package org.molgenis.data.security.meta;

import java.util.Objects;
import org.molgenis.data.DataService;
import org.molgenis.data.EntityAlreadyExistsException;
import org.molgenis.data.Repository;
import org.molgenis.data.UnknownEntityTypeException;
import org.molgenis.data.meta.model.EntityType;
import org.molgenis.data.meta.model.Package;
import org.molgenis.data.meta.system.SystemEntityTypeRegistry;
import org.molgenis.data.security.EntityIdentityUtils;
import org.molgenis.data.security.EntityTypeIdentity;
import org.molgenis.data.security.EntityTypePermission;
import org.molgenis.data.security.PackageIdentity;
import org.molgenis.data.security.PackagePermission;
import org.molgenis.data.security.exception.EntityTypePermissionDeniedException;
import org.molgenis.data.security.exception.NullPackageNotSuException;
import org.molgenis.data.security.exception.PackagePermissionDeniedException;
import org.molgenis.data.security.exception.SystemMetadataModificationException;
import org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator;
import org.molgenis.security.acl.MutableAclClassService;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;

/* loaded from: input_file:org/molgenis/data/security/meta/EntityTypeRepositorySecurityDecorator.class */
public class EntityTypeRepositorySecurityDecorator extends AbstractRowLevelSecurityRepositoryDecorator<EntityType> {
    private final SystemEntityTypeRegistry systemEntityTypeRegistry;
    private final UserPermissionEvaluator userPermissionEvaluator;
    private final MutableAclService mutableAclService;
    private final MutableAclClassService mutableAclClassService;
    private final DataService dataService;

    public EntityTypeRepositorySecurityDecorator(Repository<EntityType> repository, SystemEntityTypeRegistry systemEntityTypeRegistry, UserPermissionEvaluator userPermissionEvaluator, MutableAclService mutableAclService, MutableAclClassService mutableAclClassService, DataService dataService) {
        super(repository, mutableAclService);
        this.systemEntityTypeRegistry = (SystemEntityTypeRegistry) Objects.requireNonNull(systemEntityTypeRegistry);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
        this.mutableAclService = (MutableAclService) Objects.requireNonNull(mutableAclService);
        this.mutableAclClassService = (MutableAclClassService) Objects.requireNonNull(mutableAclClassService);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(EntityType entityType, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        boolean z = true;
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE) {
            checkPackagePermission(entityType, action);
        }
        if (action != AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE) {
            z = checkEntityTypePermission(entityType.getId(), action);
        }
        return z;
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(Object obj, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE || action == AbstractRowLevelSecurityRepositoryDecorator.Action.UPDATE) {
            throw new IllegalStateException("CREATE and UPDATE permission checks should use 'isActionPermitted(EntityType entityType, Action action)'");
        }
        return checkEntityTypePermission(obj.toString(), action);
    }

    private boolean checkEntityTypePermission(String str, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        boolean hasPermission = this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity(str), getPermissionForAction(action));
        if (!hasPermission || action == AbstractRowLevelSecurityRepositoryDecorator.Action.COUNT || action == AbstractRowLevelSecurityRepositoryDecorator.Action.READ || !this.systemEntityTypeRegistry.hasSystemEntityType(str) || SecurityUtils.currentUserIsSystem()) {
            return hasPermission;
        }
        throw new SystemMetadataModificationException();
    }

    private static EntityTypePermission getPermissionForAction(AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        EntityTypePermission entityTypePermission;
        switch (action) {
            case COUNT:
            case READ:
                entityTypePermission = EntityTypePermission.READ_METADATA;
                break;
            case UPDATE:
                entityTypePermission = EntityTypePermission.UPDATE_METADATA;
                break;
            case DELETE:
                entityTypePermission = EntityTypePermission.DELETE_METADATA;
                break;
            case CREATE:
                throw new IllegalStateException("Shouldn't check entity types that you're creating");
            default:
                throw new IllegalArgumentException("Illegal repository Action");
        }
        return entityTypePermission;
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void createAcl(EntityType entityType) {
        try {
            MutableAcl createAcl = this.mutableAclService.createAcl(new EntityTypeIdentity(entityType.getId()));
            Package r0 = entityType.getPackage();
            if (r0 != null) {
                createAcl.setParent(this.mutableAclService.readAclById(new PackageIdentity(r0)));
                this.mutableAclService.updateAcl(createAcl);
            }
        } catch (AlreadyExistsException e) {
            throw new EntityAlreadyExistsException(entityType, e);
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(EntityType entityType) {
        this.mutableAclService.deleteAcl(new EntityTypeIdentity(entityType), true);
        this.mutableAclClassService.deleteAclClass(EntityIdentityUtils.toType(entityType));
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(Object obj) {
        this.mutableAclService.deleteAcl(new EntityTypeIdentity((String) obj), true);
        this.mutableAclClassService.deleteAclClass(EntityIdentityUtils.toType((String) obj));
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void updateAcl(EntityType entityType) {
        MutableAcl readAclById = this.mutableAclService.readAclById(new EntityTypeIdentity(entityType.getId()));
        Package r0 = entityType.getPackage();
        if (r0 != null) {
            Acl readAclById2 = this.mutableAclService.readAclById(new PackageIdentity(r0));
            if (readAclById2.equals(readAclById.getParentAcl())) {
                return;
            }
            readAclById.setParent(readAclById2);
            this.mutableAclService.updateAcl(readAclById);
        }
    }

    private void checkPackagePermission(EntityType entityType, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        Package r0 = entityType.getPackage();
        if (r0 != null) {
            if (isPackageUpdated(action, entityType) && !this.userPermissionEvaluator.hasPermission(new PackageIdentity(r0.getId()), PackagePermission.ADD_ENTITY_TYPE)) {
                throw new PackagePermissionDeniedException(PackagePermission.ADD_ENTITY_TYPE, r0);
            }
        } else if (!SecurityUtils.currentUserIsSuOrSystem() && isPackageUpdated(action, entityType)) {
            throw new NullPackageNotSuException();
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void throwPermissionException(EntityType entityType, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        throw new EntityTypePermissionDeniedException(getPermissionForAction(action), entityType);
    }

    private boolean isPackageUpdated(AbstractRowLevelSecurityRepositoryDecorator.Action action, EntityType entityType) {
        boolean z;
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE) {
            z = true;
        } else {
            EntityType findOneById = this.dataService.findOneById("sys_md_EntityType", entityType.getId(), EntityType.class);
            if (findOneById == null) {
                throw new UnknownEntityTypeException(entityType.getId());
            }
            Package r0 = findOneById.getPackage();
            Package r02 = entityType.getPackage();
            if (r0 == null) {
                z = r02 != null;
            } else if (r02 == null) {
                z = true;
            } else {
                z = !r0.getId().equals(r02.getId());
            }
        }
        return z;
    }
}
