package fr.inra.agrosyst.services.security;

import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import fr.inra.agrosyst.api.entities.Domain;
import fr.inra.agrosyst.api.entities.GrowingPlan;
import fr.inra.agrosyst.api.entities.GrowingSystem;
import fr.inra.agrosyst.api.entities.Plot;
import fr.inra.agrosyst.api.entities.Zone;
import fr.inra.agrosyst.api.entities.practiced.PracticedSystem;
import fr.inra.agrosyst.api.entities.report.ReportGrowingSystem;
import fr.inra.agrosyst.api.entities.report.ReportRegional;
import fr.inra.agrosyst.api.entities.security.ComputedUserPermission;
import fr.inra.agrosyst.api.entities.security.PermissionObjectType;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/agrosyst-services-2.14.jar:fr/inra/agrosyst/services/security/SecurityHelper.class */
public class SecurityHelper {
    public static final int PERMISSION_READ_VALIDATED = 1;
    public static final int PERMISSION_READ_RAW = 3;
    public static final int PERMISSION_WRITE = 7;
    public static final int PERMISSION_ADMIN = 15;
    protected static final String IN_SELECT_CUP_ACTION_HIGHER_THAN = " %s.%s IN (    SELECT DISTINCT cup.object   FROM " + ComputedUserPermission.class.getName() + " cup   WHERE cup.userId = :cup_userId   AND   cup.type = :%s   AND   cup.action >= :cup_action ) ";
    protected static final String IN_SELECT_CUP_ACTION_EQUALS = " %s.%s IN (    SELECT DISTINCT cup.object   FROM " + ComputedUserPermission.class.getName() + " cup   WHERE cup.userId = :cup_userId   AND   cup.type = :%s   AND   cup.action = :cup_action_read_validated ) ";

    protected static void addMinimumActionSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3, int i) {
        if (securityContext.isAdmin()) {
            return;
        }
        String userId = securityContext.getUserId();
        sb.append(String.format(" AND ( %s OR %s ) ", String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, str2, "cup_type_code"), String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, str3, "cup_type_id")));
        map.put("cup_userId", userId);
        map.put("cup_type_code", permissionObjectType);
        map.put("cup_type_id", permissionObjectType2);
        map.put("cup_action", Integer.valueOf(i));
    }

    protected static void addMinimumActionSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, String str2, int i) {
        if (securityContext.isAdmin()) {
            return;
        }
        String userId = securityContext.getUserId();
        sb.append(String.format(" AND %s ", String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, str2, "cup_type_id")));
        map.put("cup_userId", userId);
        map.put("cup_type_id", permissionObjectType);
        map.put("cup_action", Integer.valueOf(i));
    }

    protected static void addReadSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3) {
        addMinimumActionSecurityFilter(sb, map, securityContext, str, permissionObjectType, permissionObjectType2, str2, str3, 3);
    }

    protected static void addReadSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, String str2) {
        addMinimumActionSecurityFilter(sb, map, securityContext, str, permissionObjectType, str2, 3);
    }

    protected static void addReadValidatedSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3) {
        addMinimumActionSecurityFilter(sb, map, securityContext, str, permissionObjectType, permissionObjectType2, str2, str3, 1);
    }

    protected static void addWriteSecurityFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3) {
        addMinimumActionSecurityFilter(sb, map, securityContext, str, permissionObjectType, permissionObjectType2, str2, str3, 7);
    }

    protected static void addReadSecurityFilterOnValidableEntity(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str, PermissionObjectType permissionObjectType, PermissionObjectType permissionObjectType2, String str2, String str3, String str4) {
        if (securityContext.isAdmin()) {
            return;
        }
        String userId = securityContext.getUserId();
        sb.append(String.format(" AND ( ( %s OR %s ) OR ( %s = true AND ( %s OR %s ) ) ) ", String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, str2, "cup_type_code"), String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, str3, "cup_type_id"), str + "." + str4, String.format(IN_SELECT_CUP_ACTION_EQUALS, str, str2, "cup_type_code"), String.format(IN_SELECT_CUP_ACTION_EQUALS, str, str3, "cup_type_id")));
        map.put("cup_userId", userId);
        map.put("cup_type_code", permissionObjectType);
        map.put("cup_type_id", permissionObjectType2);
        map.put("cup_action", 3);
        map.put("cup_action_read_validated", 1);
    }

    public static void addDomainFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addReadSecurityFilterOnValidableEntity(sb, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "code", "topiaId", "validated");
    }

    public static void addWritableDomainFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addWriteSecurityFilter(sb, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "code", "topiaId");
    }

    public static void addWritableDomainFilterForDecisionRuleCreation(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        StringBuilder sb2 = new StringBuilder();
        addWriteSecurityFilter(sb2, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "code", "topiaId");
        StringBuilder sb3 = new StringBuilder();
        if (!securityContext.isAdmin()) {
            sb3.append(String.format(IN_SELECT_CUP_ACTION_HIGHER_THAN, str, "topiaId IN ( SELECT gp.domain.topiaId FROM " + GrowingPlan.class.getName() + " gp WHERE gp.code", "cup_gp_code"));
            sb3.append(" ) ");
            map.put("cup_gp_code", PermissionObjectType.GROWING_PLAN_CODE);
        }
        if (sb2.length() <= 0 || sb3.length() <= 0) {
            return;
        }
        String sb4 = sb2.toString();
        Preconditions.checkState(sb4.endsWith(" ) "));
        sb.append(((sb4.substring(0, sb4.length() - 3) + " OR ") + sb3.toString()) + " ) ");
    }

    public static void addReadValidatedDomainFilterForDecisionRuleList(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        StringBuilder sb2 = new StringBuilder();
        addReadValidatedSecurityFilter(sb2, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "code", "topiaId");
        sb.append((CharSequence) sb2);
    }

    public static void addGrowingPlanFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addReadSecurityFilterOnValidableEntity(sb, map, securityContext, str, PermissionObjectType.GROWING_PLAN_CODE, PermissionObjectType.GROWING_PLAN_ID, "code", "topiaId", "validated");
    }

    public static void addGrowingSystemFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addReadSecurityFilterOnValidableEntity(sb, map, securityContext, str, PermissionObjectType.GROWING_SYSTEM_CODE, PermissionObjectType.GROWING_SYSTEM_ID, "code", "topiaId", "validated");
    }

    public static void addZoneFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        if (securityContext.isAdmin()) {
            return;
        }
        StringBuilder sb2 = new StringBuilder(" SELECT p1.topiaId FROM " + Plot.class.getName() + " p1 ");
        sb2.append(" WHERE p1.growingSystem IS NULL ");
        addReadSecurityFilterOnValidableEntity(sb2, map, securityContext, "p1", PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, Joiner.on(".").join("domain", "code", new Object[0]), Joiner.on(".").join("domain", "topiaId", new Object[0]), Joiner.on(".").join("domain", "validated", new Object[0]));
        String sb3 = sb2.toString();
        Iterator it = Sets.newHashSet("cup_type_code", "cup_type_id").iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            String str3 = ":" + str2;
            while (sb3.contains(str3)) {
                int indexOf = sb3.indexOf(str3);
                sb3 = sb3.substring(0, indexOf) + (":domain_" + str2) + sb3.substring(indexOf + str3.length());
            }
        }
        map.remove("cup_type_code");
        map.remove("cup_type_id");
        map.put("domain_cup_type_code", PermissionObjectType.DOMAIN_CODE);
        map.put("domain_cup_type_id", PermissionObjectType.DOMAIN_ID);
        StringBuilder sb4 = new StringBuilder(" SELECT p2.topiaId FROM " + Plot.class.getName() + " p2 ");
        sb4.append(" WHERE p2.growingSystem IS NOT NULL ");
        addReadSecurityFilterOnValidableEntity(sb4, map, securityContext, "p2", PermissionObjectType.GROWING_SYSTEM_CODE, PermissionObjectType.GROWING_SYSTEM_ID, Joiner.on(".").join("growingSystem", "code", new Object[0]), Joiner.on(".").join("growingSystem", "topiaId", new Object[0]), Joiner.on(".").join("growingSystem", "validated", new Object[0]));
        sb.append(String.format(" AND ( " + str + "." + Zone.PROPERTY_PLOT + ".topiaId IN ( %s )  OR " + str + "." + Zone.PROPERTY_PLOT + ".topiaId IN ( %s )  ) ", sb3, sb4));
    }

    public static void addWritableGrowingSystemFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addWriteSecurityFilter(sb, map, securityContext, str, PermissionObjectType.GROWING_SYSTEM_CODE, PermissionObjectType.GROWING_SYSTEM_ID, "code", "topiaId");
    }

    public static void addDecisionRuleFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        StringBuilder sb2 = new StringBuilder();
        addReadValidatedSecurityFilter(sb2, map, securityContext, str, PermissionObjectType.DOMAIN_CODE, PermissionObjectType.DOMAIN_ID, "domainCode", "domainCode IN ( SELECT d.code FROM " + Domain.class.getName() + " d WHERE d.topiaId ");
        if (sb2.length() > 0) {
            sb2.append(" ) ");
        }
        sb.append((CharSequence) sb2);
    }

    public static void addPracticedSystemFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addReadSecurityFilterOnValidableEntity(sb, map, securityContext, str, PermissionObjectType.GROWING_SYSTEM_CODE, PermissionObjectType.GROWING_SYSTEM_ID, Joiner.on('.').join("growingSystem", "code", new Object[0]), Joiner.on('.').join("growingSystem", "topiaId", new Object[0]), "validated = true AND " + str + "." + Joiner.on('.').join("growingSystem", "validated", new Object[0]));
    }

    public static void addPracticedPlotFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        StringBuilder sb2 = new StringBuilder();
        addPracticedSystemFilter(sb2, map, securityContext, "ps");
        if (sb2.length() > 0) {
            sb.append(String.format(" AND %s.%s IN ( SELECT ps.%s FROM %s ps WHERE 1=1 %s ) ", str, Joiner.on('.').join("practicedSystem", "topiaId", new Object[0]), "topiaId", PracticedSystem.class.getName(), sb2.toString()));
        }
    }

    public static void addReportRegionalFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        addReadSecurityFilter(sb, map, securityContext, str, PermissionObjectType.REPORT_REGIONAL_ID, "topiaId");
    }

    public static void addReportGrowingSystemFilter(StringBuilder sb, Map<String, Object> map, SecurityContext securityContext, String str) {
        if (securityContext.isAdmin()) {
            return;
        }
        StringBuilder sb2 = new StringBuilder(" SELECT gs.topiaId FROM " + GrowingSystem.class.getName() + " gs ");
        sb2.append(" WHERE 1 = 1 ");
        addGrowingSystemFilter(sb2, map, securityContext, "gs");
        String sb3 = sb2.toString();
        Iterator it = Sets.newHashSet("cup_type_code", "cup_type_id").iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            String str3 = ":" + str2;
            while (sb3.contains(str3)) {
                int indexOf = sb3.indexOf(str3);
                sb3 = sb3.substring(0, indexOf) + (":gs_" + str2) + sb3.substring(indexOf + str3.length());
            }
        }
        map.remove("cup_type_code");
        map.remove("cup_type_id");
        map.put("gs_cup_type_code", PermissionObjectType.GROWING_SYSTEM_CODE);
        map.put("gs_cup_type_id", PermissionObjectType.GROWING_SYSTEM_ID);
        StringBuilder sb4 = new StringBuilder(" SELECT R.topiaId FROM " + ReportRegional.class.getName() + " R ");
        sb4.append(" WHERE 1 = 1 ");
        addReportRegionalFilter(sb4, map, securityContext, "R");
        sb.append(String.format(" AND ( " + str + ".growingSystem.topiaId IN ( %s )  OR " + str + "." + ReportGrowingSystem.PROPERTY_REPORT_REGIONAL + ".topiaId IN ( %s )  ) ", sb3, sb4));
    }
}
