package org.molgenis.data.security.meta;

import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.data.EntityAlreadyExistsException;
import org.molgenis.data.Repository;
import org.molgenis.data.UnknownEntityException;
import org.molgenis.data.meta.model.Package;
import org.molgenis.data.security.PackageIdentity;
import org.molgenis.data.security.PackagePermission;
import org.molgenis.data.security.exception.NullParentPackageNotSuException;
import org.molgenis.data.security.exception.PackagePermissionDeniedException;
import org.molgenis.data.security.exception.SystemMetadataModificationException;
import org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator;
import org.molgenis.data.util.PackageUtils;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;

/* loaded from: input_file:org/molgenis/data/security/meta/PackageRepositorySecurityDecorator.class */
public class PackageRepositorySecurityDecorator extends AbstractRowLevelSecurityRepositoryDecorator<Package> {
    private final MutableAclService mutableAclService;
    private final UserPermissionEvaluator userPermissionEvaluator;

    public PackageRepositorySecurityDecorator(Repository<Package> repository, MutableAclService mutableAclService, UserPermissionEvaluator userPermissionEvaluator) {
        super(repository, mutableAclService);
        this.mutableAclService = (MutableAclService) Objects.requireNonNull(mutableAclService);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(Package r5, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        boolean isActionPermittedOnParent;
        Package findOneById = delegate().findOneById(r5.getId());
        if ((action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.DELETE) && ((PackageUtils.isSystemPackage(r5) || PackageUtils.isSystemPackage(findOneById)) && !SecurityUtils.currentUserIsSystem())) {
            throw new SystemMetadataModificationException();
        }
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.DELETE) {
            isActionPermittedOnParent = isActionPermittedOnParent(r5, action);
        } else if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE) {
            isActionPermittedOnParent = isActionPermittedOnParent(r5, action) && internalIsActionPermitted(r5.getId(), action);
        } else {
            isActionPermittedOnParent = internalIsActionPermitted(r5.getId(), action);
        }
        return isActionPermittedOnParent;
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(Object obj, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        boolean z = false;
        Package r0 = (Package) delegate().findOneById(obj);
        if (r0 != null) {
            z = isActionPermitted(r0, action);
        }
        return z;
    }

    private boolean internalIsActionPermitted(Object obj, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        return this.userPermissionEvaluator.hasPermission(new PackageIdentity(obj.toString()), getPermissionForAction(action));
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void throwPermissionException(Package r6, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        throw new PackagePermissionDeniedException(getPermissionForAction(action), r6);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public Package findOneById(Object obj) {
        Package r0 = (Package) delegate().findOneById(obj);
        if (r0 != null && !isActionPermitted(obj, AbstractRowLevelSecurityRepositoryDecorator.Action.READ)) {
            throwPermissionException(r0, AbstractRowLevelSecurityRepositoryDecorator.Action.READ);
        }
        return r0;
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void add(Package r6) {
        if (isActionPermitted(r6, AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE)) {
            createAcl(r6);
            delegate().add(r6);
        } else {
            if (r6.getParent() != null) {
                throw new PackagePermissionDeniedException(getPermissionForAction(AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE), r6);
            }
            throw new NullParentPackageNotSuException();
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void update(Package r5) {
        if (!isActionPermitted(r5, AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE)) {
            if (r5.getParent() == null) {
                throw new NullParentPackageNotSuException();
            }
            throwPermissionException(r5, AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE);
        }
        delegate().update(r5);
        updateAcl(r5);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public Integer add(Stream<Package> stream) {
        LinkedList<Package> linkedList = new LinkedList<>();
        resolveDependencies((List) stream.collect(Collectors.toList()), linkedList);
        return super.add(linkedList.stream());
    }

    private void resolveDependencies(List<Package> list, LinkedList<Package> linkedList) {
        if (list.size() != linkedList.size()) {
            for (Package r0 : list) {
                if (!linkedList.contains(r0) && (!list.contains(r0.getParent()) || linkedList.contains(r0.getParent()))) {
                    linkedList.add(r0);
                }
            }
            resolveDependencies(list, linkedList);
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void createAcl(Package r6) {
        try {
            MutableAcl createAcl = this.mutableAclService.createAcl(new PackageIdentity(r6));
            if (r6.getParent() != null) {
                createAcl.setParent(this.mutableAclService.readAclById(new PackageIdentity(r6.getParent())));
                this.mutableAclService.updateAcl(createAcl);
            }
        } catch (AlreadyExistsException e) {
            throw new EntityAlreadyExistsException(r6, e);
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(Object obj) {
        this.mutableAclService.deleteAcl(new PackageIdentity(obj.toString()), true);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(Package r4) {
        deleteAcl(r4.getId());
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void updateAcl(Package r5) {
        MutableAcl readAclById = this.mutableAclService.readAclById(new PackageIdentity(r5));
        if (r5.getParent() != null) {
            Acl readAclById2 = this.mutableAclService.readAclById(new PackageIdentity(r5.getParent()));
            if (readAclById2.equals(readAclById.getParentAcl())) {
                return;
            }
            readAclById.setParent(readAclById2);
            this.mutableAclService.updateAcl(readAclById);
        }
    }

    private boolean isActionPermittedOnParent(Package r6, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        boolean z = true;
        Package parent = r6.getParent();
        PackagePermission permissionForAction = getPermissionForAction(action);
        if (parent == null) {
            if (isParentUpdated(action, r6) && !SecurityUtils.currentUserIsSuOrSystem()) {
                z = false;
            }
        } else if (isParentUpdated(action, r6) && !this.userPermissionEvaluator.hasPermission(new PackageIdentity(parent.getId()), permissionForAction)) {
            z = false;
        }
        return z;
    }

    private boolean isParentUpdated(AbstractRowLevelSecurityRepositoryDecorator.Action action, Package r7) {
        boolean z;
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.DELETE) {
            z = true;
        } else {
            Package findOneById = delegate().findOneById(r7.getId());
            if (findOneById == null) {
                throw new UnknownEntityException("sys_md_Package", r7.getId());
            }
            Package parent = findOneById.getParent();
            if (parent == null) {
                z = r7.getParent() != null;
            } else {
                z = !parent.equals(r7.getParent());
            }
        }
        return z;
    }

    private static PackagePermission getPermissionForAction(AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        PackagePermission packagePermission;
        switch (action) {
            case COUNT:
            case READ:
                packagePermission = PackagePermission.VIEW;
                break;
            case UPDATE:
            case DELETE:
                packagePermission = PackagePermission.UPDATE;
                break;
            case CREATE:
                packagePermission = PackagePermission.ADD_PACKAGE;
                break;
            default:
                throw new IllegalArgumentException("Illegal repository Action");
        }
        return packagePermission;
    }
}
