package org.dataconservancy.pass.authz.acl;

import java.net.URI;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import org.dataconservancy.pass.client.PassClient;
import org.dataconservancy.pass.model.Submission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dataconservancy/pass/authz/acl/PolicyEngine.class */
public class PolicyEngine {
    private final PassClient client;
    private final ACLManager acls;
    private URI backendRole;
    private URI submitterRole;
    private URI grantAdminRole;
    Logger LOG = LoggerFactory.getLogger(PolicyEngine.class);

    public PolicyEngine(PassClient passClient, ACLManager aCLManager) {
        this.client = passClient;
        this.acls = aCLManager;
    }

    public void setSubmitterRole(URI uri) {
        this.LOG.info("Using submitter role: " + uri);
        this.submitterRole = uri;
    }

    public void setBackendRole(URI uri) {
        this.LOG.info("Using backend role: " + uri);
        this.backendRole = uri;
    }

    public void setAdminRole(URI uri) {
        this.LOG.info("Using grant admin role " + uri);
        this.grantAdminRole = uri;
    }

    public void updateSubmission(URI uri) {
        Submission readResource = this.client.readResource(uri, Submission.class);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Boolean bool = (Boolean) Optional.ofNullable(readResource.getSubmissionStatus()).map((v0) -> {
            return v0.isSubmitted();
        }).orElse(readResource.getSubmitted());
        if (bool == null || !bool.booleanValue()) {
            Optional ofNullable = Optional.ofNullable(readResource.getSubmitter());
            hashSet2.getClass();
            ofNullable.ifPresent((v1) -> {
                r1.add(v1);
            });
            List preparers = readResource.getPreparers();
            hashSet2.getClass();
            preparers.forEach((v1) -> {
                r1.add(v1);
            });
        }
        if (this.backendRole != null) {
            hashSet.add(this.backendRole);
            hashSet2.add(this.backendRole);
        }
        if (this.grantAdminRole != null) {
            hashSet.add(this.grantAdminRole);
        }
        if (this.submitterRole != null) {
            hashSet.add(this.submitterRole);
        }
        this.LOG.debug("Granting read of submission {} to {}", hashSet);
        this.LOG.debug("Granting write on submission {} to {}", uri, hashSet2);
        this.acls.setPermissions(uri).grantRead(hashSet).grantWrite(hashSet2).perform();
    }

    public void updateSubmissionEvent(URI uri) {
        HashSet hashSet = new HashSet();
        if (this.backendRole != null) {
            hashSet.add(this.backendRole);
        }
        if (this.grantAdminRole != null) {
            hashSet.add(this.grantAdminRole);
        }
        if (this.submitterRole != null) {
            hashSet.add(this.submitterRole);
        }
        this.LOG.debug("Making submissionEvent {} immutable, but granting read to {}", uri, hashSet);
        this.acls.setPermissions(uri).grantRead(hashSet).perform();
    }
}
