package eu.freme.common.persistence.dao;

import eu.freme.common.exception.OwnedResourceNotFoundException;
import eu.freme.common.persistence.model.OwnedResource;
import eu.freme.common.persistence.model.User;
import eu.freme.common.persistence.repository.OwnedResourceRepository;
import eu.freme.common.persistence.tools.AccessLevelHelper;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:eu/freme/common/persistence/dao/OwnedResourceDAO.class */
public abstract class OwnedResourceDAO<Entity extends OwnedResource> extends DAO<OwnedResourceRepository<Entity>, Entity> {

    @Autowired
    AbstractAccessDecisionManager decisionManager;

    @Autowired
    AccessLevelHelper accessLevelHelper;

    public abstract String tableName();

    @Override // eu.freme.common.persistence.dao.DAO
    public void delete(Entity entity) {
        this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), entity, this.accessLevelHelper.writeAccess());
        super.delete((OwnedResourceDAO<Entity>) entity);
    }

    @Override // eu.freme.common.persistence.dao.DAO
    public Entity save(Entity entity) {
        if (entity.getOwner() == null) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication instanceof AnonymousAuthenticationToken) {
                throw new AccessDeniedException("Could not set current user as owner of created resource (" + tableName() + "): The anonymous user can not own any resource. You have to be logged in to create a resource.");
            }
            entity.setOwner((User) authentication.getPrincipal());
        }
        this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), entity, this.accessLevelHelper.writeAccess());
        entity.preSave();
        return (Entity) super.save((OwnedResourceDAO<Entity>) entity);
    }

    public Entity findOneByIdentifier(String str) {
        Entity findOneByIdentifierUnsecured = findOneByIdentifierUnsecured(str);
        if (findOneByIdentifierUnsecured == null) {
            throw new OwnedResourceNotFoundException("Can not find " + tableName() + " with " + getIdentifierName() + "='" + str + "'");
        }
        this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), findOneByIdentifierUnsecured, this.accessLevelHelper.readAccess());
        findOneByIdentifierUnsecured.postFetch();
        return findOneByIdentifierUnsecured;
    }

    public Entity findOneByIdentifierUnsecured(String str) {
        return (Entity) ((OwnedResourceRepository) this.repository).findOneById(Integer.parseInt(str));
    }

    public String getIdentifierName() {
        return "id";
    }

    public Entity updateOwner(Entity entity, User user) {
        this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), entity, this.accessLevelHelper.writeAccess());
        entity.setOwner(user);
        return (Entity) super.save((OwnedResourceDAO<Entity>) entity);
    }

    public List<Entity> findAllReadAccessible() {
        String str;
        if (((OwnedResourceRepository) this.repository).count() == 0) {
            return new ArrayList(0);
        }
        String tableName = tableName();
        String lowerCase = tableName.toLowerCase();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof AnonymousAuthenticationToken) {
            this.logger.debug("Find owned resources as ANONYMOUS USER");
            str = "select " + lowerCase + " from " + tableName + " " + lowerCase + " where " + lowerCase + ".visibility = " + OwnedResource.Visibility.PUBLIC.ordinal() + " order by " + getIdentifierName();
        } else {
            User user = (User) authentication.getPrincipal();
            str = user.getRole().equals(User.roleAdmin) ? "select " + lowerCase + " from " + tableName + " " + lowerCase + " order by " + getIdentifierName() : "select " + lowerCase + " from " + tableName + " " + lowerCase + " where " + lowerCase + ".owner.name = '" + user.getName() + "' or " + lowerCase + ".visibility = " + OwnedResource.Visibility.PUBLIC.ordinal() + " order by " + getIdentifierName();
        }
        List<Entity> resultList = this.entityManager.createQuery(str).getResultList();
        Iterator<Entity> it = resultList.iterator();
        while (it.hasNext()) {
            it.next().postFetch();
        }
        return resultList;
    }

    public boolean hasReadAccess(Entity entity) {
        try {
            this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), entity, this.accessLevelHelper.readAccess());
            return true;
        } catch (AccessDeniedException e) {
            return false;
        }
    }

    public boolean hasWriteAccess(Entity entity) {
        try {
            this.decisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), entity, this.accessLevelHelper.writeAccess());
            return true;
        } catch (AccessDeniedException e) {
            return false;
        }
    }
}
