package ch.elexis.core.services.internal;

import ch.elexis.core.ac.ACE;
import ch.elexis.core.ac.AbstractAccessControl;
import ch.elexis.core.jdt.NonNull;
import ch.elexis.core.jdt.Nullable;
import ch.elexis.core.model.IRight;
import ch.elexis.core.model.IRole;
import ch.elexis.core.model.IUser;
import ch.elexis.core.services.IModelService;
import ch.elexis.core.services.holder.ContextServiceHolder;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ch/elexis/core/services/internal/RoleBasedAccessControl.class */
public class RoleBasedAccessControl extends AbstractAccessControl {
    private Logger log = LoggerFactory.getLogger(getClass());
    public static final String QUERY_RIGHT_FOR_USER = "SELECT COUNT(*) FROM RIGHTS_PER_USER WHERE USER_ID LIKE '%s' AND (";
    public static final String QUERY_RIGHT_FOR_ROLE = "SELECT COUNT(*) FROM RIGHTS_PER_ROLE WHERE ROLE_ID LIKE '%s' AND (";
    private IModelService modelService;
    private static final String INSERT_ROLE_RIGHT_JOINT = "INSERT INTO ROLE_RIGHT_JOINT (ID, ROLE_ID) VALUES ('%s', '%s')";
    private static final String DELETE_ROLE_RIGHT_JOINT = "DELETE FROM ROLE_RIGHT_JOINT WHERE (ID='%s') AND (ROLE_ID='%s')";

    public RoleBasedAccessControl(IModelService iModelService) {
        this.modelService = iModelService;
    }

    protected boolean queryRightForUser(@NonNull IUser iUser, @NonNull ACE ace) {
        return queryRight(QUERY_RIGHT_FOR_USER, iUser.getId(), ace);
    }

    protected boolean queryRightForRole(IRole iRole, ACE ace) {
        return queryRight(QUERY_RIGHT_FOR_ROLE, iRole.getId(), ace);
    }

    private boolean queryRight(String str, String str2, ACE ace) {
        StringBuilder sb = new StringBuilder(String.format(str, str2));
        List parentChainIncludingSelf = ace.getParentChainIncludingSelf();
        for (int i = 0; i < parentChainIncludingSelf.size(); i++) {
            ACE ace2 = (ACE) parentChainIncludingSelf.get(i);
            if (i > 0) {
                sb.append(" OR ");
            }
            sb.append(" RIGHT_ID = '" + ace2.getUniqueHash() + "'");
        }
        sb.append(");");
        boolean z = false;
        try {
            z = ((Long) ((List) this.modelService.executeNativeQuery(sb.toString()).collect(Collectors.toList())).get(0)).longValue() > 0;
        } catch (NumberFormatException e) {
            this.log.error("Error querying access right ", e);
        }
        return z;
    }

    public boolean request(@Nullable ACE ace) {
        return request((IUser) null, ace);
    }

    public boolean request(@Nullable IUser iUser, @Nullable ACE ace) {
        if (ace == null) {
            return false;
        }
        if (iUser == null) {
            Optional activeUser = ContextServiceHolder.get().getActiveUser();
            if (!activeUser.isPresent()) {
                return false;
            }
            iUser = (IUser) activeUser.get();
        }
        if (iUser.isAdministrator()) {
            return true;
        }
        return queryRightForUser(iUser, ace);
    }

    public boolean request(@NonNull IRole iRole, @Nullable ACE ace) {
        if (ace == null) {
            return false;
        }
        return queryRightForRole(iRole, ace);
    }

    public void grant(IRole iRole, ACE ace) {
        String format;
        int executeNativeUpdate;
        if (iRole.getAssignedRights().contains(getOrCreateRightByACE(ace)) || (executeNativeUpdate = this.modelService.executeNativeUpdate((format = String.format(INSERT_ROLE_RIGHT_JOINT, ace.getUniqueHash(), iRole.getId())))) == 1) {
            return;
        }
        this.log.warn("Error in [{}] result size is [{}]", format, Integer.valueOf(executeNativeUpdate));
    }

    public void revoke(IRole iRole, ACE ace) {
        String format = String.format(DELETE_ROLE_RIGHT_JOINT, ace.getUniqueHash(), iRole.getId());
        int executeNativeUpdate = this.modelService.executeNativeUpdate(format);
        if (executeNativeUpdate != 1) {
            this.log.warn("Error in [{}] result size is [{}]", format, Integer.valueOf(executeNativeUpdate));
        }
    }

    private IRight getOrCreateRightByACE(ACE ace) {
        Optional load = this.modelService.load(ace.getUniqueHash(), IRight.class);
        if (load.isPresent()) {
            return (IRight) load.get();
        }
        IRight iRight = (IRight) this.modelService.create(IRight.class);
        iRight.setId(ace.getUniqueHash());
        iRight.setName(ace.getName());
        iRight.setLocalizedName(ace.getLocalizedName());
        iRight.setParent(getOrCreateRightByACE(ace.getParent()));
        this.modelService.save(iRight);
        return iRight;
    }
}
