package ome.security.basic;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import ome.conditions.ApiUsageException;
import ome.conditions.GroupSecurityViolation;
import ome.conditions.InternalException;
import ome.conditions.OptimisticLockException;
import ome.conditions.PermissionMismatchGroupSecurityViolation;
import ome.conditions.ReadOnlyGroupSecurityViolation;
import ome.conditions.SecurityViolation;
import ome.conditions.ValidationException;
import ome.model.IAnnotationLink;
import ome.model.IMutable;
import ome.model.IObject;
import ome.model.core.Image;
import ome.model.core.OriginalFile;
import ome.model.core.Pixels;
import ome.model.display.RenderingDef;
import ome.model.display.Thumbnail;
import ome.model.internal.Details;
import ome.model.internal.NamedValue;
import ome.model.internal.Permissions;
import ome.model.meta.Experimenter;
import ome.model.meta.ExperimenterGroup;
import ome.model.meta.ExternalInfo;
import ome.model.meta.GroupExperimenterMap;
import ome.model.roi.Roi;
import ome.security.SystemTypes;
import ome.services.sessions.stats.SessionStats;
import ome.system.EventContext;
import ome.system.Roles;
import ome.tools.hibernate.ExtendedMetadata;
import ome.tools.hibernate.HibernateUtils;
import ome.tools.lsid.LsidUtils;
import ome.util.SqlAction;
import org.apache.commons.lang.ObjectUtils;
import org.hibernate.CallbackException;
import org.hibernate.EmptyInterceptor;
import org.hibernate.EntityMode;
import org.hibernate.Interceptor;
import org.hibernate.Transaction;
import org.hibernate.collection.PersistentList;
import org.hibernate.engine.CollectionEntry;
import org.hibernate.type.ComponentType;
import org.hibernate.type.Type;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.support.TransactionSynchronizationManager;
import org.springframework.util.Assert;

/* loaded from: input_file:ome/security/basic/OmeroInterceptor.class */
public class OmeroInterceptor implements Interceptor {
    static volatile String last = null;
    static volatile int count = 1;
    private static Logger log = LoggerFactory.getLogger(OmeroInterceptor.class);
    private static final String IDX_FILE_REPO = LsidUtils.parseField("ome.model.core.OriginalFile_repo");
    private static final String IDX_FILE_PATH = LsidUtils.parseField("ome.model.core.OriginalFile_path");
    private static final String IDX_FILE_NAME = LsidUtils.parseField("ome.model.core.OriginalFile_name");
    private final Interceptor EMPTY = EmptyInterceptor.INSTANCE;
    private final SystemTypes sysTypes;
    private final CurrentDetails currentUser;
    private final TokenHolder tokenHolder;
    private final ExtendedMetadata em;
    private final SessionStats stats;
    private final Roles roles;
    private final LightAdminPrivileges adminPrivileges;
    private final SqlAction sqlAction;
    private final Set<String> managedRepoUuids;
    private final Set<String> scriptRepoUuids;
    private static final long serialVersionUID = 7616611615023614920L;

    public OmeroInterceptor(Roles roles, SystemTypes systemTypes, ExtendedMetadata extendedMetadata, CurrentDetails currentDetails, TokenHolder tokenHolder, SessionStats sessionStats, LightAdminPrivileges lightAdminPrivileges, SqlAction sqlAction, Set<String> set, Set<String> set2) {
        Assert.notNull(tokenHolder);
        Assert.notNull(systemTypes);
        Assert.notNull(sessionStats);
        Assert.notNull(roles);
        this.tokenHolder = tokenHolder;
        this.currentUser = currentDetails;
        this.sysTypes = systemTypes;
        this.stats = sessionStats;
        this.roles = roles;
        this.em = extendedMetadata;
        this.adminPrivileges = lightAdminPrivileges;
        this.sqlAction = sqlAction;
        this.managedRepoUuids = set;
        this.scriptRepoUuids = set2;
    }

    public Object instantiate(String str, EntityMode entityMode, Serializable serializable) throws CallbackException {
        debug("Intercepted instantiate.");
        return this.EMPTY.instantiate(str, entityMode, serializable);
    }

    public boolean onLoad(Object obj, Serializable serializable, Object[] objArr, String[] strArr, Type[] typeArr) throws CallbackException {
        debug("Intercepted load.");
        this.stats.loadedObjects(1);
        return this.EMPTY.onLoad(obj, serializable, objArr, strArr, typeArr);
    }

    public int[] findDirty(Object obj, Serializable serializable, Object[] objArr, Object[] objArr2, String[] strArr, Type[] typeArr) {
        debug("Intercepted dirty check.");
        return this.EMPTY.findDirty(obj, serializable, objArr, objArr2, strArr, typeArr);
    }

    public boolean onSave(Object obj, Serializable serializable, Object[] objArr, String[] strArr, Type[] typeArr) {
        debug("Intercepted save.");
        this.stats.updatedObjects(1);
        if (!(obj instanceof IObject)) {
            return true;
        }
        IObject iObject = (IObject) obj;
        objArr[HibernateUtils.detailsIndex(strArr)] = newTransientDetails(iObject, evaluateLinkages(iObject));
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x007c A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:17:? A[LOOP:0: B:2:0x000f->B:17:?, LOOP_END, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean isProblemFilepath(java.lang.String r3) {
        /*
            r0 = 47
            com.google.common.base.Splitter r0 = com.google.common.base.Splitter.on(r0)
            r1 = r3
            java.lang.Iterable r0 = r0.split(r1)
            java.util.Iterator r0 = r0.iterator()
            r4 = r0
        Lf:
            r0 = r4
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L81
            r0 = r4
            java.lang.Object r0 = r0.next()
            java.lang.String r0 = (java.lang.String) r0
            r5 = r0
            r0 = r5
            r6 = r0
            r0 = -1
            r7 = r0
            r0 = r6
            int r0 = r0.hashCode()
            switch(r0) {
                case 46: goto L44;
                case 1472: goto L53;
                default: goto L5f;
            }
        L44:
            r0 = r6
            java.lang.String r1 = "."
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L5f
            r0 = 0
            r7 = r0
            goto L5f
        L53:
            r0 = r6
            java.lang.String r1 = ".."
            boolean r0 = r0.equals(r1)
            if (r0 == 0) goto L5f
            r0 = 1
            r7 = r0
        L5f:
            r0 = r7
            switch(r0) {
                case 0: goto L7c;
                case 1: goto L7c;
                default: goto L7e;
            }
        L7c:
            r0 = 1
            return r0
        L7e:
            goto Lf
        L81:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: ome.security.basic.OmeroInterceptor.isProblemFilepath(java.lang.String):boolean");
    }

    public boolean onFlushDirty(Object obj, Serializable serializable, Object[] objArr, Object[] objArr2, String[] strArr, Type[] typeArr) {
        debug("Intercepted update.");
        this.stats.updatedObjects(1);
        boolean z = false;
        if (obj instanceof IObject) {
            IObject iObject = (IObject) obj;
            int detailsIndex = HibernateUtils.detailsIndex(strArr);
            Details evaluateLinkages = evaluateLinkages(iObject);
            if (objArr2 != null && (iObject instanceof OriginalFile) && !this.currentUser.current().isCurrentUserAdmin()) {
                int index = HibernateUtils.index(IDX_FILE_PATH, strArr);
                int index2 = HibernateUtils.index(IDX_FILE_NAME, strArr);
                String str = (String) objArr[index];
                String str2 = (String) objArr[index2];
                if (str != null && str2 != null && ((!str.equals(objArr2[index]) || !str2.equals(objArr2[index2])) && isProblemFilepath(str + str2))) {
                    throw new SecurityViolation("only administrators may introduce non-canonical OriginalFile path or name");
                }
            }
            z = false | resetDetails(iObject, objArr, objArr2, detailsIndex, evaluateLinkages);
        }
        if (obj instanceof OriginalFile) {
            int index3 = HibernateUtils.index(IDX_FILE_REPO, strArr);
            if (objArr2 != null && !ObjectUtils.equals(objArr2[index3], objArr[index3])) {
                log.warn("reverting change to OriginalFile.repo");
                objArr[index3] = objArr2[index3];
            }
        }
        return z;
    }

    public void onDelete(Object obj, Serializable serializable, Object[] objArr, String[] strArr, Type[] typeArr) throws CallbackException {
        debug("Intercepted delete.");
        this.EMPTY.onDelete(obj, serializable, objArr, strArr, typeArr);
    }

    public void onCollectionRecreate(Object obj, Serializable serializable) throws CallbackException {
        debug("Intercepted collection recreate.");
    }

    public void onCollectionRemove(Object obj, Serializable serializable) throws CallbackException {
        debug("Intercepted collection remove.");
    }

    public void onCollectionUpdate(Object obj, Serializable serializable) throws CallbackException {
        debug("Intercepted collection update.");
        if (obj instanceof PersistentList) {
            PersistentList persistentList = (PersistentList) obj;
            CollectionEntry collectionEntry = persistentList.getSession().getPersistenceContext().getCollectionEntry(persistentList);
            if (collectionEntry.getCurrentPersister().getElementType() instanceof ComponentType) {
                List list = (List) collectionEntry.getSnapshot();
                Object owner = persistentList.getOwner();
                if (persistentList.size() == 0 && list.size() == 0) {
                    return;
                }
                boolean z = true;
                if (persistentList.size() == list.size()) {
                    for (int i = 0; i < persistentList.size(); i++) {
                        if (persistentList.get(i) != null) {
                            Object obj2 = persistentList.get(i);
                            if ((obj2 instanceof NamedValue) && ((NamedValue) obj2).equals(list.get(i))) {
                            }
                            z = false;
                            break;
                        }
                        if (list.get(i) != null) {
                            z = false;
                            break;
                        }
                    }
                    if (z) {
                        return;
                    }
                }
                try {
                    IObject iObject = (IObject) owner;
                    Integer num = (Integer) iObject.getClass().getMethod("getVersion", new Class[0]).invoke(iObject, new Object[0]);
                    Integer valueOf = Integer.valueOf(num == null ? 1 : num.intValue() + 1);
                    iObject.getClass().getMethod("setVersion", Integer.class).invoke(iObject, valueOf);
                    log.info("Updating version for collections from {} to {}", num, valueOf);
                } catch (Exception e) {
                    InternalException internalException = new InternalException("Failed to set version");
                    internalException.initCause(e);
                    throw internalException;
                }
            }
        }
    }

    public void preFlush(Iterator it) throws CallbackException {
        debug("Intercepted preFlush.");
        this.EMPTY.preFlush(it);
    }

    public void postFlush(Iterator it) throws CallbackException {
        debug("Intercepted postFlush.");
        if (TransactionSynchronizationManager.isCurrentTransactionReadOnly()) {
            debug("detected read-only transaction");
        } else if (this.sqlAction != null) {
            debug("updating current light administrator privileges");
            Set currentAdminPrivileges = this.currentUser.current().getCurrentAdminPrivileges();
            this.sqlAction.deleteCurrentAdminPrivileges();
            this.sqlAction.insertCurrentAdminPrivileges(currentAdminPrivileges);
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
    }

    public void afterTransactionBegin(Transaction transaction) {
    }

    public void afterTransactionCompletion(Transaction transaction) {
    }

    public void beforeTransactionCompletion(Transaction transaction) {
    }

    public Object getEntity(String str, Serializable serializable) throws CallbackException {
        return this.EMPTY.getEntity(str, serializable);
    }

    public String getEntityName(Object obj) throws CallbackException {
        return this.EMPTY.getEntityName(obj);
    }

    public Boolean isTransient(Object obj) {
        return this.EMPTY.isTransient(obj);
    }

    public String onPrepareStatement(String str) {
        if (!log.isDebugEnabled()) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        String[] split = str.split("\\sfrom\\s");
        sb.append(split[0]);
        for (int i = 1; i < split.length; i++) {
            sb.append("\n from ");
            sb.append(split[i]);
        }
        String[] split2 = sb.toString().split("\\swhere\\s");
        StringBuilder sb2 = new StringBuilder();
        sb2.append(split2[0]);
        for (int i2 = 1; i2 < split2.length; i2++) {
            sb2.append("\n where ");
            sb2.append(split2[i2]);
        }
        return sb2.toString();
    }

    protected boolean resetDetails(IObject iObject, Object[] objArr, Object[] objArr2, int i, Details details) {
        if (objArr2 == null) {
            log.warn(String.format("Null previousState for %s(loaded=%s). Details=%s", iObject, Boolean.valueOf(iObject.isLoaded()), objArr[i]));
            throw new InternalException("Previous state is null. Possibly caused by evict. See ticket:3929");
        }
        Details details2 = (Details) objArr2[i];
        Details checkManagedDetails = checkManagedDetails(iObject, details2, details);
        if (details2 == checkManagedDetails) {
            return false;
        }
        objArr[i] = checkManagedDetails;
        return true;
    }

    protected void log(String str) {
        if (str.equals(last)) {
            count++;
        } else if (log.isDebugEnabled()) {
            log.debug(str + (" ( " + count + " times )"));
            last = str;
            count = 1;
        }
    }

    private void debug(String str) {
        if (log.isDebugEnabled()) {
            log(str);
        }
    }

    public Details evaluateLinkages(IObject iObject) {
        if (iObject == null) {
            return null;
        }
        Class<?> cls = iObject.getClass();
        Details newInstance = iObject.getDetails().newInstance();
        if (this.sysTypes.isSystemType(iObject.getClass()) || this.sysTypes.isInSystemGroup(iObject.getDetails())) {
            return newInstance;
        }
        boolean z = this.currentUser.getGroup().getId().longValue() < 0;
        for (IObject iObject2 : this.em.getLockCandidates(iObject)) {
            if (!this.sysTypes.isSystemType(iObject2.getClass()) && !this.sysTypes.isInSystemGroup(iObject2.getDetails()) && !this.sysTypes.isInUserGroup(iObject2.getDetails())) {
                Class<?> cls2 = iObject2.getClass();
                Details details = iObject2.getDetails();
                if (details != null) {
                    if (!z) {
                        throwIfGroupsDontMatch(this.currentUser.getGroup(), iObject, details.getGroup(), iObject2);
                    } else if (newInstance.getGroup() == null) {
                        newInstance.setGroup(details.getGroup());
                    } else {
                        throwIfGroupsDontMatch(newInstance.getGroup(), iObject, details.getGroup(), iObject2);
                    }
                    Experimenter owner = iObject2.getDetails().getOwner();
                    ExperimenterGroup group = iObject2.getDetails().getGroup();
                    if (owner != null && group != null) {
                        Long id = owner.getId();
                        Long id2 = group.getId();
                        if (id != null && id2 != null) {
                            EventContext currentEventContext = this.currentUser.getCurrentEventContext();
                            boolean equals = currentEventContext.getCurrentUserId().equals(id);
                            boolean z2 = !equals && this.currentUser.isOwnerOrSupervisor(iObject2);
                            boolean contains = currentEventContext.getMemberOfGroupsList().contains(id2);
                            Permissions currentGroupPermissions = this.currentUser.getCurrentEventContext().getCurrentGroupPermissions();
                            if (!equals && this.currentUser.isGraphCritical(newInstance)) {
                                String name = this.currentUser.getGroup().getName();
                                String omeName = this.currentUser.getOwner().getOmeName();
                                Long id3 = iObject.getDetails().getOwner() != null ? iObject.getDetails().getOwner().getId() : null;
                                if (id3 == null || !id3.equals(id)) {
                                    throw new ReadOnlyGroupSecurityViolation(String.format("Cannot link to %s\nCurrent user (%s) is an admin or the owner of\nthe private group (%s=%s). It is not allowed to\nlink to users' data.", iObject2, omeName, name, currentGroupPermissions));
                                }
                            }
                            Permissions.Right neededRight = neededRight(cls, cls2);
                            Permissions.Role neededRole = neededRole(equals, contains);
                            if (!z2) {
                                throwIfNotGranted(currentGroupPermissions, neededRole, neededRight, iObject2);
                            }
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return newInstance;
    }

    private Permissions.Role neededRole(boolean z, boolean z2) {
        return z ? Permissions.Role.USER : z2 ? Permissions.Role.GROUP : Permissions.Role.WORLD;
    }

    protected Permissions.Right neededRight(Class<?> cls, Class<?> cls2) {
        Permissions.Right right = Permissions.Right.WRITE;
        if (RenderingDef.class.isAssignableFrom(cls2) || RenderingDef.class.isAssignableFrom(cls) || (Pixels.class.isAssignableFrom(cls2) && Thumbnail.class.isAssignableFrom(cls))) {
            right = Permissions.Right.READ;
        } else if (IAnnotationLink.class.isAssignableFrom(cls) || (Roi.class.isAssignableFrom(cls) && Image.class.isAssignableFrom(cls2))) {
            right = Permissions.Right.ANNOTATE;
        }
        return right;
    }

    public Details newTransientDetails(IObject iObject) {
        if (iObject == null) {
            throw new ApiUsageException("Argument cannot be null.");
        }
        return newTransientDetails(iObject, iObject.getDetails().newInstance());
    }

    protected Details newTransientDetails(IObject iObject, Details details) {
        boolean contains;
        if (this.tokenHolder.hasPrivilegedToken(iObject)) {
            return iObject.getDetails();
        }
        Details details2 = iObject.getDetails();
        BasicEventContext current = this.currentUser.current();
        details.copyWhereUnset((Details) null, this.currentUser.createDetails());
        boolean isSystemType = this.sysTypes.isSystemType(iObject.getClass());
        Set currentAdminPrivileges = current.getCurrentAdminPrivileges();
        if (!current.isCurrentUserAdmin()) {
            contains = false;
        } else if (isSystemType) {
            contains = true;
        } else if (iObject instanceof Experimenter) {
            contains = currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("ModifyUser"));
        } else if (iObject instanceof ExperimenterGroup) {
            contains = currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("ModifyGroup"));
        } else if (iObject instanceof GroupExperimenterMap) {
            contains = currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("ModifyGroupMembership"));
        } else if (iObject instanceof OriginalFile) {
            String repo = ((OriginalFile) iObject).getRepo();
            contains = repo != null ? this.managedRepoUuids.contains(repo) ? currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("WriteManagedRepo")) : this.scriptRepoUuids.contains(repo) ? currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("WriteScriptRepo")) : currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("WriteFile")) : currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("WriteFile"));
        } else {
            contains = currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("WriteOwned"));
        }
        if (details2.getOwner() != null && !details.getOwner().getId().equals(details2.getOwner().getId())) {
            if (!contains) {
                throw new SecurityViolation(String.format("You are not authorized to set the Experimenter for %s to %s", iObject, details2.getOwner()));
            }
            details.setOwner(details2.getOwner());
        }
        if (details2.getGroup() != null && details2.getGroup().getId() != null) {
            long longValue = details2.getGroup().getId().longValue();
            if (current.getCurrentGroupId().equals(Long.valueOf(longValue))) {
                details.setGroup(details2.getGroup());
            } else if (contains && Long.valueOf(this.roles.getUserGroupId()).equals(details2.getGroup().getId())) {
                details.setGroup(details2.getGroup());
            } else {
                if (current.getCurrentGroupId().longValue() >= 0 || !(contains || current.getMemberOfGroupsList().contains(Long.valueOf(longValue)))) {
                    throw new SecurityViolation(String.format("You are not authorized to set the ExperimenterGroup for %s to %s", iObject, details2.getGroup()));
                }
                details.setGroup(details2.getGroup());
            }
        } else if (!contains && !current.getMemberOfGroupsList().contains(details.getGroup().getId())) {
            if (!current.getCurrentGroupPermissions().isGranted(Permissions.Role.WORLD, iObject instanceof IAnnotationLink ? Permissions.Right.ANNOTATE : Permissions.Right.WRITE) && (!"ome.model.display".equals(iObject.getClass().getPackage().getName()) || !current.getCurrentGroupPermissions().isGranted(Permissions.Role.WORLD, Permissions.Right.READ))) {
                throw new SecurityViolation(String.format("You are not authorized to create %s", iObject));
            }
        }
        if (details2.getPermissions() != null) {
            Permissions currentGroupPermissions = this.currentUser.getCurrentEventContext().getCurrentGroupPermissions();
            boolean isInUserGroup = this.sysTypes.isInUserGroup(details);
            if (!currentGroupPermissions.identical(details2.getPermissions()) && !this.sysTypes.isSystemType(iObject.getClass()) && !isInUserGroup) {
                throw new PermissionMismatchGroupSecurityViolation("Manually setting permissions currently disallowed");
            }
            details.setPermissions(details2.getPermissions());
        }
        details.setExternalInfo(details2.getExternalInfo());
        return details;
    }

    public Details checkManagedDetails(IObject iObject, Details details) {
        if (iObject == null) {
            throw new ApiUsageException("Argument cannot be null.");
        }
        return checkManagedDetails(iObject, details, iObject.getDetails().newInstance());
    }

    protected Details checkManagedDetails(IObject iObject, Details details, Details details2) {
        Integer version;
        if (iObject == null) {
            throw new ApiUsageException("Argument cannot be null.");
        }
        if (iObject.getId() == null) {
            throw new ValidationException("Id required on all detached instances.");
        }
        if (!(iObject instanceof IMutable) || (version = ((IMutable) iObject).getVersion()) == null || version.intValue() < 0) {
        }
        boolean z = false;
        Details details3 = iObject.getDetails();
        details2.copyWhereUnset(details, this.currentUser.createDetails());
        if (details == null) {
            details2 = null;
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Setting details on " + iObject + " to null like original");
            }
        } else if (details3 == null) {
            details2 = details.copy();
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Setting details on " + iObject + " to copy of original details.");
            }
        } else {
            boolean z2 = false;
            if (this.tokenHolder.hasPrivilegedToken(iObject)) {
                z2 = true;
            }
            BasicEventContext current = this.currentUser.current();
            boolean isSystemType = this.sysTypes.isSystemType(iObject.getClass());
            if (!isSystemType) {
                z = false | managedOwner(z2, iObject, details, details3, details2, current);
            }
            if (!isSystemType) {
                z |= managedGroup(z2, iObject, details, details3, details2, current);
            }
            if (!isSystemType) {
                z |= managedEvent(z2, iObject, details, details3, details2);
            }
        }
        return z ? details2 : details;
    }

    @Deprecated
    protected boolean managedExternalInfo(boolean z, IObject iObject, Details details, Details details2, Details details3) {
        boolean z2 = false;
        ExternalInfo externalInfo = details == null ? null : details.getExternalInfo();
        ExternalInfo externalInfo2 = details2 == null ? null : details2.getExternalInfo();
        if (externalInfo == null) {
            if (externalInfo2 != null) {
                details3.setExternalInfo(externalInfo2);
                z2 = true;
            }
        } else if (!HibernateUtils.idEqual(externalInfo, externalInfo2)) {
            throw new SecurityViolation(String.format("Cannot update ExternalInfo for %s from %s to %s", iObject, externalInfo, externalInfo2));
        }
        return z2;
    }

    protected boolean managedOwner(boolean z, IObject iObject, Details details, Details details2, Details details3, BasicEventContext basicEventContext) {
        Set currentAdminPrivileges = basicEventContext.getCurrentAdminPrivileges();
        if (HibernateUtils.idEqual(details.getOwner(), details2.getOwner())) {
            details3.setOwner(details.getOwner());
            return false;
        }
        if (details2.getOwner() == null) {
            details3.setOwner(details.getOwner());
            return true;
        }
        if ((basicEventContext.isCurrentUserAdmin() && currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("Chown"))) || z) {
            return false;
        }
        throw new SecurityViolation(String.format("You are not authorized to change the owner for %s from %s to %s", iObject, details.getOwner(), details2.getOwner()));
    }

    protected boolean managedGroup(boolean z, IObject iObject, Details details, Details details2, Details details3, BasicEventContext basicEventContext) {
        if (null != details.getGroup()) {
            long longValue = details.getGroup().getId().longValue();
            long longValue2 = this.currentUser.getGroup().getId().longValue();
            long userGroupId = this.roles.getUserGroupId();
            if (longValue2 != longValue && longValue != userGroupId) {
                throw new SecurityViolation(String.format("Currently logged into group %s. Cannot alter object in group %s", Long.valueOf(longValue2), Long.valueOf(longValue)));
            }
        }
        Set currentAdminPrivileges = basicEventContext.getCurrentAdminPrivileges();
        if (HibernateUtils.idEqual(details.getGroup(), details2.getGroup())) {
            details3.setGroup(details.getGroup());
            return false;
        }
        if (details2.getGroup() == null) {
            details3.setGroup(details.getGroup());
            return true;
        }
        if ((details2.getGroup().getId().equals(Long.valueOf(this.roles.getUserGroupId())) || !basicEventContext.getMemberOfGroupsList().contains(details2.getGroup().getId())) && !((basicEventContext.isCurrentUserAdmin() && currentAdminPrivileges.contains(this.adminPrivileges.getPrivilege("Chgrp"))) || z)) {
            throw new SecurityViolation(String.format("You are not authorized to change the group for %s from %s to %s", iObject, details.getGroup(), details2.getGroup()));
        }
        details3.setGroup(details2.getGroup());
        return true;
    }

    protected boolean managedEvent(boolean z, IObject iObject, Details details, Details details2, Details details3) {
        boolean z2 = false;
        if (HibernateUtils.idEqual(details.getCreationEvent(), details2.getCreationEvent())) {
            details3.setCreationEvent(details.getCreationEvent());
        } else {
            if (details2.getCreationEvent() != null) {
                throw new SecurityViolation(String.format("You are not authorized to change the creation event for %s from %s to %s", iObject, details.getCreationEvent(), details2.getCreationEvent()));
            }
            details3.setCreationEvent(details.getCreationEvent());
            z2 = true;
        }
        if (HibernateUtils.idEqual(details.getUpdateEvent(), details2.getUpdateEvent())) {
            details3.setUpdateEvent(details.getUpdateEvent());
        } else {
            if (details2.getUpdateEvent() != null) {
                throw new OptimisticLockException(String.format("You are not authorized to change the update event for %s from %s to %s\nYou may need to reload the object before continuing.", iObject, details.getUpdateEvent(), details2.getUpdateEvent()));
            }
            details3.setUpdateEvent(details.getUpdateEvent());
            z2 = true;
        }
        return z2;
    }

    boolean copyNonNullPermissions(Details details, Permissions permissions) {
        if (permissions == null) {
            return false;
        }
        details.setPermissions(permissions);
        return true;
    }

    void throwIfGroupsDontMatch(ExperimenterGroup experimenterGroup, IObject iObject, ExperimenterGroup experimenterGroup2, IObject iObject2) {
        if (experimenterGroup2 != null && !HibernateUtils.idEqual(experimenterGroup2, experimenterGroup)) {
            throw new GroupSecurityViolation(String.format("MIXED GROUP: %s(group=%s) and %s(group=%s) cannot be linked.", iObject, experimenterGroup, iObject2, experimenterGroup2));
        }
    }

    void throwIfNotGranted(Permissions permissions, Permissions.Role role, Permissions.Right right, IObject iObject) {
        if (permissions.isGranted(role, right)) {
            return;
        }
        throw new SecurityViolation(String.format("Group is %s. ", permissions) + "Cannot link to object: " + iObject);
    }
}
