package de.ingrid.mdek.job;

import de.ingrid.mdek.MdekError;
import de.ingrid.mdek.MdekKeys;
import de.ingrid.mdek.MdekKeysSecurity;
import de.ingrid.mdek.MdekUtils;
import de.ingrid.mdek.MdekUtilsSecurity;
import de.ingrid.mdek.job.IJob;
import de.ingrid.mdek.services.catalog.MdekAddressService;
import de.ingrid.mdek.services.catalog.MdekCatalogService;
import de.ingrid.mdek.services.catalog.MdekObjectService;
import de.ingrid.mdek.services.log.ILogService;
import de.ingrid.mdek.services.persistence.db.DaoFactory;
import de.ingrid.mdek.services.persistence.db.IEntity;
import de.ingrid.mdek.services.persistence.db.IGenericDao;
import de.ingrid.mdek.services.persistence.db.dao.IAddressNodeDao;
import de.ingrid.mdek.services.persistence.db.dao.IIdcGroupDao;
import de.ingrid.mdek.services.persistence.db.dao.IIdcUserDao;
import de.ingrid.mdek.services.persistence.db.dao.IObjectNodeDao;
import de.ingrid.mdek.services.persistence.db.mapper.BeanToDocMapperSecurity;
import de.ingrid.mdek.services.persistence.db.mapper.DocToBeanMapperSecurity;
import de.ingrid.mdek.services.persistence.db.mapper.IMapper;
import de.ingrid.mdek.services.persistence.db.model.AddressNode;
import de.ingrid.mdek.services.persistence.db.model.IdcGroup;
import de.ingrid.mdek.services.persistence.db.model.IdcUser;
import de.ingrid.mdek.services.persistence.db.model.IdcUserPermission;
import de.ingrid.mdek.services.persistence.db.model.Permission;
import de.ingrid.mdek.services.persistence.db.model.PermissionAddr;
import de.ingrid.mdek.services.persistence.db.model.PermissionObj;
import de.ingrid.mdek.services.security.IPermissionService;
import de.ingrid.mdek.services.security.PermissionFactory;
import de.ingrid.mdek.services.utils.MdekIdcUserHandler;
import de.ingrid.mdek.services.utils.MdekPermissionHandler;
import de.ingrid.utils.IngridDocument;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:ingrid-iplug-ige-4.6.0/lib/ingrid-mdek-job-4.6.0.jar:de/ingrid/mdek/job/MdekIdcSecurityJob.class */
public class MdekIdcSecurityJob extends MdekIdcJob {
    private IPermissionService permService;
    private MdekPermissionHandler permHandler;
    private MdekIdcUserHandler userHandler;
    private MdekAddressService addressService;
    private MdekObjectService objectService;
    private MdekCatalogService catalogService;
    private IIdcGroupDao daoIdcGroup;
    private IIdcUserDao daoIdcUser;
    private IAddressNodeDao daoAddressNode;
    private IObjectNodeDao daoObjectNode;
    private IGenericDao<IEntity> dao;
    protected BeanToDocMapperSecurity beanToDocMapperSecurity;
    protected DocToBeanMapperSecurity docToBeanMapperSecurity;

    @Autowired
    public MdekIdcSecurityJob(ILogService iLogService, DaoFactory daoFactory, IPermissionService iPermissionService) {
        super(iLogService.getLogger(MdekIdcSecurityJob.class), daoFactory);
        this.permService = iPermissionService;
        this.permHandler = MdekPermissionHandler.getInstance(iPermissionService, daoFactory);
        this.userHandler = MdekIdcUserHandler.getInstance(daoFactory);
        this.addressService = MdekAddressService.getInstance(daoFactory, iPermissionService);
        this.objectService = MdekObjectService.getInstance(daoFactory, iPermissionService);
        this.catalogService = MdekCatalogService.getInstance(daoFactory);
        this.dao = daoFactory.getDao(IEntity.class);
        this.daoIdcGroup = daoFactory.getIdcGroupDao();
        this.daoIdcUser = daoFactory.getIdcUserDao();
        this.daoAddressNode = daoFactory.getAddressNodeDao();
        this.daoObjectNode = daoFactory.getObjectNodeDao();
        this.beanToDocMapperSecurity = BeanToDocMapperSecurity.getInstance(daoFactory, iPermissionService);
        this.docToBeanMapperSecurity = DocToBeanMapperSecurity.getInstance(daoFactory, iPermissionService);
    }

    public IngridDocument getGroups(IngridDocument ingridDocument) {
        try {
            this.daoIdcGroup.beginTransaction();
            this.dao.disableAutoFlush();
            Boolean bool = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_INCLUDE_CATADMIN_GROUP);
            List<IdcGroup> groups = this.daoIdcGroup.getGroups();
            Long id = bool.booleanValue() ? null : this.permService.getCatalogAdminGroup().getId();
            ArrayList arrayList = new ArrayList(groups.size());
            for (IdcGroup idcGroup : groups) {
                if (bool.booleanValue() || !idcGroup.getId().equals(id)) {
                    IngridDocument ingridDocument2 = new IngridDocument();
                    this.beanToDocMapperSecurity.mapIdcGroup(idcGroup, ingridDocument2, IMapper.MappingQuantity.BASIC_ENTITY);
                    arrayList.add(ingridDocument2);
                }
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.GROUPS, arrayList);
            this.daoIdcGroup.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getGroupDetails(IngridDocument ingridDocument) {
        try {
            this.daoIdcGroup.beginTransaction();
            this.dao.disableAutoFlush();
            IngridDocument groupDetails = getGroupDetails(ingridDocument.getString("name"));
            this.daoIdcGroup.commitTransaction();
            return groupDetails;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    private IngridDocument getGroupDetails(String str) {
        IdcGroup groupDetails = this.daoIdcGroup.getGroupDetails(str);
        if (groupDetails == null) {
            throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
        }
        IngridDocument ingridDocument = new IngridDocument();
        this.beanToDocMapperSecurity.mapIdcGroup(groupDetails, ingridDocument, IMapper.MappingQuantity.DETAIL_ENTITY);
        return ingridDocument;
    }

    public IngridDocument getUsersOfGroup(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            List<IdcUser> idcUsersByGroupName = this.daoIdcUser.getIdcUsersByGroupName(ingridDocument.getString("name"));
            ArrayList arrayList = new ArrayList(idcUsersByGroupName.size());
            for (IdcUser idcUser : idcUsersByGroupName) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument createGroup(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.STORE, 0, 1, false));
                this.daoIdcGroup.beginTransaction();
                String dateToTimestamp = MdekUtils.dateToTimestamp(new Date());
                String string = ingridDocument.getString("name");
                Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_REFETCH_ENTITY);
                ingridDocument.put("date-of-creation", dateToTimestamp);
                ingridDocument.put("date-of-last-modification", dateToTimestamp);
                this.beanToDocMapper.mapModUser(currentUserUuid, ingridDocument, IMapper.MappingQuantity.INITIAL_ENTITY);
                if (this.daoIdcGroup.loadByName(string) != null) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_ALREADY_EXISTS));
                }
                IdcGroup mapIdcGroup = this.docToBeanMapperSecurity.mapIdcGroup(ingridDocument, new IdcGroup(), IMapper.MappingQuantity.DETAIL_ENTITY);
                checkPermissionStructureOfGroup(mapIdcGroup);
                this.daoIdcGroup.makePersistent(mapIdcGroup);
                this.daoIdcGroup.commitTransaction();
                IngridDocument ingridDocument2 = new IngridDocument();
                ingridDocument2.put("id", mapIdcGroup.getId());
                if (bool.booleanValue()) {
                    this.daoIdcGroup.beginTransaction();
                    ingridDocument2 = getGroupDetails(string);
                    this.daoIdcGroup.commitTransaction();
                }
                return ingridDocument2;
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } finally {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
        }
    }

    public IngridDocument storeGroup(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.STORE, 0, 1, false));
                this.daoIdcGroup.beginTransaction();
                String dateToTimestamp = MdekUtils.dateToTimestamp(new Date());
                Long l = (Long) ingridDocument.get("id");
                Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_REFETCH_ENTITY);
                ingridDocument.put("date-of-last-modification", dateToTimestamp);
                this.beanToDocMapper.mapModUser(currentUserUuid, ingridDocument, IMapper.MappingQuantity.INITIAL_ENTITY);
                IdcGroup groupDetails = this.daoIdcGroup.getGroupDetails(l);
                if (groupDetails == null) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
                }
                checkRemovedPermissions(groupDetails, ingridDocument, currentUserUuid);
                checkAddedPermissions(groupDetails, ingridDocument, currentUserUuid);
                this.docToBeanMapperSecurity.mapIdcGroup(ingridDocument, groupDetails, IMapper.MappingQuantity.DETAIL_ENTITY);
                this.daoIdcGroup.makePersistent(groupDetails);
                checkPermissionStructureOfGroup(groupDetails);
                checkMissingPermissionOfGroup(groupDetails);
                this.daoIdcGroup.commitTransaction();
                IngridDocument ingridDocument2 = new IngridDocument();
                ingridDocument2.put("id", groupDetails.getId());
                if (bool.booleanValue()) {
                    this.daoIdcGroup.beginTransaction();
                    ingridDocument2 = getGroupDetails(groupDetails.getName());
                    this.daoIdcGroup.commitTransaction();
                }
                return ingridDocument2;
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } finally {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
        }
    }

    public IngridDocument deleteGroup(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.DELETE, 0, 1, false));
                this.daoIdcGroup.beginTransaction();
                Boolean bool = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_FORCE_DELETE_GROUP_WHEN_USERS);
                IdcGroup byId = this.daoIdcGroup.getById((Long) ingridDocument.get("id"));
                if (byId == null) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
                }
                List<IdcUser> idcUsersByGroupId = this.daoIdcUser.getIdcUsersByGroupId(byId.getId());
                if (!bool.booleanValue() && idcUsersByGroupId.size() > 0) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.GROUP_HAS_USERS, this.beanToDocMapperSecurity.mapIdcUserList(idcUsersByGroupId, new IngridDocument(), false)));
                }
                IngridDocument ingridDocument2 = new IngridDocument();
                this.docToBeanMapperSecurity.updateIdcUserPermissions(ingridDocument2, byId);
                this.docToBeanMapperSecurity.updatePermissionAddrs(ingridDocument2, byId);
                this.docToBeanMapperSecurity.updatePermissionObjs(ingridDocument2, byId);
                this.daoIdcGroup.makePersistent(byId);
                checkMissingPermissionOfGroup(byId);
                clearGroupOnUsers(byId, idcUsersByGroupId, currentUserUuid);
                IngridDocument ingridDocument3 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUserList(idcUsersByGroupId, ingridDocument3, true);
                this.daoIdcGroup.makeTransient(byId);
                this.daoIdcGroup.commitTransaction();
                if (1 != 0) {
                    removeRunningJob(currentUserUuid);
                }
                return ingridDocument3;
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
            throw th;
        }
    }

    public IngridDocument getAddressPermissions(IngridDocument ingridDocument) {
        try {
            this.dao.beginTransaction();
            this.dao.disableAutoFlush();
            List<Permission> permissionsForAddress = this.permHandler.getPermissionsForAddress(ingridDocument.getString(MdekKeys.UUID), getCurrentUserUuid(ingridDocument), ((Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW)).booleanValue());
            IngridDocument ingridDocument2 = new IngridDocument();
            this.beanToDocMapperSecurity.mapPermissionList(permissionsForAddress, ingridDocument2);
            this.dao.commitTransaction();
            return ingridDocument2;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getObjectPermissions(IngridDocument ingridDocument) {
        try {
            this.dao.beginTransaction();
            this.dao.disableAutoFlush();
            List<Permission> permissionsForObject = this.permHandler.getPermissionsForObject(ingridDocument.getString(MdekKeys.UUID), getCurrentUserUuid(ingridDocument), ((Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW)).booleanValue());
            IngridDocument ingridDocument2 = new IngridDocument();
            this.beanToDocMapperSecurity.mapPermissionList(permissionsForObject, ingridDocument2);
            this.dao.commitTransaction();
            return ingridDocument2;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUserPermissions(IngridDocument ingridDocument) {
        try {
            this.dao.beginTransaction();
            this.dao.disableAutoFlush();
            List<Permission> userPermissions = this.permHandler.getUserPermissions(ingridDocument.getString(MdekKeysSecurity.IDC_USER_ADDR_UUID));
            IngridDocument ingridDocument2 = new IngridDocument();
            this.beanToDocMapperSecurity.mapPermissionList(userPermissions, ingridDocument2);
            this.dao.commitTransaction();
            return ingridDocument2;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUserDetails(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            IngridDocument userDetails = getUserDetails(ingridDocument.getString(MdekKeysSecurity.IDC_USER_ADDR_UUID));
            this.daoIdcUser.commitTransaction();
            return userDetails;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    private IngridDocument getUserDetails(String str) {
        IdcUser idcUserByAddrUuid = this.daoIdcUser.getIdcUserByAddrUuid(str);
        if (idcUserByAddrUuid == null) {
            throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
        }
        AddressNode loadByUuid = this.addressService.loadByUuid(str, MdekUtils.IdcEntityVersion.WORKING_VERSION);
        if (loadByUuid == null) {
            throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
        }
        loadByUuid.getT02AddressWork();
        IngridDocument ingridDocument = new IngridDocument();
        this.beanToDocMapperSecurity.mapIdcUser(idcUserByAddrUuid, ingridDocument, IMapper.MappingQuantity.DETAIL_ENTITY);
        return ingridDocument;
    }

    public IngridDocument createUser(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.STORE, 0, 1, false));
                this.daoIdcUser.beginTransaction();
                String dateToTimestamp = MdekUtils.dateToTimestamp(new Date());
                if (ingridDocument.getString(MdekKeysSecurity.IDC_USER_ADDR_UUID) != null) {
                    throw new MdekException("Address Uuid passed to createUser ! But should not have IGC address yet !");
                }
                Integer num = (Integer) ingridDocument.get(MdekKeysSecurity.IDC_ROLE);
                Long l = (Long) ingridDocument.get(MdekKeysSecurity.PARENT_IDC_USER_ID);
                Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_REFETCH_ENTITY);
                ingridDocument.put("date-of-creation", dateToTimestamp);
                ingridDocument.put("date-of-last-modification", dateToTimestamp);
                this.beanToDocMapper.mapModUser(currentUserUuid, ingridDocument, IMapper.MappingQuantity.INITIAL_ENTITY);
                IdcUser currentUser = this.userHandler.getCurrentUser(currentUserUuid);
                if (!this.userHandler.isRole1AboveRole2(currentUser.getIdcRole(), num)) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HAS_WRONG_ROLE));
                }
                if (!this.userHandler.isUser1AboveOrEqualUser2(currentUser.getId(), l)) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HIERARCHY_WRONG));
                }
                processUserDocWithAddressData(ingridDocument);
                String storeWorkingCopy = this.addressService.storeWorkingCopy(ingridDocument, currentUserUuid);
                ingridDocument.put(MdekKeysSecurity.IDC_USER_ADDR_UUID, storeWorkingCopy);
                if (this.daoIdcUser.getIdcUserByAddrUuid(storeWorkingCopy) != null) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_ALREADY_EXISTS));
                }
                IdcUser idcUser = new IdcUser();
                this.daoIdcUser.makePersistent(idcUser);
                IdcUser mapIdcUser = this.docToBeanMapperSecurity.mapIdcUser(ingridDocument, idcUser);
                this.daoIdcUser.makePersistent(mapIdcUser);
                this.daoIdcUser.commitTransaction();
                IngridDocument ingridDocument2 = new IngridDocument();
                ingridDocument2.put(MdekKeysSecurity.IDC_USER_ID, mapIdcUser.getId());
                ingridDocument2.put(MdekKeysSecurity.IDC_USER_ADDR_UUID, storeWorkingCopy);
                if (bool.booleanValue()) {
                    this.daoIdcUser.beginTransaction();
                    ingridDocument2 = getUserDetails(storeWorkingCopy);
                    this.daoIdcUser.commitTransaction();
                }
                return ingridDocument2;
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } finally {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
        }
    }

    public IngridDocument storeUser(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.STORE, 0, 1, false));
                this.daoIdcUser.beginTransaction();
                String dateToTimestamp = MdekUtils.dateToTimestamp(new Date());
                String string = ingridDocument.getString(MdekKeysSecurity.IDC_USER_ADDR_UUID);
                Long l = (Long) ingridDocument.get(MdekKeysSecurity.IDC_USER_ID);
                Integer num = (Integer) ingridDocument.get(MdekKeysSecurity.IDC_ROLE);
                Long l2 = (Long) ingridDocument.get(MdekKeysSecurity.PARENT_IDC_USER_ID);
                Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_REFETCH_ENTITY);
                ingridDocument.put("date-of-last-modification", dateToTimestamp);
                this.beanToDocMapper.mapModUser(currentUserUuid, ingridDocument, IMapper.MappingQuantity.INITIAL_ENTITY);
                IdcUser userById = this.userHandler.getUserById(l);
                boolean equals = MdekUtilsSecurity.IdcRole.CATALOG_ADMINISTRATOR.getDbValue().equals(userById.getIdcRole());
                String addrUuid = userById.getAddrUuid();
                boolean z = !addrUuid.equals(string);
                if (z) {
                    throw new MdekException("Address Uuid changed in storeUser ! But should always keep same Address !");
                }
                if (!userById.getIdcRole().equals(num)) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HAS_WRONG_ROLE));
                }
                if ((userById.getParentId() == null ? 0L : userById.getParentId().longValue()) != (l2 == null ? 0L : l2.longValue())) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HIERARCHY_WRONG));
                }
                IdcUser currentUser = this.userHandler.getCurrentUser(currentUserUuid);
                if (!(MdekUtilsSecurity.IdcRole.CATALOG_ADMINISTRATOR.getDbValue().equals(currentUser.getIdcRole()) && equals)) {
                    if (!this.userHandler.isRole1AboveRole2(currentUser.getIdcRole(), userById.getIdcRole())) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HAS_WRONG_ROLE));
                    }
                    if (!this.userHandler.isUser1AboveOrEqualUser2(currentUser.getId(), userById.getParentId())) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HIERARCHY_WRONG));
                    }
                }
                this.docToBeanMapperSecurity.mapIdcUser(ingridDocument, userById);
                this.daoIdcUser.makePersistent(userById);
                processUserDocWithAddressData(ingridDocument);
                this.addressService.storeWorkingCopy(ingridDocument, currentUserUuid);
                if (z) {
                    this.catalogService.updateResponsibleUserInEntities(addrUuid, string);
                }
                this.daoIdcUser.commitTransaction();
                IngridDocument ingridDocument2 = new IngridDocument();
                ingridDocument2.put(MdekKeysSecurity.IDC_USER_ID, userById.getId());
                if (bool.booleanValue()) {
                    this.daoIdcUser.beginTransaction();
                    ingridDocument2 = getUserDetails(userById.getAddrUuid());
                    this.daoIdcUser.commitTransaction();
                }
                return ingridDocument2;
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } finally {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
        }
    }

    private IngridDocument processUserDocWithAddressData(IngridDocument ingridDocument) {
        ingridDocument.put(MdekKeys.UUID, ingridDocument.get(MdekKeysSecurity.IDC_USER_ADDR_UUID));
        ingridDocument.put("class", MdekUtils.AddressType.getHiddenAddressTypeIGEUser());
        ingridDocument.put(MdekKeys.PARENT_UUID, MdekUtils.AddressType.getIGEUserParentUuid());
        return ingridDocument;
    }

    public void deleteUser(IngridDocument ingridDocument) {
        String currentUserUuid = getCurrentUserUuid(ingridDocument);
        try {
            try {
                addRunningJob(currentUserUuid, createRunningJobDescription(IJob.JobType.DELETE, 0, 1, false));
                this.daoIdcUser.beginTransaction();
                IdcUser userById = this.userHandler.getUserById((Long) ingridDocument.get(MdekKeysSecurity.IDC_USER_ID));
                boolean equals = MdekUtilsSecurity.IdcRole.CATALOG_ADMINISTRATOR.getDbValue().equals(userById.getIdcRole());
                IdcUser currentUser = this.userHandler.getCurrentUser(currentUserUuid);
                if (equals) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_IS_CATALOG_ADMIN));
                }
                if (userById.getIdcUsers().size() > 0) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HAS_SUBUSERS));
                }
                if (!this.userHandler.isRole1AboveRole2(currentUser.getIdcRole(), userById.getIdcRole())) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HAS_WRONG_ROLE));
                }
                if (!this.userHandler.isUser1AboveOrEqualUser2(currentUser.getId(), userById.getParentId())) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_HIERARCHY_WRONG));
                }
                this.catalogService.updateResponsibleUserInEntities(userById.getAddrUuid(), this.userHandler.getUserById(userById.getParentId()).getAddrUuid());
                this.daoIdcUser.makeTransient(userById);
                this.addressService.deleteAddressFull(userById.getAddrUuid(), false, currentUserUuid);
                this.daoIdcUser.commitTransaction();
                if (1 != 0) {
                    removeRunningJob(currentUserUuid);
                }
            } catch (RuntimeException e) {
                RuntimeException handleException = handleException(e);
                this.errorHandler.shouldRemoveRunningJob(handleException);
                throw handleException;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                removeRunningJob(currentUserUuid);
            }
            throw th;
        }
    }

    public IngridDocument getCatalogAdmin(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            IdcUser catalogAdminUser = this.permService.getCatalogAdminUser();
            if (catalogAdminUser == null) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.ENTITY_NOT_FOUND));
            }
            IngridDocument ingridDocument2 = new IngridDocument();
            this.beanToDocMapperSecurity.mapIdcUser(catalogAdminUser, ingridDocument2, IMapper.MappingQuantity.DETAIL_ENTITY);
            this.daoIdcUser.commitTransaction();
            return ingridDocument2;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getSubUsers(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            List<IdcUser> subUsers = this.daoIdcUser.getSubUsers((Long) ingridDocument.get(MdekKeysSecurity.IDC_USER_ID));
            ArrayList arrayList = new ArrayList(subUsers.size());
            for (IdcUser idcUser : subUsers) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUsersWithWritePermissionForObject(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> usersWithWritePermissionForObject = this.permHandler.getUsersWithWritePermissionForObject(str, this.daoIdcGroup.getGroups(), bool.booleanValue());
            ArrayList arrayList = new ArrayList(usersWithWritePermissionForObject.size());
            for (IdcUser idcUser : usersWithWritePermissionForObject) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForObject = this.permHandler.getPermissionsForObject(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForObject.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForObject, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUsersWithWritePermissionForAddress(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> usersWithWritePermissionForAddress = this.permHandler.getUsersWithWritePermissionForAddress(str, this.daoIdcGroup.getGroups(), bool.booleanValue());
            ArrayList arrayList = new ArrayList(usersWithWritePermissionForAddress.size());
            for (IdcUser idcUser : usersWithWritePermissionForAddress) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForAddress = this.permHandler.getPermissionsForAddress(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForAddress.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForAddress, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getResponsibleUsersForNewObject(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            String currentUserUuid = getCurrentUserUuid(ingridDocument);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> responsibleUsersForNewObject = this.permHandler.getResponsibleUsersForNewObject(str, this.daoIdcGroup.getGroups(), bool.booleanValue(), currentUserUuid);
            ArrayList arrayList = new ArrayList(responsibleUsersForNewObject.size());
            for (IdcUser idcUser : responsibleUsersForNewObject) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForObject = this.permHandler.getPermissionsForObject(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForObject.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForObject, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getResponsibleUsersForNewAddress(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            String currentUserUuid = getCurrentUserUuid(ingridDocument);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> responsibleUsersForNewAddress = this.permHandler.getResponsibleUsersForNewAddress(str, this.daoIdcGroup.getGroups(), bool.booleanValue(), currentUserUuid);
            ArrayList arrayList = new ArrayList(responsibleUsersForNewAddress.size());
            for (IdcUser idcUser : responsibleUsersForNewAddress) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForAddress = this.permHandler.getPermissionsForAddress(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForAddress.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForAddress, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUsersWithPermissionForObject(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> usersWithPermissionForObject = this.permHandler.getUsersWithPermissionForObject(str, this.daoIdcGroup.getGroups(), bool.booleanValue());
            ArrayList arrayList = new ArrayList(usersWithPermissionForObject.size());
            for (IdcUser idcUser : usersWithPermissionForObject) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForObject = this.permHandler.getPermissionsForObject(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForObject.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForObject, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    public IngridDocument getUsersWithPermissionForAddress(IngridDocument ingridDocument) {
        try {
            this.daoIdcUser.beginTransaction();
            this.dao.disableAutoFlush();
            String str = (String) ingridDocument.get(MdekKeys.UUID);
            Boolean bool = (Boolean) ingridDocument.get(MdekKeys.REQUESTINFO_CHECK_WORKFLOW);
            Boolean bool2 = (Boolean) ingridDocument.get(MdekKeysSecurity.REQUESTINFO_GET_DETAILED_PERMISSIONS);
            List<IdcUser> usersWithPermissionForAddress = this.permHandler.getUsersWithPermissionForAddress(str, this.daoIdcGroup.getGroups(), bool.booleanValue());
            ArrayList arrayList = new ArrayList(usersWithPermissionForAddress.size());
            for (IdcUser idcUser : usersWithPermissionForAddress) {
                IngridDocument ingridDocument2 = new IngridDocument();
                this.beanToDocMapperSecurity.mapIdcUser(idcUser, ingridDocument2, IMapper.MappingQuantity.TREE_ENTITY);
                if (bool2.booleanValue()) {
                    List<Permission> permissionsForAddress = this.permHandler.getPermissionsForAddress(str, idcUser.getAddrUuid(), bool.booleanValue());
                    permissionsForAddress.addAll(this.permHandler.getUserPermissions(idcUser.getAddrUuid()));
                    this.beanToDocMapperSecurity.mapPermissionList(permissionsForAddress, ingridDocument2);
                }
                arrayList.add(ingridDocument2);
            }
            IngridDocument ingridDocument3 = new IngridDocument();
            ingridDocument3.put(MdekKeysSecurity.IDC_USERS, arrayList);
            this.daoIdcUser.commitTransaction();
            return ingridDocument3;
        } catch (RuntimeException e) {
            throw handleException(e);
        }
    }

    private void checkRemovedPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        checkRemovedObjectPermissions(idcGroup, ingridDocument, str);
        checkRemovedAddressPermissions(idcGroup, ingridDocument, str);
        checkRemovedUserPermissions(idcGroup, ingridDocument, str);
    }

    private void checkRemovedObjectPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<PermissionObj> it2 = this.permHandler.getRemovedObjectPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            String uuid = it2.next().getUuid();
            if (!this.permHandler.hasWritePermissionForObject(uuid, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_REMOVE_OBJECT_PERMISSION, this.objectService.setupErrorInfoObj(new IngridDocument(), uuid)));
            }
        }
    }

    private void checkRemovedAddressPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<PermissionAddr> it2 = this.permHandler.getRemovedAddressPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            String uuid = it2.next().getUuid();
            if (!this.permHandler.hasWritePermissionForAddress(uuid, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_REMOVE_ADDRESS_PERMISSION, this.addressService.setupErrorInfoAddr(new IngridDocument(), uuid)));
            }
        }
    }

    private void checkRemovedUserPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<IdcUserPermission> it2 = this.permHandler.getRemovedUserPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            if (!this.permHandler.hasUserPermission(it2.next().getPermission(), str)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_REMOVE_USER_PERMISSION));
            }
        }
    }

    private void checkAddedPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        checkAddedObjectPermissions(idcGroup, ingridDocument, str);
        checkAddedAddressPermissions(idcGroup, ingridDocument, str);
        checkAddedUserPermissions(idcGroup, ingridDocument, str);
    }

    private void checkAddedObjectPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<PermissionObj> it2 = this.permHandler.getAddedObjectPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            String uuid = it2.next().getUuid();
            if (!this.permHandler.hasWritePermissionForObject(uuid, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_ADD_OBJECT_PERMISSION, this.objectService.setupErrorInfoObj(new IngridDocument(), uuid)));
            }
        }
    }

    private void checkAddedAddressPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<PermissionAddr> it2 = this.permHandler.getAddedAddressPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            String uuid = it2.next().getUuid();
            if (!this.permHandler.hasWritePermissionForAddress(uuid, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_ADD_ADDRESS_PERMISSION, this.addressService.setupErrorInfoAddr(new IngridDocument(), uuid)));
            }
        }
    }

    private void checkAddedUserPermissions(IdcGroup idcGroup, IngridDocument ingridDocument, String str) {
        Iterator<IdcUserPermission> it2 = this.permHandler.getAddedUserPermissionsOfGroup(idcGroup, ingridDocument).iterator();
        while (it2.hasNext()) {
            if (!this.permHandler.hasUserPermission(it2.next().getPermission(), str)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.NO_RIGHT_TO_ADD_USER_PERMISSION));
            }
        }
    }

    private void checkPermissionStructureOfGroup(IdcGroup idcGroup) {
        checkObjectPermissionStructureOfGroup(idcGroup);
        checkAddressPermissionStructureOfGroup(idcGroup);
    }

    private void checkObjectPermissionStructureOfGroup(IdcGroup idcGroup) {
        Set<PermissionObj> permissionObjs = idcGroup.getPermissionObjs();
        Permission permissionTemplateSingle = PermissionFactory.getPermissionTemplateSingle();
        Permission permissionTemplateTree = PermissionFactory.getPermissionTemplateTree();
        Permission permissionTemplateSubNode = PermissionFactory.getPermissionTemplateSubNode();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (PermissionObj permissionObj : permissionObjs) {
            Permission permission = permissionObj.getPermission();
            String uuid = permissionObj.getUuid();
            if (arrayList.contains(uuid) || arrayList2.contains(uuid)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.MULTIPLE_PERMISSIONS_ON_OBJECT, this.objectService.setupErrorInfoObj(new IngridDocument(), uuid)));
            }
            if (this.permService.isEqualPermission(permission, permissionTemplateSingle)) {
                arrayList.add(uuid);
            } else if (this.permService.isEqualPermission(permission, permissionTemplateTree)) {
                arrayList2.add(uuid);
            } else if (this.permService.isEqualPermission(permission, permissionTemplateSubNode)) {
                arrayList.add(uuid);
            }
        }
        for (int i = 0; i < arrayList2.size(); i++) {
            String str = (String) arrayList2.get(i);
            List<String> objectPath = this.daoObjectNode.getObjectPath(str);
            for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                if (i2 != i) {
                    String str2 = (String) arrayList2.get(i2);
                    List<String> objectPath2 = this.daoObjectNode.getObjectPath(str2);
                    if (objectPath.contains(str2)) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.TREE_BELOW_TREE_OBJECT_PERMISSION, this.objectService.setupErrorInfoObj(this.objectService.setupErrorInfoObj(new IngridDocument(), str2), str)));
                    }
                    if (objectPath2.contains(str)) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.TREE_BELOW_TREE_OBJECT_PERMISSION, this.objectService.setupErrorInfoObj(this.objectService.setupErrorInfoObj(new IngridDocument(), str), str2)));
                    }
                }
            }
        }
        for (int i3 = 0; i3 < arrayList.size(); i3++) {
            String str3 = (String) arrayList.get(i3);
            List<String> objectPath3 = this.daoObjectNode.getObjectPath(str3);
            for (int i4 = 0; i4 < arrayList2.size(); i4++) {
                String str4 = (String) arrayList2.get(i4);
                if (objectPath3.contains(str4)) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.SINGLE_BELOW_TREE_OBJECT_PERMISSION, this.objectService.setupErrorInfoObj(this.objectService.setupErrorInfoObj(new IngridDocument(), str4), str3)));
                }
            }
        }
    }

    private void checkAddressPermissionStructureOfGroup(IdcGroup idcGroup) {
        Set<PermissionAddr> permissionAddrs = idcGroup.getPermissionAddrs();
        Permission permissionTemplateSingle = PermissionFactory.getPermissionTemplateSingle();
        Permission permissionTemplateTree = PermissionFactory.getPermissionTemplateTree();
        Permission permissionTemplateSubNode = PermissionFactory.getPermissionTemplateSubNode();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (PermissionAddr permissionAddr : permissionAddrs) {
            Permission permission = permissionAddr.getPermission();
            String uuid = permissionAddr.getUuid();
            if (arrayList.contains(uuid) || arrayList2.contains(uuid)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.MULTIPLE_PERMISSIONS_ON_ADDRESS, this.addressService.setupErrorInfoAddr(new IngridDocument(), uuid)));
            }
            if (this.permService.isEqualPermission(permission, permissionTemplateSingle)) {
                arrayList.add(uuid);
            } else if (this.permService.isEqualPermission(permission, permissionTemplateTree)) {
                arrayList2.add(uuid);
            } else if (this.permService.isEqualPermission(permission, permissionTemplateSubNode)) {
                arrayList.add(uuid);
            }
        }
        for (int i = 0; i < arrayList2.size(); i++) {
            String str = (String) arrayList2.get(i);
            List<String> addressPath = this.daoAddressNode.getAddressPath(str);
            for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                if (i2 != i) {
                    String str2 = (String) arrayList2.get(i2);
                    List<String> addressPath2 = this.daoAddressNode.getAddressPath(str2);
                    if (addressPath.contains(str2)) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.TREE_BELOW_TREE_ADDRESS_PERMISSION, this.addressService.setupErrorInfoAddr(this.addressService.setupErrorInfoAddr(new IngridDocument(), str2), str)));
                    }
                    if (addressPath2.contains(str)) {
                        throw new MdekException(new MdekError(MdekError.MdekErrorType.TREE_BELOW_TREE_ADDRESS_PERMISSION, this.addressService.setupErrorInfoAddr(this.addressService.setupErrorInfoAddr(new IngridDocument(), str), str2)));
                    }
                }
            }
        }
        for (int i3 = 0; i3 < arrayList.size(); i3++) {
            String str3 = (String) arrayList.get(i3);
            List<String> addressPath3 = this.daoAddressNode.getAddressPath(str3);
            for (int i4 = 0; i4 < arrayList2.size(); i4++) {
                String str4 = (String) arrayList2.get(i4);
                if (addressPath3.contains(str4)) {
                    throw new MdekException(new MdekError(MdekError.MdekErrorType.SINGLE_BELOW_TREE_ADDRESS_PERMISSION, this.addressService.setupErrorInfoAddr(this.addressService.setupErrorInfoAddr(new IngridDocument(), str4), str3)));
                }
            }
        }
    }

    private void checkMissingPermissionOfGroup(IdcGroup idcGroup) {
        checkMissingObjectPermissionOfGroupUsersEditing(idcGroup);
        checkMissingObjectPermissionOfGroupUsersResponsible(idcGroup);
        checkMissingAddressPermissionOfGroupUsersEditing(idcGroup);
        checkMissingAddressPermissionOfGroupUsersResponsible(idcGroup);
    }

    private void checkMissingObjectPermissionOfGroupUsersEditing(IdcGroup idcGroup) {
        for (Map map : this.daoIdcGroup.getGroupUsersWithObjectsNotInGivenState(idcGroup.getName(), MdekUtils.WorkState.VEROEFFENTLICHT)) {
            IIdcGroupDao iIdcGroupDao = this.daoIdcGroup;
            String str = (String) map.get(IIdcGroupDao.KEY_USER_UUID);
            IIdcGroupDao iIdcGroupDao2 = this.daoIdcGroup;
            String str2 = (String) map.get(IIdcGroupDao.KEY_ENTITY_UUID);
            if (!this.permHandler.hasWritePermissionForObject(str2, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_EDITING_OBJECT_PERMISSION_MISSING, this.objectService.setupErrorInfoObj(this.addressService.setupErrorInfoUserAddress(new IngridDocument(), str), str2)));
            }
        }
    }

    private void checkMissingObjectPermissionOfGroupUsersResponsible(IdcGroup idcGroup) {
        for (Map map : this.daoIdcGroup.getGroupUsersResponsibleForObjects(idcGroup.getName())) {
            IIdcGroupDao iIdcGroupDao = this.daoIdcGroup;
            String str = (String) map.get(IIdcGroupDao.KEY_USER_UUID);
            IIdcGroupDao iIdcGroupDao2 = this.daoIdcGroup;
            String str2 = (String) map.get(IIdcGroupDao.KEY_ENTITY_UUID);
            if (!this.permHandler.hasWritePermissionForObject(str2, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_RESPONSIBLE_FOR_OBJECT_PERMISSION_MISSING, this.objectService.setupErrorInfoObj(this.addressService.setupErrorInfoUserAddress(new IngridDocument(), str), str2)));
            }
        }
    }

    private void checkMissingAddressPermissionOfGroupUsersEditing(IdcGroup idcGroup) {
        for (Map map : this.daoIdcGroup.getGroupUsersWithAddressesNotInGivenState(idcGroup.getName(), MdekUtils.WorkState.VEROEFFENTLICHT)) {
            IIdcGroupDao iIdcGroupDao = this.daoIdcGroup;
            String str = (String) map.get(IIdcGroupDao.KEY_USER_UUID);
            IIdcGroupDao iIdcGroupDao2 = this.daoIdcGroup;
            String str2 = (String) map.get(IIdcGroupDao.KEY_ENTITY_UUID);
            if (!this.permHandler.hasWritePermissionForAddress(str2, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_EDITING_ADDRESS_PERMISSION_MISSING, this.addressService.setupErrorInfoAddr(this.addressService.setupErrorInfoUserAddress(new IngridDocument(), str), str2)));
            }
        }
    }

    private void checkMissingAddressPermissionOfGroupUsersResponsible(IdcGroup idcGroup) {
        for (Map map : this.daoIdcGroup.getGroupUsersResponsibleForAddresses(idcGroup.getName())) {
            IIdcGroupDao iIdcGroupDao = this.daoIdcGroup;
            String str = (String) map.get(IIdcGroupDao.KEY_USER_UUID);
            IIdcGroupDao iIdcGroupDao2 = this.daoIdcGroup;
            String str2 = (String) map.get(IIdcGroupDao.KEY_ENTITY_UUID);
            if (!this.permHandler.hasWritePermissionForAddress(str2, str, false)) {
                throw new MdekException(new MdekError(MdekError.MdekErrorType.USER_RESPONSIBLE_FOR_ADDRESS_PERMISSION_MISSING, this.addressService.setupErrorInfoAddr(this.addressService.setupErrorInfoUserAddress(new IngridDocument(), str), str2)));
            }
        }
    }

    private void clearGroupOnUsers(IdcGroup idcGroup, List<IdcUser> list, String str) {
        String dateToTimestamp = MdekUtils.dateToTimestamp(new Date());
        for (IdcUser idcUser : list) {
            idcUser.setModTime(dateToTimestamp);
            idcUser.setModUuid(str);
            this.docToBeanMapperSecurity.removeIdcUserGroup(idcGroup.getId().longValue(), idcUser);
            this.daoIdcUser.makePersistent(idcUser);
        }
    }
}
