package com.cenqua.crucible.model.managers;

import com.cenqua.crucible.hibernate.HibernateUtil;
import com.cenqua.crucible.model.PermissionScheme;
import com.cenqua.crucible.model.Principal;
import com.cenqua.crucible.model.Project;
import com.cenqua.crucible.model.Review;
import com.cenqua.crucible.model.Role;
import com.cenqua.crucible.model.managers.UserActionManager;
import com.cenqua.crucible.model.principalAssociations.AllUserPA;
import com.cenqua.crucible.model.principalAssociations.AnonymousPA;
import com.cenqua.crucible.model.principalAssociations.GroupPA;
import com.cenqua.crucible.model.principalAssociations.RolePA;
import com.cenqua.crucible.model.principalAssociations.UserPA;
import com.cenqua.fisheye.AppConfig;
import com.cenqua.fisheye.config.RootConfig;
import com.cenqua.fisheye.logging.Logs;
import com.cenqua.fisheye.rep.DbException;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.hibernate.Query;
import org.hibernate.Session;

/* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/crucible/model/managers/PermissionManager.class */
public class PermissionManager {
    public static final String DEFAULT_PS_NAME = "default";

    /* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/crucible/model/managers/PermissionManager$PrincipalAssocs.class */
    private enum PrincipalAssocs {
        AnonymousPA,
        AllUserPA,
        UserPA,
        GroupPA,
        RolePA
    }

    private static Session session() {
        return HibernateUtil.currentSession();
    }

    public static void save(Object obj) {
        session().save(obj);
    }

    public static void delete(Object obj) {
        session().delete(obj);
    }

    public static PermissionScheme createPS(String str) {
        PermissionScheme findPS = findPS(str);
        if (findPS == null) {
            findPS = new PermissionScheme(str);
            session().save(findPS);
        }
        return findPS;
    }

    public static PermissionScheme findPS(String str) {
        Query createQuery = session().createQuery("select ps from PermissionScheme ps where ps.name = :name");
        createQuery.setString("name", str);
        return (PermissionScheme) createQuery.uniqueResult();
    }

    public static List<PermissionScheme> getPermissionSchemes() {
        return Collections.checkedList(new LinkedList(session().createQuery("from PermissionScheme").list()), PermissionScheme.class);
    }

    public static List<Project> getProjectsUsingPermScheme(PermissionScheme permissionScheme) {
        Query createQuery = session().createQuery("select p from Project p where p.permissionScheme = :ps");
        createQuery.setEntity("ps", permissionScheme);
        return createQuery.list();
    }

    public static boolean canPrincipalDoAction(PermissionScheme permissionScheme, Principal principal, String str, GroupManager groupManager, Review review) {
        if (canPrincipalDoActionOnAllReviews(permissionScheme, principal, str, groupManager)) {
            return true;
        }
        if (review != null) {
            return permissionScheme.isAllowedByRole(review.getUsersRoles(Principal.Anonymous.isAnon(principal) ? null : CrucibleUserManager.getUserByName(principal.getUserName())), str);
        }
        return false;
    }

    public static Collection<UserActionManager.Action> canPrincipalDoActions(PermissionScheme permissionScheme, Principal principal, Collection<UserActionManager.Action> collection, GroupManager groupManager, Review review) {
        HashSet hashSet = new HashSet();
        if (review != null) {
            LinkedList<Role> usersRoles = review.getUsersRoles(Principal.Anonymous.isAnon(principal) ? null : CrucibleUserManager.getUserByName(principal.getUserName()));
            for (UserActionManager.Action action : collection) {
                if (canPrincipalDoActionOnAllReviews(permissionScheme, principal, action.getName(), groupManager)) {
                    hashSet.add(action);
                } else if (permissionScheme.isAllowedByRole(usersRoles, action.getName())) {
                    hashSet.add(action);
                }
            }
        } else {
            for (UserActionManager.Action action2 : collection) {
                if (canPrincipalDoActionOnAllReviews(permissionScheme, principal, action2.getName(), groupManager)) {
                    hashSet.add(action2);
                }
            }
        }
        return hashSet;
    }

    public static Set<String> getSufficientRoles(PermissionScheme permissionScheme, Principal principal, String str) {
        HashSet hashSet = new HashSet();
        for (RolePA rolePA : permissionScheme.getReviewRolePAs()) {
            if (rolePA.getActionName().equals(str)) {
                hashSet.add(rolePA.getPid());
            }
        }
        return hashSet;
    }

    public static boolean canPrincipalDoActionOnAllReviews(PermissionScheme permissionScheme, Principal principal, String str, GroupManager groupManager) {
        if (Principal.Anonymous.isAnon(principal)) {
            RootConfig rootConfig = AppConfig.getsConfig();
            return rootConfig.getConfig().getSecurity().getAllowAnon() && rootConfig.getConfig().getSecurity().getAllowCruAnon() && permissionScheme.isAnonymousAllowed(str);
        }
        if (permissionScheme.isAllUserAllowed(str)) {
            return true;
        }
        try {
            List<String> principalGroups = groupManager.getPrincipalGroups(principal);
            if (principalGroups != null) {
                if (permissionScheme.isAllowedByGroup(principalGroups, str)) {
                    return true;
                }
            }
        } catch (DbException e) {
            Logs.APP_LOG.warn("Problem looking up groups, group based permission skipped (denied).", e);
        }
        return permissionScheme.isAllowedByUser(principal.getUserName(), str);
    }

    public static Set<Project> getProjectsPrincipalCanDoActionIn(Principal principal, String str, GroupManager groupManager) {
        HashSet hashSet = new HashSet();
        if (Principal.Anonymous.isAnon(principal)) {
            hashSet.addAll(checkForActionInAnyScheme(PrincipalAssocs.AnonymousPA.toString(), str));
            return hashSet;
        }
        hashSet.addAll(checkForActionInAnyScheme(PrincipalAssocs.AllUserPA.toString(), str));
        hashSet.addAll(checkForActionInAnyScheme(PrincipalAssocs.UserPA.toString(), principal.getUserName(), str));
        try {
            List<String> principalGroups = groupManager.getPrincipalGroups(principal);
            if (principalGroups != null) {
                Iterator<String> it2 = principalGroups.iterator();
                while (it2.hasNext()) {
                    hashSet.addAll(checkForActionInAnyScheme(PrincipalAssocs.GroupPA.toString(), it2.next(), str));
                }
            }
        } catch (DbException e) {
            Logs.APP_LOG.warn("Problem looking up groups, group based permission skipped (denied).", e);
        }
        return hashSet;
    }

    public static boolean canPrincipalDoActionInAnyProject(Principal principal, String str, GroupManager groupManager) {
        if (Principal.Anonymous.isAnon(principal)) {
            return !checkForActionInAnyScheme(PrincipalAssocs.AnonymousPA.toString(), str).isEmpty();
        }
        if (!nullOrEmpty(checkForActionInAnyScheme(PrincipalAssocs.AllUserPA.toString(), str)) || !nullOrEmpty(checkForActionInAnyScheme(PrincipalAssocs.UserPA.toString(), principal.getUserName(), str))) {
            return true;
        }
        try {
            List<String> principalGroups = groupManager.getPrincipalGroups(principal);
            if (principalGroups != null) {
                Iterator<String> it2 = principalGroups.iterator();
                while (it2.hasNext()) {
                    if (!nullOrEmpty(checkForActionInAnyScheme(PrincipalAssocs.GroupPA.toString(), it2.next(), str))) {
                        return true;
                    }
                }
            }
            return false;
        } catch (DbException e) {
            Logs.APP_LOG.warn("Problem looking up groups, group based permission skipped (denied).", e);
            return false;
        }
    }

    private static boolean nullOrEmpty(List list) {
        return list == null || list.isEmpty();
    }

    private static List<Project> checkForActionInAnyScheme(String str, String str2) {
        Query createQuery = session().createQuery("select proj from Project proj, " + str + " pa where pa.actionName = :actionName and proj.permissionScheme = pa.ps");
        createQuery.setString("actionName", str2);
        return createQuery.list();
    }

    private static List<Project> checkForActionInAnyScheme(String str, String str2, String str3) {
        Query createQuery = session().createQuery("select proj from Project proj, " + str + " pa  where pa.pid = :pid and pa.actionName = :actionName and proj.permissionScheme = pa.ps");
        createQuery.setString("pid", str2);
        createQuery.setString("actionName", str3);
        return createQuery.list();
    }

    public static PermissionScheme getDefaultPermissionScheme() {
        PermissionScheme permissionScheme = (PermissionScheme) session().get(PermissionScheme.class, (Serializable) 1);
        if (permissionScheme == null) {
            Logs.CONSOLE.error("No default permission scheme exists");
        }
        return permissionScheme;
    }

    public static PermissionScheme createDefaultPS() {
        PermissionScheme defaultPermissionScheme = getDefaultPermissionScheme();
        if (defaultPermissionScheme == null) {
            defaultPermissionScheme = new PermissionScheme("default");
            defaultPermissionScheme.setId(1);
            session().save(defaultPermissionScheme);
        }
        return defaultPermissionScheme;
    }

    public static PermissionScheme copyPermissionScheme(PermissionScheme permissionScheme, String str) {
        PermissionScheme createPS = createPS(str);
        Iterator<AllUserPA> it2 = permissionScheme.getAllUsersPAs().iterator();
        while (it2.hasNext()) {
            createPS.addAllUsersAction(it2.next().getActionName());
        }
        Iterator<AnonymousPA> it3 = permissionScheme.getAnonymousPAs().iterator();
        while (it3.hasNext()) {
            createPS.addAnonAction(it3.next().getActionName());
        }
        for (UserPA userPA : permissionScheme.getUserPAs()) {
            createPS.addUserAction(userPA.getPid(), userPA.getActionName());
        }
        for (GroupPA groupPA : permissionScheme.getGroupPAs()) {
            createPS.addGroupAction(groupPA.getPid(), groupPA.getActionName());
        }
        for (RolePA rolePA : permissionScheme.getReviewRolePAs()) {
            createPS.addReviewRoleAction(rolePA.getPid(), rolePA.getActionName());
        }
        return createPS;
    }

    public static void deletePermissionScheme(PermissionScheme permissionScheme) {
        session().createQuery("delete AllUserPA where ps = :ps").setEntity("ps", permissionScheme).executeUpdate();
        session().createQuery("delete AnonymousPA where ps = :ps").setEntity("ps", permissionScheme).executeUpdate();
        session().createQuery("delete UserPA where ps = :ps").setEntity("ps", permissionScheme).executeUpdate();
        session().createQuery("delete GroupPA where ps = :ps").setEntity("ps", permissionScheme).executeUpdate();
        session().createQuery("delete RolePA where ps = :ps").setEntity("ps", permissionScheme).executeUpdate();
        delete(permissionScheme);
    }
}
