package eu.etaxonomy.cdm.persistence.hibernate;

import eu.etaxonomy.cdm.model.CdmBaseType;
import eu.etaxonomy.cdm.model.common.CdmBase;
import eu.etaxonomy.cdm.model.common.IPublishable;
import eu.etaxonomy.cdm.model.permission.CRUD;
import eu.etaxonomy.cdm.model.permission.Operation;
import eu.etaxonomy.cdm.persistence.permission.ICdmPermissionEvaluator;
import eu.etaxonomy.cdm.persistence.permission.PermissionDeniedException;
import eu.etaxonomy.cdm.persistence.permission.Role;
import eu.etaxonomy.cdm.persistence.permission.TargetEntityStates;
import java.beans.Introspector;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.EmptyInterceptor;
import org.hibernate.type.Type;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:lib/cdmlib-persistence-5.45.0.jar:eu/etaxonomy/cdm/persistence/hibernate/CdmSecurityHibernateInterceptor.class */
public class CdmSecurityHibernateInterceptor extends EmptyInterceptor {
    private static final long serialVersionUID = 8477758472369568074L;
    private ICdmPermissionEvaluator permissionEvaluator;
    private static final Logger logger = LogManager.getLogger();
    public static final Map<Class<? extends CdmBase>, Set<String>> exculdeMap = new HashMap();

    public ICdmPermissionEvaluator getPermissionEvaluator() {
        return this.permissionEvaluator;
    }

    public void setPermissionEvaluator(ICdmPermissionEvaluator iCdmPermissionEvaluator) {
        this.permissionEvaluator = iCdmPermissionEvaluator;
    }

    @Override // org.hibernate.EmptyInterceptor, org.hibernate.Interceptor
    public boolean onSave(Object obj, Serializable serializable, Object[] objArr, String[] strArr, Type[] typeArr) {
        if (SecurityContextHolder.getContext().getAuthentication() == null || !(obj instanceof CdmBase)) {
            return true;
        }
        checkPermissions(new TargetEntityStates((CdmBase) obj, objArr, null, strArr), Operation.CREATE);
        logger.debug("permission check suceeded - object creation granted");
        return true;
    }

    @Override // org.hibernate.EmptyInterceptor, org.hibernate.Interceptor
    public boolean onFlushDirty(Object obj, Serializable serializable, Object[] objArr, Object[] objArr2, String[] strArr, Type[] typeArr) {
        if (SecurityContextHolder.getContext().getAuthentication() == null || !(obj instanceof CdmBase)) {
            return true;
        }
        CdmBase cdmBase = (CdmBase) obj;
        if (objArr2 == null) {
            return onSave(cdmBase, serializable, objArr, strArr, null);
        }
        Set<String> set = exculdeMap.get(baseType(cdmBase));
        set.addAll(unprotectedCacheFields(objArr, objArr2, strArr));
        if (!isModified(objArr, objArr2, strArr, set)) {
            return true;
        }
        checkPermissions(new TargetEntityStates(cdmBase, objArr, objArr2, strArr), Operation.UPDATE);
        logger.debug("Operation.UPDATE permission check suceeded - object update granted");
        if (!IPublishable.class.isAssignableFrom(obj.getClass()) || !namedPropertyIsModified(objArr, objArr2, strArr, "publish")) {
            return true;
        }
        checkRoles(Role.ROLE_PUBLISH, Role.ROLE_ADMIN);
        logger.debug("Role.ROLE_PUBLISH permission check suceeded - object update granted");
        return true;
    }

    protected Collection<? extends String> unprotectedCacheFields(Object[] objArr, Object[] objArr2, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].matches("^protected.*Cache$") && (objArr[i] instanceof Boolean) && !((Boolean) objArr[i]).booleanValue() && objArr[i].equals(objArr2[i])) {
                arrayList.add(strArr[i]);
                arrayList.add(Introspector.decapitalize(strArr[i].replace("protected", "")));
            }
        }
        return arrayList;
    }

    private Class<? extends CdmBase> baseType(CdmBase cdmBase) {
        Class<? extends CdmBase> baseTypeFor = CdmBaseType.baseTypeFor(cdmBase.getClass());
        return baseTypeFor == null ? CdmBase.class : baseTypeFor;
    }

    @Override // org.hibernate.EmptyInterceptor, org.hibernate.Interceptor
    public void onDelete(Object obj, Serializable serializable, Object[] objArr, String[] strArr, Type[] typeArr) {
        if (SecurityContextHolder.getContext().getAuthentication() == null || !(obj instanceof CdmBase)) {
            return;
        }
        checkPermissions(new TargetEntityStates((CdmBase) obj, objArr, null, strArr), Operation.DELETE);
        logger.debug("permission check suceeded - object update granted");
    }

    private void checkPermissions(TargetEntityStates targetEntityStates, EnumSet<CRUD> enumSet) {
        if (!this.permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), targetEntityStates, enumSet)) {
            throw new PermissionDeniedException(SecurityContextHolder.getContext().getAuthentication(), targetEntityStates.getEntity(), enumSet);
        }
    }

    private void checkRoles(Role... roleArr) {
        if (!this.permissionEvaluator.hasOneOfRoles(SecurityContextHolder.getContext().getAuthentication(), roleArr)) {
            throw new PermissionDeniedException(SecurityContextHolder.getContext().getAuthentication(), roleArr);
        }
    }

    private boolean isModified(Object[] objArr, Object[] objArr2, String[] strArr, Set<String> set) {
        HashSet hashSet = null;
        if (set != null && set.size() > 0) {
            hashSet = new HashSet(set.size());
            int i = 0;
            for (String str : strArr) {
                if (set.contains(str)) {
                    hashSet.add(Integer.valueOf(i));
                }
                if (hashSet.size() == set.size()) {
                    break;
                }
                i++;
            }
        }
        for (int i2 = 0; i2 < objArr.length; i2++) {
            if ((hashSet == null || !hashSet.contains(Integer.valueOf(i2))) && propertyIsModified(objArr, objArr2, i2)) {
                if (!logger.isDebugEnabled()) {
                    return true;
                }
                logger.debug("modified property found: " + strArr[i2] + ", previousState: " + objArr2[i2] + ", currentState: " + objArr[i2]);
                return true;
            }
        }
        return false;
    }

    private boolean propertyIsModified(Object[] objArr, Object[] objArr2, int i) {
        if (objArr[i] == null && objArr2[i] != null) {
            return true;
        }
        if (objArr[i] == null || objArr2[i] != null) {
            return (objArr[i] == null || objArr2[i] == null || objArr[i].equals(objArr2[i])) ? false : true;
        }
        return true;
    }

    private boolean namedPropertyIsModified(Object[] objArr, Object[] objArr2, String[] strArr, String str) {
        return propertyIsModified(objArr, objArr2, ArrayUtils.indexOf(strArr, str));
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("createdBy");
        hashSet.add("created");
        hashSet.add("updatedBy");
        hashSet.add("updated");
        for (CdmBaseType cdmBaseType : CdmBaseType.valuesCustom()) {
            exculdeMap.put(cdmBaseType.getBaseClass(), new HashSet());
            exculdeMap.get(cdmBaseType.getBaseClass()).addAll(hashSet);
        }
        exculdeMap.put(CdmBase.class, new HashSet());
        exculdeMap.get(CdmBase.class).addAll(hashSet);
    }
}
