package ru.cft.platform.securityadmin;

import com.google.common.base.Strings;
import java.util.Iterator;
import java.util.Map;
import ru.cft.platform.core.model.MetaClassRights;
import ru.cft.platform.securityadmin.dao.IUadmDao;
import ru.cft.platform.securityadmin.model.IUser;
import ru.cft.platform.securityadmin.model.SecurityDomainEntry;
import ru.cft.platform.securityadmin.model.SubjectType;

/* loaded from: input_file:ru/cft/platform/securityadmin/DomainSupport.class */
public class DomainSupport {
    private static final String REVISOR_GROUP_PREFIX = "R!";
    private static final String REVISOR_GROUP_FULLNAME_PREFIX = "Группа ревизоров подразделения";
    private final IUadmDao uadminDao;
    private final Secadmin secadmin;
    private final boolean isRootDomainUser;

    public DomainSupport(IUadmDao iUadmDao, Secadmin secadmin, boolean z) {
        this.uadminDao = iUadmDao;
        this.secadmin = secadmin;
        this.isRootDomainUser = z;
    }

    public void checkChangeUserDomain(IUser iUser, String str, String str2) throws SecadminException {
        if (this.secadmin.isOwner(iUser) && !Strings.isNullOrEmpty(str2)) {
            throw new SecadminException(Messages.Secadmin_DoNotHaveRights);
        }
        if (!Strings.isNullOrEmpty(str)) {
            if (Strings.isNullOrEmpty(str2)) {
                throw new SecadminException(Messages.Secadmin_SameDomain);
            }
            if (str.equalsIgnoreCase(str2)) {
                throw new SecadminException(Messages.Secadmin_SameDomain);
            }
        }
        if (this.isRootDomainUser) {
            return;
        }
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
            throw new SecadminException(Messages.Secadmin_DoNotHaveRights);
        }
        checkChangeUserDomain(iUser, str);
        if (str.equalsIgnoreCase(str2)) {
            return;
        }
        checkChangeUserDomain(iUser, str2);
    }

    public void changeUserDomain(IUser iUser, String str, String str2) throws SecadminException {
        String shortName = iUser.getShortName();
        Iterator<String> it = this.uadminDao.getOwnSubjEqual(shortName).iterator();
        while (it.hasNext()) {
            this.uadminDao.deleteSubjEqual(shortName, it.next());
        }
        Iterator<MetaClassRights> it2 = this.uadminDao.getClassRights(shortName).iterator();
        while (it2.hasNext()) {
            this.secadmin.deleteClassRights(iUser, it2.next().getObjId());
        }
        if (!Strings.isNullOrEmpty(str)) {
            this.uadminDao.deleteSecurityDomain(shortName, str);
        }
        if (!Strings.isNullOrEmpty(str2)) {
            this.uadminDao.setSecurityDomain(shortName, str2);
        }
        if (this.secadmin.isRevisor(iUser.getUserProperties())) {
            if (!Strings.isNullOrEmpty(str)) {
                String revisorGroupDomain = this.uadminDao.getRevisorGroupDomain(str);
                if (!Strings.isNullOrEmpty(revisorGroupDomain)) {
                    this.uadminDao.deleteSubjEqual(shortName, revisorGroupDomain);
                }
            }
            if (Strings.isNullOrEmpty(str2)) {
                return;
            }
            String revisorGroupDomain2 = this.uadminDao.getRevisorGroupDomain(str2);
            if (Strings.isNullOrEmpty(revisorGroupDomain2)) {
                revisorGroupDomain2 = getRevisorGroup(str2);
            }
            this.uadminDao.updateSubjEqual(shortName, revisorGroupDomain2);
            this.uadminDao.addSubjEqual(shortName, revisorGroupDomain2);
        }
    }

    public void laterChangeUserDomain(IUser iUser, String str, String str2) throws SecadminException {
        throw new SecadminException(new UnsupportedOperationException("laterChangeUserDomain"));
    }

    public String createRevisorGroup(String str) throws SecadminException {
        String str2 = REVISOR_GROUP_PREFIX + str;
        if (str2.length() > 30) {
            String l = Long.toString(this.uadminDao.getNextUserid());
            str2 = str2.substring(0, (30 - l.length()) - 1) + l;
        }
        this.uadminDao.createUser(str2, "Группа ревизоров подразделения " + str2, SubjectType.GROUP, "|KERNEL|", null, null, null, this.secadmin.getCurrentUser());
        this.uadminDao.setRevisorGroup(str, str2);
        return str2;
    }

    private void checkChangeUserDomain(IUser iUser, String str) throws SecadminException {
        SecurityDomainEntry securityDomainEntry = this.uadminDao.getSecurityDomainEntry(str, true, this.secadmin.getCurrentUser());
        if (securityDomainEntry == null) {
            throw new SecadminException(Messages.Secadmin_DoNotHaveRights);
        }
        boolean isUAdmin = this.secadmin.isUAdmin(iUser.getUserProperties());
        if (str.equalsIgnoreCase(securityDomainEntry.getAdmDomain()) && isUAdmin) {
            throw new SecadminException(Messages.Secadmin_DoNotHaveRights);
        }
    }

    private String getRevisorGroup(String str) throws SecadminException {
        String revisorGroupDomain = this.uadminDao.getRevisorGroupDomain(str);
        if (Strings.isNullOrEmpty(revisorGroupDomain)) {
            revisorGroupDomain = createRevisorGroup(str);
            for (Map.Entry<String, String> entry : this.uadminDao.getSecurityDomainsByParent(str).entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (Strings.isNullOrEmpty(value)) {
                    value = getRevisorGroup(key);
                }
                this.uadminDao.updateSubjEqual(revisorGroupDomain, value);
                this.uadminDao.addSubjEqual(revisorGroupDomain, value);
            }
            for (String str2 : this.uadminDao.getRevosirGroups(str)) {
                this.uadminDao.updateSubjEqual(revisorGroupDomain, str2);
                this.uadminDao.addSubjEqual(revisorGroupDomain, str2);
            }
        }
        return revisorGroupDomain;
    }
}
