package org.squashtest.tm.service.security.acls.jdbc;

import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.domain.project.Project;
import org.squashtest.tm.security.acls.CustomPermission;
import org.thymeleaf.standard.expression.StandardExpressionObjectFactory;

@Transactional
@Service
/* loaded from: input_file:WEB-INF/lib/tm.service-3.0.3.RELEASE.jar:org/squashtest/tm/service/security/acls/jdbc/DerivedPermissionsManager.class */
class DerivedPermissionsManager {
    private static final String REMOVE_CORE_PARTY_MANAGER_AUTHORITY = "delete from CORE_PARTY_AUTHORITY where PARTY_ID in (:ids) and AUTHORITY in ('ROLE_TM_PROJECT_MANAGER', 'ROLE_TF_AUTOMATION_PROGRAMMER', 'ROLE_TF_FUNCTIONAL_TESTER')";
    private static final String INSERT_CORE_PARTY_MANAGER_AUTHORITY = "insert into CORE_PARTY_AUTHORITY(PARTY_ID, AUTHORITY) values (:id, 'ROLE_TM_PROJECT_MANAGER')";
    private static final String INSERT_CORE_PARTY_FUNCTIONAL_TESTER_AUTHORITY = "insert into CORE_PARTY_AUTHORITY(PARTY_ID, AUTHORITY) values (:id, 'ROLE_TF_FUNCTIONAL_TESTER')";
    private static final String INSERT_CORE_PARTY_AUTOMATION_PROGRAMMER_AUTHORITY = "insert into CORE_PARTY_AUTHORITY(PARTY_ID, AUTHORITY) values (:id, 'ROLE_TF_AUTOMATION_PROGRAMMER')";
    private static final String CHECK_OBJECT_IDENTITY_EXISTENCE = "select aoi.ID from ACL_OBJECT_IDENTITY aoi inner join ACL_CLASS acc on acc.ID = aoi.CLASS_ID where aoi.IDENTITY = :id and acc.CLASSNAME = :class";
    private static final String CHECK_PARTY_EXISTENCE = "select PARTY_ID from CORE_PARTY where PARTY_ID = :id";
    private static final String FIND_ALL_USERS = "select PARTY_ID from CORE_USER";
    private static final String FIND_TEAM_MEMBERS_OR_USER = "select cu.PARTY_ID from CORE_USER cu where cu.PARTY_ID = :id UNION select cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join CORE_TEAM ct on ct.PARTY_ID = ctm.TEAM_ID where ct.PARTY_ID = :id";
    private static final String FIND_PARTIES_USING_IDENTITY = "select arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and aoi.IDENTITY = :id and acc.CLASSNAME = :class ";
    private static final String RETAIN_USERS_AUTOMATING_ANYTHING = "select distinct arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join CORE_GROUP_MEMBER cpm on cpm.PARTY_ID = arse.PARTY_ID where arse.ACL_GROUP_ID = 10 and arse.ACL_GROUP_ID != 5 and arse.PARTY_ID in (:ids) and cpm.GROUP_ID = 2 ";
    private static final String RETAIN_USERS_TESTING_ANYTHING = "select distinct arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join CORE_GROUP_MEMBER cpm on cpm.PARTY_ID = arse.PARTY_ID where arse.ACL_GROUP_ID != 10 and arse.ACL_GROUP_ID != 5 and arse.PARTY_ID in (:ids) and cpm.GROUP_ID = 2";
    private static final String RETAIN_MEMBERS_OF_TEAMS_AUTOMATING_ANYTHING = "select distinct cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join ACL_RESPONSIBILITY_SCOPE_ENTRY arse on arse.PARTY_ID = ctm.TEAM_ID inner join CORE_GROUP_MEMBER cpm on cpm.PARTY_ID = cu.PARTY_ID where arse.ACL_GROUP_ID = 10 and arse.ACL_GROUP_ID != 5 and ctm.USER_ID in (:ids) and cpm.GROUP_ID = 2";
    private static final String RETAIN_MEMBERS_OF_TEAMS_TESTING_ANYTHING = "select distinct cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join ACL_RESPONSIBILITY_SCOPE_ENTRY arse on arse.PARTY_ID = ctm.TEAM_ID inner join CORE_GROUP_MEMBER cpm on cpm.PARTY_ID = cu.PARTY_ID where arse.ACL_GROUP_ID != 10 and arse.ACL_GROUP_ID != 5 and ctm.USER_ID in (:ids) and cpm.GROUP_ID = 2";

    @PersistenceContext
    private EntityManager em;
    private static final String PROJECT_CLASS_NAME = Project.class.getName();
    private static final String PERM_MANAGEMENT = Integer.toString(CustomPermission.MANAGEMENT.getMask());
    private static final String PERM_AUTOMATING = Integer.toString(CustomPermission.WRITE_AS_AUTOMATION.getMask());
    private static final String PERM_TESTING = Integer.toString(CustomPermission.WRITE_AS_FUNCTIONAL.getMask());
    private static final String RETAIN_USERS_MANAGING_ANYTHING = "select arse.PARTY_ID from ACL_RESPONSIBILITY_SCOPE_ENTRY arse inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and acp.PERMISSION_MASK = " + PERM_MANAGEMENT + " and acc.CLASSNAME in ('org.squashtest.tm.domain.project.Project', 'org.squashtest.tm.domain.project.ProjectTemplate') and arse.PARTY_ID in (:ids)";
    private static final String RETAIN_MEMBERS_OF_TEAMS_MANAGING_ANYTHING = "select cu.PARTY_ID from CORE_USER cu inner join CORE_TEAM_MEMBER ctm on ctm.USER_ID = cu.PARTY_ID inner join ACL_RESPONSIBILITY_SCOPE_ENTRY arse on arse.PARTY_ID = ctm.TEAM_ID inner join ACL_OBJECT_IDENTITY aoi on arse.OBJECT_IDENTITY_ID = aoi.ID inner join ACL_CLASS acc on aoi.CLASS_ID = acc.ID inner join ACL_GROUP_PERMISSION acp on acp.ACL_GROUP_ID = arse.ACL_GROUP_ID where acp.CLASS_ID = acc.ID and acp.PERMISSION_MASK = " + PERM_MANAGEMENT + " and acc.CLASSNAME in ('org.squashtest.tm.domain.project.Project', 'org.squashtest.tm.domain.project.ProjectTemplate') and cu.PARTY_ID in (:ids)";

    DerivedPermissionsManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(ObjectIdentity objectIdentity) {
        updateDerivedAuths(objectIdentity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(long j) {
        updateDerivedAuths(j);
    }

    private void updateDerivedAuths(ObjectIdentity objectIdentity) {
        flush();
        if (isSortOfProject(objectIdentity)) {
            if (doesExist(objectIdentity)) {
                updateAuthsForThoseUsers(findUsers(objectIdentity));
            } else {
                updateDerivedAuths();
            }
        }
    }

    private void updateDerivedAuths(long j) {
        flush();
        if (doesExist(j)) {
            updateAuthsForThoseUsers(findMembers(j));
        } else {
            updateDerivedAuths();
        }
    }

    private void updateDerivedAuths() {
        flush();
        updateAuthsForThoseUsers(findAllUsers());
    }

    private void updateAuthsForThoseUsers(Collection<Long> collection) {
        removeProjectManagerAuthorities(collection);
        Collection<Long> retainsUsersAuthoritiesOnAnything = retainsUsersAuthoritiesOnAnything(collection, RETAIN_USERS_MANAGING_ANYTHING, RETAIN_MEMBERS_OF_TEAMS_MANAGING_ANYTHING);
        grantAuthorities(retainsUsersAuthoritiesOnAnything, INSERT_CORE_PARTY_MANAGER_AUTHORITY);
        Collection<Long> retainsUsersAuthoritiesOnAnything2 = retainsUsersAuthoritiesOnAnything(collection, RETAIN_USERS_AUTOMATING_ANYTHING, RETAIN_MEMBERS_OF_TEAMS_AUTOMATING_ANYTHING);
        retainsUsersAuthoritiesOnAnything2.removeAll(retainsUsersAuthoritiesOnAnything);
        grantAuthorities(retainsUsersAuthoritiesOnAnything2, INSERT_CORE_PARTY_AUTOMATION_PROGRAMMER_AUTHORITY);
        Collection<Long> retainsUsersAuthoritiesOnAnything3 = retainsUsersAuthoritiesOnAnything(collection, RETAIN_USERS_TESTING_ANYTHING, RETAIN_MEMBERS_OF_TEAMS_TESTING_ANYTHING);
        retainsUsersAuthoritiesOnAnything3.removeAll(retainsUsersAuthoritiesOnAnything);
        grantAuthorities(retainsUsersAuthoritiesOnAnything3, INSERT_CORE_PARTY_FUNCTIONAL_TESTER_AUTHORITY);
    }

    private boolean isSortOfProject(ObjectIdentity objectIdentity) {
        return objectIdentity.getType().equals(PROJECT_CLASS_NAME);
    }

    private boolean doesExist(ObjectIdentity objectIdentity) {
        Query createNativeQuery = this.em.createNativeQuery(CHECK_OBJECT_IDENTITY_EXISTENCE);
        createNativeQuery.setParameter("id", objectIdentity.getIdentifier());
        createNativeQuery.setParameter("class", objectIdentity.getType());
        return !createNativeQuery.getResultList().isEmpty();
    }

    private boolean doesExist(long j) {
        Query createNativeQuery = this.em.createNativeQuery(CHECK_PARTY_EXISTENCE);
        createNativeQuery.setParameter("id", Long.valueOf(j));
        return !createNativeQuery.getResultList().isEmpty();
    }

    private Collection<Long> findMembers(long j) {
        Query createNativeQuery = this.em.createNativeQuery(FIND_TEAM_MEMBERS_OR_USER);
        createNativeQuery.setParameter("id", Long.valueOf(j));
        return executeRequestAndConvertIds(createNativeQuery);
    }

    private Collection<Long> findUsers(ObjectIdentity objectIdentity) {
        Query createNativeQuery = this.em.createNativeQuery(FIND_PARTIES_USING_IDENTITY);
        createNativeQuery.setParameter("id", objectIdentity.getIdentifier());
        createNativeQuery.setParameter("class", objectIdentity.getType());
        List<Long> executeRequestAndConvertIds = executeRequestAndConvertIds(createNativeQuery);
        HashSet hashSet = new HashSet();
        Iterator<Long> it = executeRequestAndConvertIds.iterator();
        while (it.hasNext()) {
            hashSet.addAll(findMembers(it.next().longValue()));
        }
        return hashSet;
    }

    private Collection<Long> findAllUsers() {
        return executeRequestAndConvertIds(this.em.createNativeQuery(FIND_ALL_USERS));
    }

    private void removeProjectManagerAuthorities(Collection<Long> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Query createNativeQuery = this.em.createNativeQuery(REMOVE_CORE_PARTY_MANAGER_AUTHORITY);
        createNativeQuery.setParameter(StandardExpressionObjectFactory.IDS_EXPRESSION_OBJECT_NAME, collection);
        createNativeQuery.executeUpdate();
    }

    private Collection<Long> retainsUsersAuthoritiesOnAnything(Collection<Long> collection, String str, String str2) {
        if (collection.isEmpty()) {
            return Collections.emptyList();
        }
        HashSet hashSet = new HashSet();
        Query createNativeQuery = this.em.createNativeQuery(str);
        createNativeQuery.setParameter(StandardExpressionObjectFactory.IDS_EXPRESSION_OBJECT_NAME, collection);
        hashSet.addAll(executeRequestAndConvertIds(createNativeQuery));
        Query createNativeQuery2 = this.em.createNativeQuery(str2);
        createNativeQuery2.setParameter(StandardExpressionObjectFactory.IDS_EXPRESSION_OBJECT_NAME, collection);
        hashSet.addAll(executeRequestAndConvertIds(createNativeQuery2));
        return hashSet;
    }

    private void grantAuthorities(Collection<Long> collection, String str) {
        for (Long l : collection) {
            Query createNativeQuery = this.em.createNativeQuery(str);
            createNativeQuery.setParameter("id", l);
            createNativeQuery.executeUpdate();
        }
    }

    private void flush() {
        this.em.flush();
    }

    private List<Long> executeRequestAndConvertIds(Query query) {
        List resultList = query.getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(Long.valueOf(((BigInteger) it.next()).longValue()));
        }
        return arrayList;
    }
}
