package com.ibm.rpm.framework.security.controller.impl.igs;

import com.ibm.rpm.applicationadministration.containers.AttributeAssignment;
import com.ibm.rpm.applicationadministration.containers.RtfAssignment;
import com.ibm.rpm.customfield.containers.CustomFieldAssignment;
import com.ibm.rpm.document.containers.DocumentBlobDetails;
import com.ibm.rpm.document.containers.DocumentElement;
import com.ibm.rpm.document.scope.DocumentScope;
import com.ibm.rpm.financial.containers.AbstractFinancial;
import com.ibm.rpm.financial.containers.TimeCodeAssignment;
import com.ibm.rpm.framework.MessageContext;
import com.ibm.rpm.framework.RPMException;
import com.ibm.rpm.framework.RPMObject;
import com.ibm.rpm.framework.RPMObjectScope;
import com.ibm.rpm.framework.RpmResult;
import com.ibm.rpm.framework.security.controller.SecurityValidationResult;
import com.ibm.rpm.framework.security.controller.impl.SecurityControllerUtil;
import com.ibm.rpm.framework.security.controller.impl.resource.ResourceBasedSecurityControllerImpl;
import com.ibm.rpm.resource.containers.ResourceRoleAssignment;
import com.ibm.rpm.scopemanagement.containers.Duplicate;
import com.ibm.rpm.scopemanagement.containers.MitigationFactor;
import com.ibm.rpm.scopemanagement.containers.ReqProConnection;
import com.ibm.rpm.scopemanagement.containers.ReqProImportStatus;
import com.ibm.rpm.scopemanagement.containers.RiskMatrix;
import com.ibm.rpm.scopemanagement.containers.ScopeElement;
import com.ibm.rpm.scopemanagement.scope.ScopeElementScope;
import com.ibm.rpm.scorecard.containers.AssignedScorecard;
import com.ibm.rpm.security.containers.ProjectSecurityRole;
import com.ibm.rpm.security.types.ProjectSecurityRoleType;
import com.ibm.rpm.timesheet.containers.DefaultStep;
import com.ibm.rpm.timesheet.containers.GenericStep;
import com.ibm.rpm.timesheet.containers.GenericTaskAssignment;
import com.ibm.rpm.timesheet.containers.SummaryTimesheet;
import com.ibm.rpm.timesheet.scope.StepScope;
import com.ibm.rpm.timesheet.scope.SummaryTimesheetScope;
import com.ibm.rpm.wbs.containers.ElementDependency;
import com.ibm.rpm.wbs.containers.GenericProject;
import com.ibm.rpm.wbs.containers.Opportunity;
import com.ibm.rpm.wbs.containers.ProjectOrganizationalAssignment;
import com.ibm.rpm.wbs.containers.TaskAssignment;
import com.ibm.rpm.wbs.containers.WorkElement;
import com.ibm.rpm.wbs.scope.WorkElementScope;
import com.ibm.rpm.workflow.containers.WorkflowRoleMapping;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/rpm-data-7.1.1.2-iFix.jar:com/ibm/rpm/framework/security/controller/impl/igs/IGSSecurityControllerImpl.class */
public class IGSSecurityControllerImpl extends ResourceBasedSecurityControllerImpl {
    private static final int UNDEFINED = 0;
    private static final int NONE = 1;
    private static final int ASSIGNED = 2;
    private static final int MANAGER = 3;

    private int extractResourceRoleType(Set set) {
        if (set == null || set.isEmpty()) {
            return 1;
        }
        for (Object obj : set) {
            if ((obj instanceof ProjectSecurityRole) && ((ProjectSecurityRole) obj).getType() == ProjectSecurityRoleType.ProjectManager) {
                return 3;
            }
        }
        return 2;
    }

    private int getResourceRoleTypeFromGenericProject(MessageContext messageContext, GenericProject genericProject) {
        int extractResourceRoleType;
        if (messageContext.getLoadParams() != null && (extractResourceRoleType = extractResourceRoleType(messageContext.getRPMSecurityCache().getLoadedSecurityRolesSet(genericProject))) != 1) {
            return extractResourceRoleType;
        }
        if (SecurityControllerUtil.loadByPrimaryKey(genericProject, null, messageContext, true).loadedRPMObject == null || !messageContext.isSuccessful()) {
            return 1;
        }
        return extractResourceRoleType(messageContext.getRPMSecurityCache().getLoadedSecurityRolesSet(genericProject));
    }

    private int getResourceRoleTypeFromGenericStep(MessageContext messageContext, GenericStep genericStep) throws RPMException {
        if (genericStep.getID() == null) {
            return genericStep.getProject() != null ? getResourceRoleTypeFromGenericProject(messageContext, genericStep.getProject()) : genericStep.getWorkElement() != null ? getResourceRoleType(messageContext, genericStep.getWorkElement()) : getResourceRoleType(messageContext, genericStep.getTaskAssignment());
        }
        StepScope stepScope = new StepScope();
        stepScope.setProject(true);
        GenericStep genericStep2 = (GenericStep) SecurityControllerUtil.loadByPrimaryKey(genericStep, stepScope, messageContext, false).loadedRPMObject;
        if (genericStep2 == null || genericStep2.getProject() == null) {
            return 1;
        }
        return getResourceRoleTypeFromGenericProject(messageContext, genericStep2.getProject());
    }

    private int getResourceRoleType(MessageContext messageContext, RPMObject rPMObject) throws RPMException {
        if (rPMObject == null) {
            return 1;
        }
        if (rPMObject instanceof GenericProject) {
            if (rPMObject.getID() == null) {
                return 0;
            }
            return getResourceRoleTypeFromGenericProject(messageContext, (GenericProject) rPMObject);
        }
        if (rPMObject instanceof WorkElement) {
            return getResourceRoleTypeFromNonProjectWorkElement(messageContext, (WorkElement) rPMObject);
        }
        if (rPMObject instanceof ScopeElement) {
            return getResourceRoleTypeFromScopeElement(messageContext, (ScopeElement) rPMObject);
        }
        if (rPMObject instanceof DocumentElement) {
            return getResourceRoleTypeFromDocumentElement(messageContext, (DocumentElement) rPMObject);
        }
        if (rPMObject instanceof GenericStep) {
            return getResourceRoleTypeFromGenericStep(messageContext, (GenericStep) rPMObject);
        }
        if (rPMObject instanceof SummaryTimesheet) {
            return getResourceRoleTypeFromSummaryTimesheet(messageContext, (SummaryTimesheet) rPMObject);
        }
        if (rPMObject instanceof ProjectOrganizationalAssignment) {
            return getResourceRoleTypeFromProjectOrganizationalAssignment(messageContext, (ProjectOrganizationalAssignment) rPMObject);
        }
        if ((rPMObject instanceof Opportunity) || (rPMObject instanceof RiskMatrix) || (rPMObject instanceof MitigationFactor) || (rPMObject instanceof ReqProConnection) || (rPMObject instanceof ReqProImportStatus) || (rPMObject instanceof DefaultStep) || (rPMObject instanceof AbstractFinancial) || (rPMObject instanceof TimeCodeAssignment) || (rPMObject instanceof DocumentBlobDetails) || (rPMObject instanceof WorkflowRoleMapping) || (rPMObject instanceof ResourceRoleAssignment) || (rPMObject instanceof ElementDependency) || (rPMObject instanceof Duplicate) || (rPMObject instanceof AssignedScorecard) || (rPMObject instanceof CustomFieldAssignment) || (rPMObject instanceof AttributeAssignment) || (rPMObject instanceof RtfAssignment) || (rPMObject instanceof GenericTaskAssignment)) {
            return getResourceRoleTypeFromParent(messageContext, rPMObject);
        }
        return 0;
    }

    private int getResourceRoleTypeFromProjectOrganizationalAssignment(MessageContext messageContext, ProjectOrganizationalAssignment projectOrganizationalAssignment) throws RPMException {
        GenericProject genericProject;
        if (projectOrganizationalAssignment.getID() == null) {
            return getResourceRoleType(messageContext, projectOrganizationalAssignment.getParent());
        }
        RpmResult load = messageContext.getFactory().getManagerCaller().load(messageContext.getSession(), new StringBuffer().append("/GenericProject[ProjectOrganizationalAssignment[id='").append(projectOrganizationalAssignment.getID()).append("']]").toString(), (RPMObjectScope) null);
        if (!load.isSuccessful() || (genericProject = (GenericProject) load.getFirstObject()) == null) {
            return 1;
        }
        return getResourceRoleTypeFromGenericProject(messageContext, genericProject);
    }

    private int getResourceRoleTypeFromNonProjectWorkElement(MessageContext messageContext, WorkElement workElement) throws RPMException {
        if (workElement.getID() == null) {
            return getResourceRoleType(messageContext, workElement.getParent());
        }
        WorkElementScope workElementScope = new WorkElementScope();
        workElementScope.setContainingProject(new WorkElementScope());
        WorkElement workElement2 = (WorkElement) SecurityControllerUtil.loadByPrimaryKey(workElement, workElementScope, messageContext, false).loadedRPMObject;
        if (workElement2 == null || workElement2.getContainingProject() == null) {
            return 1;
        }
        return getResourceRoleTypeFromGenericProject(messageContext, (GenericProject) workElement2.getContainingProject());
    }

    private int getResourceRoleTypeFromScopeElement(MessageContext messageContext, ScopeElement scopeElement) throws RPMException {
        if (scopeElement.getID() == null) {
            return getResourceRoleType(messageContext, scopeElement.getParent());
        }
        ScopeElementScope scopeElementScope = new ScopeElementScope();
        scopeElementScope.setProject(new WorkElementScope());
        ScopeElement scopeElement2 = (ScopeElement) SecurityControllerUtil.loadByPrimaryKey(scopeElement, scopeElementScope, messageContext, false).loadedRPMObject;
        if (scopeElement2 == null || scopeElement2.getProject() == null) {
            return 1;
        }
        return getResourceRoleTypeFromGenericProject(messageContext, scopeElement2.getProject());
    }

    private int getResourceRoleTypeFromDocumentElement(MessageContext messageContext, DocumentElement documentElement) throws RPMException {
        if (documentElement.getID() == null) {
            return getResourceRoleType(messageContext, documentElement.getParent());
        }
        DocumentScope documentScope = new DocumentScope();
        documentScope.setContainingProject(new WorkElementScope());
        DocumentElement documentElement2 = (DocumentElement) SecurityControllerUtil.loadByPrimaryKey(documentElement, documentScope, messageContext, false).loadedRPMObject;
        if (documentElement2 == null) {
            return 1;
        }
        if (documentElement2.getContainingProject() == null) {
            return 0;
        }
        return getResourceRoleTypeFromGenericProject(messageContext, documentElement2.getContainingProject());
    }

    private int getResourceRoleTypeFromSummaryTimesheet(MessageContext messageContext, SummaryTimesheet summaryTimesheet) throws RPMException {
        if (summaryTimesheet.getID() != null) {
            SummaryTimesheetScope summaryTimesheetScope = new SummaryTimesheetScope();
            summaryTimesheetScope.setProject(true);
            SummaryTimesheet summaryTimesheet2 = (SummaryTimesheet) SecurityControllerUtil.loadByPrimaryKey(summaryTimesheet, summaryTimesheetScope, messageContext, false).loadedRPMObject;
            if (summaryTimesheet2 == null || summaryTimesheet2.getProject() == null) {
                return 1;
            }
            return getResourceRoleTypeFromGenericProject(messageContext, summaryTimesheet2.getProject());
        }
        if (summaryTimesheet.getProject() != null) {
            return getResourceRoleTypeFromGenericProject(messageContext, summaryTimesheet.getProject());
        }
        if (summaryTimesheet.getWorkElement() != null) {
            return getResourceRoleType(messageContext, summaryTimesheet.getWorkElement());
        }
        GenericTaskAssignment taskAssignment = summaryTimesheet.getTaskAssignment();
        if (taskAssignment instanceof TaskAssignment) {
            return getResourceRoleType(messageContext, taskAssignment);
        }
        return 0;
    }

    private int getResourceRoleTypeFromParent(MessageContext messageContext, RPMObject rPMObject) throws RPMException {
        RPMObject rPMObject2;
        if (rPMObject.getID() == null) {
            return getResourceRoleType(messageContext, rPMObject.getParent());
        }
        RPMObjectScope rPMObjectScope = SecurityControllerUtil.getRPMObjectScope(rPMObject, new RPMObjectScope());
        if (rPMObjectScope == null || (rPMObject2 = SecurityControllerUtil.loadByPrimaryKey(rPMObject, rPMObjectScope, messageContext, false).loadedRPMObject) == null) {
            return 1;
        }
        return getResourceRoleType(messageContext, rPMObject2.getParent());
    }

    private SecurityValidationResult doesResourceRoleAllowEditing(String str, MessageContext messageContext, RPMObject rPMObject) throws RPMException {
        if (!messageContext.isSuccessful() || rPMObject == null) {
            return SecurityValidationResult.makeFalseResult(new StringBuffer().append(str).append(". Invalid input to check if user is a Project Manager").toString());
        }
        switch (getResourceRoleType(messageContext, rPMObject)) {
            case 0:
                return SecurityValidationResult.UNDEFINED_RESULT;
            case 1:
            case 2:
                return SecurityValidationResult.makeFalseResult(new StringBuffer().append(str).append(". The user is not a Project Manager").toString());
            case 3:
                return SecurityValidationResult.TRUE_RESULT;
            default:
                throw new RPMException("Unknown ResourceRole enum type");
        }
    }

    private SecurityValidationResult doesResourceRoleAllowViewing(String str, MessageContext messageContext, RPMObject rPMObject) throws RPMException {
        if (!messageContext.isSuccessful() || rPMObject == null) {
            return SecurityValidationResult.makeFalseResult(new StringBuffer().append(str).append(". Invalid input to check if user can view the data").toString());
        }
        switch (getResourceRoleType(messageContext, rPMObject)) {
            case 0:
                return SecurityValidationResult.UNDEFINED_RESULT;
            case 1:
                return SecurityValidationResult.makeFalseResult("The user is not assigned to the Project");
            case 2:
            case 3:
                return SecurityValidationResult.TRUE_RESULT;
            default:
                throw new RPMException("Unknown ResourceRole enum type");
        }
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.resource.ResourceBasedSecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canConvertContainer(MessageContext messageContext, RPMObject rPMObject, RPMObject rPMObject2, RPMObjectScope rPMObjectScope) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowEditing = doesResourceRoleAllowEditing("Perform a Convert Container operation", messageContext, rPMObject);
        if (doesResourceRoleAllowEditing.type != SecurityValidationResult.TRUE) {
            SecurityValidationResult canConvertContainer = super.canConvertContainer(messageContext, rPMObject, rPMObject2, rPMObjectScope);
            if (canConvertContainer.type != SecurityValidationResult.UNDEFINED) {
                return canConvertContainer;
            }
        }
        return doesResourceRoleAllowEditing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.resource.ResourceBasedSecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canCreateObjectFromTemplate(MessageContext messageContext, RPMObject rPMObject, RPMObject rPMObject2, RPMObjectScope rPMObjectScope) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowEditing = doesResourceRoleAllowEditing("Perform a Convert Container operation", messageContext, rPMObject);
        if (doesResourceRoleAllowEditing.type != SecurityValidationResult.TRUE) {
            SecurityValidationResult canCreateObjectFromTemplate = super.canCreateObjectFromTemplate(messageContext, rPMObject, rPMObject2, rPMObjectScope);
            if (canCreateObjectFromTemplate.type != SecurityValidationResult.UNDEFINED) {
                return canCreateObjectFromTemplate;
            }
        }
        return doesResourceRoleAllowEditing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.resource.ResourceBasedSecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canCreate(MessageContext messageContext, RPMObject rPMObject, RPMObjectScope rPMObjectScope) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowEditing = doesResourceRoleAllowEditing("Perform a Create operation", messageContext, rPMObject);
        if (doesResourceRoleAllowEditing.type != SecurityValidationResult.TRUE) {
            SecurityValidationResult canCreate = super.canCreate(messageContext, rPMObject, rPMObjectScope);
            if (canCreate.type != SecurityValidationResult.UNDEFINED) {
                return canCreate;
            }
        }
        return doesResourceRoleAllowEditing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.SecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canDelete(MessageContext messageContext, RPMObject rPMObject) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowEditing = doesResourceRoleAllowEditing("Perform a Delete operation", messageContext, rPMObject);
        if (doesResourceRoleAllowEditing.type != SecurityValidationResult.TRUE) {
            SecurityValidationResult canDelete = super.canDelete(messageContext, rPMObject);
            if (canDelete.type != SecurityValidationResult.UNDEFINED) {
                return canDelete;
            }
        }
        return doesResourceRoleAllowEditing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.SecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canUpdate(MessageContext messageContext, RPMObject rPMObject, RPMObjectScope rPMObjectScope) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowEditing = doesResourceRoleAllowEditing("Perform an Update operation", messageContext, rPMObject);
        if (doesResourceRoleAllowEditing.type != SecurityValidationResult.TRUE) {
            SecurityValidationResult canUpdate = super.canUpdate(messageContext, rPMObject, rPMObjectScope);
            if (canUpdate.type != SecurityValidationResult.UNDEFINED) {
                return canUpdate;
            }
        }
        return doesResourceRoleAllowEditing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.SecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public ArrayList applyFiltering(MessageContext messageContext, ArrayList arrayList) throws RPMException {
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            RPMObject rPMObject = (RPMObject) it.next();
            if (doesResourceRoleAllowViewing("LOAD", messageContext, rPMObject).type != SecurityValidationResult.FALSE) {
                arrayList2.add(rPMObject);
            }
        }
        return arrayList2;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.SecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult applyFieldFiltering(RPMObject rPMObject, MessageContext messageContext) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowViewing = doesResourceRoleAllowViewing("LOAD", messageContext, rPMObject);
        return doesResourceRoleAllowViewing.type != SecurityValidationResult.FALSE ? super.applyFieldFiltering(rPMObject, messageContext) : doesResourceRoleAllowViewing;
    }

    @Override // com.ibm.rpm.framework.security.controller.impl.SecurityControllerImpl, com.ibm.rpm.framework.security.controller.BaseSecurityController, com.ibm.rpm.framework.security.controller.ISecurityController
    public SecurityValidationResult canView(RPMObject rPMObject, MessageContext messageContext) throws RPMException {
        SecurityValidationResult doesResourceRoleAllowViewing = doesResourceRoleAllowViewing("LOAD", messageContext, rPMObject);
        return doesResourceRoleAllowViewing.type != SecurityValidationResult.FALSE ? super.canView(rPMObject, messageContext) : doesResourceRoleAllowViewing;
    }
}
