package edu.internet2.middleware.grouper.internal.dao.hib3;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.hibernate.ByHqlStatic;
import edu.internet2.middleware.grouper.hibernate.HibUtils;
import edu.internet2.middleware.grouper.hibernate.HibernateSession;
import edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO;
import edu.internet2.middleware.grouper.permissions.PermissionEntry;
import edu.internet2.middleware.grouper.pit.PITAttributeAssign;
import edu.internet2.middleware.grouper.pit.PITAttributeAssignActionSet;
import edu.internet2.middleware.grouper.pit.PITAttributeDefNameSet;
import edu.internet2.middleware.grouper.pit.PITGroupSet;
import edu.internet2.middleware.grouper.pit.PITMembership;
import edu.internet2.middleware.grouper.pit.PITPermissionAllView;
import edu.internet2.middleware.grouper.pit.PITRoleSet;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.AttributeDefPrivilege;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/grouper-4.3.2.jar:edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PITPermissionAllViewDAO.class */
public class Hib3PITPermissionAllViewDAO extends Hib3DAO implements PITPermissionAllViewDAO {
    private static final String PERMISSION_ENTRY_COLUMNS = "gr.nameDb as roleName, gm.subjectSourceId as subjectSourceId, gm.subjectId as subjectId, gaaa.nameDb as action, gadn.nameDb as attributeDefNameName, gr.id as roleId, gadn.attributeDefId as attributeDefId, gm.id as memberId, gadn.id as attributeDefNameId, gaaa.id as actionId, gmav.depth as membershipDepth, grs.depth as roleSetDepth, gadns.depth as attributeDefNameSetDepth, gaaas.depth as attributeAssignActionSetDepth, gmav.membershipId as membershipId, gmav.groupSetId as groupSetId, grs.id as roleSetId, gadns.id as attributeDefNameSetId, gaaas.id as actionSetId, gaa.id as attributeAssignId, gaa.attributeAssignTypeDb as attributeAssignTypeDb, gmav.groupSetActiveDb as groupSetActiveDb, gmav.groupSetStartTimeDb as groupSetStartTimeDb, gmav.groupSetEndTimeDb as groupSetEndTimeDb, gmav.membershipActiveDb as membershipActiveDb, gmav.membershipStartTimeDb as membershipStartTimeDb, gmav.membershipEndTimeDb as membershipEndTimeDb, grs.activeDb as roleSetActiveDb, grs.startTimeDb as roleSetStartTimeDb, grs.endTimeDb as roleSetEndTimeDb, gaaas.activeDb as actionSetActiveDb, gaaas.startTimeDb as actionSetStartTimeDb, gaaas.endTimeDb as actionSetEndTimeDb, gadns.activeDb as attributeDefNameSetActiveDb, gadns.startTimeDb as attributeDefNameSetStartTimeDb, gadns.endTimeDb as attributeDefNameSetEndTimeDb, gaa.activeDb as attributeAssignActiveDb, gaa.startTimeDb as attributeAssignStartTimeDb, gaa.endTimeDb as attributeAssignEndTimeDb, gaa.disallowedDb as disallowedDb, gaaa.sourceId as actionSourceId, gr.sourceId as roleSourceId, gadn.sourceId as attributeDefNameSourceId, gad.sourceId as attributeDefSourceId, gm.sourceId as memberSourceId, gmav.membershipSourceId as membershipSourceId, gaa.sourceId as attributeAssignSourceId";
    private static final String PERMISSION_ENTRY_TABLES = "PITGroup gr, PITMembershipView gmav, PITMember gm, PITField gf, PITRoleSet grs, PITAttributeDef gad, PITAttributeAssign gaa, PITAttributeDefName gadn, PITAttributeDefNameSet gadns, PITAttributeAssignAction gaaa, PITAttributeAssignActionSet gaaas";
    private static final String PERMISSION_ENTRY_WHERE_CLAUSE = "gmav.ownerGroupId = gr.id and gmav.fieldId = gf.id and gf.typeDb = 'list' and gf.nameDb = 'members' and gmav.memberId = gm.id and gadn.attributeDefId = gad.id and gad.attributeDefTypeDb = 'perm' and gaa.attributeDefNameId = gadns.ifHasAttributeDefNameId and gadn.id = gadns.thenHasAttributeDefNameId and gaa.attributeAssignActionId = gaaas.ifHasAttrAssignActionId and gaaa.id = gaaas.thenHasAttrAssignActionId and ((grs.ifHasRoleId = gr.id and gaa.ownerGroupId = grs.thenHasRoleId and gaa.attributeAssignTypeDb = 'group') or (gmav.ownerGroupId = gaa.ownerGroupId  and gmav.memberId = gaa.ownerMemberId and gaa.attributeAssignTypeDb = 'any_mem' and grs.ifHasRoleId = gr.id and grs.depth='0'))";
    private static final String KLASS = Hib3PITPermissionAllViewDAO.class.getName();

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PermissionEntry> findPermissions(Collection<String> collection, Collection<String> collection2, Collection<String> collection3, Collection<String> collection4, Collection<String> collection5, Timestamp timestamp, Timestamp timestamp2) {
        StringBuilder append;
        int length = GrouperUtil.length(collection5);
        int length2 = GrouperUtil.length(collection3);
        int length3 = GrouperUtil.length(collection4);
        int length4 = GrouperUtil.length(collection);
        int length5 = GrouperUtil.length(collection2);
        if (length == 0 && length2 == 0 && length4 == 0 && length5 == 0) {
            throw new RuntimeException("Illegal query, you need to pass in members and/or attributeDefId(s) and/or roleId(s) and/or attributeDefNameIds");
        }
        if (length + length2 + length4 + length5 + length3 > 100) {
            throw new RuntimeException("Too many memberIdsSize " + length + " roleIdsSize " + length2 + " or attributeDefIdsSize " + length4 + " or attributeDefNameIds " + length5 + " or actionsSize " + length3);
        }
        ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
        StringBuilder sb = new StringBuilder(" from PITGroup gr, PITMembershipView gmav, PITMember gm, PITField gf, PITRoleSet grs, PITAttributeDef gad, PITAttributeAssign gaa, PITAttributeDefName gadn, PITAttributeDefNameSet gadns, PITAttributeAssignAction gaaa, PITAttributeAssignActionSet gaaas ");
        StringBuilder sb2 = new StringBuilder(" gmav.ownerGroupId = gr.id and gmav.fieldId = gf.id and gf.typeDb = 'list' and gf.nameDb = 'members' and gmav.memberId = gm.id and gadn.attributeDefId = gad.id and gad.attributeDefTypeDb = 'perm' and gaa.attributeDefNameId = gadns.ifHasAttributeDefNameId and gadn.id = gadns.thenHasAttributeDefNameId and gaa.attributeAssignActionId = gaaas.ifHasAttrAssignActionId and gaaa.id = gaaas.thenHasAttrAssignActionId and ((grs.ifHasRoleId = gr.id and gaa.ownerGroupId = grs.thenHasRoleId and gaa.attributeAssignTypeDb = 'group') or (gmav.ownerGroupId = gaa.ownerGroupId  and gmav.memberId = gaa.ownerMemberId and gaa.attributeAssignTypeDb = 'any_mem' and grs.ifHasRoleId = gr.id and grs.depth='0')) ");
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        Subject subject = staticGrouperSession.getSubject();
        staticGrouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(subject, byHqlStatic, sb, sb2, "gad.sourceId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
        if (!staticGrouperSession.getAccessResolver().hqlFilterGroupsWhereClause(subject, byHqlStatic, sb, "gr.sourceId", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES) || !sb.toString().contains(" where ")) {
            append = sb.append(" where ").append((CharSequence) sb2);
        } else {
            if (sb2.length() <= 0) {
                throw new RuntimeException("Unexpected.");
            }
            append = sb.append(" and ").append((CharSequence) sb2);
        }
        if (length3 > 0) {
            append.append(" and gaaa.nameDb in (");
            append.append(HibUtils.convertToInClause(collection4, byHqlStatic));
            append.append(") ");
        }
        if (length2 > 0) {
            append.append(" and gr.sourceId in (");
            append.append(HibUtils.convertToInClause(collection3, byHqlStatic));
            append.append(") ");
        }
        if (length4 > 0) {
            append.append(" and gad.sourceId in (");
            append.append(HibUtils.convertToInClause(collection, byHqlStatic));
            append.append(") ");
        }
        if (length5 > 0) {
            append.append(" and gadn.sourceId in (");
            append.append(HibUtils.convertToInClause(collection2, byHqlStatic));
            append.append(") ");
        }
        if (length > 0) {
            append.append(" and gm.sourceId in (");
            append.append(HibUtils.convertToInClause(collection5, byHqlStatic));
            append.append(") ");
        }
        if (timestamp != null) {
            Long valueOf = Long.valueOf(timestamp.getTime() * 1000);
            append.append(" and (gmav.membershipEndTimeDb is null or gmav.membershipEndTimeDb > '" + valueOf + "')");
            append.append(" and (gmav.groupSetEndTimeDb is null or gmav.groupSetEndTimeDb > '" + valueOf + "')");
            append.append(" and (gaaas.endTimeDb is null or gaaas.endTimeDb > '" + valueOf + "')");
            append.append(" and (gadns.endTimeDb is null or gadns.endTimeDb > '" + valueOf + "')");
            append.append(" and (grs.endTimeDb is null or grs.endTimeDb > '" + valueOf + "')");
            append.append(" and (gaa.endTimeDb is null or gaa.endTimeDb > '" + valueOf + "')");
        }
        if (timestamp2 != null) {
            Long valueOf2 = Long.valueOf(timestamp2.getTime() * 1000);
            append.append(" and gmav.membershipStartTimeDb < '" + valueOf2 + "'");
            append.append(" and gmav.groupSetStartTimeDb < '" + valueOf2 + "'");
            append.append(" and gaaas.startTimeDb < '" + valueOf2 + "'");
            append.append(" and gadns.startTimeDb < '" + valueOf2 + "'");
            append.append(" and grs.startTimeDb < '" + valueOf2 + "'");
            append.append(" and gaa.startTimeDb < '" + valueOf2 + "'");
        }
        byHqlStatic.setCacheable(false).setCacheRegion(KLASS + ".findPermissions");
        int propertyValueInt = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
        Set listSet = byHqlStatic.createQuery("select distinct gr.nameDb as roleName, gm.subjectSourceId as subjectSourceId, gm.subjectId as subjectId, gaaa.nameDb as action, gadn.nameDb as attributeDefNameName, gr.id as roleId, gadn.attributeDefId as attributeDefId, gm.id as memberId, gadn.id as attributeDefNameId, gaaa.id as actionId, gmav.depth as membershipDepth, grs.depth as roleSetDepth, gadns.depth as attributeDefNameSetDepth, gaaas.depth as attributeAssignActionSetDepth, gmav.membershipId as membershipId, gmav.groupSetId as groupSetId, grs.id as roleSetId, gadns.id as attributeDefNameSetId, gaaas.id as actionSetId, gaa.id as attributeAssignId, gaa.attributeAssignTypeDb as attributeAssignTypeDb, gmav.groupSetActiveDb as groupSetActiveDb, gmav.groupSetStartTimeDb as groupSetStartTimeDb, gmav.groupSetEndTimeDb as groupSetEndTimeDb, gmav.membershipActiveDb as membershipActiveDb, gmav.membershipStartTimeDb as membershipStartTimeDb, gmav.membershipEndTimeDb as membershipEndTimeDb, grs.activeDb as roleSetActiveDb, grs.startTimeDb as roleSetStartTimeDb, grs.endTimeDb as roleSetEndTimeDb, gaaas.activeDb as actionSetActiveDb, gaaas.startTimeDb as actionSetStartTimeDb, gaaas.endTimeDb as actionSetEndTimeDb, gadns.activeDb as attributeDefNameSetActiveDb, gadns.startTimeDb as attributeDefNameSetStartTimeDb, gadns.endTimeDb as attributeDefNameSetEndTimeDb, gaa.activeDb as attributeAssignActiveDb, gaa.startTimeDb as attributeAssignStartTimeDb, gaa.endTimeDb as attributeAssignEndTimeDb, gaa.disallowedDb as disallowedDb, gaaa.sourceId as actionSourceId, gr.sourceId as roleSourceId, gadn.sourceId as attributeDefNameSourceId, gad.sourceId as attributeDefSourceId, gm.sourceId as memberSourceId, gmav.membershipSourceId as membershipSourceId, gaa.sourceId as attributeAssignSourceId " + append.toString().replaceAll("where\\s+and", "where")).assignConvertHqlColumnsToObject(true).listSet(PITPermissionAllView.class);
        int length6 = GrouperUtil.length(listSet);
        if (propertyValueInt >= 0 && length6 > propertyValueInt) {
            throw new RuntimeException("Too many results: " + length6);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(listSet);
        return length6 == 0 ? linkedHashSet : staticGrouperSession.getAttributeDefResolver().postHqlFilterPermissions(subject, linkedHashSet);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITAttributeAssignActionSet pITAttributeAssignActionSet) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where actionSetId = :actionSetId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.actionSetId <> :actionSetId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindNewOrDeletedFlatPermissionsAfterActionSetAddOrDelete").setString(PITPermissionAllView.FIELD_ACTION_SET_ID, pITAttributeAssignActionSet.getId()).listSet(PITPermissionAllView.class);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITAttributeDefNameSet pITAttributeDefNameSet) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where attributeDefNameSetId = :attributeDefNameSetId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.attributeDefNameSetId <> :attributeDefNameSetId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindNewOrDeletedFlatPermissionsAfterAttributeDefNameSetAddOrDelete").setString(PITPermissionAllView.FIELD_ATTRIBUTE_DEF_NAME_SET_ID, pITAttributeDefNameSet.getId()).listSet(PITPermissionAllView.class);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITRoleSet pITRoleSet) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where roleSetId = :roleSetId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.roleSetId <> :roleSetId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindNewOrDeletedFlatPermissionsAfterRoleSetAddOrDelete").setString(PITPermissionAllView.FIELD_ROLE_SET_ID, pITRoleSet.getId()).listSet(PITPermissionAllView.class);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITAttributeAssign pITAttributeAssign) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where attributeAssignId = :attributeAssignId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.attributeAssignId <> :attributeAssignId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindNewOrDeletedFlatPermissionsAfterAttributeAssignAddOrDelete").setString("attributeAssignId", pITAttributeAssign.getId()).listSet(PITPermissionAllView.class);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITGroupSet pITGroupSet) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where groupSetId = :groupSetId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.groupSetId <> :groupSetId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindOrDeletedNewFlatPermissionsAfterGroupSetAddOrDelete").setString("groupSetId", pITGroupSet.getId()).listSet(PITPermissionAllView.class);
    }

    @Override // edu.internet2.middleware.grouper.internal.dao.PITPermissionAllViewDAO
    public Set<PITPermissionAllView> findNewOrDeletedFlatPermissionsAfterObjectAddOrDelete(PITMembership pITMembership) {
        return HibernateSession.byHqlStatic().createQuery("select perm from PITPermissionAllView as perm where membershipId = :membershipId and groupSetActiveDb = 'T' and membershipActiveDb = 'T' and roleSetActiveDb = 'T' and actionSetActiveDb = 'T' and attributeDefNameSetActiveDb = 'T' and attributeAssignActiveDb = 'T' and not exists (select 1 from PITPermissionAllView perm2 where perm2.roleId=perm.roleId and perm2.attributeDefNameId=perm.attributeDefNameId and perm2.actionId=perm.actionId and perm2.memberId=perm.memberId and perm2.membershipId <> :membershipId and perm2.groupSetActiveDb = 'T' and perm2.membershipActiveDb = 'T' and perm2.roleSetActiveDb = 'T' and perm2.actionSetActiveDb = 'T' and perm2.attributeDefNameSetActiveDb = 'T' and perm2.attributeAssignActiveDb = 'T')").setCacheable(false).setCacheRegion(KLASS + ".FindNewOrDeletedFlatPermissionsAfterMembershipAddOrDelete").setString("membershipId", pITMembership.getId()).listSet(PITPermissionAllView.class);
    }
}
