package org.eclipse.stardust.engine.core.runtime.utils;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.eclipse.stardust.common.CollectionUtils;
import org.eclipse.stardust.common.CompareHelper;
import org.eclipse.stardust.engine.api.model.Activity;
import org.eclipse.stardust.engine.api.model.ConditionalPerformer;
import org.eclipse.stardust.engine.api.model.ModelParticipant;
import org.eclipse.stardust.engine.api.model.Organization;
import org.eclipse.stardust.engine.api.model.Participant;
import org.eclipse.stardust.engine.api.model.ProcessDefinition;
import org.eclipse.stardust.engine.api.runtime.ActivityScope;
import org.eclipse.stardust.engine.api.runtime.AdministrationService;
import org.eclipse.stardust.engine.api.runtime.DeployedModelDescription;
import org.eclipse.stardust.engine.api.runtime.Grant;
import org.eclipse.stardust.engine.api.runtime.ModelScope;
import org.eclipse.stardust.engine.api.runtime.Permission;
import org.eclipse.stardust.engine.api.runtime.ProcessScope;
import org.eclipse.stardust.engine.api.runtime.QueryService;
import org.eclipse.stardust.engine.api.runtime.Scope;
import org.eclipse.stardust.engine.api.runtime.Service;
import org.eclipse.stardust.engine.api.runtime.User;
import org.eclipse.stardust.engine.api.runtime.UserGroup;
import org.eclipse.stardust.engine.api.runtime.WorkflowService;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/runtime/utils/PermissionHelper.class */
public class PermissionHelper {
    private ConcurrentMap<Class<? extends Service>, Map<String, Set<Scope>>> permissionsCache;
    private Set<String> startableProcesses;
    private boolean useCaches;
    private User user;

    public PermissionHelper() {
        this(true);
    }

    public PermissionHelper(boolean z) {
        this.permissionsCache = CollectionUtils.newConcurrentHashMap();
        this.startableProcesses = null;
        this.useCaches = z;
    }

    public PermissionHelper(User user, Set<String> set) {
        this(true);
        this.user = user;
        this.startableProcesses = set;
    }

    public List<ProcessDefinition> filterProcessAccess(WorkflowService workflowService, List<ProcessDefinition> list) {
        return filterProcessAccess((!this.useCaches || this.user == null) ? workflowService.getUser() : this.user, workflowService, list);
    }

    public List<Activity> filterActivityAccess(WorkflowService workflowService, List<Activity> list) {
        return filterActivityAccess((!this.useCaches || this.user == null) ? workflowService.getUser() : this.user, workflowService, list);
    }

    public boolean hasPermission(Service service, String str, Activity activity) {
        return hasPermission(service, str, new ActivityScope(new ProcessScope(new ModelScope(activity.getModelOID()), activity.getProcessDefinitionId()), activity.getId()));
    }

    public boolean hasPermission(Service service, String str, ProcessDefinition processDefinition) {
        return hasPermission(service, str, new ProcessScope(new ModelScope(processDefinition.getModelOID()), processDefinition.getId()));
    }

    public boolean hasPermission(Service service, String str, DeployedModelDescription deployedModelDescription) {
        return hasPermission(service, str, new ModelScope(deployedModelDescription.getModelOID()));
    }

    public boolean canStartProcess(WorkflowService workflowService, ProcessDefinition processDefinition) {
        Set<String> set = this.useCaches ? this.startableProcesses : null;
        if (set == null) {
            set = CollectionUtils.newSet();
            Iterator<ProcessDefinition> it = workflowService.getStartableProcessDefinitions().iterator();
            while (it.hasNext()) {
                set.add(it.next().getId());
            }
            if (this.useCaches) {
                this.startableProcesses = set;
            }
        }
        return set.contains(processDefinition.getId());
    }

    public boolean canPerformActivity(User user, Activity activity) {
        ModelParticipant defaultPerformer = activity.getDefaultPerformer();
        while (defaultPerformer instanceof ConditionalPerformer) {
            Participant resolvedPerformer = ((ConditionalPerformer) defaultPerformer).getResolvedPerformer();
            if (resolvedPerformer == null) {
                return true;
            }
            if (resolvedPerformer instanceof ModelParticipant) {
                ModelParticipant modelParticipant = (ModelParticipant) resolvedPerformer;
                if (CompareHelper.areEqual(modelParticipant.getId(), defaultPerformer.getId())) {
                    return true;
                }
                defaultPerformer = modelParticipant;
            }
            if (resolvedPerformer instanceof User) {
                return CompareHelper.areEqual(user.getId(), ((User) resolvedPerformer).getId());
            }
            if (resolvedPerformer instanceof UserGroup) {
                Iterator<UserGroup> it = user.getAllGroups().iterator();
                while (it.hasNext()) {
                    if (CompareHelper.areEqual(it.next().getId(), ((UserGroup) resolvedPerformer).getId())) {
                        return true;
                    }
                }
                return false;
            }
        }
        return checkGrants(defaultPerformer, user.getAllGrants());
    }

    private List<ProcessDefinition> filterProcessAccess(User user, WorkflowService workflowService, List<ProcessDefinition> list) {
        List<ProcessDefinition> newList = CollectionUtils.newList();
        for (ProcessDefinition processDefinition : list) {
            if (hasPermission(workflowService, Permissions.PROCESS_DEFINITION_READ_PROCESS_INSTANCE_DATA, processDefinition)) {
                newList.add(processDefinition);
            }
        }
        return newList;
    }

    private List<Activity> filterActivityAccess(User user, WorkflowService workflowService, List<Activity> list) {
        List<Activity> newList = CollectionUtils.newList();
        for (Activity activity : list) {
            ProcessScope processScope = new ProcessScope(new ModelScope(activity.getModelOID()), activity.getProcessDefinitionId());
            if (hasPermission(workflowService, Permissions.ACTIVITY_READ_ACTIVITY_INSTANCE_DATA, activity) && hasPermission(workflowService, Permissions.PROCESS_DEFINITION_READ_PROCESS_INSTANCE_DATA, processScope)) {
                newList.add(activity);
            }
        }
        return newList;
    }

    private boolean checkGrants(ModelParticipant modelParticipant, List<Grant> list) {
        String namespace = modelParticipant.getNamespace();
        List<Grant> newList = CollectionUtils.newList(list.size());
        for (Grant grant : list) {
            if (CompareHelper.areEqual(namespace, grant.getNamespace())) {
                newList.add(grant);
            }
        }
        if (newList.isEmpty()) {
            return false;
        }
        return checkFilteredGrants(modelParticipant, newList);
    }

    private boolean checkFilteredGrants(ModelParticipant modelParticipant, List<Grant> list) {
        Iterator<Grant> it = list.iterator();
        while (it.hasNext()) {
            if (CompareHelper.areEqual(modelParticipant.getId(), it.next().getId())) {
                return true;
            }
        }
        Iterator<Organization> it2 = modelParticipant.getAllSuperOrganizations().iterator();
        while (it2.hasNext()) {
            if (checkGrants(it2.next(), list)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean hasPermission(Service service, String str, Scope scope) {
        if (str.startsWith("authorization:")) {
            str = str.substring("authorization:".length());
        }
        Map<String, Set<Scope>> map = this.useCaches ? this.permissionsCache.get(service.getClass()) : null;
        if (null != map) {
            return map.get(str).contains(scope);
        }
        List<Permission> permissions = service instanceof AdministrationService ? ((AdministrationService) service).getPermissions() : service instanceof WorkflowService ? ((WorkflowService) service).getPermissions() : service instanceof QueryService ? ((QueryService) service).getPermissions() : Collections.emptyList();
        if (!this.useCaches) {
            for (Permission permission : permissions) {
                if (permission.getPermissionId().equals(str)) {
                    return permission.getScopes().contains(scope);
                }
            }
            return false;
        }
        HashMap newHashMap = CollectionUtils.newHashMap();
        for (Permission permission2 : permissions) {
            newHashMap.put(permission2.getPermissionId(), CollectionUtils.newHashSet(permission2.getScopes()));
        }
        this.permissionsCache.putIfAbsent(service.getClass(), newHashMap);
        return hasPermission(service, str, scope);
    }
}
