package com.opensourcestrategies.crmsfa.security;

import com.opensourcestrategies.crmsfa.activities.UtilActivity;
import com.opensourcestrategies.crmsfa.cases.UtilCase;
import com.opensourcestrategies.crmsfa.opportunities.UtilOpportunity;
import com.opensourcestrategies.crmsfa.party.PartyHelper;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralException;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilValidate;
import org.ofbiz.entity.Delegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.condition.EntityCondition;
import org.ofbiz.entity.condition.EntityExpr;
import org.ofbiz.entity.condition.EntityOperator;
import org.ofbiz.entity.util.EntityUtil;
import org.ofbiz.security.Security;
import org.ofbiz.service.GenericDispatcher;
import org.opentaps.base.entities.UserLogin;
import org.opentaps.base.entities.WorkEffortPartyAssignment;
import org.opentaps.domain.DomainsLoader;
import org.opentaps.domain.party.PartyRepositoryInterface;
import org.opentaps.foundation.infrastructure.Infrastructure;
import org.opentaps.foundation.infrastructure.User;
import org.opentaps.gwt.crmsfa.client.opportunities.form.configuration.QuickNewOpportunityConfiguration;

/* loaded from: input_file:com/opensourcestrategies/crmsfa/security/CrmsfaSecurity.class */
public final class CrmsfaSecurity {
    private static final String MODULE = CrmsfaSecurity.class.getName();

    private CrmsfaSecurity() {
    }

    public static boolean hasPartyRelationSecurity(Security security, String str, String str2, GenericValue genericValue, String str3) {
        if (genericValue == null || genericValue.getDelegator() == null) {
            Debug.logError("userLogin is null or has no associated delegator", MODULE);
            return false;
        }
        if (security.hasEntityPermission(str, "_MANAGER", genericValue) || security.hasEntityPermission(str, str2, genericValue)) {
            return true;
        }
        try {
            Delegator delegator = genericValue.getDelegator();
            if (PartyHelper.getFirstValidRoleTypeId(str3, PartyHelper.CLIENT_PARTY_ROLES, delegator) == null) {
                Debug.logError("Failed to check permission for partyId [" + str3 + "] because that party does not have a valid role. I.e., it is not an Account, Contact, Lead, etc.", MODULE);
                return false;
            }
            EntityCondition filterByDateExpr = EntityUtil.getFilterByDateExpr();
            List findByCondition = delegator.findByCondition("PartyRelationshipAndPermission", EntityCondition.makeCondition(EntityOperator.AND, new EntityCondition[]{EntityCondition.makeCondition("partyIdTo", EntityOperator.EQUALS, genericValue.getString("partyId")), EntityCondition.makeCondition(EntityOperator.OR, new EntityExpr[]{EntityCondition.makeCondition("permissionId", EntityOperator.EQUALS, str + "_MANAGER"), EntityCondition.makeCondition("permissionId", EntityOperator.EQUALS, str + str2)}), filterByDateExpr}), (Collection) null, (List) null);
            List filterByAnd = EntityUtil.filterByAnd(findByCondition, UtilMisc.toMap("partyIdFrom", str3));
            if (filterByAnd != null && filterByAnd.size() > 0) {
                if (!Debug.verboseOn()) {
                    return true;
                }
                Debug.logVerbose(genericValue + " has direct permitted relationship for " + str3, MODULE);
                return true;
            }
            Iterator it = findByCondition.iterator();
            while (it.hasNext()) {
                List findByCondition2 = delegator.findByCondition("PartyRelationship", EntityCondition.makeCondition(EntityOperator.AND, new EntityCondition[]{EntityCondition.makeCondition("partyIdFrom", EntityOperator.EQUALS, str3), EntityCondition.makeCondition("partyIdTo", EntityOperator.EQUALS, ((GenericValue) it.next()).getString("partyIdFrom")), filterByDateExpr}), (Collection) null, (List) null);
                if (findByCondition2 != null && findByCondition2.size() > 0) {
                    if (!Debug.verboseOn()) {
                        return true;
                    }
                    Debug.logVerbose(genericValue + " has indirect permitted relationship for " + str3, MODULE);
                    return true;
                }
            }
            Debug.logWarning("Checked UserLogin [" + genericValue.getString("userLoginId") + "] for permission to perform [" + str + "] + [" + str2 + "] on partyId = [" + str3 + "], but permission was denied", MODULE);
            return false;
        } catch (GenericEntityException e) {
            Debug.logError("Unable to determine security from party relationship due to error " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasOpportunityPermission(Security security, String str, GenericValue genericValue, String str2) {
        Delegator delegator = genericValue.getDelegator();
        try {
            GenericValue findByPrimaryKeyCache = delegator.findByPrimaryKeyCache("SalesOpportunity", UtilMisc.toMap("salesOpportunityId", str2));
            if (findByPrimaryKeyCache == null) {
                return false;
            }
            if (!"_VIEW".equals(str) && "SOSTG_CLOSED".equals(findByPrimaryKeyCache.getString(QuickNewOpportunityConfiguration.OPPORTUNITY_STAGE_ID))) {
                return false;
            }
            Iterator<String> it = UtilOpportunity.getOpportunityAccountPartyIds(delegator, str2).iterator();
            while (it.hasNext()) {
                if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", str, genericValue, it.next())) {
                    return false;
                }
            }
            Iterator<String> it2 = UtilOpportunity.getOpportunityLeadPartyIds(delegator, str2).iterator();
            while (it2.hasNext()) {
                if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", str, genericValue, it2.next())) {
                    return false;
                }
            }
            Iterator<String> it3 = UtilOpportunity.getOpportunityContactPartyIds(delegator, str2).iterator();
            while (it3.hasNext()) {
                if (!hasPartyRelationSecurity(security, "CRMSFA_OPP", str, genericValue, it3.next())) {
                    return false;
                }
            }
            return true;
        } catch (GenericEntityException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to perform [CRMSFA_OPP] + [" + str + "] on salesOpportunityId = [" + str2 + "], but permission was denied due to exception: " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasCasePermission(Security security, String str, GenericValue genericValue, String str2) {
        Delegator delegator = genericValue.getDelegator();
        try {
            GenericValue findByPrimaryKeyCache = delegator.findByPrimaryKeyCache("CustRequest", UtilMisc.toMap("custRequestId", str2));
            if (findByPrimaryKeyCache == null) {
                return false;
            }
            findByPrimaryKeyCache.getString("statusId");
            if (!"_VIEW".equals(str) && UtilCase.caseIsInactive(findByPrimaryKeyCache)) {
                return false;
            }
            Iterator<GenericValue> it = UtilCase.getCaseAccountsAndContacts(delegator, str2).iterator();
            while (it.hasNext()) {
                if (hasPartyRelationSecurity(security, "CRMSFA_CASE", str, genericValue, it.next().getString("partyId"))) {
                    return true;
                }
            }
            return false;
        } catch (GenericEntityException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to perform [CRMSFA_CASE] + [" + str + "] on custRequestId = [" + str2 + "], but permission was denied due to exception: " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasActivityPermission(Security security, String str, GenericValue genericValue, String str2, String str3, String str4, String str5) {
        if (!security.hasEntityPermission("CRMSFA_ACT", str, genericValue)) {
            Debug.logWarning("Checked UserLogin [" + genericValue.getString("userLoginId") + "] for permission to perform [CRMSFA_ACT] + [" + str + "] in general but permission was denied.", MODULE);
            return false;
        }
        Delegator delegator = genericValue.getDelegator();
        Infrastructure infrastructure = new Infrastructure(GenericDispatcher.getLocalDispatcher((String) null, delegator));
        try {
            if (delegator.findByPrimaryKeyCache("WorkEffort", UtilMisc.toMap("workEffortId", str2)) == null) {
                Debug.logWarning("Activity [" + str2 + "] cannot be found", MODULE);
                return false;
            }
            PartyRepositoryInterface partyRepository = new DomainsLoader(infrastructure, new User(genericValue)).getDomainsDirectory().getPartyDomain().getPartyRepository();
            if (infrastructure.getConfigurationValueAsBoolean("ACTIVITY_OWNER_CHANGE_ONLY").booleanValue() && !"_VIEW".equals(str) && UtilValidate.isEmpty(partyRepository.findList(WorkEffortPartyAssignment.class, partyRepository.map(WorkEffortPartyAssignment.Fields.workEffortId, str2, WorkEffortPartyAssignment.Fields.roleTypeId, "CAL_OWNER", WorkEffortPartyAssignment.Fields.partyId, genericValue.getString(UserLogin.Fields.partyId.name()))))) {
                boolean z = false;
                Iterator it = partyRepository.findList(WorkEffortPartyAssignment.class, EntityCondition.makeCondition(new EntityExpr[]{EntityCondition.makeCondition(WorkEffortPartyAssignment.Fields.workEffortId.name(), str2), EntityCondition.makeCondition(WorkEffortPartyAssignment.Fields.roleTypeId.name(), EntityOperator.IN, PartyHelper.CLIENT_PARTY_ROLES)})).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (hasPartyRelationSecurity(security, "CRMSFA_ACT_OVRD_OWN_ONLY", "", genericValue, ((WorkEffortPartyAssignment) it.next()).getPartyId())) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] is not the owner of the activity [" + str2 + "] or of any of the main parties, permission to perform [" + str + "] denied because the ACTIVITY_OWNER_CHANGE_ONLY setting is set to Y.", MODULE);
                    return false;
                }
            }
            if (UtilValidate.isNotEmpty(str3)) {
                String securityModuleOfInternalParty = getSecurityModuleOfInternalParty(str3, delegator);
                if (securityModuleOfInternalParty == null) {
                    Debug.logWarning("Checked UserLogin [" + genericValue + "] for permission to perform [CRMSFA_ACT] + [" + str + "] on workEffortId = [" + str2 + "] but permission was denied because internalPartyId=[" + str3 + "] has an unknown roleTypeId", MODULE);
                    return false;
                }
                if (!hasPartyRelationSecurity(security, securityModuleOfInternalParty, "_VIEW".equals(str) ? "_VIEW" : "_UPDATE", genericValue, str3)) {
                    Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] is not related to party [" + str3 + "] for activity [" + str2 + "]", MODULE);
                    return false;
                }
            }
            if (UtilValidate.isNotEmpty(str4) && !hasOpportunityPermission(security, str, genericValue, str4)) {
                Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] does not have permission for opportunity [" + str4 + "] for activity [" + str2 + "]", MODULE);
                return false;
            }
            if (UtilValidate.isNotEmpty(str5) && !hasCasePermission(security, str, genericValue, str5)) {
                Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] does not have permission for case [" + str5 + "] for activity [" + str2 + "]", MODULE);
                return false;
            }
            if (UtilValidate.isNotEmpty(partyRepository.findList(WorkEffortPartyAssignment.class, partyRepository.map(WorkEffortPartyAssignment.Fields.workEffortId, str2, WorkEffortPartyAssignment.Fields.partyId, genericValue.getString(UserLogin.Fields.partyId.name()))))) {
                return true;
            }
            for (WorkEffortPartyAssignment workEffortPartyAssignment : partyRepository.findList(WorkEffortPartyAssignment.class, partyRepository.map(WorkEffortPartyAssignment.Fields.workEffortId, str2, WorkEffortPartyAssignment.Fields.roleTypeId, "PROSPECT"))) {
                if (!partyRepository.isUserAssignedToLead(workEffortPartyAssignment.getPartyId()).booleanValue()) {
                    Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] is not assigned to lead [" + workEffortPartyAssignment.getPartyId() + "] for activity [" + str2 + "]", MODULE);
                    return false;
                }
            }
            for (WorkEffortPartyAssignment workEffortPartyAssignment2 : partyRepository.findList(WorkEffortPartyAssignment.class, EntityCondition.makeCondition(new EntityExpr[]{EntityCondition.makeCondition(WorkEffortPartyAssignment.Fields.workEffortId.name(), str2), EntityCondition.makeCondition(WorkEffortPartyAssignment.Fields.roleTypeId.name(), EntityOperator.NOT_EQUAL, "PROSPECT")}))) {
                String securityModuleOfInternalParty2 = getSecurityModuleOfInternalParty(workEffortPartyAssignment2.getPartyId(), delegator);
                if (securityModuleOfInternalParty2 != null) {
                    String str6 = "_VIEW".equals(str) ? "_VIEW" : "_UPDATE";
                    if (!hasPartyRelationSecurity(security, securityModuleOfInternalParty2, str6, genericValue, workEffortPartyAssignment2.getPartyId())) {
                        Debug.logWarning("User [" + genericValue.getString("userLoginId") + "] does not have [" + securityModuleOfInternalParty2 + str6 + "] permission to related party [" + workEffortPartyAssignment2.getPartyId() + "] for activity [" + str2 + "]", MODULE);
                        return false;
                    }
                }
            }
            return true;
        } catch (GeneralException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to perform [CRMSFA_ACT] + [" + str + "] on workEffortId = [" + str2 + "], internalPartyId=[" + str3 + "], salesOpportunityId=[" + str4 + "], custRequestId = [" + str5 + "], but permission was denied due to an exception: " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasActivityPermission(Security security, String str, GenericValue genericValue, String str2) {
        return hasActivityPermission(security, str, genericValue, str2, null, null, null);
    }

    public static boolean hasActivityPermission(Security security, String str, GenericValue genericValue, String str2, String str3) {
        return hasSecurityScopePermission(security, genericValue, str2, false);
    }

    public static String getSecurityModuleOfInternalParty(String str, Delegator delegator) throws GenericEntityException {
        return getSecurityModuleForRole(PartyHelper.getFirstValidInternalPartyRoleTypeId(str, delegator));
    }

    public static String getSecurityModuleForRole(String str) {
        if ("ACCOUNT".equals(str)) {
            return "CRMSFA_ACCOUNT";
        }
        if ("CONTACT".equals(str)) {
            return "CRMSFA_CONTACT";
        }
        if ("PROSPECT".equals(str)) {
            return "CRMSFA_LEAD";
        }
        if ("PARTNER".equals(str)) {
            return "CRMSFA_PARTNER";
        }
        Debug.logInfo("No security module (CRMSFA_${role}) found for party role [" + str + "].  Some operations might not be allowed.", MODULE);
        return null;
    }

    public static boolean hasSecurityScopePermission(Security security, GenericValue genericValue, String str, boolean z) {
        if (security.hasEntityPermission("CRMSFA", "_ACT_ADMIN", genericValue)) {
            return true;
        }
        if (!z) {
            try {
                return hasActivityRelation(genericValue, str, false);
            } catch (GenericEntityException e) {
                Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to perform on workEffortId = [" + str + "], but permission was denied due to an exception: " + e.getMessage(), MODULE);
                return false;
            }
        }
        if (!z) {
            return true;
        }
        try {
            return hasActivityRelation(genericValue, str, true);
        } catch (GenericEntityException e2) {
            Debug.logError(e2, "Checked UserLogin [" + genericValue + "] for permission to perform on workEffortId = [" + str + "], but permission was denied due to an exception: " + e2.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasActivityUpdatePartiesPermission(Security security, GenericValue genericValue, String str, boolean z) throws GenericEntityException {
        if (security.hasEntityPermission("CRMSFA", "_ACT_ADMIN", genericValue)) {
            return true;
        }
        try {
            return hasActivityRelation(genericValue, str, false);
        } catch (GenericEntityException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to update party on workEffortId = [" + str + "], but permission was denied due to an exception: " + e.getMessage(), MODULE);
            return false;
        }
    }

    private static boolean hasActivityRelation(GenericValue genericValue, String str, boolean z) throws GenericEntityException {
        Delegator delegator = genericValue.getDelegator();
        String str2 = (String) genericValue.get("partyId");
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, "CAL_OWNER"));
        if (!z) {
            arrayList2.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, "CAL_ATTENDEE"));
            arrayList2.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, "CAL_DELEGATE"));
            arrayList2.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, "CAL_ORGANIZER"));
        }
        arrayList.add(EntityCondition.makeCondition(arrayList2, EntityOperator.OR));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(EntityCondition.makeCondition("partyId", EntityOperator.EQUALS, str2));
        arrayList3.add(EntityCondition.makeCondition("workEffortId", EntityOperator.EQUALS, str));
        arrayList.add(EntityCondition.makeCondition(arrayList3, EntityOperator.AND));
        arrayList.add(EntityUtil.getFilterByDateExpr());
        return delegator.findByCondition("WorkEffortPartyAssignment", EntityCondition.makeCondition(arrayList, EntityOperator.AND), (Collection) null, (List) null).size() != 0;
    }

    public static boolean hasChangeActivityOwnerPermission(Delegator delegator, Security security, GenericValue genericValue, String str) throws GenericEntityException {
        GenericValue activityOwner = UtilActivity.getActivityOwner(str, delegator);
        boolean z = false;
        if (UtilValidate.isNotEmpty(activityOwner)) {
            z = activityOwner.getString("partyId").equals(genericValue.getString("partyId"));
        }
        return (security.hasEntityPermission("CRMSFA_ACT", "_ADMIN", genericValue) || z) && hasActivityUpdatePartiesPermission(security, genericValue, str, false);
    }

    public static boolean hasOrderPermission(Security security, String str, GenericValue genericValue, String str2) {
        try {
            return genericValue.getDelegator().findByPrimaryKeyCache("OrderHeader", UtilMisc.toMap("orderId", str2)) != null;
        } catch (GenericEntityException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission to perform [CRMSFA_CASE] + [" + str + "] on orderId = [" + str2 + "], but permission was denied due to exception: " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasNotePermission(Security security, String str, String str2, GenericValue genericValue, GenericValue genericValue2, String str3, String str4) {
        try {
            Infrastructure infrastructure = new Infrastructure(GenericDispatcher.getLocalDispatcher((String) null, genericValue.getDelegator()));
            if (genericValue2 == null) {
                Debug.logError("Given Note was null", MODULE);
                return false;
            }
            if ("_VIEW".equals(str2)) {
                return true;
            }
            String string = genericValue2.getString("noteId");
            String modulePermission = getModulePermission(str);
            if (UtilValidate.isNotEmpty(str3)) {
                if (!hasPartyRelationSecurity(security, modulePermission, "_UPDATE", genericValue, str3)) {
                    Debug.logWarning("Checked UserLogin [" + genericValue + "] for permission to perform [" + modulePermission + "_UPDATE] on partyId = [" + str3 + "], but permission was denied.", MODULE);
                    return false;
                }
            } else {
                if (!UtilValidate.isNotEmpty(str4)) {
                    Debug.logError("Missing partyId or custRequestId in hasNotePermission.", MODULE);
                    return false;
                }
                if (!hasCasePermission(security, "_UPDATE", genericValue, str4)) {
                    Debug.logWarning("Checked UserLogin [" + genericValue + "] for permission to perform [" + modulePermission + "_UPDATE] on custRequestId = [" + str4 + "], but permission was denied.", MODULE);
                    return false;
                }
            }
            boolean booleanValue = infrastructure.getConfigurationValueAsBoolean("NOTE_OWNER_CHANGE_ONLY").booleanValue();
            if (booleanValue && UtilValidate.isNotEmpty(str3) && hasPartyRelationSecurity(security, "CRMSFA_NOTE_OVRD_OWN_ONLY", "", genericValue, str3)) {
                booleanValue = false;
            }
            if (!booleanValue) {
                return true;
            }
            if (genericValue != null && genericValue.getString("partyId").equals(genericValue2.getString("noteParty"))) {
                return true;
            }
            Debug.logWarning("UserLogin [" + genericValue + "] is not the owner of note = [" + string + "], permission [" + modulePermission + str2 + "] denied.", MODULE);
            return false;
        } catch (GeneralException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission [" + str + str2 + "] on note = [" + genericValue2 + "], but permission was denied due to exception : " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean hasNotePermission(Security security, String str, String str2, GenericValue genericValue, String str3, String str4, String str5) {
        try {
            GenericValue findByPrimaryKeyCache = genericValue.getDelegator().findByPrimaryKeyCache("NoteData", UtilMisc.toMap("noteId", str3));
            if (findByPrimaryKeyCache != null) {
                return hasNotePermission(security, str, str2, genericValue, findByPrimaryKeyCache, str4, str5);
            }
            Debug.logWarning("Note [" + str3 + "] cannot be found", MODULE);
            return false;
        } catch (GeneralException e) {
            Debug.logError(e, "Checked UserLogin [" + genericValue + "] for permission [" + str + str2 + "] on note = [" + str3 + "], but permission was denied due to exception : " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static String getModulePermission(String str) {
        return "CRMSFA_LEADS".equals(str) ? "CRMSFA_LEAD" : "CRMSFA_ACCOUNT".equals(str) ? "CRMSFA_ACCOUNT" : "CRMSFA_CONTACT".equals(str) ? "CRMSFA_CONTACT" : "";
    }
}
