package com.venky.swf.plugins.security.extensions;

import com.venky.cache.Cache;
import com.venky.core.collections.SequenceSet;
import com.venky.core.log.SWFLogger;
import com.venky.core.log.TimerStatistics;
import com.venky.core.string.StringUtil;
import com.venky.core.util.ObjectUtil;
import com.venky.extension.Extension;
import com.venky.extension.Registry;
import com.venky.swf.db.Database;
import com.venky.swf.db.model.Model;
import com.venky.swf.db.model.User;
import com.venky.swf.db.model.reflection.ModelReflector;
import com.venky.swf.db.table.BindVariable;
import com.venky.swf.db.table.Table;
import com.venky.swf.exceptions.AccessDeniedException;
import com.venky.swf.path.Path;
import com.venky.swf.plugins.security.db.model.Role;
import com.venky.swf.plugins.security.db.model.RolePermission;
import com.venky.swf.plugins.security.db.model.UserRole;
import com.venky.swf.pm.DataSecurityFilter;
import com.venky.swf.routing.Config;
import com.venky.swf.sql.Conjunction;
import com.venky.swf.sql.Expression;
import com.venky.swf.sql.Operator;
import com.venky.swf.sql.Select;
import com.venky.swf.sql.parser.SQLExpressionParser;
import com.venky.swf.sql.parser.XMLExpressionParser;
import java.io.Reader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension.class */
public class ParticipantControllerAccessExtension implements Extension {
    private static ParticipantControllerAccessExtension instance;
    private PermissionCacheBuster permissionCacheBuster = new PermissionCacheBuster();
    private final SWFLogger cat = Config.instance().getLogger(getClass().getName());
    private PermissionCache permissionCache = new PermissionCache();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension$PermissionCache.class */
    public class PermissionCache extends Cache<String, Cache<String, Boolean>> {
        private static final long serialVersionUID = 8076958083615092776L;
        private Comparator<RolePermission> permissionGroupComparator;
        private Comparator<RolePermission> rolepermissionComparator;

        public PermissionCache() {
            super(0, 0.0d);
            this.permissionGroupComparator = new Comparator<RolePermission>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.2
                @Override // java.util.Comparator
                public int compare(RolePermission rolePermission, RolePermission rolePermission2) {
                    int i = 0;
                    if (0 == 0) {
                        i = StringUtil.valueOf(rolePermission2.getControllerPathElementName()).compareTo(StringUtil.valueOf(rolePermission.getControllerPathElementName()));
                    }
                    if (i == 0) {
                        i = StringUtil.valueOf(rolePermission2.getActionPathElementName()).compareTo(StringUtil.valueOf(rolePermission.getActionPathElementName()));
                    }
                    if (i == 0 && rolePermission.getRoleId() != null && rolePermission2.getRoleId() != null) {
                        i = (!rolePermission.isAllowed() || rolePermission2.isAllowed()) ? (rolePermission.isAllowed() || !rolePermission2.isAllowed()) ? rolePermission.getRoleId().compareTo(rolePermission2.getRoleId()) : 1 : -1;
                    }
                    return i;
                }
            };
            this.rolepermissionComparator = new Comparator<RolePermission>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.3
                @Override // java.util.Comparator
                public int compare(RolePermission rolePermission, RolePermission rolePermission2) {
                    int i = 0;
                    if (0 == 0) {
                        i = (rolePermission.getRoleId() != null || rolePermission2.getRoleId() == null) ? (rolePermission2.getRoleId() != null || rolePermission.getRoleId() == null) ? 0 : -1 : 1;
                    }
                    if (i == 0) {
                        i = PermissionCache.this.permissionGroupComparator.compare(rolePermission, rolePermission2);
                    }
                    if (i == 0) {
                        i = StringUtil.valueOf(rolePermission2.getParticipation()).compareTo(StringUtil.valueOf(rolePermission.getParticipation()));
                    }
                    return i;
                }
            };
        }

        public boolean isAllowed(List<RolePermission> list, List<Long> list2) {
            SequenceSet ids = DataSecurityFilter.getIds(list);
            ArrayList arrayList = new ArrayList(list2);
            Collections.sort(ids);
            Collections.sort(arrayList);
            String obj = arrayList.toString();
            String obj2 = ids.toString();
            Boolean bool = (Boolean) ((Cache) get(obj)).get(obj2);
            if (bool == null) {
                bool = Boolean.valueOf(calculatePermission(list, list2));
                ((Cache) get(obj)).put(obj2, bool);
            }
            return bool.booleanValue();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Cache<String, Boolean> getValue(String str) {
            return new Cache<String, Boolean>(0, 0.0d) { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.1
                private static final long serialVersionUID = -6669779570540556969L;

                /* JADX INFO: Access modifiers changed from: protected */
                public Boolean getValue(String str2) {
                    return null;
                }
            };
        }

        /* JADX WARN: Code restructure failed: missing block: B:28:0x00b5, code lost:
        
            if (r0.getRoleId() != null) goto L22;
         */
        /* JADX WARN: Code restructure failed: missing block: B:30:0x00bf, code lost:
        
            if (r0.getRoleId() != null) goto L25;
         */
        /* JADX WARN: Code restructure failed: missing block: B:32:0x00d3, code lost:
        
            if (r6.isEmpty() != false) goto L31;
         */
        /* JADX WARN: Code restructure failed: missing block: B:34:0x00db, code lost:
        
            r0.stop();
         */
        /* JADX WARN: Code restructure failed: missing block: B:35:0x00e0, code lost:
        
            return true;
         */
        /* JADX WARN: Code restructure failed: missing block: B:39:0x00cc, code lost:
        
            return true;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private boolean calculatePermission(java.util.List<com.venky.swf.plugins.security.db.model.RolePermission> r5, java.util.List<java.lang.Long> r6) {
            /*
                r4 = this;
                r0 = r4
                com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension r0 = com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.this
                com.venky.core.log.SWFLogger r0 = r0.cat
                java.lang.String r1 = "sorting permissions"
                com.venky.swf.routing.Config r2 = com.venky.swf.routing.Config.instance()
                boolean r2 = r2.isTimerAdditive()
                com.venky.core.log.TimerStatistics$Timer r0 = r0.startTimer(r1, r2)
                r7 = r0
                r0 = r5
                r1 = r4
                java.util.Comparator<com.venky.swf.plugins.security.db.model.RolePermission> r1 = r1.rolepermissionComparator
                java.util.Collections.sort(r0, r1)
                r0 = r7
                r0.stop()
                r0 = r4
                com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension r0 = com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.this
                com.venky.core.log.SWFLogger r0 = r0.cat
                java.lang.String r1 = "Checking Permissions for being allowed"
                com.venky.core.log.TimerStatistics$Timer r0 = r0.startTimer(r1)
                r8 = r0
                r0 = r5
                r1 = 0
                java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Throwable -> Lec
                com.venky.swf.plugins.security.db.model.RolePermission r0 = (com.venky.swf.plugins.security.db.model.RolePermission) r0     // Catch: java.lang.Throwable -> Lec
                r9 = r0
                r0 = r9
                r10 = r0
                r0 = r5
                java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Throwable -> Lec
                r11 = r0
            L45:
                r0 = r11
                boolean r0 = r0.hasNext()     // Catch: java.lang.Throwable -> Lec
                if (r0 == 0) goto Le4
                r0 = r11
                java.lang.Object r0 = r0.next()     // Catch: java.lang.Throwable -> Lec
                com.venky.swf.plugins.security.db.model.RolePermission r0 = (com.venky.swf.plugins.security.db.model.RolePermission) r0     // Catch: java.lang.Throwable -> Lec
                r12 = r0
                r0 = r4
                java.util.Comparator<com.venky.swf.plugins.security.db.model.RolePermission> r0 = r0.permissionGroupComparator     // Catch: java.lang.Throwable -> Lec
                r1 = r10
                r2 = r12
                int r0 = r0.compare(r1, r2)     // Catch: java.lang.Throwable -> Lec
                if (r0 >= 0) goto L87
                r0 = r10
                java.lang.Long r0 = r0.getRoleId()     // Catch: java.lang.Throwable -> Lec
                if (r0 == 0) goto Le4
                r0 = r6
                r1 = r12
                java.lang.Long r1 = r1.getRoleId()     // Catch: java.lang.Throwable -> Lec
                boolean r0 = r0.remove(r1)     // Catch: java.lang.Throwable -> Lec
                r0 = r12
                r10 = r0
            L87:
                r0 = r12
                java.lang.Long r0 = r0.getRoleId()     // Catch: java.lang.Throwable -> Lec
                if (r0 == 0) goto La4
                r0 = r6
                r1 = r12
                java.lang.Long r1 = r1.getRoleId()     // Catch: java.lang.Throwable -> Lec
                boolean r0 = r0.contains(r1)     // Catch: java.lang.Throwable -> Lec
                if (r0 != 0) goto La4
                goto L45
            La4:
                r0 = r12
                boolean r0 = r0.isAllowed()     // Catch: java.lang.Throwable -> Lec
                if (r0 == 0) goto Le1
                r0 = r12
                java.lang.Long r0 = r0.getRoleId()     // Catch: java.lang.Throwable -> Lec
                if (r0 != 0) goto Lc2
                r0 = r9
                java.lang.Long r0 = r0.getRoleId()     // Catch: java.lang.Throwable -> Lec
                if (r0 != 0) goto Lcd
            Lc2:
                r0 = 1
                r13 = r0
                r0 = r8
                r0.stop()
                r0 = r13
                return r0
            Lcd:
                r0 = r6
                boolean r0 = r0.isEmpty()     // Catch: java.lang.Throwable -> Lec
                if (r0 != 0) goto Le4
                r0 = 1
                r13 = r0
                r0 = r8
                r0.stop()
                r0 = r13
                return r0
            Le1:
                goto L45
            Le4:
                r0 = r8
                r0.stop()
                goto Lf6
            Lec:
                r14 = move-exception
                r0 = r8
                r0.stop()
                r0 = r14
                throw r0
            Lf6:
                r0 = 0
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.PermissionCache.calculatePermission(java.util.List, java.util.List):boolean");
        }
    }

    /* loaded from: input_file:com/venky/swf/plugins/security/extensions/ParticipantControllerAccessExtension$PermissionCacheBuster.class */
    private class PermissionCacheBuster implements Extension {
        private PermissionCacheBuster() {
        }

        public void invoke(Object... objArr) {
            synchronized (ParticipantControllerAccessExtension.this.permissionCache) {
                Iterator it = ParticipantControllerAccessExtension.this.permissionCache.keySet().iterator();
                while (it.hasNext()) {
                    ((Cache) ParticipantControllerAccessExtension.this.permissionCache.get((String) it.next())).clear();
                }
                ParticipantControllerAccessExtension.this.permissionCache.clear();
            }
        }
    }

    public void invoke(Object... objArr) {
        TimerStatistics.Timer startTimer = this.cat.startTimer("Participant Controller Action invoke");
        try {
            _invoke(objArr);
        } finally {
            startTimer.stop();
        }
    }

    private boolean isControllerActionAccessibleAtAll(final User user, String str, String str2, final Path path) {
        String str3 = getClass().getName() + ".isControllerActionAccessibleAtAll";
        Cache<String, Cache<String, Boolean>> cache = (Cache) Database.getInstance().getCurrentTransaction().getAttribute(str3);
        if (cache == null) {
            cache = new Cache<String, Cache<String, Boolean>>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.1
                private static final long serialVersionUID = 998528782452357935L;

                /* JADX INFO: Access modifiers changed from: protected */
                public Cache<String, Boolean> getValue(final String str4) {
                    return new Cache<String, Boolean>() { // from class: com.venky.swf.plugins.security.extensions.ParticipantControllerAccessExtension.1.1
                        private static final long serialVersionUID = 1897514771224474367L;

                        /* JADX INFO: Access modifiers changed from: protected */
                        public Boolean getValue(String str5) {
                            return Boolean.valueOf(ParticipantControllerAccessExtension.this.isControllerActionAccessible(user, str4, str5, null, path));
                        }
                    };
                }
            };
            Database.getInstance().getCurrentTransaction().setAttribute(str3, cache);
        }
        return ((Boolean) ((Cache) cache.get(str)).get(str2)).booleanValue();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v154, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v160, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v173, types: [java.util.Set] */
    private boolean isControllerActionAccessible(User user, String str, String str2, String str3, Path path) {
        TimerStatistics.Timer startTimer = this.cat.startTimer("Check If Action is Secured");
        boolean isActionSecure = path.isActionSecure(str2);
        startTimer.stop();
        if (!isActionSecure) {
            return true;
        }
        if (user == null) {
            return false;
        }
        Class cls = null;
        HashSet hashSet = new HashSet();
        Model model = null;
        Table table = Path.getTable(str);
        if (table != null) {
            cls = table.getModelClass();
        }
        TimerStatistics.Timer startTimer2 = this.cat.startTimer("Getting participating Roles");
        if (cls != null) {
            TimerStatistics.Timer startTimer3 = this.cat.startTimer("Getting model Reflector", Config.instance().isTimerAdditive());
            ModelReflector instance2 = ModelReflector.instance(cls);
            startTimer3.stop();
            if (str3 != null) {
                TimerStatistics.Timer startTimer4 = this.cat.startTimer("Getting Participating Roles when parameter != null", Config.instance().isTimerAdditive());
                try {
                    try {
                        try {
                            model = table.get(Long.valueOf(str3).longValue());
                            if (model != null) {
                                hashSet = model.getParticipatingRoles(user);
                            }
                            startTimer4.stop();
                        } catch (IllegalArgumentException e) {
                            throw new RuntimeException(e);
                        }
                    } catch (NumberFormatException e2) {
                        hashSet = instance2.getParticipatableRoles();
                        startTimer4.stop();
                    }
                } catch (Throwable th) {
                    startTimer4.stop();
                    throw th;
                }
            } else {
                TimerStatistics.Timer startTimer5 = this.cat.startTimer("Getting Participating Roles when parameter == null", Config.instance().isTimerAdditive());
                hashSet = instance2.getParticipatableRoles();
                startTimer5.stop();
            }
        }
        startTimer2.stop();
        TimerStatistics.Timer startTimer6 = this.cat.startTimer("Preparing Permission query");
        ModelReflector instance3 = ModelReflector.instance(RolePermission.class);
        Expression expression = new Expression(instance3.getPool(), Conjunction.AND);
        Expression expression2 = new Expression(instance3.getPool(), Conjunction.OR);
        expression2.add(new Expression(instance3.getPool(), "participation", Operator.EQ, new Object[0]));
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            expression2.add(new Expression(instance3.getPool(), "participation", Operator.EQ, new BindVariable[]{new BindVariable(instance3.getPool(), (String) it.next())}));
        }
        expression.add(expression2);
        boolean z = false;
        if (ObjectUtil.isVoid(str)) {
            z = true;
        }
        Expression expression3 = new Expression(instance3.getPool(), Conjunction.OR);
        expression3.add(new Expression(instance3.getPool(), Conjunction.AND).add(new Expression(instance3.getPool(), "controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression(instance3.getPool(), "action_path_element_name", Operator.EQ, new Object[0])));
        if (z) {
            expression3.add(new Expression(instance3.getPool(), Conjunction.AND).add(new Expression(instance3.getPool(), "controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression(instance3.getPool(), "action_path_element_name", Operator.EQ, new Object[0])));
        } else {
            expression3.add(new Expression(instance3.getPool(), Conjunction.AND).add(new Expression(instance3.getPool(), "controller_path_element_name", Operator.EQ, new String[]{str})).add(new Expression(instance3.getPool(), "action_path_element_name", Operator.EQ, new Object[0])));
        }
        if (z) {
            expression3.add(new Expression(instance3.getPool(), Conjunction.AND).add(new Expression(instance3.getPool(), "controller_path_element_name", Operator.EQ, new Object[0])).add(new Expression(instance3.getPool(), "action_path_element_name", Operator.EQ, new BindVariable[]{new BindVariable(instance3.getPool(), str2)})));
        } else {
            expression3.add(new Expression(instance3.getPool(), Conjunction.AND).add(new Expression(instance3.getPool(), "controller_path_element_name", Operator.EQ, new String[]{str})).add(new Expression(instance3.getPool(), "action_path_element_name", Operator.EQ, new BindVariable[]{new BindVariable(instance3.getPool(), str2)})));
        }
        expression.add(expression3);
        startTimer6.stop();
        TimerStatistics.Timer startTimer7 = this.cat.startTimer("Selecting user Roles");
        Select from = new Select(new String[0]).from(new Class[]{UserRole.class});
        from.where(new Expression(from.getPool(), "user_id", Operator.EQ, new BindVariable[]{new BindVariable(from.getPool(), Long.valueOf(user.getId()))}));
        List execute = from.execute(UserRole.class);
        startTimer7.stop();
        TimerStatistics.Timer startTimer8 = this.cat.startTimer("Preparing role Where clause");
        ArrayList arrayList = new ArrayList();
        ModelReflector instance4 = ModelReflector.instance(Role.class);
        Expression expression4 = new Expression(instance4.getPool(), Conjunction.OR);
        expression4.add(new Expression(instance4.getPool(), "role_id", Operator.EQ, new Object[0]));
        if (!execute.isEmpty()) {
            Iterator it2 = execute.iterator();
            while (it2.hasNext()) {
                arrayList.add(Long.valueOf(((UserRole) it2.next()).getRoleId()));
            }
            expression4.add(new Expression(from.getPool(), "role_id", Operator.IN, arrayList.toArray()));
        }
        startTimer8.stop();
        expression.add(expression4);
        TimerStatistics.Timer startTimer9 = this.cat.startTimer("Selecting from role permissions");
        Select from2 = new Select(new String[0]).from(new Class[]{RolePermission.class});
        from2.where(expression);
        List<RolePermission> execute2 = from2.execute();
        startTimer9.stop();
        TimerStatistics.Timer startTimer10 = this.cat.startTimer("Remove permission records based on condition.");
        Iterator<RolePermission> it3 = execute2.iterator();
        while (it3.hasNext()) {
            RolePermission next = it3.next();
            Reader conditionText = next.getConditionText();
            String read = conditionText == null ? null : StringUtil.read(conditionText);
            if (!ObjectUtil.isVoid(read)) {
                Expression parse = new SQLExpressionParser(cls).parse(read);
                if (parse == null) {
                    parse = new XMLExpressionParser(cls).parse(read);
                }
                if (model == null && !next.isAllowed()) {
                    it3.remove();
                } else if (model != null && !parse.eval(model)) {
                    it3.remove();
                }
            }
        }
        startTimer10.stop();
        if (execute2.isEmpty()) {
            return true;
        }
        return this.permissionCache.isAllowed(execute2, arrayList);
    }

    public void _invoke(Object... objArr) {
        User user = (User) objArr[0];
        if (user == null || !user.isAdmin()) {
            String str = (String) objArr[1];
            String str2 = (String) objArr[2];
            String str3 = (String) objArr[3];
            Path path = (Path) objArr[4];
            if (path == null) {
                TimerStatistics.Timer startTimer = this.cat.startTimer("Create Path");
                path = new Path("/" + str + "/" + str2 + (str3 == null ? "" : "/" + str3));
                startTimer.stop();
            }
            if (!isControllerActionAccessibleAtAll(user, str, str2, path)) {
                throw new AccessDeniedException(path.getTarget());
            }
            if (!isControllerActionAccessible(user, str, str2, str3, path)) {
                throw new AccessDeniedException(path.getTarget());
            }
        }
    }

    static {
        instance = null;
        instance = new ParticipantControllerAccessExtension();
        Registry.instance().registerExtension(Path.ALLOW_CONTROLLER_ACTION, instance);
        Registry.instance().registerExtension(RolePermission.class.getSimpleName() + ".after.save", instance.permissionCacheBuster);
        Registry.instance().registerExtension(RolePermission.class.getSimpleName() + ".after.destroy", instance.permissionCacheBuster);
        Registry.instance().registerExtension(UserRole.class.getSimpleName() + ".after.save", instance.permissionCacheBuster);
        Registry.instance().registerExtension(UserRole.class.getSimpleName() + ".after.destroy", instance.permissionCacheBuster);
    }
}
