package ome.security.basic;

import java.util.HashMap;
import java.util.Map;
import ome.conditions.InternalException;
import ome.model.internal.Details;
import ome.model.internal.Permissions;
import ome.security.SecurityFilter;
import ome.system.EventContext;
import ome.system.Roles;
import org.hibernate.Filter;
import org.hibernate.Session;

/* loaded from: input_file:ome/security/basic/OneGroupSecurityFilter.class */
public class OneGroupSecurityFilter extends AbstractSecurityFilter {
    public static final String current_group = "current_group";
    private static String myFilterCondition = "(\n\n  ( group_id = :current_group AND \n     ( 1 = :is_nonprivate OR \n       1 = :is_adminorpi OR \n       owner_id = :current_user\n     )\n  ) OR\n  group_id = %s OR \n 1 = :is_share\n)\n";

    public OneGroupSecurityFilter() {
    }

    public OneGroupSecurityFilter(Roles roles) {
        super(roles);
    }

    @Override // ome.security.SecurityFilter
    public String getDefaultCondition() {
        return String.format(myFilterCondition, Long.valueOf(this.roles.getUserGroupId()));
    }

    @Override // ome.security.SecurityFilter
    public Map<String, String> getParameterTypes() {
        HashMap hashMap = new HashMap();
        hashMap.put(SecurityFilter.is_share, "int");
        hashMap.put(SecurityFilter.is_adminorpi, "int");
        hashMap.put(SecurityFilter.is_nonprivate, "int");
        hashMap.put(current_group, "long");
        hashMap.put(SecurityFilter.current_user, "long");
        return hashMap;
    }

    @Override // ome.security.SecurityFilter
    public boolean passesFilter(Session session, Details details, EventContext eventContext) {
        Long currentGroupId = eventContext.getCurrentGroupId();
        Long currentUserId = eventContext.getCurrentUserId();
        boolean isNonPrivate = isNonPrivate(eventContext);
        boolean isAdminOrPi = isAdminOrPi(eventContext);
        boolean isShare = isShare(eventContext);
        eventContext.getMemberOfGroupsList();
        if (details == null || details.getPermissions() == null) {
            throw new InternalException("Details/Permissions null! Security system failure -- refusing to continue. The Permissions should be set to a default value.");
        }
        Long id = details.getOwner().getId();
        Long id2 = details.getGroup().getId();
        if (isShare || Long.valueOf(this.roles.getSystemGroupId()).equals(id2) || Long.valueOf(this.roles.getUserGroupId()).equals(id2)) {
            return true;
        }
        if (currentGroupId.longValue() < 0) {
            throwNegOne();
        } else if (!currentGroupId.equals(id2)) {
            return false;
        }
        return isNonPrivate || isAdminOrPi || currentUserId.equals(id);
    }

    @Override // ome.security.SecurityFilter
    public void enable(Session session, EventContext eventContext) {
        Filter enableFilter = session.enableFilter(getName());
        Long currentGroupId = eventContext.getCurrentGroupId();
        int i = eventContext.getCurrentShareId() != null ? 1 : 0;
        int i2 = (eventContext.isCurrentUserAdmin() || eventContext.getLeaderOfGroupsList().contains(eventContext.getCurrentGroupId())) ? 1 : 0;
        int i3 = (eventContext.getCurrentGroupPermissions().isGranted(Permissions.Role.GROUP, Permissions.Right.READ) || eventContext.getCurrentGroupPermissions().isGranted(Permissions.Role.WORLD, Permissions.Right.READ)) ? 1 : 0;
        if (currentGroupId.longValue() < 0) {
            throwNegOne();
        }
        enableFilter.setParameter(SecurityFilter.is_share, Integer.valueOf(i));
        enableFilter.setParameter(SecurityFilter.is_adminorpi, Integer.valueOf(i2));
        enableFilter.setParameter(SecurityFilter.is_nonprivate, Integer.valueOf(i3));
        enableFilter.setParameter(SecurityFilter.current_user, eventContext.getCurrentUserId());
        enableFilter.setParameter(current_group, currentGroupId);
        enableBaseFilters(session, eventContext.isCurrentUserAdmin() ? 1 : 0, eventContext.getCurrentUserId());
    }

    private void throwNegOne() {
        throw new InternalException("OneGroupSecurityFilter is not capable of handling omero.group=-1. This is handled by AllGroupsSecurityFilter");
    }
}
