package com.suncode.plugin.plusproject.core.security;

import com.suncode.plugin.plusproject.core.cache.CacheService;
import com.suncode.plugin.plusproject.core.cfg.AppSettings;
import com.suncode.plugin.plusproject.core.cfg.DBConstants;
import com.suncode.plugin.plusproject.core.cfg.SystemContext;
import com.suncode.plugin.plusproject.core.item.BaseItem;
import com.suncode.plugin.plusproject.core.project.Project;
import com.suncode.plugin.plusproject.core.project.ProjectService;
import com.suncode.plugin.plusproject.core.project.ProjectType;
import com.suncode.plugin.plusproject.core.project.ProjectTypeService;
import com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener;
import com.suncode.plugin.plusproject.core.project.listener.ProjectTypeEventListener;
import com.suncode.plugin.plusproject.core.security.action.PermissionChangeMode;
import com.suncode.plugin.plusproject.core.security.action.add.ChangeTeamPermission;
import com.suncode.plugin.plusproject.core.security.action.add.ChangeUserPermission;
import com.suncode.plugin.plusproject.core.task.Task;
import com.suncode.plugin.plusproject.core.task.TaskService;
import com.suncode.plugin.plusproject.core.task.listener.TaskEventListener;
import com.suncode.plugin.plusproject.core.user.Team;
import com.suncode.plugin.plusproject.core.user.TeamPermissionTransformer;
import com.suncode.plugin.plusproject.core.user.TeamService;
import com.suncode.plugin.plusproject.core.user.UserPermission;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserFinder;
import com.suncode.pwfl.administration.user.UserService;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.FetchMode;
import org.hibernate.SQLQuery;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;

@Transactional
@Primary
@Service
/* loaded from: input_file:com/suncode/plugin/plusproject/core/security/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionService, TaskEventListener, ProjectEventListener, ProjectTypeEventListener, InitializingBean {
    private static Logger log = LoggerFactory.getLogger(PermissionServiceImpl.class);

    @Autowired
    private ObjectPermissionRepo repo;

    @Autowired
    private UserService us;

    @Autowired
    private TeamService teamService;

    @Autowired
    private SessionFactory sf;

    @Autowired
    private ProjectService ps;

    @Autowired
    private TaskService ts;

    @Autowired
    private ProjectTypeService pts;

    @Autowired
    private SystemContext ctx;

    @Autowired
    private UserFinder uf;

    @Autowired
    private CacheService cache;

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void deleteAll() {
        this.repo.deleteAll();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<Team> getTeamsWithPermissions(Class<?> cls, Long l, String str, String str2) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.setFetchMode("team", FetchMode.JOIN);
        forClass.add(Restrictions.eq("objectId", l));
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.isNotNull("team.id"));
        if (StringUtils.isNotBlank(str)) {
            forClass.add(Restrictions.ilike("team.name", "%" + str + "%"));
        }
        if (StringUtils.isNotBlank(str2)) {
            forClass.createAlias("team.users", "teamUser");
            Disjunction disjunction = Restrictions.disjunction();
            disjunction.add(Restrictions.ilike("teamUser.firstName", "%" + str2 + "%"));
            disjunction.add(Restrictions.ilike("teamUser.lastName", "%" + str2 + "%"));
            forClass.add(disjunction);
        }
        return new TeamPermissionTransformer().transformList(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<Team> getTeamsWithPermissions(Class<?> cls, Long l, List<Long> list) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.setFetchMode("team", FetchMode.JOIN);
        forClass.add(Restrictions.eq("objectId", l));
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.in("team.id", list));
        return new TeamPermissionTransformer().transformList(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<UserPermission> getUsersWithPermissions(Class<?> cls, Long l, List<Long> list) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.notEmpty(list, "User IDs can't be null");
        ArrayList arrayList = new ArrayList();
        for (Long l2 : list) {
            UserPermission userPermission = new UserPermission(this.us.getUser(l2, new String[0]));
            ObjectPermission objectPermission = getObjectPermission(cls, l, l2, null);
            if (objectPermission == null) {
                objectPermission = getUserObjectPermission(cls, l, l2);
            } else {
                userPermission.setObjectPermissionId(objectPermission.getId());
            }
            if (objectPermission == null) {
                userPermission.setPermissions(Permission.emptyPermissionMap());
            } else {
                userPermission.setPermissions(objectPermission.buildPermissionMap());
            }
            arrayList.add(userPermission);
        }
        return arrayList;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public List<UserPermission> getUsersFromTeamWithPermissions(Class<?> cls, Long l, Long l2, String str) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.notNull(l2, "Team ID can't be null");
        Map<Permission, Boolean> teamPermissions = getTeamPermissions(l2, cls, l);
        List data = this.teamService.getUsersFromTeam(l2, str, null, null, null).getData();
        List<User> usersFromTeamWithSpecificPermissions = getUsersFromTeamWithSpecificPermissions(cls, l, l2, str);
        Iterator<User> it = usersFromTeamWithSpecificPermissions.iterator();
        while (it.hasNext()) {
            data.remove(it.next());
        }
        ArrayList arrayList = new ArrayList();
        Iterator it2 = data.iterator();
        while (it2.hasNext()) {
            UserPermission userPermission = new UserPermission((User) it2.next());
            userPermission.setPermissions(teamPermissions);
            arrayList.add(userPermission);
        }
        for (User user : usersFromTeamWithSpecificPermissions) {
            ObjectPermission objectPermission = getObjectPermission(cls, l, user.getObjectId(), null);
            UserPermission userPermission2 = new UserPermission(user);
            userPermission2.setObjectPermissionId(objectPermission.getId());
            userPermission2.setPermissions(objectPermission.buildPermissionMap());
            arrayList.add(userPermission2);
        }
        return arrayList;
    }

    private List<User> getUsersFromTeamWithSpecificPermissions(Class<?> cls, Long l, Long l2, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append("select {ut.*} from usertable ut ");
        sb.append("join pm_mpp_team_user tu on tu.user_id=ut.objectid ");
        sb.append("join pm_mpp_object_permission acl on acl.user_id=ut.objectid where acl.object_type=:objectType ");
        sb.append("and tu.team_id=:teamId and acl.object_id=:oid ");
        if (StringUtils.isNotBlank(str)) {
            sb.append("and ( lower(ut.lastname) like :userQuery or lower(ut.firstname) like :userQuery ) ");
        }
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("teamId", l2);
        createSQLQuery.setParameter("objectType", ObjectPermissionType.getType(cls).toString());
        createSQLQuery.setParameter("oid", l);
        if (StringUtils.isNotBlank(str)) {
            createSQLQuery.setParameter("userQuery", "%" + str.toLowerCase() + "%");
        }
        createSQLQuery.addEntity("ut", User.class);
        return createSQLQuery.list();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void addPermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission) {
        addPermission(cls, l, l2, l3, permission, true);
    }

    private void addPermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission, boolean z) {
        addPermission(cls, l, l2, l3, Permission.singlePermissionMap(permission), z, true, true);
    }

    private void addPermission(Class<?> cls, Long l, Long l2, Long l3, Map<Permission, Boolean> map, boolean z, boolean z2, boolean z3) {
        addPermission(cls, l, l2, l3, map, z, z2, z3, true);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void setUserPermissions(PermissionDef permissionDef) {
        new ChangeUserPermission(permissionDef, this.cache, this.teamService, this.repo).changePermission();
        this.sf.getCurrentSession().flush();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void setTeamPermissions(PermissionDef permissionDef) {
        new ChangeTeamPermission(permissionDef, this.cache, this.teamService, this.repo).changePermission();
        this.sf.getCurrentSession().flush();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removePermission(PermissionDef permissionDef) {
        new ChangeUserPermission(permissionDef, this.cache, this.teamService, this.repo).changePermission();
        this.sf.getCurrentSession().flush();
    }

    private void addPermission(Class<?> cls, Long l, Long l2, Long l3, Map<Permission, Boolean> map, boolean z, boolean z2, boolean z3, boolean z4) {
        ObjectPermission objectPermission = getObjectPermission(cls, l, l2, l3);
        boolean z5 = false;
        User user = null;
        Team team = null;
        boolean z6 = l3 != null;
        if (objectPermission == null) {
            z5 = true;
            if (l2 != null) {
                user = this.cache.loadUser(l2);
            } else {
                team = this.teamService.load(l3);
            }
            objectPermission = new ObjectPermission(ObjectPermissionType.getType(cls), l, user, team);
            if (!z6 && z4) {
                mergeWithTeamsPermissions(objectPermission);
            }
        }
        for (Permission permission : map.keySet()) {
            if (map.get(permission).booleanValue()) {
                new PermissionDef(cls, l, new Permission[]{permission}, PermissionValue.ADDED_MANUALLY).changePermission(objectPermission);
            }
        }
        if (z5) {
            this.repo.save(objectPermission);
        }
        rewritePermissionToChildren(cls, l, l2, l3, map);
        this.sf.getCurrentSession().flush();
    }

    private void rewritePermissionToChildren(Class<?> cls, Long l, Long l2, Long l3, Map<Permission, Boolean> map) {
        if (cls == Project.class) {
            addPermissionToProjectChildren(l2, l3, map, this.ps.get(l));
        } else if (cls == Task.class) {
            addPermissionToTaskChildren(cls, l2, l3, map, this.ts.get(l));
        }
    }

    private void mergeWithTeamsPermissions(ObjectPermission objectPermission) {
        ObjectPermission userObjectPermission = getUserObjectPermission(objectPermission.getObjectType().getType(), objectPermission.getObjectId(), objectPermission.getUser().getObjectId());
        if (userObjectPermission == null) {
            return;
        }
        Map<Permission, Boolean> buildPermissionMap = userObjectPermission.buildPermissionMap();
        for (Permission permission : buildPermissionMap.keySet()) {
            if (buildPermissionMap.get(permission).booleanValue()) {
                permission.set(objectPermission, PermissionValue.INHERIT_ADDED.getValue());
            }
        }
    }

    private void addPermissionToTaskChildren(Class<?> cls, Long l, Long l2, Map<Permission, Boolean> map, Task task) {
        if (task.isLeaf()) {
            return;
        }
        Iterator it = this.ps.getTaskChildren(task.getId()).getData().iterator();
        while (it.hasNext()) {
            addPermission(cls, ((BaseItem) it.next()).getId(), l, l2, map, true, true, true);
        }
    }

    private void addPermissionToProjectChildren(Long l, Long l2, Map<Permission, Boolean> map, Project project) {
        if (project.isLeaf()) {
            return;
        }
        for (BaseItem baseItem : this.ps.getProjectChildren(project.getId()).getData()) {
            addPermission(baseItem.getClass(), baseItem.getId(), l, l2, map, false, true, true);
        }
    }

    private ObjectPermission getObjectPermission(Class<?> cls, Long l, Long l2, Long l3) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.isTrue((l2 == null && l3 == null) ? false : true, "Team ID or User ID can't be null");
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        if (l2 != null) {
            forClass.add(Restrictions.eq("user.objectId", l2));
        } else {
            forClass.add(Restrictions.eqOrIsNull("team.id", l3));
        }
        List<ObjectPermission> findByCriteria = this.repo.findByCriteria(forClass);
        if (findByCriteria.size() <= 0) {
            return null;
        }
        Assert.isTrue(findByCriteria.size() == 1, "Invalid count of permissions");
        return findByCriteria.get(0);
    }

    private ObjectPermission getUserObjectPermission(Class<?> cls, Long l, Long l2) {
        Assert.notNull(cls, "Type can't be null");
        Assert.notNull(l, "ObjectID can't be null");
        Assert.notNull(l2, "User ID can't be null");
        return this.repo.getSummaryPermissionsForUser(cls, l, l2);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removePermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission) {
        removePermission(cls, l, l2, l3, permission, true);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeSpecificPermission(Class<?> cls, Long l, Long l2) {
        ObjectPermission objectPermission = getObjectPermission(cls, l, l2, null);
        if (objectPermission != null) {
            this.repo.delete(objectPermission);
        }
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public UserPermission removeSpecificPermission(Long l) {
        ObjectPermission objectPermission = this.repo.get(l);
        Assert.notNull(objectPermission, "Perm is required for id: " + l);
        Assert.notNull(objectPermission.getUser(), "It have to be user permission");
        User user = this.us.getUser(objectPermission.getUser().getObjectId(), new String[0]);
        this.repo.delete(objectPermission);
        this.sf.getCurrentSession().flush();
        ObjectPermission userObjectPermission = getUserObjectPermission(objectPermission.getObjectType().getType(), objectPermission.getObjectId(), user.getObjectId());
        UserPermission userPermission = new UserPermission(user);
        userPermission.setPermissions(userObjectPermission.buildPermissionMap());
        return userPermission;
    }

    private void removePermission(Class<?> cls, Long l, Long l2, Long l3, Permission permission, boolean z) {
        Assert.notNull(cls, "Type is required");
        Assert.notNull(l, "oid is required");
        Assert.notNull(permission, "Permission is required");
        Assert.isTrue((l2 == null && l3 == null) ? false : true, "TeamId or userId is required");
        ObjectPermission objectPermission = getObjectPermission(cls, l, l2, l3);
        if (l3 != null && objectPermission != null) {
            permission.set(objectPermission, PermissionValue.INHERIT_NONE.getValue());
            return;
        }
        if (objectPermission != null) {
            permission.set(this.repo.load(objectPermission.getId()), PermissionValue.INHERIT_NONE.getValue());
        } else if (z) {
            ObjectPermission objectPermission2 = new ObjectPermission(ObjectPermissionType.getType(cls), l, this.cache.loadUser(l2), null);
            mergeWithTeamsPermissions(objectPermission2);
            permission.set(objectPermission2, PermissionValue.INHERIT_NONE.getValue());
            this.repo.save(objectPermission2);
        }
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeAllPermissionFor(Class<?> cls, Long l, List<Long> list, List<Long> list2) {
        if (CollectionUtils.isEmpty(list) && CollectionUtils.isEmpty(list2)) {
            throw new RuntimeException("Sid ids are required");
        }
        deleteFor(cls, l, list, list2);
    }

    private void deleteFor(Class<?> cls, Long l, List<Long> list, List<Long> list2) {
        StringBuilder sb = new StringBuilder();
        sb.append("delete from pm_mpp_object_permission where pm_mpp_object_permission.id in (select distinct e.id from pm_mpp_object_permission e ");
        if (CollectionUtils.isNotEmpty(list2)) {
            sb.append("join pm_mpp_team t on t.id=e.team_id ");
            sb.append(" where e.object_id=:oid and e.object_type=:objectType and t.id in (:teamIds) )");
        } else {
            sb.append("join usertable ut on ut." + DBConstants.getObjectId() + "=e.user_id ");
            sb.append(" where e.object_id=:oid and e.object_type=:objectType and ut." + DBConstants.getObjectId() + " in (:userIds) )");
        }
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("objectType", ObjectPermissionType.getType(cls).toString());
        createSQLQuery.setParameter("oid", l);
        if (CollectionUtils.isNotEmpty(list2)) {
            createSQLQuery.setParameterList("teamIds", list2);
        } else {
            createSQLQuery.setParameterList("userIds", list);
        }
        createSQLQuery.executeUpdate();
        this.sf.getCurrentSession().flush();
        if (CollectionUtils.isNotEmpty(list2)) {
            Iterator<Long> it = list2.iterator();
            while (it.hasNext()) {
                for (User user : this.teamService.getUsersFromTeam(it.next(), null, null, 0, 999999).getData()) {
                    ObjectPermission objectPermission = getObjectPermission(cls, l, user.getObjectId(), null);
                    if (objectPermission != null) {
                        Map<Permission, Boolean> teamPermissionsForUser = getTeamPermissionsForUser(user.getObjectId(), cls, l);
                        boolean z = false;
                        Permission[] values = Permission.values();
                        int length = values.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            if (teamPermissionsForUser.get(values[i]).booleanValue()) {
                                z = true;
                                break;
                            }
                            i++;
                        }
                        if (!z) {
                            this.repo.delete(objectPermission);
                        }
                    }
                }
            }
        }
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeTeamPremissions(Long l, List<Long> list) {
        for (Long l2 : list) {
            if (!this.teamService.belongsToTeam(l2)) {
                removeAllPermissionFor(l2);
            }
        }
    }

    private void removeAllPermissionFor(Long l) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("user.objectId", l));
        this.repo.deleteAll(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void validatePermissionIntegrity() {
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void rewritePermissions(Class<?> cls, Long l, Class<?> cls2, Long l2) {
        for (ObjectPermission objectPermission : getEntries(cls, l)) {
            if (objectPermission.getUser() != null) {
                addPermission(cls2, l2, objectPermission.getUser().getObjectId(), null, objectPermission.buildPermissionMap(), true, true, true, false);
            } else {
                addPermission(cls2, l2, null, objectPermission.getTeam().getId(), objectPermission.buildPermissionMap(), false, false, true);
            }
        }
    }

    private List<ObjectPermission> getEntries(Class<?> cls, Long l) {
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        return this.repo.findByCriteria(forClass);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasConfigurationPermission() {
        DetachedCriteria forClass = DetachedCriteria.forClass(User.class);
        forClass.add(Restrictions.eq("userName", this.ctx.getLoggedUser()));
        forClass.createAlias("groups", "groups");
        forClass.add(Restrictions.eq("groups.name", PermissionConstants.adminGroupName));
        return this.uf.count(forClass) > 0;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasPermission(Class<?> cls, Long l, Permission permission) {
        return hasPermission(cls, l, this.us.getUser(this.ctx.getLoggedUser(), new String[0]).getObjectId(), permission);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getUserPermissions(Class<?> cls, Long l) {
        return getPermissions(this.cache.getUserId(this.ctx.getLoggedUser()), null, cls, l);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Integer> getUserSummaryPermissions(Class<?> cls, Long l) {
        ObjectPermission summaryPermissionsForUser = this.repo.getSummaryPermissionsForUser(cls, l, this.cache.getUserId(this.ctx.getLoggedUser()));
        return summaryPermissionsForUser == null ? Permission.emptyIntPermissionMap() : summaryPermissionsForUser.buildPermissionValueMap();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getTeamPermissionsForUser(Long l, Class<?> cls, Long l2) {
        List<Team> teamsForUser = this.teamService.getTeamsForUser(l);
        Map<Permission, Boolean> emptyPermissionMap = Permission.emptyPermissionMap();
        Iterator<Team> it = teamsForUser.iterator();
        while (it.hasNext()) {
            Map<Permission, Boolean> teamPermissions = getTeamPermissions(it.next().getId(), cls, l2);
            for (Permission permission : emptyPermissionMap.keySet()) {
                emptyPermissionMap.put(permission, Boolean.valueOf(teamPermissions.get(permission).booleanValue() || emptyPermissionMap.get(permission).booleanValue()));
            }
        }
        return emptyPermissionMap;
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void clonePermissions(BaseItem baseItem, BaseItem baseItem2) {
        rewritePermissions(baseItem2.getClass(), baseItem2.getId(), baseItem.getClass(), baseItem.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removePermission(Class<?> cls, Long l) {
        Assert.notNull(cls, "Type is required");
        Assert.notNull(l, "oid is required");
        DetachedCriteria forClass = DetachedCriteria.forClass(ObjectPermission.class);
        forClass.add(Restrictions.eq("objectType", ObjectPermissionType.getType(cls)));
        forClass.add(Restrictions.eq("objectId", l));
        this.repo.deleteAll(this.repo.findByCriteria(forClass));
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public Map<Permission, Boolean> getTeamPermissions(Long l, Class<?> cls, Long l2) {
        return getPermissions(null, l, cls, l2);
    }

    private Map<Permission, Boolean> getPermissions(Long l, Long l2, Class<?> cls, Long l3) {
        ObjectPermission summaryPermissionsForUser = l != null ? this.repo.getSummaryPermissionsForUser(cls, l3, l) : getObjectPermission(cls, l3, l, l2);
        return summaryPermissionsForUser == null ? Permission.emptyPermissionMap() : summaryPermissionsForUser.buildPermissionMap();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasPermission(Class<?> cls, Long l, Long l2, Permission permission) {
        ObjectPermission userObjectPermission = getUserObjectPermission(cls, l, l2);
        if (userObjectPermission == null) {
            return false;
        }
        return permission.hasPermission(userObjectPermission).booleanValue();
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void removeAllPermissionsForBranch(boolean z, Long l) {
        String linage;
        String str;
        Assert.notNull(l, "oid is required");
        if (z) {
            linage = this.ps.get(l).getLinage();
            str = "pm_mpp_project";
        } else {
            linage = this.ts.get(l).getLinage();
            str = "pm_mpp_task";
        }
        removePermissions(str, linage);
        if (z) {
            removePermissions("pm_mpp_task", linage);
        }
    }

    private void removePermissions(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("delete from pm_mpp_object_permission where id in ");
        sb.append(" (select ao.id from pm_mpp_object_permission ao ");
        sb.append(" join " + str + " it on it.id=ao.object_id  where linage like :lineage )");
        SQLQuery createSQLQuery = this.sf.getCurrentSession().createSQLQuery(sb.toString());
        createSQLQuery.setParameter("lineage", str2 + "%");
        log.debug("Zmieniono [{}] rekordów", Integer.valueOf(createSQLQuery.executeUpdate()));
    }

    public void afterPropertiesSet() throws Exception {
        this.ts.addTaskEventListener(this);
        this.ps.addProjectEventListener(this);
        this.pts.addProjectTypeEventListener(this);
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void beforeRemoveTask(Task task) {
        removePermission(Task.class, task.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener
    public void beforeRemoveProject(Project project) {
        removePermission(Project.class, project.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.project.listener.ProjectTypeEventListener
    public void beforeRemoveProjectType(ProjectType projectType) {
        removePermission(ProjectType.class, projectType.getId());
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void executorChange(Task task, User user, User user2) {
        if (user != null) {
            PermissionDef permissionDef = new PermissionDef(Task.class, task.getId(), AppSettings.getExecutorPermissions(), PermissionValue.EXECUTOR, PermissionChangeMode.REMOVE);
            permissionDef.setUserId(user.getObjectId());
            setUserPermissions(permissionDef);
        }
        if (user2 != null) {
            PermissionDef permissionDef2 = new PermissionDef(Task.class, task.getId(), new Permission[]{Permission.EXECUTE}, PermissionValue.EXECUTOR);
            permissionDef2.setUserId(user2.getObjectId());
            setUserPermissions(permissionDef2);
        }
    }

    @Override // com.suncode.plugin.plusproject.core.task.listener.TaskEventListener
    public void taskCreated(Task task) {
        addCreatorPermissions(task);
    }

    @Override // com.suncode.plugin.plusproject.core.project.listener.ProjectEventListener
    public void projectCreated(Project project) {
        addCreatorPermissions(project);
    }

    private void addCreatorPermissions(BaseItem baseItem) {
        addPermission(baseItem.getClass(), baseItem.getId(), baseItem.getCreator().getObjectId(), null, AppSettings.getCreatorPermissionsMap(), true, true, true);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public void initPermissions(BaseItem baseItem) {
        ObjectPermission userObjectPermission = getUserObjectPermission(baseItem.getClass(), baseItem.getId(), this.cache.getUserId(this.ctx.getLoggedUser()));
        if (userObjectPermission == null) {
            userObjectPermission = new ObjectPermission();
        }
        baseItem.setPermissions(userObjectPermission);
    }

    @Override // com.suncode.plugin.plusproject.core.security.PermissionService
    public boolean hasSpecificPermission(Class<?> cls, Long l, Long l2) {
        return getObjectPermission(cls, l, l2, null) != null;
    }
}
