package org.gcube.portal.oidc.lr62;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalThreadLocal;
import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.security.permission.PermissionThreadLocal;
import com.liferay.portal.service.UserLocalServiceUtil;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.gcube.oidc.D4ScienceMappings;
import org.gcube.oidc.OIDCToSitesAndRolesMapper;
import org.gcube.oidc.Site;
import org.gcube.oidc.SitesMapperExecption;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
import org.gcube.vomanagement.usermanagement.exception.RoleRetrievalFault;
import org.gcube.vomanagement.usermanagement.exception.UserManagementPortalException;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;

/* loaded from: input_file:org/gcube/portal/oidc/lr62/UserSitesToGroupsAndRolesMapper.class */
public class UserSitesToGroupsAndRolesMapper {
    protected static final Log log = LogFactoryUtil.getLog(UserSitesToGroupsAndRolesMapper.class);
    protected User user;
    protected OIDCToSitesAndRolesMapper mapper;
    protected UserManager userManager;
    protected GroupManager groupManager;
    protected RoleManager roleManager;
    protected String rootVOName;
    protected Map<Long, List<String>> actualGroupAndRoles;
    protected Map<String, GCubeRole> roleNameToRole;

    public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper oIDCToSitesAndRolesMapper) {
        this.user = user;
        this.mapper = oIDCToSitesAndRolesMapper;
        try {
            if (log.isDebugEnabled()) {
                log.debug("Creating the permission checker for admin user");
            }
            long userId = LiferayUserManager.getAdmin().getUserId();
            PrincipalThreadLocal.setName(userId);
            PermissionThreadLocal.setPermissionChecker(PermissionCheckerFactoryUtil.create(UserLocalServiceUtil.getUser(userId)));
            this.userManager = new LiferayUserManager();
            this.groupManager = new LiferayGroupManager();
            this.roleManager = new LiferayRoleManager();
            try {
                this.rootVOName = this.groupManager.getRootVOName();
                try {
                    Map listGroupsAndRolesByUser = this.groupManager.listGroupsAndRolesByUser(user.getUserId());
                    this.actualGroupAndRoles = new TreeMap();
                    for (GCubeGroup gCubeGroup : listGroupsAndRolesByUser.keySet()) {
                        ArrayList arrayList = new ArrayList();
                        this.actualGroupAndRoles.put(Long.valueOf(gCubeGroup.getGroupId()), arrayList);
                        Iterator it = ((List) listGroupsAndRolesByUser.get(gCubeGroup)).iterator();
                        while (it.hasNext()) {
                            arrayList.add(((GCubeRole) it.next()).getRoleName());
                        }
                    }
                    this.roleNameToRole = new TreeMap();
                    for (GCubeRole gCubeRole : this.roleManager.listAllGroupRoles()) {
                        this.roleNameToRole.put(gCubeRole.getRoleName(), gCubeRole);
                    }
                } catch (UserManagementSystemException e) {
                    log.error("Cannot get sites and roles membership for user", e);
                }
            } catch (UserManagementSystemException | GroupRetrievalFault e2) {
                log.error("Cannot get infrastructure's Root VO", e2);
            }
        } catch (Exception e3) {
            log.fatal("Cannot create permission checker for admin user", e3);
        }
    }

    public void map() {
        log.info("Mapping roles to sites for user: " + this.user.getScreenName());
        Site site = null;
        try {
            site = this.mapper.map(this.rootVOName);
            if (log.isDebugEnabled()) {
                log.debug("Sites tree is: " + (site != null ? site.dump() : "null"));
            }
        } catch (SitesMapperExecption e) {
            log.error("Computing sites tree in concrete mapper class", e);
        }
        if (site != null) {
            if (log.isDebugEnabled()) {
                log.debug("Check user to sites assignemnts");
            }
            rolesToSiteDescendant(site);
        }
        if (log.isDebugEnabled()) {
            log.debug("Check user to sites removal");
        }
        checkForSiteRemoval(site);
    }

    protected void rolesToSiteDescendant(Site site) {
        try {
            if (log.isDebugEnabled()) {
                log.debug("Getting actual site group from group manager, actual site: " + site.getName());
            }
            Long valueOf = Long.valueOf(this.groupManager.getGroupId(site.getName()));
            try {
                if (this.groupManager.isVRE(valueOf.longValue()).booleanValue() && !this.actualGroupAndRoles.containsKey(valueOf)) {
                    log.info("Assigning user to new VRE site: " + site.getName());
                    this.userManager.assignUserToGroup(valueOf.longValue(), this.user.getUserId());
                    if (site.getRoles() != null && !site.getRoles().isEmpty()) {
                        log.info("Assiging roles for the new assigned VRE site");
                        for (String str : site.getRoles()) {
                            if (!D4ScienceMappings.Role.MEMBER.asString().equals(str)) {
                                this.roleManager.assignRoleToUser(this.user.getUserId(), valueOf.longValue(), this.roleNameToRole.get(str).getRoleId());
                            }
                        }
                        return;
                    }
                    log.info("User has no roles in the VRE site");
                }
            } catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault | UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
                log.error("Assigning user to new VRE site: " + site.getName(), e);
            }
            if (site.getRoles() != null) {
                List<String> list = this.actualGroupAndRoles.get(valueOf);
                ArrayList<String> arrayList = new ArrayList(site.getRoles());
                arrayList.remove(D4ScienceMappings.Role.MEMBER.asString());
                if (list == null || list.isEmpty()) {
                    log.info("User actually has no roles different from Member in the site");
                } else {
                    log.info("Checking actual roles in the site's group");
                    for (String str2 : list) {
                        String name = site.getName();
                        if (!D4ScienceMappings.Role.exists(str2) || site.getRoles().contains(str2)) {
                            if (log.isTraceEnabled()) {
                                log.trace("User still have role in the site, emoving it from the new roles list: " + str2);
                            }
                            arrayList.remove(str2);
                        } else {
                            try {
                                log.info("Removing '" + str2 + "' user's role for site: " + name);
                                this.roleManager.removeRoleFromUser(this.user.getUserId(), valueOf.longValue(), this.roleNameToRole.get(str2).getRoleId());
                            } catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault | RoleRetrievalFault e2) {
                                log.error("Can't remove user role '" + str2 + "' from: " + name, e2);
                            }
                        }
                    }
                }
                if (!arrayList.isEmpty()) {
                    for (String str3 : arrayList) {
                        if (log.isDebugEnabled()) {
                            log.debug("Adding new role to user. New role: " + str3);
                        }
                        GCubeRole gCubeRole = this.roleNameToRole.get(str3);
                        if (gCubeRole != null) {
                            try {
                                log.info("Assinging new role '" + str3 + "' to user");
                                this.roleManager.assignRoleToUser(this.user.getUserId(), valueOf.longValue(), gCubeRole.getRoleId());
                            } catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault | RoleRetrievalFault e3) {
                                log.error("Cannot assign new role '" + str3 + "' for site: " + site.getName(), e3);
                            }
                        } else {
                            log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: " + str3);
                        }
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("User has no new roles for the site");
                }
            } else {
                log.info("Roles were not set, continuing descending letting them untouched in site: " + site.getName());
            }
            for (Site site2 : site.getChildren().values()) {
                log.info("Recursive call to child site: " + site2.getName());
                rolesToSiteDescendant(site2);
            }
        } catch (UserManagementSystemException | GroupRetrievalFault e4) {
            log.error("Cannot retrieve group for site: " + site.getName(), e4);
        }
    }

    protected void checkForSiteRemoval(Site site) {
        ArrayList arrayList = new ArrayList();
        if (site != null) {
            log.debug("Collecting VREs user belongs to");
            Iterator it = site.getChildren().values().iterator();
            while (it.hasNext()) {
                Iterator it2 = ((Site) it.next()).getChildren().values().iterator();
                while (it2.hasNext()) {
                    String name = ((Site) it2.next()).getName();
                    log.trace("Adding VRE to the list: " + name);
                    arrayList.add(name);
                }
            }
        } else {
            log.info("User not belongs to any VRE");
        }
        for (Long l : this.actualGroupAndRoles.keySet()) {
            try {
                String groupName = this.groupManager.getGroup(l.longValue()).getGroupName();
                if (!this.groupManager.isVRE(l.longValue()).booleanValue()) {
                    log.debug("Do not check membership for non VRE: " + groupName);
                } else if (!arrayList.contains(groupName)) {
                    log.info("Removing user from VRE: " + groupName);
                    try {
                        this.userManager.dismissUserFromGroup(l.longValue(), this.user.getUserId());
                    } catch (UserRetrievalFault e) {
                        log.error("Removing user from VRE: " + groupName, e);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("User still belong to VRE: " + groupName);
                }
            } catch (UserManagementSystemException | GroupRetrievalFault e2) {
                log.error("Checking if site group is a VRE", e2);
            }
        }
    }
}
