package ru.runa.wfe.security.dao;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.hibernate.Query;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.orm.hibernate3.HibernateCallback;
import ru.runa.wfe.InternalApplicationException;
import ru.runa.wfe.commons.SystemProperties;
import ru.runa.wfe.commons.TimeMeasurer;
import ru.runa.wfe.commons.dao.CommonDAO;
import ru.runa.wfe.presentation.BatchPresentation;
import ru.runa.wfe.presentation.hibernate.CompilerParameters;
import ru.runa.wfe.presentation.hibernate.PresentationCompiler;
import ru.runa.wfe.presentation.hibernate.RestrictionsToPermissions;
import ru.runa.wfe.script.AdminScriptConstants;
import ru.runa.wfe.security.Identifiable;
import ru.runa.wfe.security.Permission;
import ru.runa.wfe.security.SecuredObjectType;
import ru.runa.wfe.security.UnapplicablePermissionException;
import ru.runa.wfe.user.Executor;
import ru.runa.wfe.user.User;
import ru.runa.wfe.user.dao.ExecutorDAO;

/* loaded from: input_file:ru/runa/wfe/security/dao/PermissionDAO.class */
public class PermissionDAO extends CommonDAO {

    @Autowired
    private ExecutorDAO executorDAO;
    private final Map<SecuredObjectType, Set<Executor>> privelegedExecutors = Maps.newHashMap();
    private final Set<Long> privelegedExecutorIds = Sets.newHashSet();

    protected void initDao() throws Exception {
        for (SecuredObjectType securedObjectType : SecuredObjectType.values()) {
            this.privelegedExecutors.put(securedObjectType, new HashSet());
        }
        try {
            for (PrivelegedMapping privelegedMapping : getHibernateTemplate().find("from PrivelegedMapping m")) {
                this.privelegedExecutors.get(privelegedMapping.getType()).add(privelegedMapping.getExecutor());
                this.privelegedExecutorIds.add(privelegedMapping.getExecutor().getId());
            }
        } catch (Exception e) {
            log.error("priveleged executors was not loaded (if this exception occurs in empty DB just ignore it)");
            log.debug("", e);
        }
    }

    public List<Permission> getIssuedPermissions(Executor executor, Identifiable identifiable) {
        ArrayList newArrayList = Lists.newArrayList();
        if (!isPrivilegedExecutor(identifiable, executor)) {
            List<PermissionMapping> ownPermissionMappings = getOwnPermissionMappings(executor, identifiable);
            Permission noPermission = identifiable.getSecuredObjectType().getNoPermission();
            Iterator<PermissionMapping> it = ownPermissionMappings.iterator();
            while (it.hasNext()) {
                newArrayList.add(noPermission.getPermission(it.next().getMask().longValue()));
            }
        }
        return newArrayList;
    }

    public void setPermissions(Executor executor, Collection<Permission> collection, Identifiable identifiable) {
        if (isPrivilegedExecutor(identifiable, executor)) {
            log.debug(collection + " not granted for privileged " + executor);
            return;
        }
        checkArePermissionAllowed(identifiable, collection);
        List<PermissionMapping> ownPermissionMappings = getOwnPermissionMappings(executor, identifiable);
        Iterator<Permission> it = collection.iterator();
        while (it.hasNext()) {
            PermissionMapping permissionMapping = new PermissionMapping(executor, identifiable, Long.valueOf(it.next().getMask()));
            if (ownPermissionMappings.contains(permissionMapping)) {
                ownPermissionMappings.remove(permissionMapping);
            } else {
                getHibernateTemplate().save(permissionMapping);
            }
        }
        getHibernateTemplate().deleteAll(ownPermissionMappings);
    }

    public boolean isAllowed(User user, Permission permission, Identifiable identifiable) {
        return isAllowed(user, permission, identifiable.getSecuredObjectType(), identifiable.getIdentifiableId());
    }

    public boolean isAllowed(User user, final Permission permission, final SecuredObjectType securedObjectType, final Long l) {
        final Set<Executor> executorWithAllHisGroups = getExecutorWithAllHisGroups(user.getActor());
        return isPrivilegedExecutor(securedObjectType, executorWithAllHisGroups) || !getHibernateTemplate().executeFind(new HibernateCallback<List<PermissionMapping>>() { // from class: ru.runa.wfe.security.dao.PermissionDAO.1
            /* renamed from: doInHibernate, reason: merged with bridge method [inline-methods] */
            public List<PermissionMapping> m175doInHibernate(Session session) {
                Query createQuery = session.createQuery("from PermissionMapping where identifiableId=? and type=? and mask=? and executor in (:executors)");
                createQuery.setParameter(0, l);
                createQuery.setParameter(1, securedObjectType);
                createQuery.setParameter(2, Long.valueOf(permission.getMask()));
                createQuery.setParameterList("executors", executorWithAllHisGroups);
                return createQuery.list();
            }
        }).isEmpty();
    }

    public <T extends Identifiable> boolean[] isAllowed(User user, final Permission permission, List<T> list) {
        if (list.size() == 0) {
            return new boolean[0];
        }
        final Set<Executor> executorWithAllHisGroups = getExecutorWithAllHisGroups(user.getActor());
        if (isPrivilegedExecutor(list.get(0).getSecuredObjectType(), executorWithAllHisGroups)) {
            boolean[] zArr = new boolean[list.size()];
            for (int i = 0; i < list.size(); i++) {
                zArr[i] = true;
            }
            return zArr;
        }
        final SecuredObjectType securedObjectType = list.get(0).getSecuredObjectType();
        ArrayList arrayList = new ArrayList();
        int databaseParametersCount = (SystemProperties.getDatabaseParametersCount() - executorWithAllHisGroups.size()) - 2;
        Preconditions.checkArgument(databaseParametersCount > 100);
        for (int i2 = 0; i2 <= (list.size() - 1) / databaseParametersCount; i2++) {
            int i3 = i2 * databaseParametersCount;
            int size = (i2 + 1) * databaseParametersCount > list.size() ? list.size() : (i2 + 1) * databaseParametersCount;
            final ArrayList arrayList2 = new ArrayList(size - i3);
            for (int i4 = i3; i4 < size; i4++) {
                T t = list.get(i4);
                arrayList2.add(t.getIdentifiableId());
                if (securedObjectType != t.getSecuredObjectType()) {
                    throw new InternalApplicationException("Identifiables should be of the same secured object type (" + securedObjectType + ")");
                }
            }
            if (arrayList2.isEmpty()) {
                break;
            }
            arrayList.addAll(getHibernateTemplate().executeFind(new HibernateCallback<List<PermissionMapping>>() { // from class: ru.runa.wfe.security.dao.PermissionDAO.2
                /* renamed from: doInHibernate, reason: merged with bridge method [inline-methods] */
                public List<PermissionMapping> m176doInHibernate(Session session) {
                    Query createQuery = session.createQuery("from PermissionMapping where identifiableId in (:identifiableIds) and type=:type and mask=:mask and executor in (:executors)");
                    createQuery.setParameterList("identifiableIds", arrayList2);
                    createQuery.setParameter(AdminScriptConstants.TYPE_ATTRIBUTE_NAME, securedObjectType);
                    createQuery.setParameter("mask", Long.valueOf(permission.getMask()));
                    createQuery.setParameterList("executors", executorWithAllHisGroups);
                    return createQuery.list();
                }
            }));
        }
        HashSet hashSet = new HashSet(arrayList.size());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            hashSet.add(((PermissionMapping) it.next()).getIdentifiableId());
        }
        boolean[] zArr2 = new boolean[list.size()];
        for (int i5 = 0; i5 < list.size(); i5++) {
            zArr2[i5] = hashSet.contains(list.get(i5).getIdentifiableId());
        }
        return zArr2;
    }

    private void checkArePermissionAllowed(Identifiable identifiable, Collection<Permission> collection) throws UnapplicablePermissionException {
        if (Permission.subtractPermissions(collection, identifiable.getSecuredObjectType().getAllPermissions()).size() > 0) {
            throw new UnapplicablePermissionException(identifiable, collection);
        }
    }

    private List<PermissionMapping> getOwnPermissionMappings(Executor executor, Identifiable identifiable) {
        return getHibernateTemplate().find("from PermissionMapping where identifiableId=? and type=? and executor=?", new Object[]{identifiable.getIdentifiableId(), identifiable.getSecuredObjectType(), executor});
    }

    private Set<Executor> getExecutorWithAllHisGroups(Executor executor) {
        HashSet hashSet = new HashSet(this.executorDAO.getExecutorParentsAll(executor, false));
        hashSet.add(executor);
        return hashSet;
    }

    public void deleteOwnPermissions(Executor executor) {
        getHibernateTemplate().bulkUpdate("delete from PermissionMapping where executor=?", executor);
    }

    public void deleteAllPermissions(Identifiable identifiable) {
        getHibernateTemplate().bulkUpdate("delete from PermissionMapping where type=? and identifiableId=?", new Object[]{identifiable.getSecuredObjectType(), identifiable.getIdentifiableId()});
    }

    public Set<Executor> getExecutorsWithPermission(Identifiable identifiable) {
        HashSet newHashSet = Sets.newHashSet(getHibernateTemplate().find("select distinct(pm.executor) from PermissionMapping pm where pm.identifiableId=? and pm.type=?", new Object[]{identifiable.getIdentifiableId(), identifiable.getSecuredObjectType()}));
        newHashSet.addAll(getPrivilegedExecutors(identifiable.getSecuredObjectType()));
        return newHashSet;
    }

    public Collection<Executor> getPrivilegedExecutors(SecuredObjectType securedObjectType) {
        return this.privelegedExecutors.get(securedObjectType);
    }

    public boolean isPrivilegedExecutor(Executor executor) {
        Iterator<Set<Executor>> it = this.privelegedExecutors.values().iterator();
        while (it.hasNext()) {
            if (it.next().contains(executor)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasPrivilegedExecutor(List<Long> list) {
        Iterator<Long> it = list.iterator();
        while (it.hasNext()) {
            if (this.privelegedExecutorIds.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean isPrivilegedExecutor(Identifiable identifiable, Executor executor) {
        return isPrivilegedExecutor(identifiable.getSecuredObjectType(), getExecutorWithAllHisGroups(executor));
    }

    private boolean isPrivilegedExecutor(SecuredObjectType securedObjectType, Collection<Executor> collection) {
        Iterator<Executor> it = collection.iterator();
        while (it.hasNext()) {
            if (getPrivilegedExecutors(securedObjectType).contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public void addType(SecuredObjectType securedObjectType, List<? extends Executor> list) {
        Iterator<? extends Executor> it = list.iterator();
        while (it.hasNext()) {
            PrivelegedMapping privelegedMapping = new PrivelegedMapping(securedObjectType, it.next());
            getHibernateTemplate().save(privelegedMapping);
            this.privelegedExecutors.get(privelegedMapping.getType()).add(privelegedMapping.getExecutor());
            this.privelegedExecutorIds.add(privelegedMapping.getExecutor().getId());
        }
    }

    public List<? extends Identifiable> getPersistentObjects(User user, BatchPresentation batchPresentation, Permission permission, SecuredObjectType[] securedObjectTypeArr, boolean z) {
        TimeMeasurer timeMeasurer = new TimeMeasurer(this.logger, 1000L);
        timeMeasurer.jobStarted();
        List<? extends Identifiable> batch = new PresentationCompiler(batchPresentation).getBatch(CompilerParameters.create(z).addPermissions(new RestrictionsToPermissions(user, permission, securedObjectTypeArr)));
        timeMeasurer.jobEnded("getObjects: " + batch.size());
        if (batch.size() == 0 && z && batchPresentation.getPageNumber() > 1) {
            this.logger.debug("resetting batch presentation to first page due to 0 results");
            batchPresentation.setPageNumber(1);
            batch = getPersistentObjects(user, batchPresentation, permission, securedObjectTypeArr, z);
        }
        return batch;
    }

    public int getPersistentObjectCount(User user, BatchPresentation batchPresentation, Permission permission, SecuredObjectType[] securedObjectTypeArr) {
        TimeMeasurer timeMeasurer = new TimeMeasurer(this.logger, 1000L);
        timeMeasurer.jobStarted();
        int count = new PresentationCompiler(batchPresentation).getCount(CompilerParameters.createNonPaged().addPermissions(new RestrictionsToPermissions(user, permission, securedObjectTypeArr)));
        timeMeasurer.jobEnded("getCount: " + count);
        return count;
    }
}
