeaderService) KEWServiceLocator.getService(KEWServiceLocator.DOC_ROUTE_HEADER_SRV);
    }
}
