package org.vaadin.appfoundation.authorization.jpa;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.vaadin.appfoundation.authorization.AbstractPermissionManager;
import org.vaadin.appfoundation.authorization.PermissionResultType;
import org.vaadin.appfoundation.authorization.Resource;
import org.vaadin.appfoundation.authorization.Role;
import org.vaadin.appfoundation.persistence.facade.FacadeFactory;

/* loaded from: input_file:org/vaadin/appfoundation/authorization/jpa/JPAPermissionManager.class */
public class JPAPermissionManager extends AbstractPermissionManager {
    @Override // org.vaadin.appfoundation.authorization.PermissionManager
    public void allow(Role role, String str, Resource resource) {
        checkRoleAndResourceNotNull(role, resource);
        Map<PermissionType, PermissionEntity> permissions = getPermissions(role, str, resource);
        if (!permissions.containsKey(PermissionType.DENY)) {
            createPermissionEntity(PermissionType.ALLOW, role, str, resource);
            return;
        }
        PermissionEntity permissionEntity = permissions.get(PermissionType.DENY);
        permissionEntity.setType(PermissionType.ALLOW);
        FacadeFactory.getFacade().store(permissionEntity);
    }

    @Override // org.vaadin.appfoundation.authorization.PermissionManager
    public void allowAll(Role role, Resource resource) {
        checkRoleAndResourceNotNull(role, resource);
        Map<PermissionType, PermissionEntity> permissions = getPermissions(role, null, resource);
        if (!permissions.containsKey(PermissionType.DENY_ALL)) {
            createPermissionEntity(PermissionType.ALLOW_ALL, role, null, resource);
            return;
        }
        PermissionEntity permissionEntity = permissions.get(PermissionType.DENY_ALL);
        permissionEntity.setType(PermissionType.ALLOW_ALL);
        FacadeFactory.getFacade().store(permissionEntity);
    }

    @Override // org.vaadin.appfoundation.authorization.PermissionManager
    public void deny(Role role, String str, Resource resource) {
        checkRoleAndResourceNotNull(role, resource);
        Map<PermissionType, PermissionEntity> permissions = getPermissions(role, str, resource);
        if (!permissions.containsKey(PermissionType.ALLOW)) {
            createPermissionEntity(PermissionType.DENY, role, str, resource);
            return;
        }
        PermissionEntity permissionEntity = permissions.get(PermissionType.ALLOW);
        permissionEntity.setType(PermissionType.DENY);
        FacadeFactory.getFacade().store(permissionEntity);
    }

    @Override // org.vaadin.appfoundation.authorization.PermissionManager
    public void denyAll(Role role, Resource resource) {
        checkRoleAndResourceNotNull(role, resource);
        Map<PermissionType, PermissionEntity> permissions = getPermissions(role, null, resource);
        if (!permissions.containsKey(PermissionType.ALLOW_ALL)) {
            createPermissionEntity(PermissionType.DENY_ALL, role, null, resource);
            return;
        }
        PermissionEntity permissionEntity = permissions.get(PermissionType.ALLOW_ALL);
        permissionEntity.setType(PermissionType.DENY_ALL);
        FacadeFactory.getFacade().store(permissionEntity);
    }

    private boolean hasResourceActionAllowPermissions(Resource resource, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("resource", resource.getIdentifier());
        hashMap.put("action", str);
        hashMap.put("typeAllow", PermissionType.ALLOW);
        hashMap.put("typeAllowAll", PermissionType.ALLOW_ALL);
        return FacadeFactory.getFacade().count(PermissionEntity.class, "p.resource = :resource AND ((p.action = :action AND p.type = :typeAllow) OR (p.type = :typeAllowAll))", hashMap).longValue() > 0;
    }

    private void createPermissionEntity(PermissionType permissionType, Role role, String str, Resource resource) {
        PermissionEntity permissionEntity = new PermissionEntity(permissionType);
        permissionEntity.setRole(role.getIdentifier());
        permissionEntity.setAction(str);
        permissionEntity.setResource(resource.getIdentifier());
        FacadeFactory.getFacade().store(permissionEntity);
    }

    private Map<PermissionType, PermissionEntity> getPermissions(Role role, String str, Resource resource) {
        HashMap hashMap = new HashMap();
        hashMap.put("role", role.getIdentifier());
        hashMap.put("action", str);
        hashMap.put("resource", resource.getIdentifier());
        hashMap.put("typeAllow", PermissionType.ALLOW);
        hashMap.put("typeDeny", PermissionType.DENY);
        hashMap.put("typeAllowAll", PermissionType.ALLOW_ALL);
        hashMap.put("typeDenyAll", PermissionType.DENY_ALL);
        List<PermissionEntity> list = FacadeFactory.getFacade().list("SELECT p FROM PermissionEntity p WHERE p.role = :role AND p.resource = :resource AND ((p.action = :action AND (p.type = :typeAllow OR p.type = :typeDeny)) OR (p.type = :typeAllowAll OR p.type = :typeDenyAll))", hashMap);
        HashMap hashMap2 = new HashMap();
        if (list != null) {
            for (PermissionEntity permissionEntity : list) {
                hashMap2.put(permissionEntity.getType(), permissionEntity);
            }
        }
        return hashMap2;
    }

    @Override // org.vaadin.appfoundation.authorization.AbstractPermissionManager
    protected PermissionResultType getPermissionResultType(Role role, String str, Resource resource) {
        checkRoleAndResourceNotNull(role, resource);
        Map<PermissionType, PermissionEntity> permissions = getPermissions(role, str, resource);
        return permissions.containsKey(PermissionType.ALLOW) ? PermissionResultType.ALLOW_EXPLICITLY : permissions.containsKey(PermissionType.DENY) ? PermissionResultType.DENY_EXPLICITLY : permissions.containsKey(PermissionType.ALLOW_ALL) ? PermissionResultType.ALLOW_EXPLICITLY : permissions.containsKey(PermissionType.DENY_ALL) ? PermissionResultType.DENY_EXPLICITLY : hasResourceActionAllowPermissions(resource, str) ? PermissionResultType.DENY_IMPLICITLY : PermissionResultType.ALLOW_IMPLICITLY;
    }
}
