package ome.security.basic;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import ome.model.internal.Details;
import ome.model.internal.Permissions;
import ome.model.meta.ExperimenterGroup;
import ome.security.SecurityFilter;
import ome.system.EventContext;
import ome.system.Roles;
import ome.util.SqlAction;
import ome.util.Utils;
import org.hibernate.Filter;
import org.hibernate.Session;

/* loaded from: input_file:ome/security/basic/AllGroupsSecurityFilter.class */
public class AllGroupsSecurityFilter extends AbstractSecurityFilter {
    public static final String is_admin = "is_admin";
    public static final String member_of_groups = "member_of_groups";
    public static final String leader_of_groups = "leader_of_groups";
    public static final String filterName = "securityFilter";
    final SqlAction sql;

    public AllGroupsSecurityFilter(SqlAction sqlAction) {
        this(sqlAction, new Roles());
    }

    public AllGroupsSecurityFilter(SqlAction sqlAction, Roles roles) {
        super(roles);
        this.sql = sqlAction;
    }

    protected String myFilterCondition() {
        return String.format("\n( \n  1 = :is_share OR \n  1 = :is_admin OR \n  (group_id in (:leader_of_groups)) OR \n  (owner_id = :current_user AND %s) OR \n  (group_id in (:member_of_groups) AND %s) OR \n  (%s) \n)\n", isGranted(Permissions.Role.USER, Permissions.Right.READ), isGranted(Permissions.Role.GROUP, Permissions.Right.READ), isGranted(Permissions.Role.WORLD, Permissions.Right.READ));
    }

    @Override // ome.security.SecurityFilter
    public String getDefaultCondition() {
        return myFilterCondition();
    }

    @Override // ome.security.SecurityFilter
    public Map<String, String> getParameterTypes() {
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityFilter.is_share, "int");
        hashMap.put(is_admin, "int");
        hashMap.put(SecurityFilter.current_user, "long");
        hashMap.put(member_of_groups, "long");
        hashMap.put(leader_of_groups, "long");
        return hashMap;
    }

    @Override // ome.security.SecurityFilter
    public boolean passesFilter(Session session, Details details, EventContext eventContext) {
        Long currentUserId = eventContext.getCurrentUserId();
        boolean isCurrentUserAdmin = eventContext.isCurrentUserAdmin();
        boolean isShare = isShare(eventContext);
        List memberOfGroupsList = eventContext.getMemberOfGroupsList();
        List leaderOfGroupsList = eventContext.getLeaderOfGroupsList();
        Long id = details.getOwner().getId();
        Long id2 = details.getGroup().getId();
        ExperimenterGroup experimenterGroup = (ExperimenterGroup) session.get(ExperimenterGroup.class, id2);
        Permissions permissions = experimenterGroup.getDetails().getPermissions();
        if (permissions == null) {
            permissions = Utils.toPermissions(Long.valueOf(this.sql.getGroupPermissions(id2.longValue())));
            experimenterGroup.getDetails().setPermissions(permissions);
            this.log.warn(String.format("Forced to reload permissions for group %s: %s", id2, permissions));
        }
        if (isShare || isCurrentUserAdmin || permissions.isGranted(Permissions.Role.WORLD, Permissions.Right.READ)) {
            return true;
        }
        if (currentUserId.equals(id) && permissions.isGranted(Permissions.Role.USER, Permissions.Right.READ)) {
            return true;
        }
        return (memberOfGroupsList.contains(id2) && permissions.isGranted(Permissions.Role.GROUP, Permissions.Right.READ)) || leaderOfGroupsList.contains(id2);
    }

    @Override // ome.security.SecurityFilter
    public void enable(Session session, EventContext eventContext) {
        Filter enableFilter = session.enableFilter(getName());
        int i = isShare(eventContext) ? 1 : 0;
        int i2 = eventContext.isCurrentUserAdmin() ? 1 : 0;
        enableFilter.setParameter(is_admin, Integer.valueOf(i2));
        enableFilter.setParameter(SecurityFilter.is_share, Integer.valueOf(i));
        enableFilter.setParameter(SecurityFilter.current_user, eventContext.getCurrentUserId());
        enableFilter.setParameterList(member_of_groups, configGroup(eventContext, eventContext.getMemberOfGroupsList()));
        enableFilter.setParameterList(leader_of_groups, configGroup(eventContext, eventContext.getLeaderOfGroupsList()));
        enableBaseFilters(session, i2, eventContext.getCurrentUserId());
    }

    protected Collection<Long> configGroup(EventContext eventContext, List<Long> list) {
        List<Long> list2;
        if (eventContext.isCurrentUserAdmin()) {
            list2 = Collections.singletonList(-1L);
        } else {
            list2 = list;
            if (list2 == null || list2.size() == 0) {
                list2 = Collections.singletonList(Long.MIN_VALUE);
            }
        }
        return list2;
    }

    protected static String isGranted(Permissions.Role role, Permissions.Right right) {
        String str = "" + Permissions.bit(role, right);
        return String.format("(select (__g.permissions & %s) = %s from experimentergroup __g where __g.id = group_id)", str, str);
    }
}
