package edu.internet2.middleware.grouper.privs;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssign;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.hibernate.HqlQuery;
import edu.internet2.middleware.grouper.misc.GrouperCheckConfig;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.permissions.PermissionEntry;
import edu.internet2.middleware.grouper.pit.PITAttributeAssign;
import edu.internet2.middleware.grouper.subj.InternalSourceAdapter;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.Set;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-4.1.2.jar:edu/internet2/middleware/grouper/privs/WheelAttrDefResolver.class */
public class WheelAttrDefResolver extends AttributeDefResolverDecorator {
    private boolean useWheel;
    private Group wheelGroup;
    private boolean useReadonlyWheel;
    private Group wheelReadonlyGroup;
    private boolean useViewonlyWheel;
    private Group wheelViewonlyGroup;
    private GrouperSession wheelSession;
    private static boolean loggedWheelReadonlyGroupMissing = false;
    private static boolean loggedWheelViewonlyGroupMissing = false;
    private static final Log LOG = GrouperUtil.getLog(WheelAttrDefResolver.class);
    private static boolean loggedWheelGroupMissing = false;

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public void stop() {
        super.getDecoratedResolver().stop();
    }

    public WheelAttrDefResolver(AttributeDefResolver attributeDefResolver) {
        super(attributeDefResolver);
        this.useWheel = false;
        this.useReadonlyWheel = false;
        this.useViewonlyWheel = false;
        this.wheelSession = null;
        this.useWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString(GrouperConfig.PROP_USE_WHEEL_GROUP)).booleanValue();
        if (this.useWheel) {
            String str = null;
            try {
                str = GrouperConfig.retrieveConfig().propertyValueString(GrouperConfig.PROP_WHEEL_GROUP);
                this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                this.wheelGroup = GroupFinder.findByName(this.wheelSession, str, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e) {
                String str2 = "Initialisation error with wheel group name '" + str + "': " + e.getClass().getSimpleName() + "\n" + ExceptionUtils.getFullStackTrace(e);
                if (loggedWheelGroupMissing || GrouperCheckConfig.inCheckConfig) {
                    LOG.debug(str2);
                } else {
                    LOG.error(str2);
                    loggedWheelGroupMissing = true;
                }
                this.useWheel = false;
            }
        }
        this.useViewonlyWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.viewonly.use")).booleanValue();
        if (this.useViewonlyWheel) {
            String str3 = null;
            try {
                str3 = GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.viewonly.group");
                if (this.wheelSession == null) {
                    this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                }
                this.wheelViewonlyGroup = GroupFinder.findByName(this.wheelSession, str3, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e2) {
                String str4 = "Initialisation error with wheel viewonly group name '" + str3 + "': " + e2.getClass().getSimpleName() + "\n" + ExceptionUtils.getFullStackTrace(e2);
                if (loggedWheelViewonlyGroupMissing || GrouperCheckConfig.inCheckConfig) {
                    LOG.debug(str4);
                } else {
                    LOG.error(str4);
                    loggedWheelViewonlyGroupMissing = true;
                }
                this.useViewonlyWheel = false;
            }
        }
        this.useReadonlyWheel = Boolean.valueOf(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.readonly.use")).booleanValue();
        if (this.useReadonlyWheel) {
            String str5 = null;
            try {
                str5 = GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.readonly.group");
                if (this.wheelSession == null) {
                    this.wheelSession = GrouperSession.start(SubjectFinder.findRootSubject(), false);
                }
                this.wheelReadonlyGroup = GroupFinder.findByName(this.wheelSession, str5, GrouperStartup.isFinishedStartupSuccessfully());
            } catch (Exception e3) {
                String str6 = "Initialisation error with wheel readonly group name '" + str5 + "': " + e3.getClass().getSimpleName() + "\n" + ExceptionUtils.getFullStackTrace(e3);
                if (loggedWheelReadonlyGroupMissing || GrouperCheckConfig.inCheckConfig) {
                    LOG.debug(str6);
                } else {
                    LOG.error(str6);
                    loggedWheelReadonlyGroupMissing = true;
                }
                this.useReadonlyWheel = false;
            }
        }
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, Subject subject) throws IllegalArgumentException {
        Set<AttributeDefPrivilege> privileges = super.getDecoratedResolver().getPrivileges(attributeDef, subject);
        if (isAndUseWheel(subject)) {
            for (Privilege privilege : Privilege.getAttributeDefPrivs()) {
                if (!privilege.equals(AttributeDefPrivilege.ATTR_OPTIN) && !privilege.equals(AttributeDefPrivilege.ATTR_OPTOUT)) {
                    privileges.add(new AttributeDefPrivilege(attributeDef, subject, SubjectFinder.findRootSubject(), privilege, GrouperConfig.retrieveConfig().propertyValueString("privileges.attributeDef.interface"), false, null));
                }
            }
        } else if (isAndUseWheelReadonly(subject)) {
            for (Privilege privilege2 : Privilege.getAttributeDefPrivs()) {
                if (privilege2.equals(AttributeDefPrivilege.ATTR_READ) || privilege2.equals(AttributeDefPrivilege.ATTR_VIEW) || privilege2.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_READ)) {
                    privileges.add(new AttributeDefPrivilege(attributeDef, subject, SubjectFinder.findRootSubject(), privilege2, GrouperConfig.retrieveConfig().propertyValueString("privileges.attributeDef.interface"), false, null));
                }
            }
        } else if (isAndUseWheelViewonly(subject)) {
            for (Privilege privilege3 : Privilege.getAttributeDefPrivs()) {
                if (privilege3.equals(AttributeDefPrivilege.ATTR_VIEW)) {
                    privileges.add(new AttributeDefPrivilege(attributeDef, subject, SubjectFinder.findRootSubject(), privilege3, GrouperConfig.retrieveConfig().propertyValueString("privileges.attributeDef.interface"), false, null));
                }
            }
        }
        return privileges;
    }

    private boolean isAndUseWheelViewonly(Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        return getGrouperSession().isConsiderIfWheelMember() && this.useViewonlyWheel && isWheelViewonlyMember(subject);
    }

    private boolean isAndUseWheelReadonly(Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        return getGrouperSession().isConsiderIfWheelMember() && this.useReadonlyWheel && isWheelReadonlyMember(subject);
    }

    private boolean isAndUseWheel(Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        return getGrouperSession().isConsiderIfWheelMember() && this.useWheel && isWheelMember(subject);
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public boolean hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException {
        if (isAndUseWheel(subject) && !AttributeDefPrivilege.ATTR_OPTOUT.equals(privilege) && !AttributeDefPrivilege.ATTR_OPTIN.equals(privilege)) {
            return true;
        }
        if (isAndUseWheelReadonly(subject) && (AttributeDefPrivilege.ATTR_READ.equals(privilege) || AttributeDefPrivilege.ATTR_VIEW.equals(privilege) || AttributeDefPrivilege.ATTR_DEF_ATTR_READ.equals(privilege))) {
            return true;
        }
        if (isAndUseWheelViewonly(subject) && AttributeDefPrivilege.ATTR_VIEW.equals(privilege)) {
            return true;
        }
        return super.getDecoratedResolver().hasPrivilege(attributeDef, subject, privilege);
    }

    private Boolean getFromIsWheelMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelMemberCache(subject);
    }

    private Boolean getFromIsWheelViewonlyMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelViewonlyMemberCache(subject);
    }

    private Boolean getFromIsWheelReadonlyMemberCache(Subject subject) {
        return WheelCache.getFromIsWheelReadonlyMemberCache(subject);
    }

    private void putInHasPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInHasPrivilegeCache(subject, bool);
    }

    private void putInHasViewonlyPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInViewonlyHasPrivilegeCache(subject, bool);
    }

    private void putInHasReadonlyPrivilegeCache(Subject subject, Boolean bool) {
        WheelCache.putInReadonlyHasPrivilegeCache(subject, bool);
    }

    private boolean isWheelMember(final Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        Boolean fromIsWheelMemberCache = getFromIsWheelMemberCache(subject);
        if (fromIsWheelMemberCache == null) {
            fromIsWheelMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelAttrDefResolver.1
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelAttrDefResolver.this.wheelGroup.hasMember(subject));
                }
            });
            putInHasPrivilegeCache(subject, fromIsWheelMemberCache);
        }
        return fromIsWheelMemberCache.booleanValue();
    }

    private boolean isWheelViewonlyMember(final Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        Boolean fromIsWheelViewonlyMemberCache = getFromIsWheelViewonlyMemberCache(subject);
        if (fromIsWheelViewonlyMemberCache == null) {
            fromIsWheelViewonlyMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelAttrDefResolver.2
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelAttrDefResolver.this.wheelViewonlyGroup != null && WheelAttrDefResolver.this.wheelViewonlyGroup.hasMember(subject));
                }
            });
            putInHasViewonlyPrivilegeCache(subject, fromIsWheelViewonlyMemberCache);
        }
        return fromIsWheelViewonlyMemberCache.booleanValue();
    }

    private boolean isWheelReadonlyMember(final Subject subject) {
        if (subject != null && InternalSourceAdapter.ID.equals(subject.getSourceId()) && GrouperConfig.ROOT.equals(subject.getId())) {
            return true;
        }
        Boolean fromIsWheelReadonlyMemberCache = getFromIsWheelReadonlyMemberCache(subject);
        if (fromIsWheelReadonlyMemberCache == null) {
            fromIsWheelReadonlyMemberCache = (Boolean) GrouperSession.callbackGrouperSession(this.wheelSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.privs.WheelAttrDefResolver.3
                @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                    return Boolean.valueOf(WheelAttrDefResolver.this.wheelReadonlyGroup != null && WheelAttrDefResolver.this.wheelReadonlyGroup.hasMember(subject));
                }
            });
            putInHasReadonlyPrivilegeCache(subject, fromIsWheelReadonlyMemberCache);
        }
        return fromIsWheelReadonlyMemberCache.booleanValue();
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public void flushCache() {
        WheelCache.flush();
        super.getDecoratedResolver().flushCache();
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> set, Subject subject, Set<Privilege> set2) {
        return isAndUseWheel(subject) ? set : (isAndUseWheelViewonly(subject) && set2 != null && set2.contains(AttributeDefPrivilege.ATTR_VIEW)) ? set : (isAndUseWheelReadonly(subject) && set2 != null && (set2.contains(AttributeDefPrivilege.ATTR_VIEW) || set2.contains(AttributeDefPrivilege.ATTR_READ) || set2.contains(AttributeDefPrivilege.ATTR_DEF_ATTR_READ))) ? set : super.getDecoratedResolver().postHqlFilterAttrDefs(set, subject, set2);
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public boolean hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder sb, StringBuilder sb2, String str, Set<Privilege> set) {
        if (isAndUseWheel(subject)) {
            return false;
        }
        if (isAndUseWheelViewonly(subject) && set != null && set.contains(AttributeDefPrivilege.ATTR_VIEW)) {
            return false;
        }
        if (isAndUseWheelReadonly(subject) && set != null && (set.contains(AttributeDefPrivilege.ATTR_VIEW) || set.contains(AttributeDefPrivilege.ATTR_READ) || set.contains(AttributeDefPrivilege.ATTR_DEF_ATTR_READ))) {
            return false;
        }
        return super.getDecoratedResolver().hqlFilterAttrDefsWhereClause(subject, hqlQuery, sb, sb2, str, set);
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> set) {
        return (isAndUseWheel(subject) || isAndUseWheelReadonly(subject)) ? set : super.getDecoratedResolver().postHqlFilterAttributeAssigns(subject, set);
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> set) {
        return (isAndUseWheel(subject) || isAndUseWheelReadonly(subject)) ? set : super.getDecoratedResolver().postHqlFilterPITAttributeAssigns(subject, set);
    }

    @Override // edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator, edu.internet2.middleware.grouper.privs.AttributeDefResolver
    public Set<PermissionEntry> postHqlFilterPermissions(Subject subject, Set<PermissionEntry> set) {
        return (isAndUseWheel(subject) || isAndUseWheelReadonly(subject)) ? set : super.getDecoratedResolver().postHqlFilterPermissions(subject, set);
    }
}
