package org.molgenis.data.security.owned;

import com.google.common.collect.Iterators;
import com.google.common.collect.Streams;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.data.AbstractRepositoryDecorator;
import org.molgenis.data.Entity;
import org.molgenis.data.Fetch;
import org.molgenis.data.Query;
import org.molgenis.data.Repository;
import org.molgenis.data.aggregation.AggregateQuery;
import org.molgenis.data.aggregation.AggregateResult;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/molgenis/data/security/owned/AbstractRowLevelSecurityRepositoryDecorator.class */
public abstract class AbstractRowLevelSecurityRepositoryDecorator<E extends Entity> extends AbstractRepositoryDecorator<E> {
    private static final int BATCH_SIZE = 1000;
    private final MutableAclService mutableAclService;

    /* loaded from: input_file:org/molgenis/data/security/owned/AbstractRowLevelSecurityRepositoryDecorator$Action.class */
    public enum Action {
        COUNT,
        READ,
        CREATE,
        UPDATE,
        DELETE
    }

    public AbstractRowLevelSecurityRepositoryDecorator(Repository<E> repository, MutableAclService mutableAclService) {
        super(repository);
        this.mutableAclService = (MutableAclService) Objects.requireNonNull(mutableAclService);
    }

    public Iterator<E> iterator() {
        return Streams.stream(() -> {
            return delegate().iterator();
        }).filter(entity -> {
            return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.READ);
        }).iterator();
    }

    public void forEachBatched(Fetch fetch, Consumer<List<E>> consumer, int i) {
        delegate().forEachBatched(fetch, list -> {
            consumer.accept((List) list.stream().filter(entity -> {
                return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.READ);
            }).collect(Collectors.toList()));
        }, i);
    }

    public long count() {
        return findAllPermitted(Action.COUNT).count();
    }

    public long count(Query<E> query) {
        return findAllPermitted(query, Action.COUNT).count();
    }

    public Stream<E> findAll(Query<E> query) {
        return findAllPermitted(query, Action.READ);
    }

    public E findOne(Query<E> query) {
        return findAllPermitted(query, Action.READ).findFirst().orElse(null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.molgenis.data.Entity] */
    public E findOneById(Object obj) {
        E e = null;
        if (isActionPermitted(obj, Action.READ)) {
            e = delegate().findOneById(obj);
        }
        return e;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.molgenis.data.Entity] */
    public E findOneById(Object obj, Fetch fetch) {
        E e = null;
        if (isActionPermitted(obj, Action.READ)) {
            e = delegate().findOneById(obj, fetch);
        }
        return e;
    }

    public Stream<E> findAll(Stream<Object> stream) {
        return delegate().findAll(stream).filter(entity -> {
            return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.READ);
        });
    }

    public Stream<E> findAll(Stream<Object> stream, Fetch fetch) {
        return delegate().findAll(stream, fetch).filter(entity -> {
            return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.READ);
        });
    }

    public AggregateResult aggregate(AggregateQuery aggregateQuery) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            return delegate().aggregate(aggregateQuery);
        }
        throw new UnsupportedOperationException();
    }

    public void update(E e) {
        if (!isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) e, Action.UPDATE)) {
            throwPermissionException(e, Action.UPDATE);
        }
        delegate().update(e);
        updateAcl(e);
    }

    public void update(Stream<E> stream) {
        delegate().update(stream.filter(entity -> {
            if (isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.UPDATE)) {
                updateAcl(entity);
                return true;
            }
            throwPermissionException(entity, Action.UPDATE);
            return true;
        }));
    }

    public void delete(E e) {
        if (!isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) e, Action.DELETE)) {
            throwPermissionException(e, Action.DELETE);
        }
        delegate().delete(e);
        deleteAcl((AbstractRowLevelSecurityRepositoryDecorator<E>) e);
    }

    @Transactional
    public void delete(Stream<E> stream) {
        Iterators.partition(stream.iterator(), BATCH_SIZE).forEachRemaining(this::deleteBatch);
    }

    public void deleteById(Object obj) {
        if (isActionPermitted(obj, Action.DELETE)) {
            delegate().deleteById(obj);
            deleteAcl(obj);
        }
    }

    public void deleteAll(Stream<Object> stream) {
        Iterators.partition(stream.iterator(), BATCH_SIZE).forEachRemaining(list -> {
            List list = (List) list.stream().filter(obj -> {
                return isActionPermitted(obj, Action.DELETE);
            }).collect(Collectors.toList());
            delegate().deleteAll(list.stream());
            list.forEach(this::deleteAcl);
        });
    }

    public void deleteAll() {
        delegate().forEachBatched(this::deleteBatch, BATCH_SIZE);
    }

    private void deleteBatch(List<E> list) {
        List list2 = (List) list.stream().filter(entity -> {
            return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.DELETE);
        }).collect(Collectors.toList());
        delegate().delete(list2.stream());
        list2.forEach(this::deleteAcl);
    }

    public void add(E e) {
        if (isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) e, Action.CREATE)) {
            createAcl(e);
            delegate().add(e);
        }
    }

    public Integer add(Stream<E> stream) {
        return delegate().add(stream.filter(entity -> {
            isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, Action.CREATE);
            createAcl(entity);
            return true;
        }));
    }

    private Stream<E> findAllPermitted(Action action) {
        return findAllPermitted(new QueryImpl(), action);
    }

    private Stream<E> findAllPermitted(Query<E> query, Action action) {
        QueryImpl queryImpl = new QueryImpl(query);
        queryImpl.offset(0).pageSize(Integer.MAX_VALUE);
        Stream<E> filter = delegate().findAll(queryImpl).filter(entity -> {
            return isActionPermitted((AbstractRowLevelSecurityRepositoryDecorator<E>) entity, action);
        });
        if (query.getOffset() > 0) {
            filter = filter.skip(query.getOffset());
        }
        if (query.getPageSize() > 0) {
            filter = filter.limit(query.getPageSize());
        }
        return filter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAcl(ObjectIdentity objectIdentity) {
        this.mutableAclService.deleteAcl(objectIdentity, true);
    }

    public abstract boolean isActionPermitted(E e, Action action);

    public abstract boolean isActionPermitted(Object obj, Action action);

    public abstract void throwPermissionException(E e, Action action);

    public abstract void createAcl(E e);

    public abstract void deleteAcl(E e);

    public abstract void deleteAcl(Object obj);

    public abstract void updateAcl(E e);
}
