package ch.elexis.core.services;

import ch.elexis.core.ac.ACE;
import ch.elexis.core.ac.AbstractAccessControl;
import ch.elexis.core.ac.AccessControlDefaults;
import ch.elexis.core.ac.IACLContributor;
import ch.elexis.core.model.IRole;
import ch.elexis.core.model.IUser;
import ch.elexis.core.services.internal.RoleBasedAccessControl;
import ch.elexis.core.utils.Extensions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:ch/elexis/core/services/AccessControlService.class */
public class AccessControlService implements IAccessControlService {

    @Reference(target = "(service.model.name=ch.elexis.core.model)")
    private IModelService modelService;
    private static Map<String, ACE> allDefinedACEs;
    private static AbstractAccessControl acl;

    @Activate
    private void activate() {
        acl = new RoleBasedAccessControl(this.modelService);
    }

    private void initAllDefinedACEs() {
        if (allDefinedACEs != null) {
            return;
        }
        allDefinedACEs = (Map) ((List) getACLContributionExtensions().stream().flatMap(iACLContributor -> {
            return Arrays.asList(iACLContributor.getACL()).stream();
        }).collect(Collectors.toList())).stream().collect(Collectors.toMap(ace -> {
            return ace.getCanonicalName();
        }, ace2 -> {
            return ace2;
        }));
    }

    private List<IACLContributor> getACLContributionExtensions() {
        return Extensions.getClasses("ch.elexis.core.data.ACLContribution", "ACLContributor");
    }

    public void initializeDefaults() {
        IRole iRole = (IRole) this.modelService.load("user", IRole.class).get();
        Arrays.asList(AccessControlDefaults.getAnwender()).stream().forEachOrdered(ace -> {
            grant(iRole, ace);
        });
        Arrays.asList(AccessControlDefaults.getAlle()).stream().forEachOrdered(ace2 -> {
            grant(iRole, ace2);
        });
        grant("assistant", AccessControlDefaults.LSTG_CHARGE_FOR_ALL);
        grant("assistant", AccessControlDefaults.LSTG_VERRECHNEN);
        grant("doctor", AccessControlDefaults.USER);
        grant("doctor", AccessControlDefaults.MANDANT);
        grant("doctor", AccessControlDefaults.ADMIN_KONS_EDIT_IF_BILLED);
        grant("executive_doctor", AccessControlDefaults.ACE_ACCESS);
    }

    public boolean request(ACE ace) {
        return acl.request(ace);
    }

    public boolean request(String str) {
        if (str == null || str.length() < 1) {
            return false;
        }
        return request(getACEByCanonicalName(str));
    }

    private ACE getACEByCanonicalName(String str) {
        initAllDefinedACEs();
        return allDefinedACEs.get(str);
    }

    public boolean request(IRole iRole, ACE ace) {
        return acl.request(iRole, ace);
    }

    public boolean request(IUser iUser, ACE ace) {
        return acl.request(iUser, ace);
    }

    public void grant(IRole iRole, ACE ace) {
        acl.grant(iRole, ace);
    }

    public void grant(String str, ACE ace) {
        Optional load = this.modelService.load(str, IRole.class);
        if (load.isPresent()) {
            acl.grant((IRole) load.get(), ace);
        } else {
            LoggerFactory.getLogger(getClass()).warn("Could not grant role [{}] ace [{}]: role not found", str, ace);
        }
    }

    public void revoke(IRole iRole, ACE ace) {
        acl.revoke(iRole, ace);
    }

    public List<ACE> getAllDefinedACElements() {
        initAllDefinedACEs();
        return new ArrayList(allDefinedACEs.values());
    }
}
