package org.molgenis.data.security.meta;

import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import org.molgenis.data.AbstractRepositoryDecorator;
import org.molgenis.data.DataService;
import org.molgenis.data.Entity;
import org.molgenis.data.Fetch;
import org.molgenis.data.MolgenisDataAccessException;
import org.molgenis.data.MolgenisDataException;
import org.molgenis.data.Query;
import org.molgenis.data.Repository;
import org.molgenis.data.UnknownEntityException;
import org.molgenis.data.aggregation.AggregateQuery;
import org.molgenis.data.aggregation.AggregateResult;
import org.molgenis.data.meta.model.EntityType;
import org.molgenis.data.meta.system.SystemEntityTypeRegistry;
import org.molgenis.data.security.auth.GroupAuthority;
import org.molgenis.data.security.auth.GroupAuthorityMetaData;
import org.molgenis.data.security.auth.UserAuthority;
import org.molgenis.data.security.auth.UserAuthorityMetaData;
import org.molgenis.data.security.util.SecurityDecoratorUtils;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.security.core.Permission;
import org.molgenis.security.core.PermissionService;
import org.molgenis.security.core.utils.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/molgenis-data-security-6.1.0.jar:org/molgenis/data/security/meta/EntityTypeRepositorySecurityDecorator.class */
public class EntityTypeRepositorySecurityDecorator extends AbstractRepositoryDecorator<EntityType> {
    private final SystemEntityTypeRegistry systemEntityTypeRegistry;
    private final PermissionService permissionService;
    private final DataService dataService;

    /* loaded from: input_file:WEB-INF/lib/molgenis-data-security-6.1.0.jar:org/molgenis/data/security/meta/EntityTypeRepositorySecurityDecorator$FilteredConsumer.class */
    private static class FilteredConsumer {
        private final Consumer<List<EntityType>> consumer;
        private final PermissionService permissionService;

        FilteredConsumer(Consumer<List<EntityType>> consumer, PermissionService permissionService) {
            this.consumer = (Consumer) Objects.requireNonNull(consumer);
            this.permissionService = (PermissionService) Objects.requireNonNull(permissionService);
        }

        void filter(List<EntityType> list) {
            this.consumer.accept((List) list.stream().filter(entityType -> {
                return this.permissionService.hasPermissionOnEntityType(entityType.getId(), Permission.COUNT);
            }).collect(Collectors.toList()));
        }
    }

    public EntityTypeRepositorySecurityDecorator(Repository<EntityType> repository, SystemEntityTypeRegistry systemEntityTypeRegistry, PermissionService permissionService, DataService dataService) {
        super(repository);
        this.systemEntityTypeRegistry = (SystemEntityTypeRegistry) Objects.requireNonNull(systemEntityTypeRegistry);
        this.permissionService = (PermissionService) Objects.requireNonNull(permissionService);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public long count() {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().count() : filterCountPermission(StreamSupport.stream(delegate().spliterator(), false)).count();
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public long count(Query<EntityType> query) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            return delegate().count(query);
        }
        QueryImpl queryImpl = new QueryImpl(query);
        queryImpl.offset(0).pageSize(Integer.MAX_VALUE);
        return filterCountPermission(delegate().findAll(queryImpl)).count();
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<EntityType> findAll(Query<EntityType> query) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            return delegate().findAll(query);
        }
        QueryImpl queryImpl = new QueryImpl(query);
        queryImpl.offset(0).pageSize(Integer.MAX_VALUE);
        Stream<EntityType> filterCountPermission = filterCountPermission(delegate().findAll(queryImpl));
        if (query.getOffset() > 0) {
            filterCountPermission = filterCountPermission.skip(query.getOffset());
        }
        if (query.getPageSize() > 0) {
            filterCountPermission = filterCountPermission.limit(query.getPageSize());
        }
        return filterCountPermission;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, java.lang.Iterable
    public Iterator<EntityType> iterator() {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().iterator() : filterCountPermission(StreamSupport.stream(delegate().spliterator(), false)).iterator();
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void forEachBatched(Fetch fetch, Consumer<List<EntityType>> consumer, int i) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            delegate().forEachBatched(fetch, consumer, i);
            return;
        }
        FilteredConsumer filteredConsumer = new FilteredConsumer(consumer, this.permissionService);
        Repository<EntityType> delegate = delegate();
        filteredConsumer.getClass();
        delegate.forEachBatched(fetch, filteredConsumer::filter, i);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public EntityType findOne(Query<EntityType> query) {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().findOne(query) : filterCountPermission(delegate().findOne(query));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public EntityType findOneById(Object obj) {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().findOneById(obj) : filterCountPermission(delegate().findOneById(obj));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public EntityType findOneById(Object obj, Fetch fetch) {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().findOneById(obj, fetch) : filterCountPermission(delegate().findOneById(obj, fetch));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<EntityType> findAll(Stream<Object> stream) {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().findAll(stream) : filterCountPermission(delegate().findAll(stream));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<EntityType> findAll(Stream<Object> stream, Fetch fetch) {
        return SecurityUtils.currentUserIsSuOrSystem() ? delegate().findAll(stream, fetch) : filterCountPermission(delegate().findAll(stream, fetch));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public AggregateResult aggregate(AggregateQuery aggregateQuery) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            return delegate().aggregate(aggregateQuery);
        }
        throw new MolgenisDataAccessException(String.format("Aggregation on entity [%s] not allowed", getName()));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void update(EntityType entityType) {
        validateUpdateAllowed(entityType);
        super.update((EntityTypeRepositorySecurityDecorator) entityType);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void update(Stream<EntityType> stream) {
        super.update(stream.filter(entityType -> {
            validateUpdateAllowed(entityType);
            return true;
        }));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void delete(EntityType entityType) {
        validateDeleteAllowed(entityType);
        deleteEntityPermissions(entityType);
        super.delete((EntityTypeRepositorySecurityDecorator) entityType);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void delete(Stream<EntityType> stream) {
        super.delete(stream.filter(entityType -> {
            validateDeleteAllowed(entityType);
            deleteEntityPermissions(entityType);
            return true;
        }));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteById(Object obj) {
        validateDeleteAllowed(obj);
        deleteEntityPermissions(obj.toString());
        super.deleteById(obj);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteAll(Stream<Object> stream) {
        super.deleteAll(stream.filter(obj -> {
            validateDeleteAllowed(obj);
            deleteEntityPermissions(obj.toString());
            return true;
        }));
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteAll() {
        iterator().forEachRemaining(entityType -> {
            validateDeleteAllowed(entityType);
            deleteEntityPermissions(entityType);
        });
        super.deleteAll();
    }

    private void deleteEntityPermissions(EntityType entityType) {
        deleteEntityPermissions(entityType.getId());
    }

    private void deleteEntityPermissions(String str) {
        List<String> entityAuthorities = SecurityUtils.getEntityAuthorities(str);
        List list = (List) this.dataService.query(UserAuthorityMetaData.USER_AUTHORITY, UserAuthority.class).in("role", entityAuthorities).findAll().collect(Collectors.toList());
        if (!list.isEmpty()) {
            this.dataService.delete(UserAuthorityMetaData.USER_AUTHORITY, list.stream());
        }
        List list2 = (List) this.dataService.query(GroupAuthorityMetaData.GROUP_AUTHORITY, GroupAuthority.class).in("role", entityAuthorities).findAll().collect(Collectors.toList());
        if (list2.isEmpty()) {
            return;
        }
        this.dataService.delete(GroupAuthorityMetaData.GROUP_AUTHORITY, list2.stream());
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void add(EntityType entityType) {
        validateAddAllowed(entityType);
        super.add((EntityTypeRepositorySecurityDecorator) entityType);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Integer add(Stream<EntityType> stream) {
        return super.add(stream.filter(entityType -> {
            validateAddAllowed(entityType);
            return true;
        }));
    }

    private void validateAddAllowed(EntityType entityType) {
        SecurityDecoratorUtils.validatePermission(entityType, Permission.WRITEMETA);
    }

    private void validateUpdateAllowed(EntityType entityType) {
        SecurityDecoratorUtils.validatePermission(entityType, Permission.WRITEMETA);
        if (this.systemEntityTypeRegistry.hasSystemEntityType(entityType.getId()) && !SecurityUtils.currentUserIsSystem()) {
            throw new MolgenisDataException(String.format("Updating system entity meta data [%s] is not allowed", entityType.getLabel()));
        }
    }

    private void validateDeleteAllowed(EntityType entityType) {
        SecurityDecoratorUtils.validatePermission(entityType, Permission.WRITEMETA);
        String id = entityType.getId();
        if (this.systemEntityTypeRegistry.hasSystemEntityType(id)) {
            throw new MolgenisDataException(String.format("Deleting system entity meta data [%s] is not allowed", id));
        }
    }

    private void validateDeleteAllowed(Object obj) {
        EntityType findOneById = findOneById(obj);
        if (findOneById == null) {
            throw new UnknownEntityException(String.format("Unknown entity meta data [%s] with id [%s]", getName(), obj.toString()));
        }
        validateDeleteAllowed(findOneById);
    }

    private EntityType filterCountPermission(EntityType entityType) {
        if (entityType != null) {
            return filterCountPermission(Stream.of(entityType)).findFirst().orElse(null);
        }
        return null;
    }

    private Stream<EntityType> filterCountPermission(Stream<EntityType> stream) {
        return filterPermission(stream, Permission.COUNT);
    }

    private Stream<EntityType> filterPermission(Stream<EntityType> stream, Permission permission) {
        return stream.filter(entityType -> {
            return this.permissionService.hasPermissionOnEntityType(entityType.getId(), permission);
        });
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public /* bridge */ /* synthetic */ Entity findOne(Query query) {
        return findOne((Query<EntityType>) query);
    }
}
