package org.camunda.bpm.engine.impl.persistence.entity;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.ProcessEngineConfiguration;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Groups;
import org.camunda.bpm.engine.authorization.MissingAuthorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.AbstractQuery;
import org.camunda.bpm.engine.impl.ActivityStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.AuthorizationQueryImpl;
import org.camunda.bpm.engine.impl.DeploymentQueryImpl;
import org.camunda.bpm.engine.impl.DeploymentStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.EventSubscriptionQueryImpl;
import org.camunda.bpm.engine.impl.ExternalTaskQueryImpl;
import org.camunda.bpm.engine.impl.HistoricActivityInstanceQueryImpl;
import org.camunda.bpm.engine.impl.HistoricDecisionInstanceQueryImpl;
import org.camunda.bpm.engine.impl.HistoricDetailQueryImpl;
import org.camunda.bpm.engine.impl.HistoricExternalTaskLogQueryImpl;
import org.camunda.bpm.engine.impl.HistoricIdentityLinkLogQueryImpl;
import org.camunda.bpm.engine.impl.HistoricIncidentQueryImpl;
import org.camunda.bpm.engine.impl.HistoricJobLogQueryImpl;
import org.camunda.bpm.engine.impl.HistoricProcessInstanceQueryImpl;
import org.camunda.bpm.engine.impl.HistoricTaskInstanceQueryImpl;
import org.camunda.bpm.engine.impl.HistoricVariableInstanceQueryImpl;
import org.camunda.bpm.engine.impl.IncidentQueryImpl;
import org.camunda.bpm.engine.impl.JobDefinitionQueryImpl;
import org.camunda.bpm.engine.impl.JobQueryImpl;
import org.camunda.bpm.engine.impl.ProcessDefinitionQueryImpl;
import org.camunda.bpm.engine.impl.ProcessDefinitionStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.ProcessEngineLogger;
import org.camunda.bpm.engine.impl.TaskQueryImpl;
import org.camunda.bpm.engine.impl.UserOperationLogQueryImpl;
import org.camunda.bpm.engine.impl.VariableInstanceQueryImpl;
import org.camunda.bpm.engine.impl.batch.BatchQueryImpl;
import org.camunda.bpm.engine.impl.batch.BatchStatisticsQueryImpl;
import org.camunda.bpm.engine.impl.batch.history.HistoricBatchQueryImpl;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.db.AuthorizationCheck;
import org.camunda.bpm.engine.impl.db.CompositePermissionCheck;
import org.camunda.bpm.engine.impl.db.DbEntity;
import org.camunda.bpm.engine.impl.db.EnginePersistenceLogger;
import org.camunda.bpm.engine.impl.db.ListQueryParameterObject;
import org.camunda.bpm.engine.impl.db.PermissionCheck;
import org.camunda.bpm.engine.impl.db.PermissionCheckBuilder;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionDefinitionQueryImpl;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionRequirementsDefinitionQueryImpl;
import org.camunda.bpm.engine.impl.identity.Authentication;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.AbstractManager;
import org.camunda.bpm.engine.impl.util.CollectionUtil;
import org.camunda.bpm.engine.impl.util.EnsureUtil;

/* loaded from: input_file:org/camunda/bpm/engine/impl/persistence/entity/AuthorizationManager.class */
public class AuthorizationManager extends AbstractManager {
    protected static final EnginePersistenceLogger LOG = ProcessEngineLogger.PERSISTENCE_LOGGER;
    protected static final List<String> EMPTY_LIST = new ArrayList();
    protected Set<String> availableAuthorizedGroupIds = null;
    protected Boolean isRevokeAuthCheckUsed = null;

    public PermissionCheck newPermissionCheck() {
        return new PermissionCheck();
    }

    public PermissionCheckBuilder newPermissionCheckBuilder() {
        return new PermissionCheckBuilder();
    }

    public Authorization createNewAuthorization(int i) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        return new AuthorizationEntity(i);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void insert(DbEntity dbEntity) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        getDbEntityManager().insert(dbEntity);
    }

    public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return getDbEntityManager().selectList("selectAuthorizationByQueryCriteria", (ListQueryParameterObject) authorizationQueryImpl);
    }

    public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return (Long) getDbEntityManager().selectOne("selectAuthorizationCountByQueryCriteria", authorizationQueryImpl);
    }

    public AuthorizationEntity findAuthorizationByUserIdAndResourceId(int i, String str, Resource resource, String str2) {
        return findAuthorization(i, str, null, resource, str2);
    }

    public AuthorizationEntity findAuthorizationByGroupIdAndResourceId(int i, String str, Resource resource, String str2) {
        return findAuthorization(i, null, str, resource, str2);
    }

    public AuthorizationEntity findAuthorization(int i, String str, String str2, Resource resource, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("type", Integer.valueOf(i));
        hashMap.put("userId", str);
        hashMap.put("groupId", str2);
        hashMap.put("resourceId", str3);
        if (resource != null) {
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
        }
        return (AuthorizationEntity) getDbEntityManager().selectOne("selectAuthorizationByParameters", hashMap);
    }

    public void update(AuthorizationEntity authorizationEntity) {
        checkAuthorization(Permissions.UPDATE, Resources.AUTHORIZATION, authorizationEntity.getId());
        getDbEntityManager().merge(authorizationEntity);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void delete(DbEntity dbEntity) {
        checkAuthorization(Permissions.DELETE, Resources.AUTHORIZATION, dbEntity.getId());
        deleteAuthorizationsByResourceId(Resources.AUTHORIZATION, dbEntity.getId());
        super.delete(dbEntity);
    }

    public void checkAuthorization(PermissionCheck... permissionCheckArr) {
        EnsureUtil.ensureNotNull("permissionChecks", (Object[]) permissionCheckArr);
        for (PermissionCheck permissionCheck : permissionCheckArr) {
            EnsureUtil.ensureNotNull("permissionCheck", permissionCheck);
        }
        checkAuthorization(CollectionUtil.asArrayList(permissionCheckArr));
    }

    public void checkAuthorization(CompositePermissionCheck compositePermissionCheck) {
        if (isAuthCheckExecuted()) {
            String userId = getCurrentAuthentication().getUserId();
            if (isAuthorized(compositePermissionCheck)) {
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (PermissionCheck permissionCheck : compositePermissionCheck.getAllPermissionChecks()) {
                arrayList.add(new MissingAuthorization(permissionCheck.getPermission().getName(), permissionCheck.getResource().resourceName(), permissionCheck.getResourceId()));
            }
            throw new AuthorizationException(userId, arrayList);
        }
    }

    public void checkAuthorization(List<PermissionCheck> list) {
        if (isAuthCheckExecuted()) {
            Authentication currentAuthentication = getCurrentAuthentication();
            String userId = currentAuthentication.getUserId();
            if (isAuthorized(userId, currentAuthentication.getGroupIds(), list)) {
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (PermissionCheck permissionCheck : list) {
                arrayList.add(new MissingAuthorization(permissionCheck.getPermission().getName(), permissionCheck.getResource().resourceName(), permissionCheck.getResourceId()));
            }
            throw new AuthorizationException(userId, arrayList);
        }
    }

    public void checkAuthorization(Permission permission, Resource resource) {
        checkAuthorization(permission, resource, null);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void checkAuthorization(Permission permission, Resource resource, String str) {
        if (isAuthCheckExecuted()) {
            Authentication currentAuthentication = getCurrentAuthentication();
            if (!isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), permission, resource, str)) {
                throw new AuthorizationException(currentAuthentication.getUserId(), permission.getName(), resource.resourceName(), str);
            }
        }
    }

    public boolean isAuthorized(Permission permission, Resource resource, String str) {
        Authentication currentAuthentication = getCurrentAuthentication();
        if (!isAuthorizationEnabled() || currentAuthentication == null || currentAuthentication.getUserId() == null) {
            return true;
        }
        return isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), permission, resource, str);
    }

    public boolean isAuthorized(String str, List<String> list, Permission permission, Resource resource, String str2) {
        PermissionCheck newPermissionCheck = newPermissionCheck();
        newPermissionCheck.setPermission(permission);
        newPermissionCheck.setResource(resource);
        newPermissionCheck.setResourceId(str2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(newPermissionCheck);
        return isAuthorized(str, list, arrayList);
    }

    public boolean isAuthorized(String str, List<String> list, List<PermissionCheck> list2) {
        if (!isAuthorizationEnabled()) {
            return true;
        }
        return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", new AuthorizationCheck(str, filterAuthenticatedGroupIds(list), list2, isRevokeAuthCheckEnabled(str, list)));
    }

    protected boolean isRevokeAuthCheckEnabled(String str, List<String> list) {
        Boolean bool = this.isRevokeAuthCheckUsed;
        if (bool == null) {
            String authorizationCheckRevokes = Context.getProcessEngineConfiguration().getAuthorizationCheckRevokes();
            if (authorizationCheckRevokes != null) {
                authorizationCheckRevokes = authorizationCheckRevokes.toLowerCase();
            }
            if (ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_ALWAYS.equals(authorizationCheckRevokes)) {
                bool = true;
            } else if (ProcessEngineConfiguration.AUTHORIZATION_CHECK_REVOKE_NEVER.equals(authorizationCheckRevokes)) {
                bool = false;
            } else {
                HashMap hashMap = new HashMap();
                hashMap.put("userId", str);
                hashMap.put("authGroupIds", filterAuthenticatedGroupIds(list));
                bool = Boolean.valueOf(getDbEntityManager().selectBoolean("selectRevokeAuthorization", hashMap));
            }
            this.isRevokeAuthCheckUsed = bool;
        }
        return bool.booleanValue();
    }

    public boolean isAuthorized(String str, List<String> list, CompositePermissionCheck compositePermissionCheck) {
        return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", new AuthorizationCheck(str, filterAuthenticatedGroupIds(list), compositePermissionCheck, isRevokeAuthCheckEnabled(str, list)));
    }

    public boolean isAuthorized(CompositePermissionCheck compositePermissionCheck) {
        Authentication currentAuthentication = getCurrentAuthentication();
        if (currentAuthentication != null) {
            return isAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), compositePermissionCheck);
        }
        return true;
    }

    public void configureQuery(ListQueryParameterObject listQueryParameterObject) {
        AuthorizationCheck authCheck = listQueryParameterObject.getAuthCheck();
        authCheck.getPermissionChecks().clear();
        if (!isAuthCheckExecuted()) {
            authCheck.setAuthorizationCheckEnabled(false);
            authCheck.setAuthUserId(null);
            authCheck.setAuthGroupIds(null);
        } else {
            Authentication currentAuthentication = getCurrentAuthentication();
            authCheck.setAuthUserId(currentAuthentication.getUserId());
            authCheck.setAuthGroupIds(currentAuthentication.getGroupIds());
            enableQueryAuthCheck(authCheck);
        }
    }

    public void configureQueryHistoricFinishedInstanceReport(ListQueryParameterObject listQueryParameterObject, Resource resource) {
        configureQuery(listQueryParameterObject);
        listQueryParameterObject.getAuthCheck().setPermissionChecks(new PermissionCheckBuilder().conjunctive().atomicCheck(resource, "RES.KEY_", Permissions.READ).atomicCheck(resource, "RES.KEY_", Permissions.READ_HISTORY).build());
    }

    public void enableQueryAuthCheck(AuthorizationCheck authorizationCheck) {
        List<String> authGroupIds = authorizationCheck.getAuthGroupIds();
        String authUserId = authorizationCheck.getAuthUserId();
        authorizationCheck.setAuthorizationCheckEnabled(true);
        authorizationCheck.setAuthGroupIds(filterAuthenticatedGroupIds(authGroupIds));
        authorizationCheck.setRevokeAuthorizationCheckEnabled(isRevokeAuthCheckEnabled(authUserId, authGroupIds));
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void configureQuery(AbstractQuery abstractQuery, Resource resource) {
        configureQuery(abstractQuery, resource, "RES.ID_");
    }

    public void configureQuery(AbstractQuery abstractQuery, Resource resource, String str) {
        configureQuery(abstractQuery, resource, str, Permissions.READ);
    }

    public void configureQuery(AbstractQuery abstractQuery, Resource resource, String str, Permission permission) {
        configureQuery(abstractQuery);
        addPermissionCheck(abstractQuery, resource, str, permission);
    }

    protected void addPermissionCheck(ListQueryParameterObject listQueryParameterObject, Resource resource, String str, Permission permission) {
        CommandContext commandContext = getCommandContext();
        if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
            PermissionCheck newPermissionCheck = newPermissionCheck();
            newPermissionCheck.setResource(resource);
            newPermissionCheck.setResourceIdQueryParam(str);
            newPermissionCheck.setPermission(permission);
            listQueryParameterObject.getAuthCheck().addAtomicPermissionCheck(newPermissionCheck);
        }
    }

    protected void addPermissionCheck(AuthorizationCheck authorizationCheck, CompositePermissionCheck compositePermissionCheck) {
        CommandContext commandContext = getCommandContext();
        if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
            authorizationCheck.setPermissionChecks(compositePermissionCheck);
        }
    }

    public void deleteAuthorizationsByResourceId(Resource resource, String str) {
        if (str == null) {
            throw new IllegalArgumentException("Resource id cannot be null");
        }
        if (isAuthorizationEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
            hashMap.put("resourceId", str);
            getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", hashMap);
        }
    }

    public void deleteAuthorizationsByResourceIdAndUserId(Resource resource, String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("Resource id cannot be null");
        }
        if (isAuthorizationEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
            hashMap.put("resourceId", str);
            hashMap.put("userId", str2);
            getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", hashMap);
        }
    }

    public void deleteAuthorizationsByResourceIdAndGroupId(Resource resource, String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("Resource id cannot be null");
        }
        if (isAuthorizationEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
            hashMap.put("resourceId", str);
            hashMap.put("groupId", str2);
            getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", hashMap);
        }
    }

    public void checkCamundaAdmin() {
        Authentication currentAuthentication = getCurrentAuthentication();
        CommandContext commandContext = Context.getCommandContext();
        if (isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled() && currentAuthentication != null && !isCamundaAdmin(currentAuthentication)) {
            throw LOG.requiredCamundaAdminException();
        }
    }

    public boolean isCamundaAdmin(Authentication authentication) {
        List<String> groupIds = authentication.getGroupIds();
        if (groupIds != null) {
            return groupIds.contains(Groups.CAMUNDA_ADMIN);
        }
        return false;
    }

    public void configureDeploymentQuery(DeploymentQueryImpl deploymentQueryImpl) {
        configureQuery(deploymentQueryImpl, Resources.DEPLOYMENT);
    }

    public void configureProcessDefinitionQuery(ProcessDefinitionQueryImpl processDefinitionQueryImpl) {
        configureQuery(processDefinitionQueryImpl, Resources.PROCESS_DEFINITION, "RES.KEY_");
    }

    public void configureExecutionQuery(AbstractQuery abstractQuery) {
        configureQuery(abstractQuery);
        addPermissionCheck(abstractQuery, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addPermissionCheck(abstractQuery, Resources.PROCESS_DEFINITION, "P.KEY_", Permissions.READ_INSTANCE);
    }

    public void configureTaskQuery(TaskQueryImpl taskQueryImpl) {
        configureQuery(taskQueryImpl);
        if (taskQueryImpl.getAuthCheck().isAuthorizationCheckEnabled()) {
            addPermissionCheck(taskQueryImpl.getAuthCheck(), new PermissionCheckBuilder().disjunctive().atomicCheck(Resources.TASK, "RES.ID_", Permissions.READ).atomicCheck(Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_TASK).build());
        }
    }

    public void configureEventSubscriptionQuery(EventSubscriptionQueryImpl eventSubscriptionQueryImpl) {
        configureQuery(eventSubscriptionQueryImpl);
        addPermissionCheck(eventSubscriptionQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addPermissionCheck(eventSubscriptionQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE);
    }

    public void configureConditionalEventSubscriptionQuery(ListQueryParameterObject listQueryParameterObject) {
        configureQuery(listQueryParameterObject);
        addPermissionCheck(listQueryParameterObject, Resources.PROCESS_DEFINITION, "P.KEY_", Permissions.READ);
    }

    public void configureIncidentQuery(IncidentQueryImpl incidentQueryImpl) {
        configureQuery(incidentQueryImpl);
        addPermissionCheck(incidentQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addPermissionCheck(incidentQueryImpl, Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureVariableInstanceQuery(VariableInstanceQueryImpl variableInstanceQueryImpl) {
        configureQuery(variableInstanceQueryImpl);
        if (variableInstanceQueryImpl.getAuthCheck().isAuthorizationCheckEnabled()) {
            addPermissionCheck(variableInstanceQueryImpl.getAuthCheck(), new PermissionCheckBuilder().disjunctive().atomicCheck(Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ).atomicCheck(Resources.PROCESS_DEFINITION, "PROCDEF.KEY_", Permissions.READ_INSTANCE).atomicCheck(Resources.TASK, "RES.TASK_ID_", Permissions.READ).build());
        }
    }

    public void configureJobDefinitionQuery(JobDefinitionQueryImpl jobDefinitionQueryImpl) {
        configureQuery(jobDefinitionQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_");
    }

    public void configureJobQuery(JobQueryImpl jobQueryImpl) {
        configureQuery(jobQueryImpl);
        addPermissionCheck(jobQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROCESS_INSTANCE_ID_", Permissions.READ);
        addPermissionCheck(jobQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROCESS_DEF_KEY_", Permissions.READ_INSTANCE);
    }

    public void configureHistoricProcessInstanceQuery(HistoricProcessInstanceQueryImpl historicProcessInstanceQueryImpl) {
        configureQuery(historicProcessInstanceQueryImpl, Resources.PROCESS_DEFINITION, "SELF.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricActivityInstanceQuery(HistoricActivityInstanceQueryImpl historicActivityInstanceQueryImpl) {
        configureQuery(historicActivityInstanceQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricTaskInstanceQuery(HistoricTaskInstanceQueryImpl historicTaskInstanceQueryImpl) {
        configureQuery(historicTaskInstanceQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricVariableInstanceQuery(HistoricVariableInstanceQueryImpl historicVariableInstanceQueryImpl) {
        configureQuery(historicVariableInstanceQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricDetailQuery(HistoricDetailQueryImpl historicDetailQueryImpl) {
        configureQuery(historicDetailQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricJobLogQuery(HistoricJobLogQueryImpl historicJobLogQueryImpl) {
        configureQuery(historicJobLogQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROCESS_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricIncidentQuery(HistoricIncidentQueryImpl historicIncidentQueryImpl) {
        configureQuery(historicIncidentQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricIdentityLinkQuery(HistoricIdentityLinkLogQueryImpl historicIdentityLinkLogQueryImpl) {
        configureQuery(historicIdentityLinkLogQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricDecisionInstanceQuery(HistoricDecisionInstanceQueryImpl historicDecisionInstanceQueryImpl) {
        configureQuery(historicDecisionInstanceQueryImpl, Resources.DECISION_DEFINITION, "RES.DEC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricExternalTaskLogQuery(HistoricExternalTaskLogQueryImpl historicExternalTaskLogQueryImpl) {
        configureQuery(historicExternalTaskLogQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureUserOperationLogQuery(UserOperationLogQueryImpl userOperationLogQueryImpl) {
        configureQuery(userOperationLogQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_HISTORY);
    }

    public void configureHistoricBatchQuery(HistoricBatchQueryImpl historicBatchQueryImpl) {
        configureQuery(historicBatchQueryImpl, Resources.BATCH, "RES.ID_", Permissions.READ_HISTORY);
    }

    public void configureDeploymentStatisticsQuery(DeploymentStatisticsQueryImpl deploymentStatisticsQueryImpl) {
        configureQuery(deploymentStatisticsQueryImpl, Resources.DEPLOYMENT, "RES.ID_");
        deploymentStatisticsQueryImpl.getProcessInstancePermissionChecks().clear();
        deploymentStatisticsQueryImpl.getJobPermissionChecks().clear();
        deploymentStatisticsQueryImpl.getIncidentPermissionChecks().clear();
        if (deploymentStatisticsQueryImpl.getAuthCheck().isAuthorizationCheckEnabled()) {
            PermissionCheck newPermissionCheck = newPermissionCheck();
            newPermissionCheck.setResource(Resources.PROCESS_INSTANCE);
            newPermissionCheck.setPermission(Permissions.READ);
            newPermissionCheck.setResourceIdQueryParam("EXECUTION.PROC_INST_ID_");
            PermissionCheck newPermissionCheck2 = newPermissionCheck();
            newPermissionCheck2.setResource(Resources.PROCESS_DEFINITION);
            newPermissionCheck2.setPermission(Permissions.READ_INSTANCE);
            newPermissionCheck2.setResourceIdQueryParam("PROCDEF.KEY_");
            newPermissionCheck2.setAuthorizationNotFoundReturnValue(0L);
            deploymentStatisticsQueryImpl.addProcessInstancePermissionCheck(newPermissionCheck);
            deploymentStatisticsQueryImpl.addProcessInstancePermissionCheck(newPermissionCheck2);
            if (deploymentStatisticsQueryImpl.isFailedJobsToInclude()) {
                PermissionCheck newPermissionCheck3 = newPermissionCheck();
                newPermissionCheck3.setResource(Resources.PROCESS_INSTANCE);
                newPermissionCheck3.setPermission(Permissions.READ);
                newPermissionCheck3.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_");
                PermissionCheck newPermissionCheck4 = newPermissionCheck();
                newPermissionCheck4.setResource(Resources.PROCESS_DEFINITION);
                newPermissionCheck4.setPermission(Permissions.READ_INSTANCE);
                newPermissionCheck4.setResourceIdQueryParam("JOB.PROCESS_DEF_KEY_");
                newPermissionCheck4.setAuthorizationNotFoundReturnValue(0L);
                deploymentStatisticsQueryImpl.addJobPermissionCheck(newPermissionCheck3);
                deploymentStatisticsQueryImpl.addJobPermissionCheck(newPermissionCheck4);
            }
            if (deploymentStatisticsQueryImpl.isIncidentsToInclude()) {
                PermissionCheck newPermissionCheck5 = newPermissionCheck();
                newPermissionCheck5.setResource(Resources.PROCESS_INSTANCE);
                newPermissionCheck5.setPermission(Permissions.READ);
                newPermissionCheck5.setResourceIdQueryParam("INC.PROC_INST_ID_");
                PermissionCheck newPermissionCheck6 = newPermissionCheck();
                newPermissionCheck6.setResource(Resources.PROCESS_DEFINITION);
                newPermissionCheck6.setPermission(Permissions.READ_INSTANCE);
                newPermissionCheck6.setResourceIdQueryParam("PROCDEF.KEY_");
                newPermissionCheck6.setAuthorizationNotFoundReturnValue(0L);
                deploymentStatisticsQueryImpl.addIncidentPermissionCheck(newPermissionCheck5);
                deploymentStatisticsQueryImpl.addIncidentPermissionCheck(newPermissionCheck6);
            }
        }
    }

    public void configureProcessDefinitionStatisticsQuery(ProcessDefinitionStatisticsQueryImpl processDefinitionStatisticsQueryImpl) {
        configureQuery(processDefinitionStatisticsQueryImpl, Resources.PROCESS_DEFINITION, "RES.KEY_");
    }

    public void configureActivityStatisticsQuery(ActivityStatisticsQueryImpl activityStatisticsQueryImpl) {
        configureQuery(activityStatisticsQueryImpl);
        activityStatisticsQueryImpl.getProcessInstancePermissionChecks().clear();
        activityStatisticsQueryImpl.getJobPermissionChecks().clear();
        activityStatisticsQueryImpl.getIncidentPermissionChecks().clear();
        if (activityStatisticsQueryImpl.getAuthCheck().isAuthorizationCheckEnabled()) {
            PermissionCheck newPermissionCheck = newPermissionCheck();
            newPermissionCheck.setResource(Resources.PROCESS_INSTANCE);
            newPermissionCheck.setPermission(Permissions.READ);
            newPermissionCheck.setResourceIdQueryParam("E.PROC_INST_ID_");
            PermissionCheck newPermissionCheck2 = newPermissionCheck();
            newPermissionCheck2.setResource(Resources.PROCESS_DEFINITION);
            newPermissionCheck2.setPermission(Permissions.READ_INSTANCE);
            newPermissionCheck2.setResourceIdQueryParam("P.KEY_");
            newPermissionCheck2.setAuthorizationNotFoundReturnValue(0L);
            activityStatisticsQueryImpl.addProcessInstancePermissionCheck(newPermissionCheck);
            activityStatisticsQueryImpl.addProcessInstancePermissionCheck(newPermissionCheck2);
            if (activityStatisticsQueryImpl.isFailedJobsToInclude()) {
                PermissionCheck newPermissionCheck3 = newPermissionCheck();
                newPermissionCheck3.setResource(Resources.PROCESS_INSTANCE);
                newPermissionCheck3.setPermission(Permissions.READ);
                newPermissionCheck3.setResourceIdQueryParam("JOB.PROCESS_INSTANCE_ID_");
                PermissionCheck newPermissionCheck4 = newPermissionCheck();
                newPermissionCheck4.setResource(Resources.PROCESS_DEFINITION);
                newPermissionCheck4.setPermission(Permissions.READ_INSTANCE);
                newPermissionCheck4.setResourceIdQueryParam("JOB.PROCESS_DEF_KEY_");
                newPermissionCheck4.setAuthorizationNotFoundReturnValue(0L);
                activityStatisticsQueryImpl.addJobPermissionCheck(newPermissionCheck3);
                activityStatisticsQueryImpl.addJobPermissionCheck(newPermissionCheck4);
            }
            if (activityStatisticsQueryImpl.isIncidentsToInclude()) {
                PermissionCheck newPermissionCheck5 = newPermissionCheck();
                newPermissionCheck5.setResource(Resources.PROCESS_INSTANCE);
                newPermissionCheck5.setPermission(Permissions.READ);
                newPermissionCheck5.setResourceIdQueryParam("I.PROC_INST_ID_");
                PermissionCheck newPermissionCheck6 = newPermissionCheck();
                newPermissionCheck6.setResource(Resources.PROCESS_DEFINITION);
                newPermissionCheck6.setPermission(Permissions.READ_INSTANCE);
                newPermissionCheck6.setResourceIdQueryParam("PROCDEF.KEY_");
                newPermissionCheck6.setAuthorizationNotFoundReturnValue(0L);
                activityStatisticsQueryImpl.addIncidentPermissionCheck(newPermissionCheck5);
                activityStatisticsQueryImpl.addIncidentPermissionCheck(newPermissionCheck6);
            }
        }
    }

    public void configureExternalTaskQuery(ExternalTaskQueryImpl externalTaskQueryImpl) {
        configureQuery(externalTaskQueryImpl);
        addPermissionCheck(externalTaskQueryImpl, Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ);
        addPermissionCheck(externalTaskQueryImpl, Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_INSTANCE);
    }

    public void configureExternalTaskFetch(ListQueryParameterObject listQueryParameterObject) {
        configureQuery(listQueryParameterObject);
        addPermissionCheck(listQueryParameterObject.getAuthCheck(), newPermissionCheckBuilder().conjunctive().composite().disjunctive().atomicCheck(Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.READ).atomicCheck(Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.READ_INSTANCE).done().composite().disjunctive().atomicCheck(Resources.PROCESS_INSTANCE, "RES.PROC_INST_ID_", Permissions.UPDATE).atomicCheck(Resources.PROCESS_DEFINITION, "RES.PROC_DEF_KEY_", Permissions.UPDATE_INSTANCE).done().build());
    }

    public void configureDecisionDefinitionQuery(DecisionDefinitionQueryImpl decisionDefinitionQueryImpl) {
        configureQuery(decisionDefinitionQueryImpl, Resources.DECISION_DEFINITION, "RES.KEY_");
    }

    public void configureDecisionRequirementsDefinitionQuery(DecisionRequirementsDefinitionQueryImpl decisionRequirementsDefinitionQueryImpl) {
        configureQuery(decisionRequirementsDefinitionQueryImpl, Resources.DECISION_REQUIREMENTS_DEFINITION, "RES.KEY_");
    }

    public void configureBatchQuery(BatchQueryImpl batchQueryImpl) {
        configureQuery(batchQueryImpl);
        addPermissionCheck(batchQueryImpl, Resources.BATCH, "RES.ID_", Permissions.READ);
    }

    public void configureBatchStatisticsQuery(BatchStatisticsQueryImpl batchStatisticsQueryImpl) {
        configureQuery(batchStatisticsQueryImpl);
        addPermissionCheck(batchStatisticsQueryImpl, Resources.BATCH, "RES.ID_", Permissions.READ);
    }

    public List<String> filterAuthenticatedGroupIds(List<String> list) {
        if (list == null || list.isEmpty()) {
            return EMPTY_LIST;
        }
        if (this.availableAuthorizedGroupIds == null) {
            this.availableAuthorizedGroupIds = new HashSet(getDbEntityManager().selectList("selectAuthorizedGroupIds"));
        }
        HashSet hashSet = new HashSet(this.availableAuthorizedGroupIds);
        hashSet.retainAll(list);
        return new ArrayList(hashSet);
    }

    protected boolean isAuthCheckExecuted() {
        Authentication currentAuthentication = getCurrentAuthentication();
        return isAuthorizationEnabled() && Context.getCommandContext().isAuthorizationCheckEnabled() && currentAuthentication != null && currentAuthentication.getUserId() != null;
    }
}
