package ome.security.auth;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import ome.conditions.ApiUsageException;
import ome.conditions.ValidationException;
import ome.model.IGlobal;
import ome.model.IObject;
import ome.model.internal.Permissions;
import ome.model.meta.Experimenter;
import ome.model.meta.ExperimenterGroup;
import ome.model.meta.GroupExperimenterMap;
import ome.security.SecureAction;
import ome.security.SecuritySystem;
import ome.tools.hibernate.HibernateUtils;
import ome.tools.hibernate.SecureMerge;
import ome.tools.hibernate.SessionFactory;
import ome.util.CBlock;
import org.hibernate.Query;
import org.hibernate.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ome/security/auth/SimpleRoleProvider.class */
public class SimpleRoleProvider implements RoleProvider {
    private static final Logger log = LoggerFactory.getLogger(SimpleRoleProvider.class);
    protected final SecuritySystem sec;
    protected final SessionFactory sf;

    public SimpleRoleProvider(SecuritySystem securitySystem, SessionFactory sessionFactory) {
        this.sec = securitySystem;
        this.sf = sessionFactory;
    }

    @Override // ome.security.auth.RoleProvider
    public String nameById(long j) {
        return (String) this.sf.getSession().createQuery("select omeName from Experimenter where id = :id").setParameter("id", Long.valueOf(j)).uniqueResult();
    }

    @Override // ome.security.auth.RoleProvider
    public long createGroup(String str, Permissions permissions, boolean z) {
        Session session = this.sf.getSession();
        ExperimenterGroup groupByName = groupByName(str, session);
        if (groupByName == null) {
            ExperimenterGroup experimenterGroup = new ExperimenterGroup();
            experimenterGroup.setName(str);
            if (permissions == null) {
                permissions = Permissions.USER_PRIVATE;
            }
            experimenterGroup.getDetails().setPermissions(permissions);
            groupByName = (ExperimenterGroup) session.merge(experimenterGroup);
        } else if (z) {
            throw new ValidationException("Group already exists: " + str);
        }
        return groupByName.getId().longValue();
    }

    @Override // ome.security.auth.RoleProvider
    public long createGroup(ExperimenterGroup experimenterGroup) {
        ExperimenterGroup copyGroup = copyGroup(experimenterGroup);
        if (copyGroup.getDetails().getPermissions() == null) {
            copyGroup.getDetails().setPermissions(Permissions.USER_PRIVATE);
        }
        return this.sec.doAction(new SecureMerge(this.sf.getSession()), copyGroup).getId().longValue();
    }

    @Override // ome.security.auth.RoleProvider
    public long createExperimenter(Experimenter experimenter, ExperimenterGroup experimenterGroup, ExperimenterGroup... experimenterGroupArr) {
        Session session = this.sf.getSession();
        SecureMerge secureMerge = new SecureMerge(session);
        Experimenter copyUser = copyUser(experimenter);
        copyUser.getDetails().copy(this.sec.newTransientDetails(copyUser));
        Experimenter experimenter2 = (Experimenter) this.sec.doAction(secureMerge, copyUser);
        session.flush();
        linkGroupAndUser(experimenterGroup, experimenter2, false);
        if (null != experimenterGroupArr) {
            for (ExperimenterGroup experimenterGroup2 : experimenterGroupArr) {
                linkGroupAndUser(experimenterGroup2, experimenter2, false);
            }
        }
        return experimenter2.getId().longValue();
    }

    @Override // ome.security.auth.RoleProvider
    public void setDefaultGroup(Experimenter experimenter, ExperimenterGroup experimenterGroup) {
        Session session = this.sf.getSession();
        Experimenter userById = userById(experimenter.getId().longValue(), session);
        ExperimenterGroup groupById = groupById(experimenterGroup.getId().longValue(), session);
        Set findGroupExperimenterMap = userById.findGroupExperimenterMap(groupById);
        if (findGroupExperimenterMap.size() < 1) {
            throw new ApiUsageException("Group " + experimenterGroup.getId() + " was not found for user " + experimenter.getId());
        }
        if (findGroupExperimenterMap.size() > 1) {
            log.warn(findGroupExperimenterMap.size() + " copies of " + groupById + " found for " + userById);
        } else {
            GroupExperimenterMap groupExperimenterMap = (GroupExperimenterMap) findGroupExperimenterMap.iterator().next();
            log.info(String.format("Changing default group for user %s to %s", userById.getId(), experimenterGroup.getId()));
            userById.setPrimaryGroupExperimenterMap(groupExperimenterMap);
        }
        this.sec.doAction(new SecureMerge(session), userById);
    }

    @Override // ome.security.auth.RoleProvider
    public void addGroups(Experimenter experimenter, ExperimenterGroup... experimenterGroupArr) {
        Session session = this.sf.getSession();
        ArrayList arrayList = new ArrayList();
        Experimenter userById = userById(experimenter.getId().longValue(), session);
        for (ExperimenterGroup experimenterGroup : experimenterGroupArr) {
            ExperimenterGroup groupById = groupById(experimenterGroup.getId().longValue(), session);
            boolean z = false;
            Iterator it = userById.linkedExperimenterGroupList().iterator();
            while (it.hasNext()) {
                z |= HibernateUtils.idEqual(groupById, (ExperimenterGroup) it.next());
            }
            if (!z) {
                linkGroupAndUser(groupById, userById, false);
                arrayList.add(groupById.getName());
            }
        }
        fixDefaultGroup(userById, session);
    }

    @Override // ome.security.auth.RoleProvider
    public void removeGroups(Experimenter experimenter, ExperimenterGroup... experimenterGroupArr) {
        final Session session = this.sf.getSession();
        Experimenter userById = userById(experimenter.getId().longValue(), session);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (ExperimenterGroup experimenterGroup : experimenterGroupArr) {
            if (experimenterGroup.getId() != null) {
                arrayList.add(experimenterGroup.getId());
            }
        }
        for (GroupExperimenterMap groupExperimenterMap : userById.collectGroupExperimenterMap((CBlock) null)) {
            Long id = groupExperimenterMap.parent().getId();
            Long id2 = groupExperimenterMap.child().getId();
            if (arrayList.contains(id)) {
                ExperimenterGroup groupById = groupById(id.longValue(), session);
                groupById.unlinkExperimenter(userById(id2.longValue(), session));
                this.sec.doAction(new SecureAction() { // from class: ome.security.auth.SimpleRoleProvider.1
                    @Override // ome.security.SecureAction
                    public <T extends IObject> T updateObject(T... tArr) {
                        for (T t : tArr) {
                            session.delete(t);
                        }
                        session.flush();
                        return null;
                    }
                }, groupExperimenterMap);
                arrayList2.add(groupById.getName());
            }
        }
        fixDefaultGroup(userById, session);
        session.flush();
    }

    protected GroupExperimenterMap linkGroupAndUser(ExperimenterGroup experimenterGroup, Experimenter experimenter, boolean z) {
        if (experimenterGroup == null || experimenterGroup.getId() == null) {
            throw new ApiUsageException("Group must be persistent.");
        }
        ExperimenterGroup experimenterGroup2 = new ExperimenterGroup(experimenterGroup.getId(), false);
        for (GroupExperimenterMap groupExperimenterMap : experimenter.unmodifiableGroupExperimenterMap()) {
            if (groupExperimenterMap.parent().getId().equals(experimenterGroup2.getId())) {
                return groupExperimenterMap;
            }
        }
        IGlobal linkExperimenterGroup = experimenter.linkExperimenterGroup(experimenterGroup2);
        linkExperimenterGroup.setOwner(Boolean.valueOf(z));
        linkExperimenterGroup.getDetails().copy(this.sec.newTransientDetails(linkExperimenterGroup));
        Session session = this.sf.getSession();
        this.sec.doAction(new SecureMerge(session), userById(experimenter.getId().longValue(), session), linkExperimenterGroup);
        session.flush();
        return linkExperimenterGroup;
    }

    protected Experimenter copyUser(Experimenter experimenter) {
        if (experimenter.getOmeName() == null) {
            throw new ValidationException("OmeName may not be null.");
        }
        Experimenter experimenter2 = new Experimenter();
        experimenter2.setOmeName(experimenter.getOmeName());
        experimenter2.setFirstName(experimenter.getFirstName());
        experimenter2.setMiddleName(experimenter.getMiddleName());
        experimenter2.setLastName(experimenter.getLastName());
        experimenter2.setEmail(experimenter.getEmail());
        experimenter2.setInstitution(experimenter.getInstitution());
        if (experimenter.getDetails() != null && experimenter.getDetails().getPermissions() != null) {
            experimenter2.getDetails().setPermissions(experimenter.getDetails().getPermissions());
        }
        return experimenter2;
    }

    protected ExperimenterGroup copyGroup(ExperimenterGroup experimenterGroup) {
        if (experimenterGroup.getName() == null) {
            throw new ValidationException("Group name may not be null.");
        }
        ExperimenterGroup experimenterGroup2 = new ExperimenterGroup();
        experimenterGroup2.setDescription(experimenterGroup.getDescription());
        experimenterGroup2.setName(experimenterGroup.getName());
        experimenterGroup2.getDetails().copy(this.sec.newTransientDetails(experimenterGroup));
        experimenterGroup2.getDetails().setPermissions(experimenterGroup.getDetails().getPermissions());
        return experimenterGroup2;
    }

    private ExperimenterGroup groupByName(String str, Session session) {
        Query createQuery = session.createQuery("select g from ExperimenterGroup g where g.name = :name");
        createQuery.setParameter("name", str);
        return (ExperimenterGroup) createQuery.uniqueResult();
    }

    private Experimenter userById(long j, Session session) {
        return (Experimenter) session.load(Experimenter.class, Long.valueOf(j));
    }

    private ExperimenterGroup groupById(long j, Session session) {
        return (ExperimenterGroup) session.load(ExperimenterGroup.class, Long.valueOf(j));
    }

    private void fixDefaultGroup(Experimenter experimenter, Session session) {
        ExperimenterGroup shouldBeDefault = shouldBeDefault(experimenter, session);
        if (shouldBeDefault != null) {
            setDefaultGroup(experimenter, shouldBeDefault);
        }
    }

    private ExperimenterGroup shouldBeDefault(Experimenter experimenter, Session session) {
        List linkedExperimenterGroupList = experimenter.linkedExperimenterGroupList();
        if (linkedExperimenterGroupList.size() < 2 || !this.sec.getSecurityRoles().getUserGroupName().equals(((ExperimenterGroup) linkedExperimenterGroupList.get(0)).getName())) {
            return null;
        }
        return (ExperimenterGroup) linkedExperimenterGroupList.get(1);
    }
}
