package fr.inra.agrosyst.services.security;

import fr.inra.agrosyst.api.entities.security.ComputedUserPermission;
import fr.inra.agrosyst.api.entities.security.PermissionObjectType;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/agrosyst-services-0.10.4.jar:fr/inra/agrosyst/services/security/SecurityHelper.class */
public class SecurityHelper {
    public static final int PERMISSION_READ_VALIDATED = 1;
    public static final int PERMISSION_READ_RAW = 3;
    public static final int PERMISSION_WRITE = 7;
    public static final int PERMISSION_ADMIN = 15;
    protected static final String IN_READ_RAW = " %s.%s IN (    SELECT DISTINCT cup.object   FROM " + ComputedUserPermission.class.getName() + " cup   WHERE cup.userId = :cup_userId   AND   cup.type = :%s   AND   cup.action >= :cup_action_read_raw ) ";
    protected static final String IN_READ_VALIDATED = " %s.%s IN (    SELECT DISTINCT cup.object   FROM " + ComputedUserPermission.class.getName() + " cup   WHERE cup.userId = :cup_userId   AND   cup.type = :%s   AND   cup.action = :cup_action_read_validated ) ";

    protected static void addSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3, String str4) {
        if (securityContext.isAdmin()) {
            return;
        }
        String userId = securityContext.getUserId();
        sb.append(String.format(" AND ( ( %s OR %s ) OR ( %s = true AND ( %s OR %s ) ) ) ", String.format(IN_READ_RAW, str, str2, "cup_type_code"), String.format(IN_READ_RAW, str, str3, "cup_type_id"), str + "." + str4, String.format(IN_READ_VALIDATED, str, str2, "cup_type_code"), String.format(IN_READ_VALIDATED, str, str3, "cup_type_id")));
        map.put("cup_userId", userId);
        map.put("cup_type_code", permissionObjectType);
        map.put("cup_type_id", permissionObjectType2);
        map.put("cup_action_read_raw", 3);
        map.put("cup_action_read_validated", 1);
    }

    public static void addDomainFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addSecurityFilter(sb, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "code", "topiaId", "validated");
    }

    public static void addGrowingPlanFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addSecurityFilter(sb, map, securityContext, str, PermissionObjectType.GROWING_PLAN_CODE, PermissionObjectType.GROWING_PLAN_ID, "code", "topiaId", "validated");
    }

    public static void addGrowingSystemFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addSecurityFilter(sb, map, securityContext, str, PermissionObjectType.GROWING_SYSTEM_CODE, PermissionObjectType.GROWING_SYSTEM_ID, "code", "topiaId", "validated");
    }
}
