package edu.internet2.middleware.grouper.attr;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.audit.AuditEntry;
import edu.internet2.middleware.grouper.audit.AuditTypeBuiltin;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.GrantPrivilegeException;
import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeAlreadyRevokedException;
import edu.internet2.middleware.grouper.exception.RevokePrivilegeException;
import edu.internet2.middleware.grouper.exception.SchemaException;
import edu.internet2.middleware.grouper.exception.UnableToPerformAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.UnableToPerformException;
import edu.internet2.middleware.grouper.hibernate.AuditControl;
import edu.internet2.middleware.grouper.hibernate.GrouperTransaction;
import edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler;
import edu.internet2.middleware.grouper.hibernate.GrouperTransactionType;
import edu.internet2.middleware.grouper.hibernate.HibernateHandler;
import edu.internet2.middleware.grouper.hibernate.HibernateHandlerBean;
import edu.internet2.middleware.grouper.hibernate.HibernateSession;
import edu.internet2.middleware.grouper.internal.dao.GrouperDAOException;
import edu.internet2.middleware.grouper.privs.AttributeDefPrivilege;
import edu.internet2.middleware.grouper.privs.Privilege;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.rules.RuleCheckType;
import edu.internet2.middleware.grouper.rules.RuleEngine;
import edu.internet2.middleware.grouper.rules.beans.RulesPrivilegeBean;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.StopWatch;

/* loaded from: input_file:WEB-INF/lib/grouper-4.5.5.jar:edu/internet2/middleware/grouper/attr/AttributeDefPrivilegeDelegate.class */
public class AttributeDefPrivilegeDelegate {
    private AttributeDef attributeDef;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AttributeDefPrivilegeDelegate(AttributeDef attributeDef) {
        this.attributeDef = null;
        this.attributeDef = attributeDef;
    }

    public boolean hasAttrAdmin(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_ADMIN);
    }

    public boolean hasAttrOptin(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_OPTIN);
    }

    public boolean hasAttrOptout(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_OPTOUT);
    }

    public boolean hasAttrRead(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_READ);
    }

    public boolean canAttrDefAttrUpdate(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrDefAttrUpdate(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canAttrDefAttrRead(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrDefAttrRead(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean hasAttrDefAttrRead(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_DEF_ATTR_READ);
    }

    public boolean hasAttrDefAttrUpdate(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE);
    }

    public boolean hasAttrUpdate(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_UPDATE);
    }

    public boolean hasAttrView(Subject subject) {
        PrivilegeHelper.dispatch(GrouperSession.staticGrouperSession(), this.attributeDef, GrouperSession.staticGrouperSession().getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return GrouperSession.staticGrouperSession().getAttributeDefResolver().hasPrivilege(this.attributeDef, subject, AttributeDefPrivilege.ATTR_VIEW);
    }

    public boolean grantPriv(Subject subject, Privilege privilege, boolean z) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException {
        return internal_grantPriv(subject, privilege, z, null);
    }

    public boolean grantPrivs(final Subject subject, final boolean z, final boolean z2, final boolean z3, final boolean z4, final boolean z5, final boolean z6, final boolean z7, final boolean z8, final boolean z9) {
        return ((Boolean) GrouperTransaction.callbackGrouperTransaction(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, new GrouperTransactionHandler() { // from class: edu.internet2.middleware.grouper.attr.AttributeDefPrivilegeDelegate.1
            @Override // edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler
            public Object callback(GrouperTransaction grouperTransaction) throws GrouperDAOException {
                boolean z10 = false;
                if (z) {
                    z10 = false | AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_ADMIN, false);
                } else if (z9) {
                    z10 = false | AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_ADMIN, false);
                }
                if (z2) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_UPDATE, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_UPDATE, false);
                }
                if (z3) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_READ, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_READ, false);
                }
                if (z4) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_VIEW, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_VIEW, false);
                }
                if (z5) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_OPTIN, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_OPTIN, false);
                }
                if (z6) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_OPTOUT, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_OPTOUT, false);
                }
                if (z7) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_DEF_ATTR_READ, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_DEF_ATTR_READ, false);
                }
                if (z8) {
                    z10 |= AttributeDefPrivilegeDelegate.this.grantPriv(subject, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE, false);
                } else if (z9) {
                    z10 |= AttributeDefPrivilegeDelegate.this.revokePriv(subject, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE, false);
                }
                return Boolean.valueOf(z10);
            }
        })).booleanValue();
    }

    public boolean internal_grantPriv(final Subject subject, final Privilege privilege, final boolean z, final String str) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException {
        final StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        final String str2 = ", attributeDef name: " + this.attributeDef.getName() + ", subject: " + GrouperUtil.subjectToString(subject) + ", privilege: " + (privilege == null ? null : privilege.getName());
        return ((Boolean) HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() { // from class: edu.internet2.middleware.grouper.attr.AttributeDefPrivilegeDelegate.2
            @Override // edu.internet2.middleware.grouper.hibernate.HibernateHandler
            public Object callback(HibernateHandlerBean hibernateHandlerBean) throws GrouperDAOException {
                hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
                boolean z2 = false;
                try {
                    GrouperSession.staticGrouperSession().getAttributeDefResolver().grantPrivilege(AttributeDefPrivilegeDelegate.this.attributeDef, subject, privilege, str);
                    if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
                        AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.PRIVILEGE_ATTRIBUTE_DEF_ADD, "privilegeName", privilege.getName(), "memberId", MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, false).getUuid(), "privilegeType", "attrDef", "attributeDefId", AttributeDefPrivilegeDelegate.this.attributeDef.getUuid(), "attributeDefName", AttributeDefPrivilegeDelegate.this.attributeDef.getName());
                        auditEntry.setDescription("Added privilege: attributeDef: " + AttributeDefPrivilegeDelegate.this.attributeDef.getName() + ", subject: " + subject.getSource().getId() + "." + subject.getId() + ", privilege: " + privilege.getName());
                        auditEntry.saveOrUpdate(true);
                    }
                    RuleEngine.fireRule(RuleCheckType.subjectAssignInStem, new RulesPrivilegeBean(AttributeDefPrivilegeDelegate.this.attributeDef, subject, privilege));
                    z2 = true;
                } catch (UnableToPerformAlreadyExistsException e) {
                    if (z) {
                        throw new GrantPrivilegeAlreadyExistsException(e.getMessage() + str2, e);
                    }
                } catch (UnableToPerformException e2) {
                    throw new GrantPrivilegeException(e2.getMessage() + str2, e2);
                }
                stopWatch.stop();
                return Boolean.valueOf(z2);
            }
        })).booleanValue();
    }

    public boolean revokePriv(final Subject subject, final Privilege privilege, final boolean z) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException {
        final StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        final String str = ", attributeDef name: " + this.attributeDef.getName() + ", subject: " + GrouperUtil.subjectToString(subject) + ", privilege: " + (privilege == null ? null : privilege.getName());
        return ((Boolean) HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() { // from class: edu.internet2.middleware.grouper.attr.AttributeDefPrivilegeDelegate.3
            @Override // edu.internet2.middleware.grouper.hibernate.HibernateHandler
            public Object callback(HibernateHandlerBean hibernateHandlerBean) throws GrouperDAOException {
                hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
                boolean z2 = true;
                try {
                    GrouperSession.staticGrouperSession().getAttributeDefResolver().revokePrivilege(AttributeDefPrivilegeDelegate.this.attributeDef, subject, privilege);
                    if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
                        AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.PRIVILEGE_ATTRIBUTE_DEF_DELETE, "privilegeName", privilege.getName(), "memberId", MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, false).getUuid(), "privilegeType", "attrDef", "attributeDefId", AttributeDefPrivilegeDelegate.this.attributeDef.getUuid(), "attributeDefName", AttributeDefPrivilegeDelegate.this.attributeDef.getName());
                        auditEntry.setDescription("Deleted privilege: attributeDef: " + AttributeDefPrivilegeDelegate.this.attributeDef.getName() + ", subject: " + subject.getSource().getId() + "." + subject.getId() + ", privilege: " + privilege.getName());
                        auditEntry.saveOrUpdate(true);
                    }
                } catch (UnableToPerformAlreadyExistsException e) {
                    if (z) {
                        throw new RevokePrivilegeAlreadyRevokedException(e.getMessage() + str, e);
                    }
                    z2 = false;
                } catch (UnableToPerformException e2) {
                    throw new RevokePrivilegeException(e2.getMessage() + str, e2);
                }
                stopWatch.stop();
                return Boolean.valueOf(z2);
            }
        })).booleanValue();
    }

    public boolean canAttrRead(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrRead(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canAttrView(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrView(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canAttrUpdate(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrUpdate(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canAttrAdmin(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrAdmin(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean hasPrivilege(Subject subject, String str) {
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_ADMIN.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_ADMIN.getListName())) {
            return hasAttrAdmin(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_UPDATE.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_UPDATE.getListName())) {
            return hasAttrUpdate(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_READ.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_READ.getListName())) {
            return hasAttrRead(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_VIEW.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_VIEW.getListName())) {
            return hasAttrView(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTIN.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTIN.getListName())) {
            return hasAttrOptin(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTOUT.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTOUT.getListName())) {
            return hasAttrOptout(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_READ.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_READ.getListName())) {
            return hasAttrDefAttrRead(subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE.getListName())) {
            return hasAttrDefAttrUpdate(subject);
        }
        throw new RuntimeException("Cant find privilege: '" + str + "'");
    }

    public boolean canAttrOptin(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrOptin(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canAttrOptout(Subject subject) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        return PrivilegeHelper.canAttrOptout(staticGrouperSession, this.attributeDef, subject);
    }

    public boolean canHavePrivilege(Subject subject, String str, boolean z) {
        GrouperSession staticGrouperSession = GrouperSession.staticGrouperSession();
        if (z) {
            PrivilegeHelper.dispatch(staticGrouperSession, this.attributeDef, staticGrouperSession.getSubject(), AttributeDefPrivilege.ATTR_ADMIN);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_ADMIN.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_ADMIN.getListName())) {
            return PrivilegeHelper.canAttrAdmin(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_UPDATE.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_UPDATE.getListName())) {
            return PrivilegeHelper.canAttrUpdate(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_READ.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_READ.getListName())) {
            return PrivilegeHelper.canAttrRead(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_VIEW.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_VIEW.getListName())) {
            return PrivilegeHelper.canAttrView(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTIN.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTIN.getListName())) {
            return PrivilegeHelper.canAttrOptin(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTOUT.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_OPTOUT.getListName())) {
            return PrivilegeHelper.canAttrOptout(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_READ.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_READ.getListName())) {
            return PrivilegeHelper.canAttrDefAttrRead(staticGrouperSession, this.attributeDef, subject);
        }
        if (StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE.getName()) || StringUtils.equalsIgnoreCase(str, AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE.getListName())) {
            return PrivilegeHelper.canAttrDefAttrUpdate(staticGrouperSession, this.attributeDef, subject);
        }
        throw new RuntimeException("Cant find privilege: '" + str + "'");
    }
}
