package com.venky.swf.plugins.security.extensions;

import com.venky.cache.Cache;
import com.venky.core.collections.SequenceSet;
import com.venky.core.log.TimerStatistics;
import com.venky.core.string.StringUtil;
import com.venky.core.util.ObjectUtil;
import com.venky.extension.Extension;
import com.venky.extension.Registry;
import com.venky.swf.db.Database;
import com.venky.swf.db.model.Model;
import com.venky.swf.db.model.User;
import com.venky.swf.db.model.reflection.ModelReflector;
import com.venky.swf.db.table.BindVariable;
import com.venky.swf.db.table.Table;
import com.venky.swf.exceptions.AccessDeniedException;
import com.venky.swf.path.Path;
import com.venky.swf.plugins.security.db.model.RolePermission;
import com.venky.swf.plugins.security.db.model.UserRole;
import com.venky.swf.pm.DataSecurityFilter;
import com.venky.swf.routing.Config;
import com.venky.swf.sql.Conjunction;
import com.venky.swf.sql.Expression;
import com.venky.swf.sql.Operator;
import com.venky.swf.sql.Select;
import com.venky.swf.sql.parser.SQLExpressionParser;
import com.venky.swf.sql.parser.XMLExpressionParser;
import java.io.Reader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension.class */
public class ParticipantControllerAccessExtension implements Extension {
    private static ParticipantControllerAccessExtension instance;
    private PermissionCacheBuster permissionCacheBuster = new PermissionCacheBuster();
    private PermissionCache permissionCache = new PermissionCache();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension$PermissionCache.class */
    public static class PermissionCache extends Cache<String, Cache<String, Boolean>> {
        private static final long serialVersionUID = 8076958083615092776L;
        private Comparator<RolePermission> permissionGroupComparator;
        private Comparator<RolePermission> rolepermissionComparator;

        private PermissionCache() {
            this.permissionGroupComparator = new Comparator<RolePermission>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.2
                @Override // java.util.Comparator
                public int compare(RolePermission rolePermission, RolePermission rolePermission2) {
                    int i = 0;
                    if (0 == 0) {
                        i = StringUtil.valueOf(rolePermission2.getControllerPathElementName()).compareTo(StringUtil.valueOf(rolePermission.getControllerPathElementName()));
                    }
                    if (i == 0) {
                        i = StringUtil.valueOf(rolePermission2.getActionPathElementName()).compareTo(StringUtil.valueOf(rolePermission.getActionPathElementName()));
                    }
                    if (i == 0 && rolePermission.getRoleId() != null && rolePermission2.getRoleId() != null) {
                        i = rolePermission.getRoleId().compareTo(rolePermission2.getRoleId());
                    }
                    return i;
                }
            };
            this.rolepermissionComparator = new Comparator<RolePermission>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.3
                @Override // java.util.Comparator
                public int compare(RolePermission rolePermission, RolePermission rolePermission2) {
                    int i = 0;
                    if (0 == 0) {
                        i = (rolePermission.getRoleId() != null || rolePermission2.getRoleId() == null) ? (rolePermission2.getRoleId() != null || rolePermission.getRoleId() == null) ? 0 : -1 : 1;
                    }
                    if (i == 0) {
                        i = PermissionCache.this.permissionGroupComparator.compare(rolePermission, rolePermission2);
                    }
                    if (i == 0) {
                        i = StringUtil.valueOf(rolePermission2.getParticipation()).compareTo(StringUtil.valueOf(rolePermission.getParticipation()));
                    }
                    return i;
                }
            };
        }

        public boolean isAllowed(List<RolePermission> list, List<Integer> list2) {
            SequenceSet ids = DataSecurityFilter.getIds(list);
            ArrayList arrayList = new ArrayList(list2);
            Collections.sort(ids);
            Collections.sort(arrayList);
            String obj = arrayList.toString();
            String obj2 = ids.toString();
            Boolean bool = (Boolean) ((Cache) get(obj)).get(obj2);
            if (bool == null) {
                bool = Boolean.valueOf(calculatePermission(list, list2));
                ((Cache) get(obj)).put(obj2, bool);
            }
            return bool.booleanValue();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Cache<String, Boolean> getValue(String str) {
            return new Cache<String, Boolean>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.1
                private static final long serialVersionUID = -6669779570540556969L;

                /* JADX INFO: Access modifiers changed from: protected */
                public Boolean getValue(String str2) {
                    return null;
                }
            };
        }

        private boolean calculatePermission(List<RolePermission> list, List<Integer> list2) {
            TimerStatistics.Timer startTimer = TimerStatistics.Timer.startTimer("sorting permissions", Config.instance().isTimerAdditive());
            Collections.sort(list, this.rolepermissionComparator);
            startTimer.stop();
            TimerStatistics.Timer startTimer2 = TimerStatistics.Timer.startTimer("Checking Permissions for being allowed", Config.instance().isTimerAdditive());
            RolePermission rolePermission = list.get(0);
            RolePermission rolePermission2 = rolePermission;
            Iterator<RolePermission> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RolePermission next = it.next();
                if (this.permissionGroupComparator.compare(rolePermission2, next) < 0) {
                    if (rolePermission2.getRoleId() == null) {
                        break;
                    }
                    list2.remove(next.getRoleId());
                    rolePermission2 = next;
                }
                if (next.getRoleId() == null || list2.contains(next.getRoleId())) {
                    if (next.isAllowed()) {
                        if (next.getRoleId() != null || rolePermission.getRoleId() == null || !list2.isEmpty()) {
                            return true;
                        }
                    }
                }
            }
            startTimer2.stop();
            return false;
        }
    }

    /* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension$PermissionCacheBuster.class */
    private class PermissionCacheBuster implements Extension {
        private PermissionCacheBuster() {
        }

        public void invoke(Object... objArr) {
            synchronized (ParticipantControllerAccessExtension.this.permissionCache) {
                Iterator it = ParticipantControllerAccessExtension.this.permissionCache.keySet().iterator();
                while (it.hasNext()) {
                    ((Cache) ParticipantControllerAccessExtension.this.permissionCache.get((String) it.next())).clear();
                }
                ParticipantControllerAccessExtension.this.permissionCache.clear();
            }
        }
    }

    public void invoke(Object... objArr) {
        TimerStatistics.Timer startTimer = TimerStatistics.Timer.startTimer("Participant Controller Action invoke", Config.instance().isTimerAdditive());
        try {
            _invoke(objArr);
        } finally {
            startTimer.stop();
        }
    }

    private boolean isControllerActionAccessibleAtAll(final User user, String str, String str2, final Path path) {
        String str3 = getClass().getName() + ".isControllerActionAccessibleAtAll";
        Cache<String, Cache<String, Boolean>> cache = (Cache) Database.getInstance().getCurrentTransaction().getAttribute(str3);
        if (cache == null) {
            cache = new Cache<String, Cache<String, Boolean>>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.1
                private static final long serialVersionUID = 998528782452357935L;

                /* JADX INFO: Access modifiers changed from: protected */
                public Cache<String, Boolean> getValue(final String str4) {
                    return new Cache<String, Boolean>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.1.1
                        private static final long serialVersionUID = 1897514771224474367L;

                        /* JADX INFO: Access modifiers changed from: protected */
                        public Boolean getValue(String str5) {
                            return Boolean.valueOf(ParticipantControllerAccessExtension.this.isControllerActionAccessible(user, str4, str5, null, path));
                        }
                    };
                }
            };
            Database.getInstance().getCurrentTransaction().setAttribute(str3, cache);
        }
        return ((Boolean) ((Cache) cache.get(str)).get(str2)).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v136, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v142, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v154, types: [java.util.Set] */
    public boolean isControllerActionAccessible(User user, String str, String str2, String str3, Path path) {
        TimerStatistics.Timer startTimer = TimerStatistics.Timer.startTimer("Check If Action is Secured", Config.instance().isTimerAdditive());
        boolean isActionSecure = path.isActionSecure(str2);
        startTimer.stop();
        if (!isActionSecure) {
            return true;
        }
        if (user == null) {
            return false;
        }
        Class cls = null;
        HashSet hashSet = new HashSet();
        Model model = null;
        Table table = Path.getTable(str);
        if (table != null) {
            cls = table.getModelClass();
        }
        TimerStatistics.Timer startTimer2 = TimerStatistics.Timer.startTimer("Getting participating Roles", Config.instance().isTimerAdditive());
        if (cls != null) {
            TimerStatistics.Timer startTimer3 = TimerStatistics.Timer.startTimer("Getting model Reflector", Config.instance().isTimerAdditive());
            ModelReflector instance2 = ModelReflector.instance(cls);
            startTimer3.stop();
            if (str3 != null) {
                TimerStatistics.Timer startTimer4 = TimerStatistics.Timer.startTimer("Getting Participating Roles when parameter != null", Config.instance().isTimerAdditive());
                try {
                    try {
                        model = table.get(Integer.valueOf(str3).intValue());
                        if (model != null) {
                            hashSet = model.getParticipatingRoles(user);
                        }
                        startTimer4.stop();
                    } catch (NumberFormatException e) {
                        hashSet = instance2.getParticipatableRoles();
                        startTimer4.stop();
                    } catch (IllegalArgumentException e2) {
                        throw new RuntimeException(e2);
                    }
                } catch (Throwable th) {
                    startTimer4.stop();
                    throw th;
                }
            } else {
                TimerStatistics.Timer startTimer5 = TimerStatistics.Timer.startTimer("Getting Participating Roles when parameter == null", Config.instance().isTimerAdditive());
                hashSet = instance2.getParticipatableRoles();
                startTimer5.stop();
            }
        }
        startTimer2.stop();
        TimerStatistics.Timer startTimer6 = TimerStatistics.Timer.startTimer("Preparing Permission query", Config.instance().isTimerAdditive());
        Expression expression = new Expression(Conjunction.AND);
        Expression expression2 = new Expression(Conjunction.OR);
        expression2.add(new Expression("participation", Operator.EQ, new Object[0]));
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            expression2.add(new Expression("participation", Operator.EQ, new BindVariable[]{new BindVariable((String) it.next())}));
        }
        expression.add(expression2);
        boolean z = false;
        if (ObjectUtil.isVoid(str)) {
            z = true;
        }
        Expression expression3 = new Expression(Conjunction.OR);
        expression3.add(new Expression(Conjunction.AND).add(new Expression("controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression("action_path_element_name", Operator.EQ, new Object[0])));
        if (z) {
            expression3.add(new Expression(Conjunction.AND).add(new Expression("controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression("action_path_element_name", Operator.EQ, new Object[0])));
        } else {
            expression3.add(new Expression(Conjunction.AND).add(new Expression("controller_path_element_name", Operator.EQ, new String[]{str})).add(new Expression("action_path_element_name", Operator.EQ, new Object[0])));
        }
        if (z) {
            expression3.add(new Expression(Conjunction.AND).add(new Expression("controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression("action_path_element_name", Operator.EQ, new BindVariable[]{new BindVariable(str2)})));
        } else {
            expression3.add(new Expression(Conjunction.AND).add(new Expression("controller_path_element_name", Operator.EQ, new String[]{str})).add(new Expression("action_path_element_name", Operator.EQ, new BindVariable[]{new BindVariable(str2)})));
        }
        expression.add(expression3);
        startTimer6.stop();
        TimerStatistics.Timer startTimer7 = TimerStatistics.Timer.startTimer("Selecting user Roles", Config.instance().isTimerAdditive());
        List execute = new Select(new String[0]).from(new Class[]{UserRole.class}).where(new Expression("user_id", Operator.EQ, new BindVariable[]{new BindVariable(Integer.valueOf(user.getId()))})).execute(UserRole.class);
        startTimer7.stop();
        TimerStatistics.Timer startTimer8 = TimerStatistics.Timer.startTimer("Preparing role Where clause", Config.instance().isTimerAdditive());
        ArrayList arrayList = new ArrayList();
        Expression expression4 = new Expression(Conjunction.OR);
        expression4.add(new Expression("role_id", Operator.EQ, new Object[0]));
        if (!execute.isEmpty()) {
            Iterator it2 = execute.iterator();
            while (it2.hasNext()) {
                arrayList.add(Integer.valueOf(((UserRole) it2.next()).getRoleId()));
            }
            expression4.add(new Expression("role_id", Operator.IN, arrayList.toArray()));
        }
        startTimer8.stop();
        expression.add(expression4);
        TimerStatistics.Timer startTimer9 = TimerStatistics.Timer.startTimer("Selecting from role permissions", Config.instance().isTimerAdditive());
        Select from = new Select(new String[0]).from(new Class[]{RolePermission.class});
        from.where(expression);
        List<RolePermission> execute2 = from.execute();
        startTimer9.stop();
        if (model != null) {
            TimerStatistics.Timer startTimer10 = TimerStatistics.Timer.startTimer("Remove permission records based on condition.", Config.instance().isTimerAdditive());
            Iterator<RolePermission> it3 = execute2.iterator();
            while (it3.hasNext()) {
                Reader conditionText = it3.next().getConditionText();
                String read = conditionText == null ? null : StringUtil.read(conditionText);
                if (!ObjectUtil.isVoid(read)) {
                    Expression parse = new SQLExpressionParser(cls).parse(read);
                    if (parse == null) {
                        parse = new XMLExpressionParser(cls).parse(read);
                    }
                    if (!parse.eval(model)) {
                        it3.remove();
                    }
                }
            }
            startTimer10.stop();
        }
        if (execute2.isEmpty()) {
            return true;
        }
        return this.permissionCache.isAllowed(execute2, arrayList);
    }

    public void _invoke(Object... objArr) {
        User user = (User) objArr[0];
        if (user == null || !user.isAdmin()) {
            String str = (String) objArr[1];
            String str2 = (String) objArr[2];
            String str3 = (String) objArr[3];
            Path path = (Path) objArr[4];
            if (path == null) {
                TimerStatistics.Timer startTimer = TimerStatistics.Timer.startTimer("Create Path", Config.instance().isTimerAdditive());
                path = new Path("/" + str + "/" + str2 + (str3 == null ? "" : "/" + str3));
                startTimer.stop();
            }
            if (!isControllerActionAccessibleAtAll(user, str, str2, path)) {
                throw new AccessDeniedException(path.getTarget());
            }
            if (!isControllerActionAccessible(user, str, str2, str3, path)) {
                throw new AccessDeniedException(path.getTarget());
            }
        }
    }

    static {
        instance = null;
        instance = new ParticipantControllerAccessExtension();
        Registry.instance().registerExtension(Path.ALLOW_CONTROLLER_ACTION, instance);
        Registry.instance().registerExtension(RolePermission.class.getSimpleName() + ".after.save", instance.permissionCacheBuster);
        Registry.instance().registerExtension(RolePermission.class.getSimpleName() + ".after.destroy", instance.permissionCacheBuster);
        Registry.instance().registerExtension(UserRole.class.getSimpleName() + ".after.save", instance.permissionCacheBuster);
        Registry.instance().registerExtension(UserRole.class.getSimpleName() + ".after.destroy", instance.permissionCacheBuster);
    }
}
