package com.suncode.plugin.plusproject.core.security;

import com.suncode.plugin.plusproject.core.cfg.AppSettings;
import com.suncode.plugin.plusproject.core.cfg.DBConstants;
import com.suncode.plugin.plusproject.core.cfg.SystemContext;
import com.suncode.plugin.plusproject.core.item.BaseItem;
import com.suncode.plugin.plusproject.core.project.Project;
import com.suncode.plugin.plusproject.core.project.ProjectService;
import com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener;
import com.suncode.plugin.plusproject.core.task.Task;
import com.suncode.plugin.plusproject.core.task.TaskService;
import com.suncode.plugin.plusproject.core.task.listener.TaskEventListener;
import com.suncode.plugin.plusproject.core.user.Team;
import com.suncode.plugin.plusproject.core.user.TeamPermissionTransformer;
import com.suncode.plugin.plusproject.core.user.TeamService;
import com.suncode.plugin.plusproject.core.user.UserPermission;
import com.suncode.plugin.plusproject.core.user.UserPermissionTransformer;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserFinder;
import com.suncode.pwfl.administration.user.UserService;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.FetchMode;
import org.hibernate.SQLQuery;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.ldap.LdapServerBeanDefinitionParser;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

@Transactional
@Primary
@Service
/* loaded from: input_file:com/suncode/plugin/plusproject/core/security/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionService, TaskEventListener, ProjectEventListener, InitializingBean {
    private static Logger log = LoggerFactory.getLogger(PermissionServiceImpl.class);

    @Autowired
    private ObjectPermissionRepo repo;

    @Autowired
    private UserService us;

    @Autowired
    private TeamService teamService;

    @Autowired
    private SessionFactory sf;

    @Autowired
    private ProjectService ps;

    @Autowired
    private TaskService ts;

    @Autowired
    private SystemContext ctx;

    @Autowired
    private UserFinder uf;

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void deleteAll() {
        this.repo.deleteAll();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<Team> getTeamsWithPermissions(Class<?> cls, Long l, String str, String str2) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.setFetchMode("team", FetchMode.JOIN);
        forClass.add(Restrictions.eq("objectId", l));
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.isNotNull("team.id"));
        if (StringUtils.isNotBlank(str)) {
            forClass.add(Restrictions.ilike("team.name", "%" + str + "%"));
        }
        if (StringUtils.isNotBlank(str2)) {
            forClass.createAlias("team.users", "teamUser");
            Disjunction disjunction = Restrictions.disjunction();
            disjunction.add(Restrictions.ilike("teamUser.firstname", "%" + str2 + "%"));
            disjunction.add(Restrictions.ilike("teamUser.lastname", "%" + str2 + "%"));
            forClass.add(disjunction);
        }
        return new TeamPermissionTransformer().transformList(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<Team> getTeamsWithPermissions(Class<?> cls, Long l, List<Long> list) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.setFetchMode("team", FetchMode.JOIN);
        forClass.add(Restrictions.eq("objectId", l));
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.in("team.id", list));
        return new TeamPermissionTransformer().transformList(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<UserPermission> getUsersWithPermissions(Class<?> cls, Long l, Long l2, String str) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.notNull(l2, "Team ID can't be null");
        StringBuilder sb = new StringBuilder();
        sb.append("select {perm.*},{ut.*} from pm_mpp_object_permission perm ");
        sb.append("join usertable ut on ut." + DBConstants.getObjectId() + " = perm.user_id ");
        sb.append("join pm_mpp_team_user tu on tu.user_id=ut." + DBConstants.getObjectId() + " ");
        sb.append(" where perm.object_id=:oid and perm.object_type=:objectType and tu.team_id=:teamId and perm.user_id is not null ");
        if (StringUtils.isNotBlank(str)) {
            sb.append("and ( lower(ut.firstname) like :userQuery or lower(ut.lastname) like :userQuery ) ");
        }
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("oid", l);
        createSQLQuery.setParameter("objectType", ObjectPermissionType.getType(cls).toString());
        createSQLQuery.setParameter("teamId", l2);
        if (StringUtils.isNotBlank(str)) {
            createSQLQuery.setParameter("userQuery", "%" + str.toLowerCase() + "%");
        }
        createSQLQuery.addEntity("ut", User.class);
        createSQLQuery.addEntity("perm", ObjectPermission.class);
        createSQLQuery.setResultTransformer(new UserPermissionTransformer());
        return createSQLQuery.list();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<UserPermission> getUsersWithPermissions(Class<?> cls, Long l, List<Long> list) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.notEmpty(list, "User IDs can't be null");
        StringBuilder sb = new StringBuilder();
        sb.append("select {perm.*},{ut.*} from pm_mpp_object_permission perm ");
        sb.append("join usertable ut on ut." + DBConstants.getObjectId() + " = perm.user_id ");
        sb.append(" where perm.object_id=:oid and perm.object_type=:objectType ");
        sb.append("and ut." + DBConstants.getObjectId() + " in (:userIds) ");
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("oid", l);
        createSQLQuery.setParameter("objectType", ObjectPermissionType.getType(cls).toString());
        createSQLQuery.setParameterList("userIds", list);
        createSQLQuery.addEntity("ut", User.class);
        createSQLQuery.addEntity("perm", ObjectPermission.class);
        createSQLQuery.setResultTransformer(new UserPermissionTransformer());
        return createSQLQuery.list();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void addPermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission) {
        addPermission(cls, l, l2, l3, permission, true);
    }

    private void addPermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission, boolean z) {
        addPermission(cls, l, l2, l3, permission, z, true, true);
    }

    private void addPermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission, boolean z, boolean z2, boolean z3) {
        ObjectPermission objectPermission = getObjectPermission(cls, l, l2, l3);
        boolean z4 = false;
        User user = null;
        Team team = null;
        boolean z5 = false;
        if (l2 != null) {
            user = this.us.getUser(l2, new String[0]);
        } else {
            z5 = true;
            team = this.teamService.get(l3);
        }
        if (objectPermission == null) {
            z4 = true;
            objectPermission = new ObjectPermission(ObjectPermissionType.getType(cls), l, user, team);
        }
        permission.set(objectPermission, true);
        if (z4) {
            this.repo.save(objectPermission);
        }
        if (z5 && z2) {
            Iterator it = this.teamService.getUsersFromTeam(l3, null, null, 0, 999999).getData().iterator();
            while (it.hasNext()) {
                addPermission(cls, l, ((User) it.next()).getObjectId(), null, permission);
            }
        }
        if (cls == Project.class) {
            Project project = this.ps.get(l);
            checkIfIsRoot(l2, z, z5, objectPermission, project);
            addPermissionToProjectChildren(l2, l3, permission, project);
        } else if (cls == Task.class) {
            Task task = this.ts.get(l);
            checkIfIsRoot(l2, z, z5, objectPermission, task);
            addPermissionToTaskChildren(cls, l2, l3, permission, task);
        }
    }

    private void checkIfIsRoot(Long l, boolean z, boolean z2, ObjectPermission objectPermission, Task task) {
        if (!z || z2 || objectPermission.isRoot() || objectPermission.getRead() == null || !objectPermission.getRead().booleanValue()) {
            return;
        }
        if (task.getParentProject() != null) {
            objectPermission.setRoot(true);
        } else if (!hasPermission(Task.class, task.m21getParentTask().getId(), l, Permission.READ)) {
            objectPermission.setRoot(true);
            this.sf.getCurrentSession().update(objectPermission);
        }
        if (objectPermission.isRoot()) {
            removeRootFromTaskChilderen(task);
        }
    }

    private void removeRootFromTaskChilderen(BaseItem baseItem) {
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery("update pm_mpp_object_permission set root=:root where id in (select e.id from pm_mpp_object_permission e join pm_mpp_task t on t.id=e.object_id where t.linage like :parentLinage and t.id != :taskId ) ");
        createSQLQuery.setParameter("parentLinage", new StringBuilder().append(baseItem.getLinage()).append("%").toString());
        createSQLQuery.setParameter("taskId", baseItem.getId());
        createSQLQuery.setParameter(LdapServerBeanDefinitionParser.ATT_ROOT_SUFFIX, false);
        createSQLQuery.executeUpdate();
    }

    private void checkIfIsRoot(Long l, boolean z, boolean z2, ObjectPermission objectPermission, Project project) {
        if (!z || z2 || objectPermission.isRoot() || objectPermission.getRead() == null || !objectPermission.getRead().booleanValue()) {
            return;
        }
        Project parent = project.getParent();
        if (parent == null) {
            objectPermission.setRoot(true);
            this.sf.getCurrentSession().update(objectPermission);
        } else if (!hasPermission(Project.class, parent.getId(), l, Permission.READ)) {
            objectPermission.setRoot(true);
            this.sf.getCurrentSession().update(objectPermission);
        }
        if (objectPermission.isRoot()) {
            removeRootFromChilderen(project);
        }
    }

    private void removeRootFromChilderen(Project project) {
        removeRootFromProjectChildren(project);
        removeRootFromTaskChilderen(project);
    }

    private void removeRootFromProjectChildren(Project project) {
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery("update pm_mpp_object_permission set root=:root where id in (select e.id from pm_mpp_object_permission e join pm_mpp_project p on p.id=e.object_id where p.linage like :parentLinage and p.id != :projectId ) ");
        createSQLQuery.setParameter("parentLinage", new StringBuilder().append(project.getLinage()).append("%").toString());
        createSQLQuery.setParameter("projectId", project.getId());
        createSQLQuery.setParameter(LdapServerBeanDefinitionParser.ATT_ROOT_SUFFIX, false);
        createSQLQuery.executeUpdate();
    }

    private void addPermissionToTaskChildren(Class<?> cls, Long l, Long l2, Permission permission, Task task) {
        Iterator it = this.ps.getTaskChildren(task.getId()).getData().iterator();
        while (it.hasNext()) {
            addPermission(cls, ((BaseItem) it.next()).getId(), l, l2, permission);
        }
    }

    private void addPermissionToProjectChildren(Long l, Long l2, Permission permission, Project project) {
        for (BaseItem baseItem : this.ps.getProjectChildren(project.getId()).getData()) {
            addPermission(baseItem.getClass(), baseItem.getId(), l, l2, permission, false);
        }
    }

    private ObjectPermission getObjectPermission(Class<?> cls, Long l, Long l2, Long l3) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.isTrue((l2 == null && l3 == null) ? false : true, "Team ID or User ID can't be null");
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        if (l2 != null) {
            forClass.add(Restrictions.eq("user.objectId", l2));
        } else {
            forClass.add(Restrictions.eqOrIsNull("team.id", l3));
        }
        List<ObjectPermission> findByCriteria = this.repo.findByCriteria(forClass);
        if (findByCriteria.size() <= 0) {
            return null;
        }
        Assert.isTrue(findByCriteria.size() == 1, "Invalid count of permissions");
        return findByCriteria.get(0);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removePermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission) {
        Assert.notNull(cls, "Type is required");
        Assert.notNull(l, "oid is required");
        Assert.notNull(permission, "Permission is required");
        Assert.isTrue((l2 == null && l3 == null) ? false : true, "TeamId or userId is required");
        ObjectPermission objectPermission = getObjectPermission(cls, l, l2, l3);
        if (objectPermission == null) {
            return;
        }
        findAndSetNewRoot(cls, l, l2, permission, objectPermission);
        permission.set(objectPermission, false);
        if (l3 != null) {
            for (User user : this.teamService.getUsersFromTeam(l3, null, null, 0, 999999).getData()) {
                if (!getTeamPermissionsForUser(user.getObjectId(), cls, l).get(permission).booleanValue()) {
                    removePermission(cls, l, user.getObjectId(), null, permission);
                }
            }
        }
    }

    private void findAndSetNewRoot(Class<?> cls, Long l, Long l2, Permission permission, ObjectPermission objectPermission) {
        if (l2 == null || !objectPermission.isRoot()) {
            return;
        }
        if (cls == Project.class) {
            SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery("update pm_mpp_object_permission set root=:root where id in (select e.id from pm_mpp_object_permission e join pm_mpp_project p on p.id=e.object_id where p.parent=:parentId) ");
            createSQLQuery.setParameter("parentId", l);
            createSQLQuery.setParameter(LdapServerBeanDefinitionParser.ATT_ROOT_SUFFIX, true);
            createSQLQuery.executeUpdate();
            SQLQuery createSQLQuery2 = this.sf.getCurrentSession().createSQLQuery("update pm_mpp_object_permission set root=:root where id in (select e.id from pm_mpp_object_permission e join pm_mpp_task t on t.id=e.object_id where t.parent_project=:parentId) ");
            createSQLQuery2.setParameter("parentId", l);
            createSQLQuery2.setParameter(LdapServerBeanDefinitionParser.ATT_ROOT_SUFFIX, true);
            createSQLQuery2.executeUpdate();
        } else if (cls == Task.class) {
            SQLQuery createSQLQuery3 = this.sf.getCurrentSession().createSQLQuery("update pm_mpp_object_permission set root=:root where id in (select e.id from pm_mpp_object_permission e join pm_mpp_task t on t.id=e.object_id where t.parent_task=:parentId) ");
            createSQLQuery3.setParameter("parentId", l);
            createSQLQuery3.setParameter(LdapServerBeanDefinitionParser.ATT_ROOT_SUFFIX, true);
            createSQLQuery3.executeUpdate();
        }
        this.sf.getCurrentSession().flush();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeAllPermissionFor(Class<?> cls, Long l, List<Long> list, List<Long> list2) {
        if (CollectionUtils.isEmpty(list) && CollectionUtils.isEmpty(list2)) {
            throw new RuntimeException("Sid ids are required");
        }
        deleteFor(cls, l, list, list2);
    }

    private void deleteFor(Class<?> cls, Long l, List<Long> list, List<Long> list2) {
        StringBuilder sb = new StringBuilder();
        sb.append("delete from pm_mpp_object_permission where pm_mpp_object_permission.id in (select distinct e.id from pm_mpp_object_permission e ");
        if (CollectionUtils.isNotEmpty(list2)) {
            sb.append("join pm_mpp_team t on t.id=e.team_id ");
            sb.append(" where e.object_id=:oid and e.object_type=:objectType and t.id in (:teamIds) )");
        } else {
            sb.append("join usertable ut on ut." + DBConstants.getObjectId() + "=e.user_id ");
            sb.append(" where e.object_id=:oid and e.object_type=:objectType and ut." + DBConstants.getObjectId() + " in (:userIds) )");
        }
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("objectType", ObjectPermissionType.getType(cls).toString());
        createSQLQuery.setParameter("oid", l);
        if (CollectionUtils.isNotEmpty(list2)) {
            createSQLQuery.setParameterList("teamIds", list2);
        } else {
            createSQLQuery.setParameterList("userIds", list);
        }
        createSQLQuery.executeUpdate();
        this.sf.getCurrentSession().flush();
        if (CollectionUtils.isNotEmpty(list2)) {
            Iterator<Long> it = list2.iterator();
            while (it.hasNext()) {
                for (User user : this.teamService.getUsersFromTeam(it.next(), null, null, 0, 999999).getData()) {
                    Map<Permission, Boolean> teamPermissionsForUser = getTeamPermissionsForUser(user.getObjectId(), cls, l);
                    for (Permission permission : Permission.values()) {
                        if (!teamPermissionsForUser.get(permission).booleanValue()) {
                            removePermission(cls, l, user.getObjectId(), null, permission);
                        }
                    }
                }
            }
        }
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void addTeamPermissions(Long l, List<Long> list) {
        for (Class<?> cls : PermissionConstants.getProtectedTypes()) {
            for (ObjectPermission objectPermission : getEntriesForTeam(cls, l)) {
                for (Long l2 : list) {
                    Map<Permission, Boolean> buildPermissionMap = objectPermission.buildPermissionMap();
                    for (Permission permission : buildPermissionMap.keySet()) {
                        if (buildPermissionMap.get(permission).booleanValue()) {
                            addPermission(cls, objectPermission.getObjectId(), l2, null, permission);
                        }
                    }
                }
            }
        }
    }

    private List<ObjectPermission> getEntriesForTeam(Class<?> cls, Long l) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("team.id", l));
        return this.repo.findByCriteria(forClass);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeTeamPremissions(Long l, List<Long> list) {
        for (Long l2 : list) {
            if (!this.teamService.belongsToTeam(l2)) {
                removeAllPermissionFor(l2);
            }
        }
    }

    private void removeAllPermissionFor(Long l) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("user.objectId", l));
        this.repo.deleteAll(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void validatePermissionIntegrity() {
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void rewritePermissions(Class<?> cls, Long l, Class<?> cls2, Long l2) {
        for (ObjectPermission objectPermission : getEntries(cls, l)) {
            if (objectPermission.getUser() != null) {
                Map<Permission, Boolean> buildPermissionMap = objectPermission.buildPermissionMap();
                for (Permission permission : buildPermissionMap.keySet()) {
                    if (buildPermissionMap.get(permission).booleanValue()) {
                        addPermission(cls2, l2, objectPermission.getUser().getObjectId(), null, permission, true);
                    }
                }
            } else {
                Map<Permission, Boolean> buildPermissionMap2 = objectPermission.buildPermissionMap();
                for (Permission permission2 : buildPermissionMap2.keySet()) {
                    if (buildPermissionMap2.get(permission2).booleanValue()) {
                        addPermission(cls2, l2, null, objectPermission.getTeam().getId(), permission2, false, false, true);
                    }
                }
            }
        }
    }

    private List<ObjectPermission> getEntries(Class<?> cls, Long l) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        return this.repo.findByCriteria(forClass);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasConfigurationPermission() {
        DetachedCriteria forClass = DetachedCriteria.forClass(User.class);
        forClass.add(Restrictions.eq("userName", this.ctx.getLoggedUser()));
        forClass.createAlias("groups", "groups");
        forClass.add(Restrictions.eq("groups.name", PermissionConstants.adminGroupName));
        return this.uf.count(forClass) > 0;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasPermission(Class<?> cls, Long l, Permission permission) {
        return hasPermission(cls, l, this.us.getUser(this.ctx.getLoggedUser(), new String[0]).getObjectId(), permission);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getUserPermissions(Class<?> cls, Long l) {
        return getPermissions(this.us.getUser(this.ctx.getLoggedUser(), new String[0]).getObjectId(), null, cls, l);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getTeamPermissionsForUser(Long l, Class<?> cls, Long l2) {
        List<Team> teamsForUser = this.teamService.getTeamsForUser(l);
        HashMap hashMap = new HashMap();
        for (Permission permission : Permission.values()) {
            hashMap.put(permission, false);
        }
        Iterator<Team> it = teamsForUser.iterator();
        while (it.hasNext()) {
            Map<Permission, Boolean> teamPermissions = getTeamPermissions(it.next().getId(), cls, l2);
            for (Permission permission2 : hashMap.keySet()) {
                hashMap.put(permission2, Boolean.valueOf(teamPermissions.get(permission2).booleanValue() || ((Boolean) hashMap.get(permission2)).booleanValue()));
            }
        }
        return hashMap;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void clonePermissions(BaseItem baseItem, BaseItem baseItem2) {
        rewritePermissions(baseItem2.getClass(), baseItem2.getId(), baseItem.getClass(), baseItem.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removePermission(Class<?> cls, Long l) {
        Assert.notNull(cls, "Type is required");
        Assert.notNull(l, "oid is required");
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        this.repo.deleteAll(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getTeamPermissions(Long l, Class<?> cls, Long l2) {
        return getPermissions(null, l, cls, l2);
    }

    private Map<Permission, Boolean> getPermissions(Long l, Long l2, Class<?> cls, Long l3) {
        ObjectPermission objectPermission = getObjectPermission(cls, l3, l, l2);
        return objectPermission == null ? createEmptyPermisionList() : objectPermission.buildPermissionMap();
    }

    private ObjectPermission getObjectPermission(Long l, Long l2, Class<?> cls, Long l3) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l3));
        if (l != null) {
            forClass.add(Restrictions.eq("user.objectId", l));
        } else {
            forClass.add(Restrictions.eq("team.id", l2));
        }
        List<ObjectPermission> findByCriteria = this.repo.findByCriteria(forClass);
        if (findByCriteria.isEmpty()) {
            return null;
        }
        return findByCriteria.get(0);
    }

    private Map<Permission, Boolean> createEmptyPermisionList() {
        HashMap hashMap = new HashMap();
        for (Permission permission : Permission.values()) {
            if (!hashMap.containsKey(permission)) {
                hashMap.put(permission, false);
            }
        }
        return hashMap;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasPermission(Class<?> cls, Long l, Long l2, Permission permission) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        forClass.add(Restrictions.eq("user.objectId", l2));
        forClass.add(Restrictions.eq(permission.getFieldName(), true));
        return this.repo.findByCriteria(forClass).size() > 0;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeAllPermissionsForBranch(boolean z, Long l) {
        String linage;
        String str;
        Assert.notNull(l, "oid is required");
        if (z) {
            linage = this.ps.get(l).getLinage();
            str = "pm_mpp_project";
        } else {
            linage = this.ts.get(l).getLinage();
            str = "pm_mpp_task";
        }
        removePermissions(str, linage);
        if (z) {
            removePermissions("pm_mpp_task", linage);
        }
    }

    private void removePermissions(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("delete from pm_mpp_object_permission where id in ");
        sb.append(" (select ao.id from pm_mpp_object_permission ao ");
        sb.append(" join " + str + " it on it.id=ao.object_id  where linage like :lineage )");
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("lineage", str2 + "%");
        log.debug("Zmieniono [{}] rekordów", Integer.valueOf(createSQLQuery.executeUpdate()));
    }

    public void afterPropertiesSet() throws Exception {
        this.ts.addTaskEventListener(this);
        this.ps.addProjectEventListener(this);
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void beforeRemoveTask(Task task) {
        removePermission(Task.class, task.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener
    public void beforeRemoveProject(Project project) {
        removePermission(Project.class, project.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void executorChange(Task task, User user, User user2) {
        if (user != null) {
            Map<Permission, Boolean> teamPermissionsForUser = getTeamPermissionsForUser(user.getObjectId(), Task.class, task.getId());
            for (Permission permission : AppSettings.getExecutorPermissions()) {
                if (!teamPermissionsForUser.get(permission).booleanValue()) {
                    removePermission(Task.class, task.getId(), user.getObjectId(), null, permission);
                }
            }
        }
        addPermission(Task.class, task.getId(), user2.getObjectId(), null, Permission.EXECUTE, true, true, false);
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void taskCreated(Task task) {
        addCreatorPermissions(task);
    }

    @Override // com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener
    public void projectCreated(Project project) {
        addCreatorPermissions(project);
    }

    private void addCreatorPermissions(BaseItem baseItem) {
        for (Permission permission : AppSettings.getCreatorPermissions()) {
            addPermission(baseItem.getClass(), baseItem.getId(), baseItem.getCreator().getObjectId(), null, permission);
        }
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void initPermissions(BaseItem baseItem) {
        ObjectPermission objectPermission = getObjectPermission(this.us.getUser(this.ctx.getLoggedUser(), new String[0]).getObjectId(), (Long) null, baseItem.getClass(), baseItem.getId());
        if (objectPermission == null) {
            objectPermission = new ObjectPermission();
        }
        baseItem.setPermissions(objectPermission);
    }
}
