package org.squashtest.tm.service.security.acls.jdbc;

import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.hibernate.SQLQuery;
import org.hibernate.Session;
import org.hibernate.type.LongType;
import org.hibernate.type.StringType;
import org.springframework.orm.jpa.aspectj.JpaExceptionTranslatorAspect;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.domain.project.Project;
import org.squashtest.tm.security.acls.CustomPermission;
import org.squashtest.tm.service.internal.repository.hibernate.SqLIdResultTransformer;

@Transactional
@Service
/* loaded from: input_file:org/squashtest/tm/service/security/acls/jdbc/DerivedPermissionsManager.class */
class DerivedPermissionsManager {
    private static final String REMOVE_CORE_PARTY_MANAGER_AUTHORITY = "delete from CORE_PARTY_AUTHORITY where PARTY_ID in (:ids) and AUTHORITY = 'ROLE_TM_PROJECT_MANAGER'";
    private static final String INSERT_CORE_PARTY_MANAGER_AUTHORITY = "insert into CORE_PARTY_AUTHORITY(PARTY_ID, AUTHORITY) values (:id, 'ROLE_TM_PROJECT_MANAGER')";
    private static final String CHECK_OBJECT_IDENTITY_EXISTENCE = "select aoi.ID from ACL_OBJECT_IDENTITY aoi inner join ACL_CLASS acc on acc.ID = aoi.CLASS_ID where aoi.IDENTITY = :id and acc.CLASSNAME = :class";
    private static final String CHECK_PARTY_EXISTENCE = "select PARTY_ID from CORE_PARTY where PARTY_ID = :id";
    private static final String FIND_ALL_USERS = "select PARTY_ID from CORE_USER";
    private static final String FIND_TEAM_MEMBERS_OR_USER = "select cu.PARTY_ID from CORE_USER cu where cu.PARTY_ID = :id UNION select cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join CORE_TEAM ct on ct.PARTY_ID = ctm.TEAM_ID where ct.PARTY_ID = :id";
    private static final String FIND_PARTIES_USING_IDENTITY = "select arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and aoi.IDENTITY = :id and acc.CLASSNAME = :class ";

    @PersistenceContext
    private EntityManager em;
    private static final String PROJECT_CLASS_NAME = Project.class.getName();
    private static final String PERM_MANAGEMENT = Integer.toString(CustomPermission.MANAGEMENT.getMask());
    private static final String RETAIN_USERS_MANAGING_ANYTHING = "select arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and acp.PERMISSION_MASK = " + PERM_MANAGEMENT + " and acc.CLASSNAME in ('org.squashtest.tm.domain.project.Project', 'org.squashtest.tm.domain.project.ProjectTemplate') and arse.PARTY_ID in (:ids)";
    private static final String RETAIN_MEMBERS_OF_TEAMS_MANAGING_ANYTHING = "select cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join ACL_RESPONSIBILITY_SCOPE_ENTRY arse on arse.PARTY_ID = ctm.TEAM_ID inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and acp.PERMISSION_MASK = " + PERM_MANAGEMENT + " and acc.CLASSNAME in ('org.squashtest.tm.domain.project.Project', 'org.squashtest.tm.domain.project.ProjectTemplate') and cu.PARTY_ID in (:ids)";

    DerivedPermissionsManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(ObjectIdentity objectIdentity) {
        updateDerivedAuths(objectIdentity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(long j) {
        updateDerivedAuths(j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(long j, ObjectIdentity objectIdentity) {
        updateDerivedAuths(j);
    }

    private void updateDerivedAuths(ObjectIdentity objectIdentity) {
        flush();
        if (isSortOfProject(objectIdentity)) {
            if (doesExist(objectIdentity)) {
                updateAuthsForThoseUsers(findUsers(objectIdentity));
            } else {
                updateDerivedAuths();
            }
        }
    }

    private void updateDerivedAuths(long j) {
        flush();
        if (doesExist(j)) {
            updateAuthsForThoseUsers(findMembers(j));
        } else {
            updateDerivedAuths();
        }
    }

    private void updateDerivedAuths() {
        flush();
        updateAuthsForThoseUsers(findAllUsers());
    }

    private void updateAuthsForThoseUsers(Collection<Long> collection) {
        removeProjectManagerAuthorities(collection);
        grantProjectManagerAuthorities(retainUsersManagingAnything(collection));
    }

    private boolean isSortOfProject(ObjectIdentity objectIdentity) {
        return objectIdentity.getType().equals(PROJECT_CLASS_NAME);
    }

    private boolean doesExist(ObjectIdentity objectIdentity) {
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(CHECK_OBJECT_IDENTITY_EXISTENCE);
            createSQLQuery.setParameter("id", objectIdentity.getIdentifier(), LongType.INSTANCE);
            createSQLQuery.setParameter("class", objectIdentity.getType());
            return !createSQLQuery.list().isEmpty();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private boolean doesExist(long j) {
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(CHECK_PARTY_EXISTENCE);
            createSQLQuery.setParameter("id", Long.valueOf(j), LongType.INSTANCE);
            return !createSQLQuery.list().isEmpty();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private Collection<Long> findMembers(long j) {
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(FIND_TEAM_MEMBERS_OR_USER);
            createSQLQuery.setParameter("id", Long.valueOf(j), LongType.INSTANCE);
            createSQLQuery.setResultTransformer(new SqLIdResultTransformer());
            return createSQLQuery.list();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private Collection<Long> findUsers(ObjectIdentity objectIdentity) {
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(FIND_PARTIES_USING_IDENTITY);
            createSQLQuery.setParameter("id", objectIdentity.getIdentifier(), LongType.INSTANCE);
            createSQLQuery.setParameter("class", objectIdentity.getType(), StringType.INSTANCE);
            createSQLQuery.setResultTransformer(new SqLIdResultTransformer());
            List list = createSQLQuery.list();
            HashSet hashSet = new HashSet();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                hashSet.addAll(findMembers(((Long) it.next()).longValue()));
            }
            return hashSet;
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private Collection<Long> findAllUsers() {
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(FIND_ALL_USERS);
            createSQLQuery.setResultTransformer(new SqLIdResultTransformer());
            return createSQLQuery.list();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private void removeProjectManagerAuthorities(Collection<Long> collection) {
        if (collection.isEmpty()) {
            return;
        }
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(REMOVE_CORE_PARTY_MANAGER_AUTHORITY);
            createSQLQuery.setParameterList("ids", collection, LongType.INSTANCE);
            createSQLQuery.executeUpdate();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }

    private Collection<Long> retainUsersManagingAnything(Collection<Long> collection) {
        if (collection.isEmpty()) {
            return Collections.emptyList();
        }
        HashSet hashSet = new HashSet();
        try {
            SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(RETAIN_USERS_MANAGING_ANYTHING);
            createSQLQuery.setParameterList("ids", collection, LongType.INSTANCE);
            createSQLQuery.setResultTransformer(new SqLIdResultTransformer());
            hashSet.addAll(createSQLQuery.list());
            try {
                SQLQuery createSQLQuery2 = ((Session) this.em.unwrap(Session.class)).createSQLQuery(RETAIN_MEMBERS_OF_TEAMS_MANAGING_ANYTHING);
                createSQLQuery2.setParameterList("ids", collection, LongType.INSTANCE);
                createSQLQuery2.setResultTransformer(new SqLIdResultTransformer());
                hashSet.addAll(createSQLQuery2.list());
                return hashSet;
            } catch (RuntimeException e) {
                JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
                throw e;
            }
        } catch (RuntimeException e2) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e2);
            throw e2;
        }
    }

    private void grantProjectManagerAuthorities(Collection<Long> collection) {
        for (Long l : collection) {
            try {
                SQLQuery createSQLQuery = ((Session) this.em.unwrap(Session.class)).createSQLQuery(INSERT_CORE_PARTY_MANAGER_AUTHORITY);
                createSQLQuery.setParameter("id", l, LongType.INSTANCE);
                createSQLQuery.executeUpdate();
            } catch (RuntimeException e) {
                JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
                throw e;
            }
        }
    }

    private void flush() {
        try {
            ((Session) this.em.unwrap(Session.class)).flush();
        } catch (RuntimeException e) {
            JpaExceptionTranslatorAspect.aspectOf().ajc$afterThrowing$org_springframework_orm_jpa_aspectj_JpaExceptionTranslatorAspect$1$18a1ac9(e);
            throw e;
        }
    }
}
