package org.camunda.bpm.engine.impl.persistence.entity;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.AbstractQuery;
import org.camunda.bpm.engine.impl.ActivityStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.AuthorizationQueryImpl;
import org.camunda.bpm.engine.impl.EventSubscriptionQueryImpl;
import org.camunda.bpm.engine.impl.IncidentQueryImpl;
import org.camunda.bpm.engine.impl.ProcessDefinitionQueryImpl;
import org.camunda.bpm.engine.impl.ProcessDefinitionStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.TaskQueryImpl;
import org.camunda.bpm.engine.impl.VariableInstanceQueryImpl;
import org.camunda.bpm.engine.impl.db.AuthorizationCheck;
import org.camunda.bpm.engine.impl.db.DbEntity;
import org.camunda.bpm.engine.impl.db.ListQueryParameterObject;
import org.camunda.bpm.engine.impl.db.PermissionCheck;
import org.camunda.bpm.engine.impl.identity.Authentication;
import org.camunda.bpm.engine.impl.persistence.AbstractManager;

/* loaded from: input_file:org/camunda/bpm/engine/impl/persistence/entity/AuthorizationManager.class */
public class AuthorizationManager extends AbstractManager {
    public static final String DEFAULT_AUTHORIZATION_CHECK = "defaultAuthorizationCheck";

    public Authorization createNewAuthorization(int i) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        return new AuthorizationEntity(i);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void insert(DbEntity dbEntity) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        getDbEntityManager().insert(dbEntity);
    }

    public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return getDbEntityManager().selectList("selectAuthorizationByQueryCriteria", (ListQueryParameterObject) authorizationQueryImpl);
    }

    public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return (Long) getDbEntityManager().selectOne("selectAuthorizationCountByQueryCriteria", authorizationQueryImpl);
    }

    public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int i, String str, Resource resource, String str2) {
        return findAuthorization(i, str, null, resource, str2);
    }

    public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int i, String str, Resource resource, String str2) {
        return findAuthorization(i, null, str, resource, str2);
    }

    public AuthorizationEntity findAuthorization(int i, String str, String str2, Resource resource, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("type", Integer.valueOf(i));
        hashMap.put("userId", str);
        hashMap.put("groupId", str2);
        hashMap.put("resourceId", str3);
        if (resource != null) {
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
        }
        return (AuthorizationEntity) getDbEntityManager().selectOne("selectAuthorizationByParameters", hashMap);
    }

    public void update(AuthorizationEntity authorizationEntity) {
        checkAuthorization(Permissions.UPDATE, Resources.AUTHORIZATION, authorizationEntity.getId());
        getDbEntityManager().merge(authorizationEntity);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void delete(DbEntity dbEntity) {
        checkAuthorization(Permissions.DELETE, Resources.AUTHORIZATION, dbEntity.getId());
        deleteAuthorizationsByResourceId(Resources.AUTHORIZATION, dbEntity.getId());
        super.delete(dbEntity);
    }

    public void checkAuthorization(List<PermissionCheck> list) {
        Authentication currentAuthentication = getCurrentAuthentication();
        if (!isAuthorizationEnabled() || currentAuthentication == null) {
            return;
        }
        String userId = currentAuthentication.getUserId();
        if (isAuthorized(userId, currentAuthentication.getGroupIds(), list)) {
            return;
        }
        if (list.size() == 1) {
            PermissionCheck permissionCheck = list.get(0);
            throw new AuthorizationException(userId, permissionCheck.getPermission().getName(), permissionCheck.getResource().resourceName(), permissionCheck.getResourceId());
        }
        String str = "The user with id '" + userId + "' does not have one of the following permissions: ";
        for (int i = 0; i < list.size(); i++) {
            if (i > 0) {
                str = str + " or ";
            }
            PermissionCheck permissionCheck2 = list.get(i);
            String name = permissionCheck2.getPermission().getName();
            String resourceName = permissionCheck2.getResource().resourceName();
            String resourceId = permissionCheck2.getResourceId();
            str = str + "'" + name + "' permission on resource '" + (resourceId != null ? resourceId + "' of type '" : "") + resourceName + "'";
        }
        throw new AuthorizationException(str);
    }

    public void checkAuthorization(Permission permission, Resource resource) {
        checkAuthorization(permission, resource, null);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void checkAuthorization(Permission permission, Resource resource, String str) {
        Authentication currentAuthentication = getCurrentAuthentication();
        if (isAuthorizationEnabled() && currentAuthentication != null && !isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), permission, resource, str)) {
            throw new AuthorizationException(currentAuthentication.getUserId(), permission.getName(), resource.resourceName(), str);
        }
    }

    public boolean isAuthorized(Permission permission, Resource resource, String str) {
        Authentication currentAuthentication = getCurrentAuthentication();
        if (!isAuthorizationEnabled() || currentAuthentication == null) {
            return true;
        }
        return isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), permission, resource, str);
    }

    public boolean isAuthorized(String str, List<String> list, Permission permission, Resource resource, String str2) {
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(permission);
        permissionCheck.setResource(resource);
        permissionCheck.setResourceId(str2);
        return isAuthorized(str, list, Arrays.asList(permissionCheck));
    }

    public boolean isAuthorized(String str, List<String> list, List<PermissionCheck> list2) {
        AuthorizationCheck authorizationCheck = new AuthorizationCheck();
        authorizationCheck.setAuthUserId(str);
        authorizationCheck.setAuthGroupIds(list);
        authorizationCheck.setPermissionChecks(list2);
        return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authorizationCheck);
    }

    public void configureQuery(AbstractQuery abstractQuery) {
        Authentication currentAuthentication = getCurrentAuthentication();
        abstractQuery.getPermissionChecks().clear();
        if (!isAuthorizationEnabled() || currentAuthentication == null) {
            abstractQuery.setAuthorizationCheckEnabled(false);
            abstractQuery.setAuthUserId(null);
            abstractQuery.setAuthGroupIds(null);
        } else {
            abstractQuery.setAuthorizationCheckEnabled(true);
            String userId = currentAuthentication.getUserId();
            List<String> groupIds = currentAuthentication.getGroupIds();
            abstractQuery.setAuthUserId(userId);
            abstractQuery.setAuthGroupIds(groupIds);
        }
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void configureQuery(AbstractQuery abstractQuery, Resource resource) {
        configureQuery(abstractQuery, resource, "RES.ID_");
    }

    public void configureQuery(AbstractQuery abstractQuery, Resource resource, String str) {
        configureQuery(abstractQuery, resource, str, Permissions.READ);
    }

    public void configureQuery(AbstractQuery abstractQuery, Resource resource, String str, Permission permission) {
        configureQuery(abstractQuery);
        addAuthorizationCheckParameter(abstractQuery, resource, str, permission);
    }

    protected void addAuthorizationCheckParameter(AbstractQuery abstractQuery, Resource resource, String str, Permission permission) {
        if (!isAuthorizationEnabled() || getCurrentAuthentication() == null) {
            return;
        }
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setResource(resource);
        permissionCheck.setResourceIdQueryParam(str);
        permissionCheck.setPermission(permission);
        abstractQuery.addPermissionCheck(permissionCheck);
    }

    public void deleteAuthorizationsByResourceId(Resource resource, String str) {
        if (str == null) {
            throw new IllegalArgumentException("Resource id cannot be null");
        }
        if (isAuthorizationEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
            hashMap.put("resourceId", str);
            getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", hashMap);
        }
    }

    public void checkReadProcessDefinition(ProcessDefinitionEntity processDefinitionEntity) {
        checkReadProcessDefinition(processDefinitionEntity.getKey());
    }

    public void checkReadProcessDefinition(String str) {
        checkAuthorization(Permissions.READ, Resources.PROCESS_DEFINITION, str);
    }

    public void checkUpdateProcessDefinitionById(String str) {
        checkUpdateProcessDefinitionByKey(getProcessDefinitionManager().findLatestProcessDefinitionById(str).getKey());
    }

    public void checkUpdateProcessDefinitionByKey(String str) {
        checkAuthorization(Permissions.UPDATE, Resources.PROCESS_DEFINITION, str);
    }

    public void checkCreateProcessInstance(ProcessDefinitionEntity processDefinitionEntity) {
        checkAuthorization(Permissions.CREATE, Resources.PROCESS_INSTANCE);
        checkAuthorization(Permissions.CREATE_INSTANCE, Resources.PROCESS_DEFINITION, processDefinitionEntity.getKey());
    }

    public void checkReadProcessInstance(String str) {
        ExecutionEntity findExecutionById = getProcessInstanceManager().findExecutionById(str);
        if (findExecutionById != null) {
            checkReadProcessInstance(findExecutionById);
        }
    }

    public void checkReadProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinitionEntity = (ProcessDefinitionEntity) executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.READ_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinitionEntity.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        checkAuthorization(Arrays.asList(permissionCheck, permissionCheck2));
    }

    public void checkUpdateProcessInstanceById(String str) {
        ExecutionEntity findExecutionById = getProcessInstanceManager().findExecutionById(str);
        if (findExecutionById != null) {
            checkUpdateProcessInstance(findExecutionById);
        }
    }

    public void checkUpdateProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinitionEntity = (ProcessDefinitionEntity) executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.UPDATE);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.UPDATE_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinitionEntity.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        checkAuthorization(Arrays.asList(permissionCheck, permissionCheck2));
    }

    public void checkUpdateInstanceOnProcessDefinitionById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById = getProcessDefinitionManager().findLatestProcessDefinitionById(str);
        if (findLatestProcessDefinitionById != null) {
            checkUpdateInstanceOnProcessDefinitionByKey(findLatestProcessDefinitionById.getKey());
        }
    }

    public void checkUpdateInstanceOnProcessDefinitionByKey(String str) {
        checkAuthorization(Permissions.UPDATE_INSTANCE, Resources.PROCESS_DEFINITION, str);
    }

    public void checkDeleteProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinitionEntity = (ProcessDefinitionEntity) executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.DELETE);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.DELETE_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinitionEntity.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        checkAuthorization(Arrays.asList(permissionCheck, permissionCheck2));
    }

    public void checkCreateTask() {
        checkAuthorization(Permissions.CREATE, Resources.TASK);
    }

    public void checkReadTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() == null) {
            if (taskEntity.getCaseExecutionId() == null) {
                checkAuthorization(Permissions.READ, Resources.TASK, id);
                return;
            }
            return;
        }
        ProcessDefinitionEntity processDefinitionEntity = (ProcessDefinitionEntity) taskEntity.getExecution().getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResource(Resources.TASK);
        permissionCheck.setResourceId(id);
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.READ_TASK);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinitionEntity.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        checkAuthorization(Arrays.asList(permissionCheck, permissionCheck2));
    }

    public void checkUpdateTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() == null) {
            if (taskEntity.getCaseExecutionId() == null) {
                checkAuthorization(Permissions.UPDATE, Resources.TASK, id);
                return;
            }
            return;
        }
        ProcessDefinitionEntity processDefinitionEntity = (ProcessDefinitionEntity) taskEntity.getExecution().getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.UPDATE);
        permissionCheck.setResource(Resources.TASK);
        permissionCheck.setResourceId(id);
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.UPDATE_TASK);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinitionEntity.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        checkAuthorization(Arrays.asList(permissionCheck, permissionCheck2));
    }

    public void checkDeleteTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        String executionId = taskEntity.getExecutionId();
        String caseExecutionId = taskEntity.getCaseExecutionId();
        if (executionId == null && caseExecutionId == null) {
            checkAuthorization(Permissions.DELETE, Resources.TASK, id);
        }
    }

    public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl processDefinitionQueryImpl) {
        configureQuery(processDefinitionQueryImpl, Resources.PROCESS_DEFINITION, "RES.KEY_");
    }

    public void configureExecutionQuery(AbstractQuery abstractQuery) {
        configureQuery(abstractQuery);
        addAuthorizationCheckParameter(abstractQuery, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addAuthorizationCheckParameter(abstractQuery, Resources.PROCESS_DEFINITION, "P.KEY_", Permissions.READ_INSTANCE);
    }

    public void configureTaskQuery(TaskQueryImpl taskQueryImpl) {
        taskQueryImpl.getPermissionChecks().clear();
        taskQueryImpl.getTaskPermissionChecks().clear();
        Authentication currentAuthentication = getCurrentAuthentication();
        if (!isAuthorizationEnabled() || currentAuthentication == null) {
            return;
        }
        configureQuery(taskQueryImpl);
        addAuthorizationCheckParameter(taskQueryImpl, Resources.TASK, "RES.ID_", Permissions.READ);
        addAuthorizationCheckParameter(taskQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_TASK);
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResource(Resources.TASK);
        permissionCheck.setResourceIdQueryParam("RES.ID_");
        permissionCheck.setAuthorizationNotFoundReturnValue(0L);
        taskQueryImpl.addTaskPermissionCheck(permissionCheck);
    }

    public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl eventSubscriptionQueryImpl) {
        configureQuery(eventSubscriptionQueryImpl);
        addAuthorizationCheckParameter(eventSubscriptionQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addAuthorizationCheckParameter(eventSubscriptionQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE);
    }

    public void configureIncidentQuery(IncidentQueryImpl incidentQueryImpl) {
        configureQuery(incidentQueryImpl);
        addAuthorizationCheckParameter(incidentQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addAuthorizationCheckParameter(incidentQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureVariableInstanceQuery(VariableInstanceQueryImpl variableInstanceQueryImpl) {
        variableInstanceQueryImpl.getPermissionChecks().clear();
        variableInstanceQueryImpl.getTaskPermissionChecks().clear();
        Authentication currentAuthentication = getCurrentAuthentication();
        if (!isAuthorizationEnabled() || currentAuthentication == null) {
            return;
        }
        configureQuery(variableInstanceQueryImpl);
        addAuthorizationCheckParameter(variableInstanceQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addAuthorizationCheckParameter(variableInstanceQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE);
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setResource(Resources.TASK);
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResourceIdQueryParam("RES.TASK_ID_");
        permissionCheck.setAuthorizationNotFoundReturnValue(0L);
        variableInstanceQueryImpl.addTaskPermissionCheck(permissionCheck);
    }

    public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl processDefinitionStatisticsQueryImpl) {
        configureQuery(processDefinitionStatisticsQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_");
        processDefinitionStatisticsQueryImpl.getProcessInstancePermissionChecks().clear();
        processDefinitionStatisticsQueryImpl.getJobPermissionChecks().clear();
        processDefinitionStatisticsQueryImpl.getIncidentPermissionChecks().clear();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_");
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setPermission(Permissions.READ_INSTANCE);
        permissionCheck2.setResourceIdQueryParam("P.KEY_");
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        processDefinitionStatisticsQueryImpl.addProcessInstancePermissionCheck(permissionCheck);
        processDefinitionStatisticsQueryImpl.addProcessInstancePermissionCheck(permissionCheck2);
        if (processDefinitionStatisticsQueryImpl.isFailedJobsToInclude()) {
            PermissionCheck permissionCheck3 = new PermissionCheck();
            permissionCheck3.setResource(Resources.PROCESS_INSTANCE);
            permissionCheck3.setPermission(Permissions.READ);
            permissionCheck3.setResourceIdQueryParam("PROCESS_INSTANCE_ID_");
            PermissionCheck permissionCheck4 = new PermissionCheck();
            permissionCheck4.setResource(Resources.PROCESS_DEFINITION);
            permissionCheck4.setPermission(Permissions.READ_INSTANCE);
            permissionCheck4.setResourceIdQueryParam("PROCESS_DEF_KEY_");
            permissionCheck4.setAuthorizationNotFoundReturnValue(0L);
            processDefinitionStatisticsQueryImpl.addJobPermissionCheck(permissionCheck3);
            processDefinitionStatisticsQueryImpl.addJobPermissionCheck(permissionCheck4);
        }
        if (processDefinitionStatisticsQueryImpl.isIncidentsToInclude()) {
            PermissionCheck permissionCheck5 = new PermissionCheck();
            permissionCheck5.setResource(Resources.PROCESS_INSTANCE);
            permissionCheck5.setPermission(Permissions.READ);
            permissionCheck5.setResourceIdQueryParam("I.PROC_INST_ID_");
            PermissionCheck permissionCheck6 = new PermissionCheck();
            permissionCheck6.setResource(Resources.PROCESS_DEFINITION);
            permissionCheck6.setPermission(Permissions.READ_INSTANCE);
            permissionCheck6.setResourceIdQueryParam("PROCDEF.KEY_");
            permissionCheck6.setAuthorizationNotFoundReturnValue(0L);
            processDefinitionStatisticsQueryImpl.addIncidentPermissionCheck(permissionCheck5);
            processDefinitionStatisticsQueryImpl.addIncidentPermissionCheck(permissionCheck6);
        }
    }

    public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl activityStatisticsQueryImpl) {
        configureQuery(activityStatisticsQueryImpl);
        activityStatisticsQueryImpl.getProcessInstancePermissionChecks().clear();
        activityStatisticsQueryImpl.getJobPermissionChecks().clear();
        activityStatisticsQueryImpl.getIncidentPermissionChecks().clear();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_");
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setPermission(Permissions.READ_INSTANCE);
        permissionCheck2.setResourceIdQueryParam("P.KEY_");
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        activityStatisticsQueryImpl.addProcessInstancePermissionCheck(permissionCheck);
        activityStatisticsQueryImpl.addProcessInstancePermissionCheck(permissionCheck2);
        if (activityStatisticsQueryImpl.isFailedJobsToInclude()) {
            PermissionCheck permissionCheck3 = new PermissionCheck();
            permissionCheck3.setResource(Resources.PROCESS_INSTANCE);
            permissionCheck3.setPermission(Permissions.READ);
            permissionCheck3.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_");
            PermissionCheck permissionCheck4 = new PermissionCheck();
            permissionCheck4.setResource(Resources.PROCESS_DEFINITION);
            permissionCheck4.setPermission(Permissions.READ_INSTANCE);
            permissionCheck4.setResourceIdQueryParam("JOB.PROCESS_DEF_KEY_");
            permissionCheck4.setAuthorizationNotFoundReturnValue(0L);
            activityStatisticsQueryImpl.addJobPermissionCheck(permissionCheck3);
            activityStatisticsQueryImpl.addJobPermissionCheck(permissionCheck4);
        }
        if (activityStatisticsQueryImpl.isIncidentsToInclude()) {
            PermissionCheck permissionCheck5 = new PermissionCheck();
            permissionCheck5.setResource(Resources.PROCESS_INSTANCE);
            permissionCheck5.setPermission(Permissions.READ);
            permissionCheck5.setResourceIdQueryParam("I.PROC_INST_ID_");
            PermissionCheck permissionCheck6 = new PermissionCheck();
            permissionCheck6.setResource(Resources.PROCESS_DEFINITION);
            permissionCheck6.setPermission(Permissions.READ_INSTANCE);
            permissionCheck6.setResourceIdQueryParam("PROCDEF.KEY_");
            permissionCheck6.setAuthorizationNotFoundReturnValue(0L);
            activityStatisticsQueryImpl.addIncidentPermissionCheck(permissionCheck5);
            activityStatisticsQueryImpl.addIncidentPermissionCheck(permissionCheck6);
        }
    }
}
