package com.yahoo.elide.security.permissions;

import com.yahoo.elide.annotation.ReadPermission;
import com.yahoo.elide.annotation.SharePermission;
import com.yahoo.elide.core.CheckInstantiator;
import com.yahoo.elide.core.EntityDictionary;
import com.yahoo.elide.core.filter.expression.FilterExpression;
import com.yahoo.elide.core.filter.expression.OrFilterExpression;
import com.yahoo.elide.parsers.expression.PermissionExpressionVisitor;
import com.yahoo.elide.parsers.expression.PermissionToFilterExpressionVisitor;
import com.yahoo.elide.security.ChangeSpec;
import com.yahoo.elide.security.PersistentResource;
import com.yahoo.elide.security.RequestScope;
import com.yahoo.elide.security.checks.Check;
import com.yahoo.elide.security.permissions.expressions.AnyFieldExpression;
import com.yahoo.elide.security.permissions.expressions.DeferredCheckExpression;
import com.yahoo.elide.security.permissions.expressions.Expression;
import com.yahoo.elide.security.permissions.expressions.ImmediateCheckExpression;
import com.yahoo.elide.security.permissions.expressions.OrExpression;
import com.yahoo.elide.security.permissions.expressions.SharePermissionExpression;
import com.yahoo.elide.security.permissions.expressions.SpecificFieldExpression;
import com.yahoo.elide.security.permissions.expressions.UserCheckOnlyExpression;
import java.beans.ConstructorProperties;
import java.lang.annotation.Annotation;
import java.util.Iterator;
import java.util.function.Function;
import org.antlr.v4.runtime.tree.ParseTree;

/* loaded from: input_file:com/yahoo/elide/security/permissions/PermissionExpressionBuilder.class */
public class PermissionExpressionBuilder implements CheckInstantiator {
    private final EntityDictionary entityDictionary;
    private final ExpressionResultCache cache;
    private static final Expressions SUCCESSFUL_EXPRESSIONS = new Expressions(OrExpression.SUCCESSFUL_EXPRESSION, OrExpression.SUCCESSFUL_EXPRESSION);

    /* loaded from: input_file:com/yahoo/elide/security/permissions/PermissionExpressionBuilder$Expressions.class */
    public static class Expressions {
        private final Expression operationExpression;
        private final Expression commitExpression;

        @ConstructorProperties({"operationExpression", "commitExpression"})
        public Expressions(Expression expression, Expression expression2) {
            this.operationExpression = expression;
            this.commitExpression = expression2;
        }

        public Expression getOperationExpression() {
            return this.operationExpression;
        }

        public Expression getCommitExpression() {
            return this.commitExpression;
        }
    }

    public PermissionExpressionBuilder(ExpressionResultCache expressionResultCache, EntityDictionary entityDictionary) {
        this.cache = expressionResultCache;
        this.entityDictionary = entityDictionary;
    }

    public <A extends Annotation> Expressions buildSpecificFieldExpressions(PersistentResource persistentResource, Class<A> cls, String str, ChangeSpec changeSpec) {
        if (!this.entityDictionary.entityHasChecksForPermission(persistentResource.getResourceClass(), cls)) {
            return SUCCESSFUL_EXPRESSIONS;
        }
        Function<Check, Expression> deferredExpressionFor = getDeferredExpressionFor(persistentResource, changeSpec);
        Function<Check, Expression> immediateExpressionFor = getImmediateExpressionFor(persistentResource, changeSpec);
        Function function = function2 -> {
            return buildSpecificFieldExpression(PermissionCondition.create(cls, persistentResource, str, changeSpec), function2);
        };
        return new Expressions((Expression) function.apply(deferredExpressionFor), (Expression) function.apply(immediateExpressionFor));
    }

    public <A extends Annotation> Expressions buildSharePermissionExpressions(PersistentResource persistentResource) {
        PermissionCondition permissionCondition = new PermissionCondition((Class<? extends Annotation>) SharePermission.class, persistentResource);
        Class<?> resourceClass = persistentResource.getResourceClass();
        if (!this.entityDictionary.entityHasChecksForPermission(resourceClass, SharePermission.class)) {
            SharePermissionExpression sharePermissionExpression = new SharePermissionExpression(permissionCondition);
            return new Expressions(sharePermissionExpression, sharePermissionExpression);
        }
        Function<Check, Expression> deferredExpressionFor = getDeferredExpressionFor(persistentResource, null);
        Function<Check, Expression> immediateExpressionFor = getImmediateExpressionFor(persistentResource, null);
        Function function = function2 -> {
            return new SharePermissionExpression(permissionCondition, expressionFromParseTree(this.entityDictionary.getPermissionsForClass(resourceClass, SharePermission.class), function2));
        };
        return new Expressions((Expression) function.apply(deferredExpressionFor), (Expression) function.apply(immediateExpressionFor));
    }

    public <A extends Annotation> Expressions buildAnyFieldExpressions(PersistentResource persistentResource, Class<A> cls, ChangeSpec changeSpec) {
        if (!this.entityDictionary.entityHasChecksForPermission(persistentResource.getResourceClass(), cls)) {
            return SUCCESSFUL_EXPRESSIONS;
        }
        Function<Check, Expression> deferredExpressionFor = getDeferredExpressionFor(persistentResource, changeSpec);
        Function<Check, Expression> immediateExpressionFor = getImmediateExpressionFor(persistentResource, changeSpec);
        Function function = function2 -> {
            return buildAnyFieldExpression(PermissionCondition.create(cls, persistentResource, (String) null, changeSpec), function2);
        };
        return new Expressions((Expression) function.apply(deferredExpressionFor), (Expression) function.apply(immediateExpressionFor));
    }

    public <A extends Annotation> Expressions buildUserCheckFieldExpressions(PersistentResource persistentResource, Class<A> cls, String str) {
        if (!this.entityDictionary.entityHasChecksForPermission(persistentResource.getResourceClass(), cls)) {
            return SUCCESSFUL_EXPRESSIONS;
        }
        return new Expressions(buildSpecificFieldExpression(new PermissionCondition((Class<? extends Annotation>) cls, persistentResource, str), check -> {
            return new UserCheckOnlyExpression(check, persistentResource, persistentResource.getRequestScope(), (ChangeSpec) null, this.cache);
        }), null);
    }

    public <A extends Annotation> Expressions buildUserCheckAnyExpression(Class<?> cls, Class<A> cls2, RequestScope requestScope) {
        return new Expressions(buildAnyFieldExpression(new PermissionCondition((Class<? extends Annotation>) cls2, cls), check -> {
            return new UserCheckOnlyExpression(check, (PersistentResource) null, requestScope, (ChangeSpec) null, this.cache);
        }), null);
    }

    private Function<Check, Expression> getImmediateExpressionFor(PersistentResource persistentResource, ChangeSpec changeSpec) {
        return check -> {
            return new ImmediateCheckExpression(check, persistentResource, persistentResource.getRequestScope(), changeSpec, this.cache);
        };
    }

    private Function<Check, Expression> getDeferredExpressionFor(PersistentResource persistentResource, ChangeSpec changeSpec) {
        return check -> {
            return new DeferredCheckExpression(check, persistentResource, persistentResource.getRequestScope(), changeSpec, this.cache);
        };
    }

    private <A extends Annotation> Expression buildSpecificFieldExpression(PermissionCondition permissionCondition, Function<Check, Expression> function) {
        Class<?> entityClass = permissionCondition.getEntityClass();
        Class<? extends Annotation> permission = permissionCondition.getPermission();
        return new SpecificFieldExpression(permissionCondition, expressionFromParseTree(this.entityDictionary.getPermissionsForClass(entityClass, permission), function), expressionFromParseTree(this.entityDictionary.getPermissionsForField(entityClass, permissionCondition.getField().isPresent() ? permissionCondition.getField().get() : null, permission), function));
    }

    private <A extends Annotation> Expression buildAnyFieldExpression(PermissionCondition permissionCondition, Function<Check, Expression> function) {
        Class<?> entityClass = permissionCondition.getEntityClass();
        Class<? extends Annotation> permission = permissionCondition.getPermission();
        Expression expressionFromParseTree = expressionFromParseTree(this.entityDictionary.getPermissionsForClass(entityClass, permission), function);
        OrExpression orExpression = new OrExpression(Expression.Results.FAILURE, null);
        Iterator<String> it = this.entityDictionary.getAllFields(entityClass).iterator();
        while (it.hasNext()) {
            OrExpression orExpression2 = orExpression;
            orExpression = new OrExpression(orExpression2, expressionFromParseTree(this.entityDictionary.getPermissionsForField(entityClass, it.next(), permission), function));
        }
        return new AnyFieldExpression(permissionCondition, expressionFromParseTree, orExpression);
    }

    public <A extends Annotation> FilterExpression buildAnyFieldFilterExpression(Class<?> cls, RequestScope requestScope) {
        FilterExpression filterExpressionFromParseTree = filterExpressionFromParseTree(this.entityDictionary.getPermissionsForClass(cls, ReadPermission.class), requestScope);
        FilterExpression filterExpression = filterExpressionFromParseTree;
        Iterator<String> it = this.entityDictionary.getAllFields(cls).iterator();
        while (it.hasNext()) {
            FilterExpression filterExpressionFromParseTree2 = filterExpressionFromParseTree(this.entityDictionary.getPermissionsForField(cls, it.next(), ReadPermission.class), requestScope);
            if (filterExpressionFromParseTree2 != null) {
                filterExpression = filterExpression == null ? filterExpressionFromParseTree2 : new OrFilterExpression(filterExpression, filterExpressionFromParseTree2);
            } else if (filterExpressionFromParseTree == null) {
                return null;
            }
        }
        return filterExpression;
    }

    private Expression expressionFromParseTree(ParseTree parseTree, Function<Check, Expression> function) {
        if (parseTree == null) {
            return null;
        }
        return (Expression) new PermissionExpressionVisitor(this.entityDictionary, function).visit(parseTree);
    }

    private FilterExpression filterExpressionFromParseTree(ParseTree parseTree, RequestScope requestScope) {
        FilterExpression filterExpression;
        if (parseTree == null || (filterExpression = (FilterExpression) new PermissionToFilterExpressionVisitor(this.entityDictionary, requestScope).visit(parseTree)) == PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION || filterExpression == PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION) {
            return null;
        }
        return filterExpression;
    }
}
