package org.camunda.bpm.engine.impl.persistence.entity;

import java.util.HashMap;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.AbstractQuery;
import org.camunda.bpm.engine.impl.AuthorizationQueryImpl;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.db.AuthorizationCheck;
import org.camunda.bpm.engine.impl.db.DbEntity;
import org.camunda.bpm.engine.impl.db.ListQueryParameterObject;
import org.camunda.bpm.engine.impl.identity.Authentication;
import org.camunda.bpm.engine.impl.persistence.AbstractManager;

/* loaded from: input_file:org/camunda/bpm/engine/impl/persistence/entity/AuthorizationManager.class */
public class AuthorizationManager extends AbstractManager {
    public Authorization createNewAuthorization(int i) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        return new AuthorizationEntity(i);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void insert(DbEntity dbEntity) {
        checkAuthorization(Permissions.CREATE, Resources.AUTHORIZATION, null);
        getDbEntityManager().insert(dbEntity);
    }

    public List<Authorization> selectAuthorizationByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return getDbEntityManager().selectList("selectAuthorizationByQueryCriteria", (ListQueryParameterObject) authorizationQueryImpl);
    }

    public Long selectAuthorizationCountByQueryCriteria(AuthorizationQueryImpl authorizationQueryImpl) {
        configureQuery(authorizationQueryImpl, Resources.AUTHORIZATION);
        return (Long) getDbEntityManager().selectOne("selectAuthorizationCountByQueryCriteria", authorizationQueryImpl);
    }

    public void update(AuthorizationEntity authorizationEntity) {
        checkAuthorization(Permissions.UPDATE, Resources.AUTHORIZATION, authorizationEntity.getId());
        getDbEntityManager().merge(authorizationEntity);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void delete(DbEntity dbEntity) {
        checkAuthorization(Permissions.DELETE, Resources.AUTHORIZATION, dbEntity.getId());
        deleteAuthorizationsByResourceId(Resources.AUTHORIZATION, dbEntity.getId());
        super.delete(dbEntity);
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void configureQuery(AbstractQuery abstractQuery, Resource resource) {
        ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
        Authentication authentication = Context.getCommandContext().getAuthentication();
        if (!processEngineConfiguration.isAuthorizationEnabled() || authentication == null) {
            return;
        }
        abstractQuery.setAuthorizationCheckEnabled(true);
        abstractQuery.setAuthUserId(authentication.getUserId());
        abstractQuery.setAuthGroupIds(authentication.getGroupIds());
        abstractQuery.setAuthResourceType(resource.resourceType());
        abstractQuery.setAuthResourceIdQueryParam("RES.ID_");
        abstractQuery.setAuthPerms(Permissions.READ.getValue());
    }

    @Override // org.camunda.bpm.engine.impl.persistence.AbstractManager
    public void checkAuthorization(Permission permission, Resource resource, String str) {
        ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
        Authentication authentication = Context.getCommandContext().getAuthentication();
        if (processEngineConfiguration.isAuthorizationEnabled() && authentication != null && !isAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, str)) {
            throw new AuthorizationException(authentication.getUserId(), permission.getName(), resource.resourceName(), str);
        }
    }

    public boolean isAuthorized(String str, List<String> list, Permission permission, Resource resource, String str2) {
        AuthorizationCheck authorizationCheck = new AuthorizationCheck();
        authorizationCheck.setAuthUserId(str);
        authorizationCheck.setAuthGroupIds(list);
        authorizationCheck.setAuthResourceType(resource.resourceType());
        authorizationCheck.setAuthResourceId(str2);
        authorizationCheck.setAuthPerms(permission.getValue());
        return getDbEntityManager().selectBoolean("isUserAuthorizedForResource", authorizationCheck);
    }

    public boolean isAuthorized(Permission permission, Resource resource, String str) {
        ProcessEngineConfigurationImpl processEngineConfiguration = Context.getProcessEngineConfiguration();
        Authentication authentication = Context.getCommandContext().getAuthentication();
        if (!processEngineConfiguration.isAuthorizationEnabled() || authentication == null) {
            return true;
        }
        return isAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, str);
    }

    public void deleteAuthorizationsByResourceId(Resource resource, String str) {
        if (str == null) {
            throw new IllegalArgumentException("Resource id cannot be null");
        }
        if (Context.getProcessEngineConfiguration().isAuthorizationEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put("resourceType", Integer.valueOf(resource.resourceType()));
            hashMap.put("resourceId", str);
            getDbEntityManager().delete(AuthorizationEntity.class, "deleteAuthorizationsForResourceId", hashMap);
        }
    }
}
