package fr.inra.agrosyst.services.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import fr.inra.agrosyst.api.entities.AttachmentMetadata;
import fr.inra.agrosyst.api.entities.AttachmentMetadataTopiaDao;
import fr.inra.agrosyst.api.entities.Domain;
import fr.inra.agrosyst.api.entities.GrowingPlan;
import fr.inra.agrosyst.api.entities.GrowingSystem;
import fr.inra.agrosyst.api.entities.Network;
import fr.inra.agrosyst.api.entities.NetworkManager;
import fr.inra.agrosyst.api.entities.Plot;
import fr.inra.agrosyst.api.entities.PlotTopiaDao;
import fr.inra.agrosyst.api.entities.Zone;
import fr.inra.agrosyst.api.entities.ZoneTopiaDao;
import fr.inra.agrosyst.api.entities.managementmode.DecisionRule;
import fr.inra.agrosyst.api.entities.managementmode.DecisionRuleTopiaDao;
import fr.inra.agrosyst.api.entities.managementmode.ManagementMode;
import fr.inra.agrosyst.api.entities.managementmode.ManagementModeTopiaDao;
import fr.inra.agrosyst.api.entities.performance.Performance;
import fr.inra.agrosyst.api.entities.performance.PerformanceTopiaDao;
import fr.inra.agrosyst.api.entities.practiced.PracticedPlot;
import fr.inra.agrosyst.api.entities.practiced.PracticedPlotTopiaDao;
import fr.inra.agrosyst.api.entities.practiced.PracticedSystem;
import fr.inra.agrosyst.api.entities.practiced.PracticedSystemTopiaDao;
import fr.inra.agrosyst.api.entities.report.ReportGrowingSystem;
import fr.inra.agrosyst.api.entities.report.ReportGrowingSystemTopiaDao;
import fr.inra.agrosyst.api.entities.report.ReportRegional;
import fr.inra.agrosyst.api.entities.security.AgrosystUser;
import fr.inra.agrosyst.api.entities.security.PermissionObjectType;
import fr.inra.agrosyst.api.entities.security.RoleType;
import fr.inra.agrosyst.api.entities.security.UserRole;
import fr.inra.agrosyst.api.services.security.AgrosystAccessDeniedException;
import fr.inra.agrosyst.api.services.security.BusinessAuthorizationService;
import fr.inra.agrosyst.services.common.CacheService;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.function.Predicate;
import java.util.stream.StreamSupport;
import org.apache.commons.lang3.tuple.Pair;
import org.nuiton.topia.persistence.TopiaIdFactory;

/* loaded from: input_file:WEB-INF/lib/agrosyst-services-2.42.jar:fr/inra/agrosyst/services/security/BusinessAuthorizationServiceImpl.class */
public class BusinessAuthorizationServiceImpl extends AuthorizationServiceImpl implements BusinessAuthorizationService {
    protected static final Predicate<NetworkManager> IS_ACTIVE_NETWORK_MANAGER = networkManager -> {
        return networkManager.isActive() && networkManager.getToDate() == null;
    };
    protected PracticedSystemTopiaDao practicedSystemDao;
    protected ManagementModeTopiaDao managementModeDao;
    protected DecisionRuleTopiaDao decisionRuleDao;
    protected ZoneTopiaDao zoneDao;
    protected AttachmentMetadataTopiaDao attachmentMetadataDao;
    protected PerformanceTopiaDao performanceDao;
    protected PlotTopiaDao plotDao;
    protected PracticedPlotTopiaDao practicedPlotDao;
    protected ReportGrowingSystemTopiaDao reportGrowingSystemDao;

    public void setReportGrowingSystemDao(ReportGrowingSystemTopiaDao reportGrowingSystemTopiaDao) {
        this.reportGrowingSystemDao = reportGrowingSystemTopiaDao;
    }

    public void setPracticedSystemDao(PracticedSystemTopiaDao practicedSystemTopiaDao) {
        this.practicedSystemDao = practicedSystemTopiaDao;
    }

    public void setManagementModeDao(ManagementModeTopiaDao managementModeTopiaDao) {
        this.managementModeDao = managementModeTopiaDao;
    }

    public void setDecisionRuleDao(DecisionRuleTopiaDao decisionRuleTopiaDao) {
        this.decisionRuleDao = decisionRuleTopiaDao;
    }

    public void setZoneDao(ZoneTopiaDao zoneTopiaDao) {
        this.zoneDao = zoneTopiaDao;
    }

    public void setAttachmentMetadataDao(AttachmentMetadataTopiaDao attachmentMetadataTopiaDao) {
        this.attachmentMetadataDao = attachmentMetadataTopiaDao;
    }

    public void setPerformanceDao(PerformanceTopiaDao performanceTopiaDao) {
        this.performanceDao = performanceTopiaDao;
    }

    public void setPlotDao(PlotTopiaDao plotTopiaDao) {
        this.plotDao = plotTopiaDao;
    }

    public void setPracticedPlotDao(PracticedPlotTopiaDao practicedPlotTopiaDao) {
        this.practicedPlotDao = practicedPlotTopiaDao;
    }

    protected boolean hasObjectPermissionAdmin(String str, PermissionObjectType permissionObjectType, String str2) {
        return hasPermissionActionLevel(str, permissionObjectType, str2, 15);
    }

    protected boolean hasObjectPermissionWritable(String str, PermissionObjectType permissionObjectType, String str2) {
        return hasPermissionActionLevel(str, permissionObjectType, str2, 7);
    }

    protected boolean hasObjectPermissionWritable(String str, String str2) {
        return hasPermissionActionLevel(str, str2, 7);
    }

    protected boolean hasObjectPermissionReadable(String str, PermissionObjectType permissionObjectType, String str2) {
        return hasPermissionActionLevel(str, permissionObjectType, str2, 1);
    }

    protected boolean hasObjectPermissionReadable(String str, String str2) {
        return hasPermissionActionLevel(str, str2, 1);
    }

    protected boolean hasPermissionActionLevel(String str, String str2, int i) {
        return getHighestPermissionLevel(str, null, str2) >= i;
    }

    protected boolean hasPermissionActionLevel(String str, PermissionObjectType permissionObjectType, String str2, int i) {
        return getHighestPermissionLevel(str, permissionObjectType, str2) >= i;
    }

    protected int getHighestPermissionLevel(String str, PermissionObjectType permissionObjectType, String str2) {
        return this.computedUserPermissionDao.getMaxAction(str, str2, permissionObjectType);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isDomainWritable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionWritable(userId, PermissionObjectType.DOMAIN_ID, str);
        if (!z) {
            z = hasObjectPermissionWritable(userId, PermissionObjectType.DOMAIN_CODE, ((Domain) this.domainDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean areDomainPlotsEditable(String str) {
        boolean anyMatch;
        if (isDomainWritable(str)) {
            anyMatch = true;
        } else {
            anyMatch = StreamSupport.stream(this.growingPlanDao.forDomainEquals((Domain) this.domainDao.forTopiaIdEquals(str).findUnique()).findAllLazy().spliterator(), false).anyMatch(growingPlan -> {
                return isGrowingPlanAdministrable(growingPlan.getCode());
            });
        }
        return anyMatch;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isDomainAdministrable(String str) {
        return isAdmin() || hasObjectPermissionAdmin(getUserId(), PermissionObjectType.DOMAIN_CODE, str);
    }

    protected boolean isDomainCodeWritable(String str) {
        return isAdmin() || hasObjectPermissionWritable(getUserId(), PermissionObjectType.DOMAIN_CODE, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingPlanWritable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionWritable(userId, PermissionObjectType.GROWING_PLAN_ID, str);
        if (!z) {
            z = hasObjectPermissionWritable(userId, PermissionObjectType.GROWING_PLAN_CODE, ((GrowingPlan) this.growingPlanDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingPlanAdministrable(String str) {
        return isAdmin() || hasObjectPermissionAdmin(getUserId(), PermissionObjectType.GROWING_PLAN_CODE, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingSystemWritable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionWritable(userId, PermissionObjectType.GROWING_SYSTEM_ID, str);
        if (!z) {
            z = hasObjectPermissionWritable(userId, PermissionObjectType.GROWING_SYSTEM_CODE, ((GrowingSystem) this.growingSystemDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingSystemAdministrable(String str) {
        return isAdmin() || hasObjectPermissionAdmin(getUserId(), PermissionObjectType.GROWING_SYSTEM_CODE, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isPracticedSystemWritable(String str) {
        return isGrowingSystemWritable(((PracticedSystem) this.practicedSystemDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isNetworkWritable(String str) {
        return isAdmin() || hasObjectPermissionWritable(getUserId(), PermissionObjectType.NETWORK_ID, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isManagementModeWritable(String str) {
        return isGrowingSystemWritable(((ManagementMode) this.managementModeDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isManagementModeReadable(String str) {
        return isGrowingSystemReadable(((ManagementMode) this.managementModeDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isDecisionRuleWritable(String str) {
        DecisionRule decisionRule = (DecisionRule) this.decisionRuleDao.forTopiaIdEquals(str).findUnique();
        boolean isDomainCodeWritable = isDomainCodeWritable(decisionRule.getDomainCode());
        if (!isDomainCodeWritable) {
            Iterator it = this.growingPlanDao.forDomainIn(this.domainDao.forCodeEquals(decisionRule.getDomainCode()).findAll()).findAll().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isGrowingPlanWritable(((GrowingPlan) it.next()).getTopiaId())) {
                    isDomainCodeWritable = true;
                    break;
                }
            }
        }
        return isDomainCodeWritable;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isDecisionRuleReadable(String str) {
        DecisionRule decisionRule = (DecisionRule) this.decisionRuleDao.forTopiaIdEquals(str).findUnique();
        boolean isDomainCodeReadable = isDomainCodeReadable(decisionRule.getDomainCode());
        if (!isDomainCodeReadable) {
            Iterator it = this.growingPlanDao.forDomainIn(this.domainDao.forCodeEquals(decisionRule.getDomainCode()).findAll()).findAll().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isGrowingPlanReadable(((GrowingPlan) it.next()).getTopiaId())) {
                    isDomainCodeReadable = true;
                    break;
                }
            }
        }
        return isDomainCodeReadable;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isZoneWritable(String str) {
        Zone zone = (Zone) this.zoneDao.forTopiaIdEquals(str).findUnique();
        GrowingSystem growingSystem = zone.getPlot().getGrowingSystem();
        return growingSystem == null ? isDomainWritable(zone.getPlot().getDomain().getTopiaId()) : isGrowingSystemWritable(growingSystem.getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void domainCreated(Domain domain) {
        String userId = getUserId();
        this.userRoleDao.create("agrosystUser", (AgrosystUser) this.agrosystUserDao.forTopiaIdEquals(userId).findUnique(), "type", RoleType.DOMAIN_RESPONSIBLE, "domainCode", domain.getCode());
        dropComputedPermissions0(userId);
        this.cacheService.clear(CacheService.CACHE_HAS_ROLE);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void growingPlanCreated(GrowingPlan growingPlan) {
        String userId = getUserId();
        this.userRoleDao.create("agrosystUser", (AgrosystUser) this.agrosystUserDao.forTopiaIdEquals(userId).findUnique(), "type", RoleType.GROWING_PLAN_RESPONSIBLE, UserRole.PROPERTY_GROWING_PLAN_CODE, growingPlan.getCode());
        dropComputedPermissions0(userId);
        domainIsDirty(growingPlan.getDomain());
        this.cacheService.clear(CacheService.CACHE_HAS_ROLE);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void growingSystemCreated(GrowingSystem growingSystem) {
        growingPlanIsDirty(growingSystem.getGrowingPlan());
        this.cacheService.clear();
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void networkCreated(Network network) {
        String userId = getUserId();
        resetNetworkManagers(network);
        dropComputedPermissions0(userId);
        this.cacheService.clear(CacheService.CACHE_HAS_ROLE);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void networkUpdated(Network network) {
        resetNetworkManagers(network);
        objectsAreDirty(PermissionObjectType.NETWORK_ID);
    }

    protected void resetNetworkManagers(Network network) {
        ArrayList newArrayList = Lists.newArrayList(this.userRoleDao.forProperties("type", (Object) RoleType.NETWORK_RESPONSIBLE, UserRole.PROPERTY_NETWORK_ID, network.getTopiaId()).findAll());
        this.userRoleDao.deleteAll(newArrayList);
        Collection<NetworkManager> managers = network.getManagers();
        Predicate<NetworkManager> predicate = IS_ACTIVE_NETWORK_MANAGER;
        predicate.getClass();
        Iterable filter = Iterables.filter(managers, (v1) -> {
            return r1.test(v1);
        });
        ArrayList newArrayList2 = Lists.newArrayList();
        Iterator it = filter.iterator();
        while (it.hasNext()) {
            UserRole userRole = (UserRole) this.userRoleDao.create("agrosystUser", ((NetworkManager) it.next()).getAgrosystUser(), "type", RoleType.NETWORK_RESPONSIBLE, UserRole.PROPERTY_NETWORK_ID, network.getTopiaId());
            Iterator it2 = newArrayList.iterator();
            boolean z = false;
            while (it2.hasNext() && !z) {
                if (((UserRole) it2.next()).getAgrosystUser().equals(userRole.getAgrosystUser())) {
                    it2.remove();
                    z = true;
                }
            }
            if (!z) {
                newArrayList2.add(userRole);
            }
        }
        Iterator it3 = newArrayList.iterator();
        while (it3.hasNext()) {
            this.trackerService.roleRemoved((UserRole) it3.next());
        }
        Iterator it4 = newArrayList2.iterator();
        while (it4.hasNext()) {
            this.trackerService.roleAdded((UserRole) it4.next());
        }
    }

    protected void growingPlanIsDirty(GrowingPlan growingPlan) {
        objectIsDirty(PermissionObjectType.GROWING_PLAN_ID, growingPlan.getTopiaId());
        objectIsDirty(PermissionObjectType.GROWING_PLAN_CODE, growingPlan.getCode());
        domainIsDirty(growingPlan.getDomain());
    }

    protected void domainIsDirty(Domain domain) {
        objectIsDirty(PermissionObjectType.DOMAIN_ID, domain.getTopiaId());
        objectIsDirty(PermissionObjectType.DOMAIN_CODE, domain.getCode());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkIsAdmin() throws AgrosystAccessDeniedException {
        if (!isAdmin()) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkDomainReadable(String str) throws AgrosystAccessDeniedException {
        if (!isDomainReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean isDomainReadable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionReadable(userId, PermissionObjectType.DOMAIN_ID, str);
        if (!z) {
            z = hasObjectPermissionReadable(userId, PermissionObjectType.DOMAIN_CODE, ((Domain) this.domainDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Deprecated
    protected void checkDomainCodeReadable(String str) throws AgrosystAccessDeniedException {
        if (!isDomainCodeReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean isDomainCodeReadable(String str) {
        return isAdmin() || hasObjectPermissionReadable(getUserId(), PermissionObjectType.DOMAIN_CODE, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean shouldAnonymizeDomain(String str, boolean z) {
        try {
            return getShouldAnonymizeCanReadDomain(str, z).getLeft().booleanValue();
        } catch (IllegalStateException e) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public Pair<Boolean, Boolean> getShouldAnonymizeCanReadDomain(String str, boolean z) {
        boolean z2 = true;
        boolean z3 = false;
        if (!isAdmin()) {
            String userId = getUserId();
            int highestPermissionLevel = getHighestPermissionLevel(userId, PermissionObjectType.DOMAIN_ID, str);
            if (highestPermissionLevel == 0) {
                highestPermissionLevel = getHighestPermissionLevel(userId, PermissionObjectType.DOMAIN_CODE, ((Domain) this.domainDao.forTopiaIdEquals(str).findUnique()).getCode());
            }
            Preconditions.checkState(z || highestPermissionLevel > 0);
            z3 = highestPermissionLevel < 3;
            z2 = highestPermissionLevel >= 1;
        }
        return Pair.of(Boolean.valueOf(z3), Boolean.valueOf(z2));
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean shouldAnonymizeGrowingPlan(String str, boolean z) {
        try {
            return getShouldAnonymizeCanReadGrowingPlan(str, z).getLeft().booleanValue();
        } catch (IllegalStateException e) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public Pair<Boolean, Boolean> getShouldAnonymizeCanReadGrowingPlan(String str, boolean z) {
        boolean z2 = true;
        boolean z3 = false;
        if (!isAdmin()) {
            String userId = getUserId();
            int highestPermissionLevel = getHighestPermissionLevel(userId, PermissionObjectType.GROWING_PLAN_ID, str);
            if (highestPermissionLevel == 0) {
                highestPermissionLevel = getHighestPermissionLevel(userId, PermissionObjectType.GROWING_PLAN_CODE, ((GrowingPlan) this.growingPlanDao.forTopiaIdEquals(str).findUnique()).getCode());
            }
            Preconditions.checkState(z || highestPermissionLevel > 0);
            z3 = highestPermissionLevel < 3;
            z2 = highestPermissionLevel >= 1;
        }
        return Pair.of(Boolean.valueOf(z3), Boolean.valueOf(z2));
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkGrowingPlanReadable(String str) throws AgrosystAccessDeniedException {
        if (!isGrowingPlanReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean isGrowingPlanReadable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionReadable(userId, PermissionObjectType.GROWING_PLAN_ID, str);
        if (!z) {
            z = hasObjectPermissionReadable(userId, PermissionObjectType.GROWING_PLAN_CODE, ((GrowingPlan) this.growingPlanDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingSystemReadable(String str) {
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionReadable(userId, PermissionObjectType.GROWING_SYSTEM_ID, str);
        if (!z) {
            z = hasObjectPermissionReadable(userId, PermissionObjectType.GROWING_SYSTEM_CODE, ((GrowingSystem) this.growingSystemDao.forTopiaIdEquals(str).findUnique()).getCode());
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkGrowingSystemReadable(String str) throws AgrosystAccessDeniedException {
        if (!isGrowingSystemReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkPracticedSystemReadable(String str) throws AgrosystAccessDeniedException {
        checkGrowingSystemReadable(((PracticedSystem) this.practicedSystemDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkDecisionRuleReadable(String str) throws AgrosystAccessDeniedException {
        checkDomainCodeReadable(((DecisionRule) this.decisionRuleDao.forTopiaIdEquals(str).findUnique()).getDomainCode());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkManagementModeReadable(String str) throws AgrosystAccessDeniedException {
        checkGrowingSystemReadable(((ManagementMode) this.managementModeDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkEffectiveCropCyclesReadable(String str) throws AgrosystAccessDeniedException {
        if (!isZoneReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean isZoneReadable(String str) {
        Zone zone = (Zone) this.zoneDao.forTopiaIdEquals(str).findUnique();
        return zone.getPlot().getGrowingSystem() == null ? isDomainReadable(zone.getPlot().getDomain().getTopiaId()) : isGrowingSystemReadable(zone.getPlot().getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateDomain(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isDomainWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateGrowingPlan(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isGrowingPlanWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateGrowingSystem(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isGrowingSystemWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateNetwork(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isNetworkWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdatePracticedSystem(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isPracticedSystemWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateDecisionRule(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isDecisionRuleWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateManagementMode(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isManagementModeWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateEffectiveCropCycles(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isZoneWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isDomainValidable(String str) {
        return isDomainWritable(str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkValidateDomain(String str) throws AgrosystAccessDeniedException {
        if (!isDomainValidable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingPlanValidable(String str) {
        return isGrowingPlanWritable(str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkValidateGrowingPlan(String str) throws AgrosystAccessDeniedException {
        if (!isGrowingPlanWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isGrowingSystemValidable(String str) {
        return isGrowingSystemWritable(str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkValidateGrowingSystem(String str) throws AgrosystAccessDeniedException {
        if (!isGrowingSystemWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isPracticedSystemValidable(String str) {
        return isGrowingSystemWritable(((PracticedSystem) this.practicedSystemDao.forTopiaIdEquals(str).findUnique()).getGrowingSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkValidatePracticedSystem(String str) throws AgrosystAccessDeniedException {
        if (!isPracticedSystemValidable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean areAttachmentsAddableOrDeletable(String str) {
        return canCreateOrDeleteAttachment(str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkAddAttachment(String str) {
        if (!canCreateOrDeleteAttachment(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkDeleteAttachment(String str) {
        if (!canCreateOrDeleteAttachment(((AttachmentMetadata) this.attachmentMetadataDao.forTopiaIdEquals(str).findUnique()).getObjectReferenceId())) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean canCreateOrDeleteAttachment(String str) {
        boolean z = isAdmin() || hasObjectPermissionWritable(getUserId(), str);
        TopiaIdFactory topiaIdFactory = this.context.getPersistenceContext().getTopiaIdFactory();
        if (!z && topiaIdFactory.isTopiaId(str) && ManagementMode.class.equals(topiaIdFactory.getClassName(str))) {
            z = isManagementModeWritable(str);
        }
        if (!z && topiaIdFactory.isTopiaId(str) && Performance.class.equals(topiaIdFactory.getClassName(str))) {
            z = isPerformanceWritable(str);
        }
        if (!z) {
            if (str.endsWith("-measurement")) {
                str = str.substring(0, str.lastIndexOf("-measurement"));
            }
            if (topiaIdFactory.isTopiaId(str) && Zone.class.equals(topiaIdFactory.getClassName(str))) {
                z = isZoneWritable(str);
            }
        }
        if (!z) {
            Iterator it = this.decisionRuleDao.forCodeEquals(str).findAllLazy().iterator();
            while (!z && it.hasNext()) {
                z = isDecisionRuleWritable(((DecisionRule) it.next()).getTopiaId());
            }
        }
        return z;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkReadAttachment(String str) {
        String objectReferenceId = ((AttachmentMetadata) this.attachmentMetadataDao.forTopiaIdEquals(str).findUnique()).getObjectReferenceId();
        String userId = getUserId();
        boolean z = isAdmin() || hasObjectPermissionReadable(userId, objectReferenceId);
        TopiaIdFactory topiaIdFactory = this.context.getPersistenceContext().getTopiaIdFactory();
        if (!z && topiaIdFactory.isTopiaId(objectReferenceId) && ManagementMode.class.equals(topiaIdFactory.getClassName(objectReferenceId))) {
            z = isManagementModeReadable(objectReferenceId);
        }
        if (!z && topiaIdFactory.isTopiaId(objectReferenceId) && Performance.class.equals(topiaIdFactory.getClassName(objectReferenceId))) {
            z = isPerformanceReadable(objectReferenceId);
        }
        if (!z) {
            if (objectReferenceId.endsWith("-measurement")) {
                objectReferenceId = objectReferenceId.substring(0, objectReferenceId.lastIndexOf("-measurement"));
            }
            if (topiaIdFactory.isTopiaId(objectReferenceId) && Zone.class.equals(topiaIdFactory.getClassName(objectReferenceId))) {
                z = isZoneReadable(objectReferenceId);
            }
        }
        if (!z) {
            Iterator it = this.growingSystemDao.forCodeEquals(objectReferenceId).findAllLazy().iterator();
            while (!z && it.hasNext()) {
                z = hasObjectPermissionReadable(userId, ((GrowingSystem) it.next()).getTopiaId());
            }
        }
        if (!z) {
            Iterator it2 = this.decisionRuleDao.forCodeEquals(objectReferenceId).findAllLazy().iterator();
            while (!z && it2.hasNext()) {
                z = isDecisionRuleReadable(((DecisionRule) it2.next()).getTopiaId());
            }
        }
        if (!z) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isPerformanceWritable(String str) {
        boolean isAdmin = isAdmin();
        if (!isAdmin) {
            isAdmin = this.performanceDao.forProperties("topiaId", (Object) str, "author", (AgrosystUser) this.agrosystUserDao.forTopiaIdEquals(getUserId()).findUnique()).count() == 1;
        }
        return isAdmin;
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkPerformanceReadable(String str) throws AgrosystAccessDeniedException {
        if (!isPerformanceReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    protected boolean isPerformanceReadable(String str) {
        return isPerformanceWritable(str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdatePerformance(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isPerformanceWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isPlotWritable(String str) {
        return isDomainWritable(((Plot) this.plotDao.forTopiaIdEquals(str).findUnique()).getDomain().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkPlotReadable(String str) throws AgrosystAccessDeniedException {
        checkDomainReadable(((Plot) this.plotDao.forTopiaIdEquals(str).findUnique()).getDomain().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdatePlot(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isPlotWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkPracticedPlotReadable(String str) throws AgrosystAccessDeniedException {
        checkPracticedSystemReadable(((PracticedPlot) this.practicedPlotDao.forTopiaIdEquals(str).findUnique()).getPracticedSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isPracticedPlotWritable(String str) {
        return isPracticedSystemWritable(((PracticedPlot) this.practicedPlotDao.forTopiaIdEquals(str).findUnique()).getPracticedSystem().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdatePracticedPlot(String str, String str2) throws AgrosystAccessDeniedException {
        if (Strings.isNullOrEmpty(str)) {
            checkCreateOrUpdatePracticedSystem(str2);
        } else if (!isPracticedPlotWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkReportRegionalReadable(String str) throws AgrosystAccessDeniedException {
        if (!isReportRegionalReadable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkDeleteReportRegional(String str) {
        checkReportRegionalReadable(str);
        checkCreateOrUpdateReportRegional(str);
    }

    protected boolean isReportRegionalReadable(String str) {
        return isAdmin() || hasObjectPermissionReadable(getUserId(), PermissionObjectType.REPORT_REGIONAL_ID, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isReportRegionalWritable(String str) {
        return isAdmin() || hasObjectPermissionWritable(getUserId(), PermissionObjectType.REPORT_REGIONAL_ID, str);
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateReportRegional(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isReportRegionalWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void reportRegionalCreated(ReportRegional reportRegional) {
        dropComputedPermissions0(getUserId());
        this.cacheService.clear();
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public boolean isReportGrowingSystemWritable(String str) {
        ReportGrowingSystem reportGrowingSystem = (ReportGrowingSystem) this.reportGrowingSystemDao.forTopiaIdEquals(str).findUnique();
        return isGrowingSystemWritable(reportGrowingSystem.getGrowingSystem().getTopiaId()) || isReportRegionalWritable(reportGrowingSystem.getReportRegional().getTopiaId());
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkDeleteReportGrowingSystem(String str) {
        ReportGrowingSystem reportGrowingSystem = (ReportGrowingSystem) this.reportGrowingSystemDao.forTopiaIdEquals(str).findUnique();
        String topiaId = reportGrowingSystem.getGrowingSystem().getTopiaId();
        String topiaId2 = reportGrowingSystem.getReportRegional().getTopiaId();
        checkGrowingSystemReadable(topiaId);
        if (!(isGrowingSystemWritable(topiaId) || isReportRegionalWritable(topiaId2))) {
            throw new AgrosystAccessDeniedException();
        }
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkReportGrowingSystemReadable(String str) throws AgrosystAccessDeniedException {
        checkGrowingSystemReadable(this.reportGrowingSystemDao.findGrowingSystemIdForTopiaIdEquals(str));
    }

    @Override // fr.inra.agrosyst.api.services.security.BusinessAuthorizationService
    public void checkCreateOrUpdateReportGrowingSystem(String str) throws AgrosystAccessDeniedException {
        if (!Strings.isNullOrEmpty(str) && !isReportGrowingSystemWritable(str)) {
            throw new AgrosystAccessDeniedException();
        }
    }
}
