package org.squashtest.tm.service.security.acls.jdbc;

import java.util.Collection;
import java.util.List;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.jooq.CommonTableExpression;
import org.jooq.DSLContext;
import org.jooq.Select;
import org.jooq.TableField;
import org.jooq.TableLike;
import org.jooq.WithStep;
import org.jooq.impl.DSL;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.api.security.acls.Roles;
import org.squashtest.tm.domain.project.Project;
import org.squashtest.tm.domain.project.ProjectTemplate;
import org.squashtest.tm.jooq.domain.Tables;
import org.squashtest.tm.jooq.domain.tables.records.AclClassRecord;
import org.squashtest.tm.jooq.domain.tables.records.AclGroupPermissionRecord;
import org.squashtest.tm.jooq.domain.tables.records.AclObjectIdentityRecord;
import org.squashtest.tm.jooq.domain.tables.records.AclResponsibilityScopeEntryRecord;
import org.squashtest.tm.jooq.domain.tables.records.CoreGroupMemberRecord;
import org.squashtest.tm.jooq.domain.tables.records.CoreTeamRecord;
import org.squashtest.tm.jooq.domain.tables.records.CoreUserRecord;
import org.squashtest.tm.security.acls.CustomPermission;

@Transactional
@Service
/* loaded from: input_file:WEB-INF/lib/tm.service-8.0.0.IT2.jar:org/squashtest/tm/service/security/acls/jdbc/DerivedPermissionsManager.class */
class DerivedPermissionsManager {
    private static final String USERS_CTE = "USERS_CTE";
    private static final String CTE_PARTY_ID = "CTE_PARTY_ID";
    private static final String PROJECT_CLASS_NAME = Project.class.getName();
    private static final String INSERT_CORE_PARTY_AUTHORITY = "insert into CORE_PARTY_AUTHORITY(PARTY_ID, AUTHORITY) select PARTY_ID, :authority FROM CORE_PARTY where PARTY_ID in (:ids)";
    private static final String CHECK_OBJECT_IDENTITY_EXISTENCE = "select aoi.ID from ACL_OBJECT_IDENTITY aoi inner join ACL_CLASS acc on acc.ID = aoi.CLASS_ID where aoi.IDENTITY = :id and acc.CLASSNAME = :class";
    private static final String CHECK_PARTY_EXISTENCE = "select PARTY_ID from CORE_PARTY where PARTY_ID = :id";

    @PersistenceContext
    private EntityManager em;

    @Inject
    private DSLContext dslContext;

    DerivedPermissionsManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(ObjectIdentity objectIdentity) {
        updateDerivedAuths(objectIdentity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateDerivedPermissions(long j) {
        updateDerivedAuths(j);
    }

    private void updateDerivedAuths(ObjectIdentity objectIdentity) {
        flush();
        if (isSortOfProject(objectIdentity)) {
            if (doesExist(objectIdentity)) {
                updateAuthsForThoseUsers(findUsers(objectIdentity));
            } else {
                updateDerivedAuths();
            }
        }
    }

    private void updateDerivedAuths(long j) {
        flush();
        if (doesExist(j)) {
            updateAuthsForThoseUsers(withMembers(j));
        } else {
            updateDerivedAuths();
        }
    }

    private WithStep withMembers(long j) {
        return this.dslContext.with(DSL.name(USERS_CTE).fields(CTE_PARTY_ID).as(DSL.select(Tables.CORE_USER.PARTY_ID).from(Tables.CORE_USER).where(Tables.CORE_USER.PARTY_ID.eq((TableField<CoreUserRecord, Long>) Long.valueOf(j))).union((Select) DSL.select(Tables.CORE_USER.PARTY_ID).from(Tables.CORE_USER).innerJoin(Tables.CORE_TEAM_MEMBER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_TEAM_MEMBER.USER_ID)).innerJoin(Tables.CORE_TEAM).on(Tables.CORE_TEAM_MEMBER.TEAM_ID.eq(Tables.CORE_TEAM.PARTY_ID)).where(Tables.CORE_TEAM.PARTY_ID.eq((TableField<CoreTeamRecord, Long>) Long.valueOf(j))))));
    }

    private void updateDerivedAuths() {
        flush();
        updateAuthsForThoseUsers(this.dslContext.with(DSL.name(USERS_CTE).fields(CTE_PARTY_ID).as(DSL.select(Tables.CORE_USER.PARTY_ID).from(Tables.CORE_USER))));
    }

    private void updateAuthsForThoseUsers(WithStep withStep) {
        List<Long> fetchInto = withStep.selectFrom(DSL.name(USERS_CTE)).fetchInto(Long.class);
        if (fetchInto.isEmpty()) {
            return;
        }
        removeProjectManagerAuthorities(fetchInto);
        Collection<Long> retainsManagersAuthorities = retainsManagersAuthorities(withStep);
        grantAuthorities(retainsManagersAuthorities, Roles.ROLE_TM_PROJECT_MANAGER);
        Collection<Long> retainsAutomationsAuthorities = retainsAutomationsAuthorities(withStep);
        retainsAutomationsAuthorities.removeAll(retainsManagersAuthorities);
        grantAuthorities(retainsAutomationsAuthorities, Roles.ROLE_TF_AUTOMATION_PROGRAMMER);
        Collection<Long> retainsTestersAuthorities = retainsTestersAuthorities(withStep);
        retainsTestersAuthorities.removeAll(retainsManagersAuthorities);
        grantAuthorities(retainsTestersAuthorities, Roles.ROLE_TF_FUNCTIONAL_TESTER);
    }

    private boolean isSortOfProject(ObjectIdentity objectIdentity) {
        return objectIdentity.getType().equals(PROJECT_CLASS_NAME);
    }

    private boolean doesExist(ObjectIdentity objectIdentity) {
        Query createNativeQuery = this.em.createNativeQuery(CHECK_OBJECT_IDENTITY_EXISTENCE);
        createNativeQuery.setParameter("id", objectIdentity.getIdentifier());
        createNativeQuery.setParameter("class", objectIdentity.getType());
        return !createNativeQuery.getResultList().isEmpty();
    }

    private boolean doesExist(long j) {
        Query createNativeQuery = this.em.createNativeQuery(CHECK_PARTY_EXISTENCE);
        createNativeQuery.setParameter("id", Long.valueOf(j));
        return !createNativeQuery.getResultList().isEmpty();
    }

    private WithStep findUsers(ObjectIdentity objectIdentity) {
        TableLike<?> as = DSL.name("cte").fields("PARTY_ID").as(DSL.select(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID).from(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).innerJoin(Tables.ACL_OBJECT_IDENTITY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.OBJECT_IDENTITY_ID.eq(Tables.ACL_OBJECT_IDENTITY.ID)).innerJoin(Tables.ACL_CLASS).on(Tables.ACL_OBJECT_IDENTITY.CLASS_ID.eq(Tables.ACL_CLASS.ID)).innerJoin(Tables.ACL_GROUP_PERMISSION).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.eq(Tables.ACL_GROUP_PERMISSION.ACL_GROUP_ID)).where(Tables.ACL_GROUP_PERMISSION.CLASS_ID.eq(Tables.ACL_CLASS.ID).and(Tables.ACL_OBJECT_IDENTITY.IDENTITY.eq((TableField<AclObjectIdentityRecord, Long>) objectIdentity.getIdentifier())).and(Tables.ACL_CLASS.CLASSNAME.eq((TableField<AclClassRecord, String>) objectIdentity.getType()))));
        return this.dslContext.with(DSL.name(USERS_CTE).fields(CTE_PARTY_ID).as(DSL.with((CommonTableExpression<?>[]) new CommonTableExpression[]{as}).select(Tables.CORE_USER.PARTY_ID).from(Tables.CORE_USER).innerJoin(as).on(Tables.CORE_USER.PARTY_ID.eq(as.field("PARTY_ID", Long.class))).union((Select) DSL.select(Tables.CORE_USER.PARTY_ID).from(Tables.CORE_USER).innerJoin(Tables.CORE_TEAM_MEMBER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_TEAM_MEMBER.USER_ID)).innerJoin(Tables.CORE_TEAM).on(Tables.CORE_TEAM_MEMBER.TEAM_ID.eq(Tables.CORE_TEAM.PARTY_ID)).innerJoin(as).on(Tables.CORE_TEAM.PARTY_ID.eq(as.field("PARTY_ID", Long.class))))));
    }

    private void removeProjectManagerAuthorities(List<Long> list) {
        this.dslContext.delete(Tables.CORE_PARTY_AUTHORITY).where(Tables.CORE_PARTY_AUTHORITY.PARTY_ID.in(list).and(Tables.CORE_PARTY_AUTHORITY.AUTHORITY.in(Roles.ROLE_TM_PROJECT_MANAGER, Roles.ROLE_TF_AUTOMATION_PROGRAMMER, Roles.ROLE_TF_FUNCTIONAL_TESTER))).execute();
    }

    private Collection<Long> retainsManagersAuthorities(WithStep withStep) {
        return withStep.select(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.ACL_OBJECT_IDENTITY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.OBJECT_IDENTITY_ID.eq(Tables.ACL_OBJECT_IDENTITY.ID)).innerJoin(Tables.ACL_CLASS).on(Tables.ACL_OBJECT_IDENTITY.CLASS_ID.eq(Tables.ACL_CLASS.ID)).innerJoin(Tables.ACL_GROUP_PERMISSION).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.eq(Tables.ACL_GROUP_PERMISSION.ACL_GROUP_ID)).where(Tables.ACL_GROUP_PERMISSION.CLASS_ID.eq(Tables.ACL_CLASS.ID).and(Tables.ACL_GROUP_PERMISSION.PERMISSION_MASK.eq((TableField<AclGroupPermissionRecord, Integer>) Integer.valueOf(CustomPermission.MANAGEMENT.getMask()))).and(Tables.ACL_CLASS.CLASSNAME.in(Project.class.getName(), ProjectTemplate.class.getName()))).union((Select) DSL.select(Tables.CORE_USER.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.CORE_USER).on(Tables.CORE_USER.PARTY_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.CORE_TEAM_MEMBER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_TEAM_MEMBER.USER_ID)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.CORE_TEAM_MEMBER.TEAM_ID.eq(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID)).innerJoin(Tables.ACL_OBJECT_IDENTITY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.OBJECT_IDENTITY_ID.eq(Tables.ACL_OBJECT_IDENTITY.ID)).innerJoin(Tables.ACL_CLASS).on(Tables.ACL_OBJECT_IDENTITY.CLASS_ID.eq(Tables.ACL_CLASS.ID)).innerJoin(Tables.ACL_GROUP_PERMISSION).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.eq(Tables.ACL_GROUP_PERMISSION.ACL_GROUP_ID)).where(Tables.ACL_GROUP_PERMISSION.CLASS_ID.eq(Tables.ACL_CLASS.ID).and(Tables.ACL_GROUP_PERMISSION.PERMISSION_MASK.eq((TableField<AclGroupPermissionRecord, Integer>) Integer.valueOf(CustomPermission.MANAGEMENT.getMask()))).and(Tables.ACL_CLASS.CLASSNAME.in(Project.class.getName(), ProjectTemplate.class.getName())))).fetchInto(Long.class);
    }

    private Collection<Long> retainsAutomationsAuthorities(WithStep withStep) {
        return withStep.selectDistinct(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.CORE_GROUP_MEMBER).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID.eq(Tables.CORE_GROUP_MEMBER.PARTY_ID)).where(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.eq((TableField<AclResponsibilityScopeEntryRecord, Long>) 10L).and(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 5L)).and(Tables.CORE_GROUP_MEMBER.GROUP_ID.eq((TableField<CoreGroupMemberRecord, Long>) 2L))).union((Select) DSL.selectDistinct(Tables.CORE_USER.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.CORE_TEAM_MEMBER).on(Tables.CORE_TEAM_MEMBER.USER_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.CORE_USER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_TEAM_MEMBER.USER_ID)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.CORE_TEAM_MEMBER.TEAM_ID.eq(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID)).innerJoin(Tables.CORE_GROUP_MEMBER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_GROUP_MEMBER.PARTY_ID)).where(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.eq((TableField<AclResponsibilityScopeEntryRecord, Long>) 10L).and(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 5L)).and(Tables.CORE_GROUP_MEMBER.GROUP_ID.eq((TableField<CoreGroupMemberRecord, Long>) 2L)))).fetchInto(Long.class);
    }

    private Collection<Long> retainsTestersAuthorities(WithStep withStep) {
        return withStep.selectDistinct(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.CORE_GROUP_MEMBER).on(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID.eq(Tables.CORE_GROUP_MEMBER.PARTY_ID)).where(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 10L).and(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 5L)).and(Tables.CORE_GROUP_MEMBER.GROUP_ID.eq((TableField<CoreGroupMemberRecord, Long>) 2L))).union((Select) DSL.selectDistinct(Tables.CORE_USER.PARTY_ID).from(DSL.name(USERS_CTE)).innerJoin(Tables.CORE_TEAM_MEMBER).on(Tables.CORE_TEAM_MEMBER.USER_ID.eq(DSL.field(CTE_PARTY_ID, Long.class))).innerJoin(Tables.CORE_USER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_TEAM_MEMBER.USER_ID)).innerJoin(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY).on(Tables.CORE_TEAM_MEMBER.TEAM_ID.eq(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.PARTY_ID)).innerJoin(Tables.CORE_GROUP_MEMBER).on(Tables.CORE_USER.PARTY_ID.eq(Tables.CORE_GROUP_MEMBER.PARTY_ID)).where(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 10L).and(Tables.ACL_RESPONSIBILITY_SCOPE_ENTRY.ACL_GROUP_ID.notEqual((TableField<AclResponsibilityScopeEntryRecord, Long>) 5L)).and(Tables.CORE_GROUP_MEMBER.GROUP_ID.eq((TableField<CoreGroupMemberRecord, Long>) 2L)))).fetchInto(Long.class);
    }

    private void grantAuthorities(Collection<Long> collection, String str) {
        Query createNativeQuery = this.em.createNativeQuery(INSERT_CORE_PARTY_AUTHORITY);
        createNativeQuery.setParameter("ids", collection);
        createNativeQuery.setParameter("authority", str);
        createNativeQuery.executeUpdate();
    }

    private void flush() {
        this.em.flush();
    }
}
