package org.molgenis.omx.auth;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.log4j.Logger;
import org.molgenis.framework.db.Database;
import org.molgenis.framework.db.DatabaseException;
import org.molgenis.framework.db.QueryRule;
import org.molgenis.framework.security.Login;
import org.molgenis.framework.server.MolgenisPermissionService;
import org.molgenis.framework.ui.MolgenisPlugin;
import org.molgenis.omx.core.MolgenisEntity;
import org.molgenis.util.Entity;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:WEB-INF/lib/molgenis-omx-auth-0.0.2.jar:org/molgenis/omx/auth/OmxPermissionService.class */
public class OmxPermissionService implements MolgenisPermissionService {
    private static final Logger logger = Logger.getLogger(OmxPermissionService.class);
    private final Database database;
    private final Login login;

    /* loaded from: input_file:WEB-INF/lib/molgenis-omx-auth-0.0.2.jar:org/molgenis/omx/auth/OmxPermissionService$EntityType.class */
    private enum EntityType {
        ENTITY,
        PLUGIN
    }

    @Autowired
    public OmxPermissionService(Database database, Login login) {
        if (database == null) {
            throw new IllegalArgumentException("database is null");
        }
        if (login == null) {
            throw new IllegalArgumentException("login is null");
        }
        this.database = database;
        this.login = login;
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public boolean hasPermissionOnPlugin(String str, MolgenisPermissionService.Permission permission) {
        try {
            MolgenisEntity findByNameType = MolgenisEntity.findByNameType(this.database, str, EntityType.PLUGIN.toString());
            if (findByNameType == null) {
                throw new RuntimeException(str + " is not a " + MolgenisEntity.class.getSimpleName() + " of type " + EntityType.PLUGIN);
            }
            return hasPermission(findByNameType, permission);
        } catch (DatabaseException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public boolean hasPermissionOnPlugin(Class<? extends MolgenisPlugin> cls, MolgenisPermissionService.Permission permission) {
        try {
            MolgenisEntity findByClassName = MolgenisEntity.findByClassName(this.database, cls.getName());
            if (findByClassName == null) {
                throw new RuntimeException(cls.getName() + " is not a " + MolgenisEntity.class.getSimpleName());
            }
            return hasPermission(findByClassName, permission);
        } catch (DatabaseException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public void setPermissionOnPlugin(String str, Integer num, MolgenisPermissionService.Permission permission) {
        setPermission(str, EntityType.PLUGIN, permission, num);
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public void setPermissionOnPlugin(Class<? extends MolgenisPlugin> cls, Integer num, MolgenisPermissionService.Permission permission) {
        setPermission(cls.getSimpleName(), EntityType.PLUGIN, permission, num);
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public boolean hasPermissionOnEntity(String str, MolgenisPermissionService.Permission permission) {
        try {
            MolgenisEntity findByNameType = MolgenisEntity.findByNameType(this.database, str, EntityType.ENTITY.toString());
            if (findByNameType == null) {
                throw new RuntimeException(str + " is not a " + MolgenisEntity.class.getSimpleName() + " of type " + EntityType.ENTITY);
            }
            return hasPermission(findByNameType, permission);
        } catch (DatabaseException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public boolean hasPermissionOnEntity(Class<? extends Entity> cls, MolgenisPermissionService.Permission permission) {
        try {
            MolgenisEntity findByClassName = MolgenisEntity.findByClassName(this.database, cls.getName());
            if (findByClassName == null) {
                throw new RuntimeException(cls.getName() + " is not a " + MolgenisEntity.class.getSimpleName());
            }
            return hasPermission(findByClassName, permission);
        } catch (DatabaseException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean hasPermission(MolgenisEntity molgenisEntity, MolgenisPermissionService.Permission permission) throws DatabaseException {
        switch (permission) {
            case OWN:
                return hasPermission(molgenisEntity, Arrays.asList(MolgenisPermissionService.Permission.READ));
            case READ:
                return hasPermission(molgenisEntity, Arrays.asList(MolgenisPermissionService.Permission.READ, MolgenisPermissionService.Permission.WRITE, MolgenisPermissionService.Permission.OWN));
            case WRITE:
                return hasPermission(molgenisEntity, Arrays.asList(MolgenisPermissionService.Permission.WRITE, MolgenisPermissionService.Permission.OWN));
            default:
                throw new RuntimeException("unknown permission: " + permission);
        }
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public void setPermissionOnEntity(String str, Integer num, MolgenisPermissionService.Permission permission) {
        setPermission(str, EntityType.ENTITY, permission, num);
    }

    @Override // org.molgenis.framework.server.MolgenisPermissionService
    public void setPermissionOnEntity(Class<? extends Entity> cls, Integer num, MolgenisPermissionService.Permission permission) {
        setPermission(cls.getSimpleName(), EntityType.ENTITY, permission, num);
    }

    private boolean hasPermission(MolgenisEntity molgenisEntity, List<MolgenisPermissionService.Permission> list) throws DatabaseException {
        Integer userId = this.login.getUserId();
        if (userId == null) {
            logger.warn("no logged in user or anonymous user");
            try {
                if (!this.login.login(this.database, "anonymous", "anonymous")) {
                    throw new RuntimeException("failed to login as anonymous user");
                }
                userId = this.login.getUserId();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        MolgenisUser molgenisUser = (MolgenisUser) this.database.findById(MolgenisUser.class, userId);
        if (molgenisUser.getSuperuser().booleanValue()) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(molgenisUser);
        List find = this.database.find(MolgenisRoleGroupLink.class, new QueryRule("role_", QueryRule.Operator.EQUALS, userId));
        if (find != null) {
            Iterator it = find.iterator();
            while (it.hasNext()) {
                arrayList.add(((MolgenisRoleGroupLink) it.next()).getGroup());
            }
        }
        List find2 = this.database.find(MolgenisPermission.class, new QueryRule("role_", QueryRule.Operator.IN, arrayList), new QueryRule(MolgenisPermission.ENTITY, QueryRule.Operator.EQUALS, molgenisEntity));
        if (find2 == null) {
            return false;
        }
        Iterator it2 = find2.iterator();
        while (it2.hasNext()) {
            String permission = ((MolgenisPermission) it2.next()).getPermission();
            Iterator<MolgenisPermissionService.Permission> it3 = list.iterator();
            while (it3.hasNext()) {
                if (it3.next().toString().equalsIgnoreCase(permission)) {
                    return true;
                }
            }
        }
        return false;
    }

    private void setPermission(String str, EntityType entityType, MolgenisPermissionService.Permission permission, Integer num) {
        try {
            MolgenisEntity findByNameType = MolgenisEntity.findByNameType(this.database, str, entityType.toString());
            if (findByNameType == null) {
                throw new RuntimeException(str + " is not a " + entityType.toString().toLowerCase());
            }
            MolgenisRole findById = MolgenisRole.findById(this.database, num);
            if (findById == null) {
                throw new RuntimeException("unknown role id: " + num);
            }
            this.database.beginTx();
            try {
                MolgenisPermission molgenisPermission = new MolgenisPermission();
                molgenisPermission.setIdentifier(UUID.randomUUID().toString());
                molgenisPermission.setName(findById.getName() + "_" + str + "_Permission");
                molgenisPermission.setEntity(findByNameType);
                molgenisPermission.setRole(findById);
                molgenisPermission.setPermission(permission.toString().toLowerCase());
                this.database.add((Database) molgenisPermission);
                this.database.commitTx();
            } catch (Throwable th) {
                try {
                    this.database.rollbackTx();
                } catch (DatabaseException e) {
                }
                throw new RuntimeException(th);
            }
        } catch (DatabaseException e2) {
            throw new RuntimeException(e2);
        }
    }
}
