package edu.internet2.middleware.grouper;

import edu.internet2.middleware.grouper.hibernate.HibUtils;
import edu.internet2.middleware.grouper.hibernate.HqlQuery;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter;
import edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter;
import edu.internet2.middleware.grouper.privs.Privilege;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.util.LinkedHashSet;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/grouper-4.5.5.jar:edu/internet2/middleware/grouper/GrouperAccessAdapter.class */
public class GrouperAccessAdapter extends GrouperNonDbAccessAdapter {
    public static final String HQL_FILTER_NO_RESULTS_INDICATOR = "HQL_FILTER_NO_RESULTS_INDICATOR";

    @Override // edu.internet2.middleware.grouper.privs.BaseAccessAdapter, edu.internet2.middleware.grouper.privs.AccessAdapter
    public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder sb, String str, Set<Privilege> set) {
        if (GrouperUtil.length(set) == 0) {
            return false;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(set);
        linkedHashSet.removeAll(AccessPrivilege.MANAGE_PRIVILEGES);
        boolean z = linkedHashSet.size() != 0;
        Member internal_findBySubject = MemberFinder.internal_findBySubject(subject, null, false);
        Member internal_findAllMember = MemberFinder.internal_findAllMember();
        String convertToInClause = HibUtils.convertToInClause(GrouperPrivilegeAdapter.fieldIdSet(priv2list, set), hqlQuery);
        StringBuilder append = sb.append(", MembershipEntry __accessMembership where __accessMembership.ownerGroupId = " + str + " and __accessMembership.fieldId in (");
        append.append(convertToInClause).append(") and __accessMembership.memberUuid in (");
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        if (internal_findBySubject != null) {
            linkedHashSet2.add(internal_findBySubject.getUuid());
        }
        if (z) {
            linkedHashSet2.add(internal_findAllMember.getUuid());
        }
        if (linkedHashSet2.size() == 0) {
            linkedHashSet2.add(HQL_FILTER_NO_RESULTS_INDICATOR);
        }
        append.append(HibUtils.convertToInClause(linkedHashSet2, hqlQuery)).append(")");
        append.append(" and __accessMembership.enabledDb = 'T'");
        return true;
    }

    @Override // edu.internet2.middleware.grouper.privs.BaseAccessAdapter, edu.internet2.middleware.grouper.privs.AccessAdapter
    public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder sb, String str, Privilege privilege, boolean z) {
        Member internal_findBySubject = MemberFinder.internal_findBySubject(subject, null, true);
        Member internal_findAllMember = MemberFinder.internal_findAllMember();
        String uuid = privilege.getField().getUuid();
        if (sb.indexOf(" where ") == -1) {
            sb.append(" where ");
        } else {
            sb.append(" and ");
        }
        boolean z2 = z && !AccessPrivilege.MANAGE_PRIVILEGES.contains(privilege);
        sb.append(" not exists (select __notInMembership.uuid from MembershipEntry __notInMembership where  __notInMembership.enabledDb = 'T' and __notInMembership.ownerGroupId = " + str + "  and __notInMembership.fieldId = :notInMembershipFieldId and __notInMembership.memberUuid in (  :notInMembershipMemberId" + (z2 ? ", :notInMembershipAllMemberId" : "") + ")) ");
        hqlQuery.setString("notInMembershipFieldId", uuid);
        hqlQuery.setString("notInMembershipMemberId", internal_findBySubject.getUuid());
        if (!z2) {
            return true;
        }
        hqlQuery.setString("notInMembershipAllMemberId", internal_findAllMember.getUuid());
        return true;
    }

    @Override // edu.internet2.middleware.grouper.privs.BaseAccessAdapter, edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> set, Subject subject, Set<Privilege> set2) {
        return set;
    }

    @Override // edu.internet2.middleware.grouper.privs.BaseAccessAdapter, edu.internet2.middleware.grouper.privs.AccessAdapter
    public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> set, Subject subject, Set<Privilege> set2) {
        return set;
    }

    @Override // edu.internet2.middleware.grouper.privs.BaseAccessAdapter, edu.internet2.middleware.grouper.privs.AccessAdapter
    public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder sb, String str, Privilege privilege, boolean z) {
        Member internal_findBySubject = MemberFinder.internal_findBySubject(subject, null, true);
        Member internal_findAllMember = MemberFinder.internal_findAllMember();
        String uuid = privilege.getField().getUuid();
        if (sb.indexOf(" where ") == -1) {
            sb.append(" where ");
        } else {
            sb.append(" and ");
        }
        boolean z2 = z && !AccessPrivilege.MANAGE_PRIVILEGES.contains(privilege);
        sb.append(" exists (select __inMembership.uuid from MembershipEntry __inMembership where  __inMembership.enabledDb = 'T' and __inMembership.ownerGroupId = " + str + "  and __inMembership.fieldId = :inMembershipFieldId and __inMembership.memberUuid in (  :inMembershipMemberId" + (z2 ? ", :inMembershipAllMemberId" : "") + ")) ");
        hqlQuery.setString("inMembershipFieldId", uuid);
        hqlQuery.setString("inMembershipMemberId", internal_findBySubject.getUuid());
        if (!z2) {
            return true;
        }
        hqlQuery.setString("inMembershipAllMemberId", internal_findAllMember.getUuid());
        return true;
    }
}
