package com.inet.helpdesk.ticketmanager.access;

import com.inet.helpdesk.core.permissions.HdPermissions;
import com.inet.helpdesk.core.ticketmanager.TicketManager;
import com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker;
import com.inet.helpdesk.core.ticketmanager.fields.usergroup.UserGroupVO;
import com.inet.helpdesk.core.ticketmanager.fields.usergroup.UserGroupVOManager;
import com.inet.helpdesk.core.ticketmanager.model.ReaStepVO;
import com.inet.helpdesk.core.ticketmanager.model.TicketPermissionContext;
import com.inet.helpdesk.core.ticketmanager.model.TicketVO;
import com.inet.helpdesk.core.ticketmanager.model.TicketVOSingle;
import com.inet.helpdesk.core.ticketmanager.model.Tickets;
import com.inet.helpdesk.core.ticketmanager.model.tickets.additionalaccess.TicketAdditionalAccessValue;
import com.inet.helpdesk.ticketmanager.dao.TicketReadDAO;
import com.inet.helpdesk.usersandgroups.HDUsersAndGroups;
import com.inet.helpdesk.usersandgroups.groups.fields.ResourceFieldSettings;
import com.inet.id.GUID;
import com.inet.permissions.AccessDeniedException;
import com.inet.permissions.Permission;
import com.inet.permissions.SystemPermissionChecker;
import com.inet.usersandgroups.api.Hash;
import com.inet.usersandgroups.api.groups.UserGroupInfo;
import com.inet.usersandgroups.api.groups.UserGroupManager;
import com.inet.usersandgroups.api.ui.Type;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserManager;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nullable;

/* loaded from: input_file:com/inet/helpdesk/ticketmanager/access/TicketPermissionCheckerImpl.class */
public class TicketPermissionCheckerImpl implements TicketPermissionChecker {
    private TicketReadDAO readDAO;

    public TicketPermissionCheckerImpl(TicketReadDAO ticketReadDAO) {
        this.readDAO = ticketReadDAO;
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public boolean checkCurrentUserCanReadTicket(int i) {
        TicketPermissionContext ticketPermissionInfo = getTicketPermissionInfo(i);
        return ticketPermissionInfo == null || ticketPermissionInfo.hasAnyAccessToTicket();
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public boolean checkCurrentUserCanReadReaStep(int i) {
        TicketPermissionContext ticketPermissionInfo;
        ReaStepVO reaStep = this.readDAO.getReaStep(i);
        if (reaStep == null || (ticketPermissionInfo = getTicketPermissionInfo(reaStep.getOrgBunID())) == null || ticketPermissionInfo.hasAnyAccessToTicket()) {
            return true;
        }
        Iterator<TicketVOSingle> it = this.readDAO.getTicketsInBundle(reaStep.getBunID(), true).iterator();
        while (it.hasNext()) {
            TicketPermissionContext ticketPermissionInfo2 = getTicketPermissionInfo(it.next().getID());
            if (ticketPermissionInfo2 != null && ticketPermissionInfo2.hasEnduserAccessToTicket() && reaStep.isBundleVisible()) {
                return true;
            }
        }
        return false;
    }

    private boolean hasOwnerAccess(@Nullable GUID guid, TicketVO ticketVO) {
        UserAccount userAccount;
        Integer num;
        if (guid == null) {
            return false;
        }
        if (ticketVO.getWorkflowID() != null && ticketVO.getWorkflowID().intValue() != ticketVO.getID()) {
            return false;
        }
        boolean z = false;
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null) {
            return false;
        }
        if (currentUserAccount == null || !currentUserAccount.getID().equals(guid)) {
            int userID = HDUsersAndGroups.getUserID(guid);
            if (userID > -1 && (userAccount = HDUsersAndGroups.getUserAccount(userID)) != null && (num = (Integer) userAccount.getValue(HDUsersAndGroups.FIELD_GROUP_ID)) != null) {
                Iterator<UserGroupVO> it = UserGroupVOManager.getInstance().getGroupsWhereUserIsSupervisor(currentUserAccount.getID()).iterator();
                while (it.hasNext()) {
                    if (it.next().getId() == num.intValue()) {
                        z = true;
                    }
                }
            }
        } else {
            z = true;
        }
        return z;
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public boolean checkCurrentUserCanWriteTicket(int i) {
        TicketPermissionContext ticketPermissionInfo = getTicketPermissionInfo(i);
        if (ticketPermissionInfo == null) {
            return true;
        }
        if (ticketPermissionInfo.hasAnyAccessToTicket()) {
            return ticketPermissionInfo.isTicketOwner() || ticketPermissionInfo.getSupporterPermissions() == TicketPermissionContext.SupporterPermission.READWRITE;
        }
        return false;
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public void throwExceptionIfCurrentUserIsNotDispatcher() throws AccessDeniedException {
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null || !SystemPermissionChecker.hasAnyPermission(currentUserAccount, new Permission[]{HdPermissions.DISPATCHER})) {
            throw new AccessDeniedException(HdPermissions.DISPATCHER);
        }
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public boolean checkCanChangeOwnerInTicket(int i) {
        TicketVO ticket = TicketManager.getReader().getTicket(i);
        if (ticket == null) {
            return false;
        }
        GUID resourceID = ticket.getResourceID();
        return resourceID == null || ResourceFieldSettings.isSet(((Integer) UserGroupManager.getInstance().getGroup(resourceID).getValue(HDUsersAndGroups.RES_FIELD_SETTINGS)).intValue(), 2);
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public TicketPermissionContext getTicketPermissionInfo(int i) throws AccessDeniedException {
        TicketVOSingle ticket = this.readDAO.getTicket(i);
        if (ticket == null) {
            return null;
        }
        return getTicketPermissionInfo(ticket);
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public TicketPermissionContext getTicketPermissionInfo(TicketVO ticketVO) throws AccessDeniedException {
        boolean hasOwnerAccess = hasOwnerAccess(ticketVO.getOwnerID(), ticketVO);
        TicketPermissionContext.SupporterPermission supporterPermission = TicketPermissionContext.SupporterPermission.NONE;
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null) {
            throw new AccessDeniedException();
        }
        if (ticketVO.isInquiry()) {
            if (HDUsersAndGroups.isDispatcher(currentUserAccount)) {
                supporterPermission = TicketPermissionContext.SupporterPermission.READWRITE;
            } else if (hasAdditionalAccess(currentUserAccount, ticketVO, true)) {
                supporterPermission = TicketPermissionContext.SupporterPermission.READWRITE;
            } else if (hasAdditionalAccess(currentUserAccount, ticketVO, false)) {
                supporterPermission = TicketPermissionContext.SupporterPermission.READ;
            }
        } else if (SystemPermissionChecker.hasAnyPermission(currentUserAccount, new Permission[]{HdPermissions.TICKET_RESOURCES_READ_WRITE})) {
            supporterPermission = TicketPermissionContext.SupporterPermission.READWRITE;
        } else if (hasAdditionalAccess(currentUserAccount, ticketVO, true)) {
            supporterPermission = TicketPermissionContext.SupporterPermission.READWRITE;
        } else {
            if (hasAdditionalAccess(currentUserAccount, ticketVO, false)) {
                supporterPermission = TicketPermissionContext.SupporterPermission.READ;
            } else if (SystemPermissionChecker.hasAnyPermission(currentUserAccount, new Permission[]{HdPermissions.TICKET_RESOURCES_READ})) {
                supporterPermission = TicketPermissionContext.SupporterPermission.READ;
            }
            if (ticketVO.getID() != ticketVO.getBundleID()) {
                ticketVO = TicketManager.getReaderForSystem().getTicket(ticketVO.getBundleID());
            }
            GUID resourceID = ticketVO.getResourceID();
            if (resourceID != null) {
                UserGroupInfo group = UserGroupManager.getInstance().getGroup(resourceID);
                if (HDUsersAndGroups.hasWritePermissionInResource(currentUserAccount.getID(), group)) {
                    supporterPermission = TicketPermissionContext.SupporterPermission.READWRITE;
                } else if (HDUsersAndGroups.hasAccessInResource(currentUserAccount.getID(), group)) {
                    supporterPermission = TicketPermissionContext.SupporterPermission.READ;
                }
            }
        }
        return new TicketPermissionContext(hasOwnerAccess, supporterPermission, ticketVO.isInquiry());
    }

    private boolean hasAdditionalAccess(UserAccount userAccount, TicketVO ticketVO, boolean z) {
        TicketAdditionalAccessValue ticketAdditionalAccessValue = (TicketAdditionalAccessValue) ticketVO.getValue(Tickets.FIELD_ADDITIONAL_ACCESS);
        if (ticketAdditionalAccessValue == null) {
            return false;
        }
        Set<Hash> writeAccess = z ? ticketAdditionalAccessValue.getWriteAccess() : ticketAdditionalAccessValue.getReadAccess();
        if (writeAccess.contains(Hash.forUser(userAccount.getID()))) {
            return true;
        }
        if (!writeAccess.stream().anyMatch(hash -> {
            return hash.getType() == Type.group;
        })) {
            return false;
        }
        Iterator it = UserGroupManager.getInstance().getGroupsForUser(userAccount.getID()).iterator();
        while (it.hasNext()) {
            if (writeAccess.contains(Hash.forGroup(((UserGroupInfo) it.next()).getID()))) {
                return true;
            }
        }
        return false;
    }

    @Override // com.inet.helpdesk.core.ticketmanager.TicketPermissionChecker
    public boolean isDispatcher() {
        UserAccount currentUserAccount = UserManager.getInstance().getCurrentUserAccount();
        if (currentUserAccount == null) {
            throw new AccessDeniedException();
        }
        return HDUsersAndGroups.isDispatcher(currentUserAccount);
    }
}
