package io.gravitee.am.service.impl;

import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Acl;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.Role;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.model.permissions.DefaultRole;
import io.gravitee.am.model.permissions.Permission;
import io.gravitee.am.model.permissions.SystemRole;
import io.gravitee.am.repository.management.api.RoleRepository;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.DefaultRoleUpdateException;
import io.gravitee.am.service.exception.RoleAlreadyExistsException;
import io.gravitee.am.service.exception.RoleNotFoundException;
import io.gravitee.am.service.exception.SystemRoleDeleteException;
import io.gravitee.am.service.exception.SystemRoleUpdateException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.NewRole;
import io.gravitee.am.service.model.UpdateRole;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.RoleAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Observable;
import io.reactivex.rxjava3.core.Single;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/RoleServiceImpl.class */
public class RoleServiceImpl implements RoleService {
    public static final String CREATE_ERROR = "An error occurs while trying to create a role";
    public static final String UPDATE_ERROR = "An error occurs while trying to update a role";
    private final Logger LOGGER = LoggerFactory.getLogger(RoleServiceImpl.class);

    @Autowired
    @Lazy
    private RoleRepository roleRepository;

    @Autowired
    private AuditService auditService;

    @Autowired
    private EventService eventService;

    @Override // io.gravitee.am.service.RoleService
    public Flowable<Role> findAllAssignable(ReferenceType referenceType, String str, ReferenceType referenceType2) {
        this.LOGGER.debug("Find roles by {}: {} assignable to {}", new Object[]{referenceType, str, referenceType2});
        return Flowable.merge(findAllSystem(referenceType2), this.roleRepository.findAll(referenceType, str)).filter(role -> {
            return referenceType2 == null || referenceType2 == role.getAssignableType();
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find roles by {}: {} assignable to {}", new Object[]{referenceType, str, referenceType2, th});
            return Flowable.error(new TechnicalManagementException(String.format("An error occurs while trying to find roles by %s %s assignable to %s", referenceType, str, referenceType2), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Set<Role>> findByDomain(String str) {
        return this.roleRepository.findAll(ReferenceType.DOMAIN, str).collect(HashSet::new, (v0, v1) -> {
            v0.add(v1);
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Page<Role>> findByDomain(String str, int i, int i2) {
        return this.roleRepository.findAll(ReferenceType.DOMAIN, str, i, i2);
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Page<Role>> searchByDomain(String str, String str2, int i, int i2) {
        return this.roleRepository.search(ReferenceType.DOMAIN, str, str2, i, i2);
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Role> findById(ReferenceType referenceType, String str, String str2) {
        this.LOGGER.debug("Find role by ID: {}", str2);
        return this.roleRepository.findById(referenceType, str, str2).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find a role using its ID: {}", str2, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find a role using its ID: %s", str2), th));
        }).switchIfEmpty(Single.error(new RoleNotFoundException(str2)));
    }

    @Override // io.gravitee.am.service.RoleService
    public Maybe<Role> findById(String str) {
        this.LOGGER.debug("Find role by ID: {}", str);
        return this.roleRepository.findById(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find a role using its ID: {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find a role using its ID: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Maybe<Role> findSystemRole(SystemRole systemRole, ReferenceType referenceType) {
        this.LOGGER.debug("Find system role : {} for the type : {}", systemRole.name(), referenceType);
        return this.roleRepository.findByNameAndAssignableType(ReferenceType.PLATFORM, "PLATFORM", systemRole.name(), referenceType).filter((v0) -> {
            return v0.isSystem();
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find system role : {} for type : {}", new Object[]{systemRole.name(), referenceType, th});
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find system role : %s for type : %s", systemRole.name(), referenceType), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Flowable<Role> findRolesByName(ReferenceType referenceType, String str, ReferenceType referenceType2, List<String> list) {
        return this.roleRepository.findByNamesAndAssignableType(referenceType, str, list, referenceType2).onErrorResumeNext(th -> {
            String str2 = (String) list.stream().collect(Collectors.joining(", "));
            this.LOGGER.error("An error occurs while trying to find roles : {}", str2, th);
            return Flowable.error(new TechnicalManagementException(String.format("An error occurs while trying to find roles : %s", str2), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Maybe<Role> findDefaultRole(String str, DefaultRole defaultRole, ReferenceType referenceType) {
        this.LOGGER.debug("Find default role {} of organization {} for the type {}", new Object[]{defaultRole.name(), str, referenceType});
        return this.roleRepository.findByNameAndAssignableType(ReferenceType.ORGANIZATION, str, defaultRole.name(), referenceType).filter((v0) -> {
            return v0.isDefaultRole();
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find default role {} of organization {} for the type {}", new Object[]{defaultRole.name(), str, referenceType, th});
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find default role %s of organization %s for type %s", defaultRole.name(), str, referenceType), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Set<Role>> findByIdIn(List<String> list) {
        this.LOGGER.debug("Find roles by ids: {}", list);
        return this.roleRepository.findByIdIn(list).collect(() -> {
            return new HashSet();
        }, (v0, v1) -> {
            v0.add(v1);
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find roles by ids", th);
            return Single.error(new TechnicalManagementException("An error occurs while trying to find roles by ids", th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Role> create(ReferenceType referenceType, String str, NewRole newRole, User user) {
        this.LOGGER.debug("Create a new role {} for {} {}", new Object[]{newRole, referenceType, str});
        String generate = RandomString.generate();
        return checkRoleUniqueness(newRole.getName(), generate, referenceType, str).flatMap(set -> {
            Role role = new Role();
            role.setId(generate);
            role.setReferenceType(referenceType);
            role.setReferenceId(str);
            role.setName(newRole.getName());
            role.setDescription(newRole.getDescription());
            role.setAssignableType(newRole.getAssignableType());
            role.setPermissionAcls(new HashMap());
            role.setOauthScopes(new ArrayList());
            role.setCreatedAt(new Date());
            role.setUpdatedAt(role.getCreatedAt());
            return this.roleRepository.create(role);
        }).flatMap(role -> {
            return this.eventService.create(new Event(Type.ROLE, new Payload(role.getId(), role.getReferenceType(), role.getReferenceId(), Action.CREATE))).flatMap(event -> {
                return Single.just(role);
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            this.LOGGER.error(CREATE_ERROR, th);
            return Single.error(new TechnicalManagementException(CREATE_ERROR, th));
        }).doOnSuccess(role2 -> {
            this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_CREATED")).role(role2));
        }).doOnError(th2 -> {
            this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_CREATED")).reference(new Reference(referenceType, str))).throwable(th2));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Role> create(String str, NewRole newRole, User user) {
        return create(ReferenceType.DOMAIN, str, newRole, user);
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Role> update(ReferenceType referenceType, String str, String str2, UpdateRole updateRole, User user) {
        this.LOGGER.debug("Update a role {} for {} {}", new Object[]{str2, referenceType, str});
        return findById(referenceType, str, str2).flatMap(role -> {
            return role.isSystem() ? Single.error(new SystemRoleUpdateException(role.getName())) : (!role.isDefaultRole() || role.getName().equals(updateRole.getName())) ? Single.just(role) : Single.error(new DefaultRoleUpdateException(role.getName()));
        }).flatMap(role2 -> {
            return checkRoleUniqueness(updateRole.getName(), role2.getId(), referenceType, str).flatMap(set -> {
                Role role2 = new Role(role2);
                role2.setName(updateRole.getName());
                role2.setDescription(updateRole.getDescription());
                role2.setPermissionAcls(Permission.unflatten(updateRole.getPermissions()));
                role2.setOauthScopes(updateRole.getOauthScopes());
                role2.setUpdatedAt(new Date());
                return this.roleRepository.update(role2).flatMap(role3 -> {
                    return this.eventService.create(new Event(Type.ROLE, new Payload(role3.getId(), role3.getReferenceType(), role3.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                        return Single.just(role3);
                    });
                }).doOnSuccess(role4 -> {
                    this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_UPDATED")).oldValue(role2)).role(role4));
                }).doOnError(th -> {
                    this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_UPDATED")).reference(new Reference(referenceType, str))).throwable(th));
                });
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            this.LOGGER.error(UPDATE_ERROR, th);
            return Single.error(new TechnicalManagementException(UPDATE_ERROR, th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Single<Role> update(String str, String str2, UpdateRole updateRole, User user) {
        return update(ReferenceType.DOMAIN, str, str2, updateRole, user);
    }

    @Override // io.gravitee.am.service.RoleService
    public Completable delete(ReferenceType referenceType, String str, String str2, User user) {
        this.LOGGER.debug("Delete role {}", str2);
        return this.roleRepository.findById(referenceType, str, str2).switchIfEmpty(Maybe.error(new RoleNotFoundException(str2))).map(role -> {
            if (role.isSystem()) {
                throw new SystemRoleDeleteException(str2);
            }
            return role;
        }).flatMapCompletable(role2 -> {
            return this.roleRepository.delete(str2).andThen(Completable.fromSingle(this.eventService.create(new Event(Type.ROLE, new Payload(role2.getId(), role2.getReferenceType(), role2.getReferenceId(), Action.DELETE))))).doOnComplete(() -> {
                this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_DELETED")).role(role2));
            }).doOnError(th -> {
                this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).principal(user)).type("ROLE_DELETED")).reference(new Reference(referenceType, str))).role(role2).throwable(th));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            this.LOGGER.error("An error occurs while trying to delete role: {}", str2, th);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete role: %s", str2), th));
        });
    }

    @Override // io.gravitee.am.service.RoleService
    public Completable createOrUpdateSystemRoles() {
        return Observable.fromIterable(buildSystemRoles()).flatMapCompletable(this::upsert);
    }

    @Override // io.gravitee.am.service.RoleService
    public Completable createDefaultRoles(String str) {
        return Observable.fromIterable(buildDefaultRoles(str)).flatMapCompletable(this::upsert);
    }

    private Completable upsert(Role role) {
        return this.roleRepository.findByNameAndAssignableType(role.getReferenceType(), role.getReferenceId(), role.getName(), role.getAssignableType()).map((v0) -> {
            return Optional.ofNullable(v0);
        }).defaultIfEmpty(Optional.empty()).flatMapCompletable(optional -> {
            if (!optional.isPresent()) {
                this.LOGGER.debug("Create a system role {}", role.getAssignableType() + ":" + role.getName());
                role.setCreatedAt(new Date());
                role.setUpdatedAt(role.getCreatedAt());
                return Completable.fromSingle(this.roleRepository.create(role).flatMap(role2 -> {
                    return this.eventService.create(new Event(Type.ROLE, new Payload(role2.getId(), role2.getReferenceType(), role2.getReferenceId(), Action.CREATE))).flatMap(event -> {
                        return Single.just(role2);
                    });
                }).onErrorResumeNext(th -> {
                    if (th instanceof AbstractManagementException) {
                        return Single.error(th);
                    }
                    this.LOGGER.error("An error occurs while trying to create a system role {}", role.getAssignableType() + ":" + role.getName(), th);
                    return Single.error(new TechnicalManagementException(CREATE_ERROR, th));
                }).doOnSuccess(role3 -> {
                    this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).type("ROLE_CREATED")).role(role3));
                }).doOnError(th2 -> {
                    this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).type("ROLE_CREATED")).reference(new Reference(role.getReferenceType(), role.getReferenceId()))).throwable(th2));
                }));
            }
            Role role4 = (Role) optional.get();
            if (permissionsAreEquals(role4, role)) {
                return Completable.complete();
            }
            this.LOGGER.debug("Update a system role {}", role.getAssignableType() + ":" + role.getName());
            role.setId(role4.getId());
            role.setPermissionAcls(role.getPermissionAcls());
            role.setUpdatedAt(new Date());
            return Completable.fromSingle(this.roleRepository.update(role).flatMap(role5 -> {
                return this.eventService.create(new Event(Type.ROLE, new Payload(role5.getId(), role5.getReferenceType(), role5.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                    return Single.just(role5);
                });
            }).onErrorResumeNext(th3 -> {
                if (th3 instanceof AbstractManagementException) {
                    return Single.error(th3);
                }
                this.LOGGER.error("An error occurs while trying to update a system role {}", role.getAssignableType() + ":" + role.getName(), th3);
                return Single.error(new TechnicalManagementException(UPDATE_ERROR, th3));
            }).doOnSuccess(role6 -> {
                this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).type("ROLE_UPDATED")).oldValue(role4)).role(role6));
            }).doOnError(th4 -> {
                this.auditService.report(((RoleAuditBuilder) ((RoleAuditBuilder) ((RoleAuditBuilder) AuditBuilder.builder(RoleAuditBuilder.class)).type("ROLE_UPDATED")).reference(new Reference(role.getReferenceType(), role.getReferenceId()))).throwable(th4));
            }));
        });
    }

    private Single<Set<Role>> checkRoleUniqueness(String str, String str2, ReferenceType referenceType, String str3) {
        return this.roleRepository.findAll(referenceType, str3).collect(HashSet::new, (v0, v1) -> {
            v0.add(v1);
        }).flatMap(hashSet -> {
            if (hashSet.stream().filter(role -> {
                return !role.getId().equals(str2);
            }).anyMatch(role2 -> {
                return role2.getName().equals(str);
            })) {
                throw new RoleAlreadyExistsException(str);
            }
            return Single.just(hashSet);
        });
    }

    private boolean permissionsAreEquals(Role role, Role role2) {
        return Objects.equals(role.getPermissionAcls(), role2.getPermissionAcls()) && Objects.equals(role.getOauthScopes(), role2.getOauthScopes());
    }

    private Flowable<Role> findAllSystem(ReferenceType referenceType) {
        this.LOGGER.debug("Find all global system roles");
        return this.roleRepository.findAll(ReferenceType.PLATFORM, "PLATFORM").filter(role -> {
            return role.isSystem() && !role.isInternalOnly();
        }).filter(role2 -> {
            return referenceType == null || role2.getAssignableType() == referenceType;
        });
    }

    private static List<Role> buildSystemRoles() {
        ArrayList arrayList = new ArrayList();
        Map allPermissionAcls = Permission.allPermissionAcls(ReferenceType.PLATFORM);
        Map allPermissionAcls2 = Permission.allPermissionAcls(ReferenceType.ORGANIZATION);
        Map allPermissionAcls3 = Permission.allPermissionAcls(ReferenceType.ENVIRONMENT);
        Map allPermissionAcls4 = Permission.allPermissionAcls(ReferenceType.DOMAIN);
        Map allPermissionAcls5 = Permission.allPermissionAcls(ReferenceType.APPLICATION);
        allPermissionAcls2.put(Permission.ORGANIZATION, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls2.put(Permission.ORGANIZATION_SETTINGS, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        allPermissionAcls2.put(Permission.ORGANIZATION_AUDIT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls2.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls2.put(Permission.LICENSE_NOTIFICATION, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls3.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls4.put(Permission.DOMAIN, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE, Acl.DELETE}));
        allPermissionAcls4.put(Permission.DOMAIN_SETTINGS, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        allPermissionAcls4.put(Permission.DOMAIN_I18N_DICTIONARY, Acl.all());
        allPermissionAcls4.put(Permission.DOMAIN_AUDIT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls5.put(Permission.APPLICATION, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE, Acl.DELETE}));
        arrayList.add(buildSystemRole(SystemRole.PLATFORM_ADMIN.name(), ReferenceType.PLATFORM, allPermissionAcls));
        arrayList.add(buildSystemRole(SystemRole.ORGANIZATION_PRIMARY_OWNER.name(), ReferenceType.ORGANIZATION, allPermissionAcls2));
        arrayList.add(buildSystemRole(SystemRole.ENVIRONMENT_PRIMARY_OWNER.name(), ReferenceType.ENVIRONMENT, allPermissionAcls3));
        arrayList.add(buildSystemRole(SystemRole.DOMAIN_PRIMARY_OWNER.name(), ReferenceType.DOMAIN, allPermissionAcls4));
        arrayList.add(buildSystemRole(SystemRole.APPLICATION_PRIMARY_OWNER.name(), ReferenceType.APPLICATION, allPermissionAcls5));
        return arrayList;
    }

    private List<Role> buildDefaultRoles(String str) {
        ArrayList arrayList = new ArrayList();
        Map allPermissionAcls = Permission.allPermissionAcls(ReferenceType.ORGANIZATION);
        Map allPermissionAcls2 = Permission.allPermissionAcls(ReferenceType.ENVIRONMENT);
        Map allPermissionAcls3 = Permission.allPermissionAcls(ReferenceType.DOMAIN);
        Map allPermissionAcls4 = Permission.allPermissionAcls(ReferenceType.APPLICATION);
        allPermissionAcls.put(Permission.ORGANIZATION, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls.put(Permission.ORGANIZATION_SETTINGS, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        allPermissionAcls.put(Permission.ORGANIZATION_AUDIT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls.put(Permission.LICENSE_NOTIFICATION, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls2.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.READ}));
        allPermissionAcls3.put(Permission.DOMAIN, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        allPermissionAcls3.put(Permission.DOMAIN_SETTINGS, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        allPermissionAcls3.put(Permission.DOMAIN_I18N_DICTIONARY, Acl.all());
        allPermissionAcls3.put(Permission.DOMAIN_AUDIT, Acl.of(new Acl[]{Acl.READ, Acl.LIST}));
        allPermissionAcls4.put(Permission.APPLICATION, Acl.of(new Acl[]{Acl.READ, Acl.UPDATE}));
        arrayList.add(buildDefaultRole(DefaultRole.ORGANIZATION_OWNER.name(), ReferenceType.ORGANIZATION, str, allPermissionAcls));
        arrayList.add(buildDefaultRole(DefaultRole.ENVIRONMENT_OWNER.name(), ReferenceType.ENVIRONMENT, str, allPermissionAcls2));
        arrayList.add(buildDefaultRole(DefaultRole.DOMAIN_OWNER.name(), ReferenceType.DOMAIN, str, allPermissionAcls3));
        arrayList.add(buildDefaultRole(DefaultRole.APPLICATION_OWNER.name(), ReferenceType.APPLICATION, str, allPermissionAcls4));
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        HashMap hashMap4 = new HashMap();
        hashMap.put(Permission.ORGANIZATION, Acl.of(new Acl[]{Acl.READ}));
        hashMap.put(Permission.ORGANIZATION_GROUP, Acl.of(new Acl[]{Acl.LIST}));
        hashMap.put(Permission.ORGANIZATION_ROLE, Acl.of(new Acl[]{Acl.LIST}));
        hashMap.put(Permission.ORGANIZATION_TAG, Acl.of(new Acl[]{Acl.LIST}));
        hashMap.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.LIST}));
        hashMap2.put(Permission.ENVIRONMENT, Acl.of(new Acl[]{Acl.READ}));
        hashMap2.put(Permission.DOMAIN, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN, Acl.of(new Acl[]{Acl.READ}));
        hashMap3.put(Permission.DOMAIN_SCOPE, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_EXTENSION_GRANT, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_CERTIFICATE, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_IDENTITY_PROVIDER, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_FACTOR, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_RESOURCE, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.APPLICATION, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_BOT_DETECTION, Acl.of(new Acl[]{Acl.LIST}));
        hashMap3.put(Permission.DOMAIN_DEVICE_IDENTIFIER, Acl.of(new Acl[]{Acl.LIST}));
        hashMap4.put(Permission.APPLICATION, Acl.of(new Acl[]{Acl.READ}));
        arrayList.add(buildDefaultRole(DefaultRole.ORGANIZATION_USER.name(), ReferenceType.ORGANIZATION, str, hashMap));
        arrayList.add(buildDefaultRole(DefaultRole.ENVIRONMENT_USER.name(), ReferenceType.ENVIRONMENT, str, hashMap2));
        arrayList.add(buildDefaultRole(DefaultRole.DOMAIN_USER.name(), ReferenceType.DOMAIN, str, hashMap3));
        arrayList.add(buildDefaultRole(DefaultRole.APPLICATION_USER.name(), ReferenceType.APPLICATION, str, hashMap4));
        return arrayList;
    }

    private static Role buildSystemRole(String str, ReferenceType referenceType, Map<Permission, Set<Acl>> map) {
        Role buildRole = buildRole(str, referenceType, ReferenceType.PLATFORM, "PLATFORM", map);
        buildRole.setSystem(true);
        return buildRole;
    }

    private static Role buildDefaultRole(String str, ReferenceType referenceType, String str2, Map<Permission, Set<Acl>> map) {
        Role buildRole = buildRole(str, referenceType, ReferenceType.ORGANIZATION, str2, map);
        buildRole.setDefaultRole(true);
        return buildRole;
    }

    private static Role buildRole(String str, ReferenceType referenceType, ReferenceType referenceType2, String str2, Map<Permission, Set<Acl>> map) {
        Role role = new Role();
        role.setId(RandomString.generate());
        role.setName(str);
        role.setAssignableType(referenceType);
        role.setReferenceType(referenceType2);
        role.setReferenceId(str2);
        role.setPermissionAcls(map);
        return role;
    }
}
