package org.camunda.bpm.engine.impl.cfg.auth;

import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.history.HistoricCaseInstance;
import org.camunda.bpm.engine.history.HistoricDecisionInstance;
import org.camunda.bpm.engine.history.HistoricProcessInstance;
import org.camunda.bpm.engine.history.UserOperationLogEntry;
import org.camunda.bpm.engine.impl.batch.BatchEntity;
import org.camunda.bpm.engine.impl.batch.history.HistoricBatchEntity;
import org.camunda.bpm.engine.impl.cfg.CommandChecker;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.db.PermissionCheck;
import org.camunda.bpm.engine.impl.db.PermissionCheckBuilder;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionDefinitionEntity;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionRequirementsDefinitionEntity;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager;
import org.camunda.bpm.engine.impl.persistence.entity.ExecutionEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricJobLogEventEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricTaskInstanceEntity;
import org.camunda.bpm.engine.impl.persistence.entity.JobEntity;
import org.camunda.bpm.engine.impl.persistence.entity.ProcessDefinitionEntity;
import org.camunda.bpm.engine.impl.persistence.entity.TaskEntity;
import org.camunda.bpm.engine.repository.CaseDefinition;
import org.camunda.bpm.engine.repository.DecisionDefinition;
import org.camunda.bpm.engine.repository.ProcessDefinition;
import org.camunda.bpm.engine.runtime.CaseExecution;

/* loaded from: input_file:org/camunda/bpm/engine/impl/cfg/auth/AuthorizationCommandChecker.class */
public class AuthorizationCommandChecker implements CommandChecker {
    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkEvaluateDecision(DecisionDefinition decisionDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE_INSTANCE, Resources.DECISION_DEFINITION, decisionDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateProcessInstance(ProcessDefinition processDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.PROCESS_INSTANCE);
        getAuthorizationManager().checkAuthorization(Permissions.CREATE_INSTANCE, Resources.PROCESS_DEFINITION, processDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessDefinition(ProcessDefinition processDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.PROCESS_DEFINITION, processDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateCaseInstance(CaseDefinition caseDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessDefinitionByKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionByKey(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.PROCESS_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessDefinitionById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkDeleteProcessDefinitionByKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessDefinitionByKey(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.PROCESS_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceByProcessDefinitionId(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessInstanceByProcessDefinitionKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceByProcessDefinitionKey(String str) {
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.UPDATE);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.UPDATE_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(str);
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(permissionCheck, permissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessInstance(String str) {
        ExecutionEntity findExecutionById = findExecutionById(str);
        if (findExecutionById != null) {
            checkReadProcessInstance(findExecutionById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinition = executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.DELETE);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.DELETE_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinition.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(permissionCheck, permissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceById(String str) {
        ExecutionEntity findExecutionById = findExecutionById(str);
        if (findExecutionById != null) {
            checkUpdateProcessInstance(findExecutionById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinition = executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.UPDATE);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.UPDATE_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinition.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(permissionCheck, permissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateJob(JobEntity jobEntity) {
        if (jobEntity.getProcessDefinitionKey() == null) {
            return;
        }
        PermissionCheck newPermissionCheck = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck.setPermission(Permissions.UPDATE);
        newPermissionCheck.setResource(Resources.PROCESS_INSTANCE);
        newPermissionCheck.setResourceId(jobEntity.getProcessInstanceId());
        PermissionCheck newPermissionCheck2 = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck2.setPermission(Permissions.UPDATE_INSTANCE);
        newPermissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        newPermissionCheck2.setResourceId(jobEntity.getProcessDefinitionKey());
        newPermissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(newPermissionCheck, newPermissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateMigrationPlan(ProcessDefinition processDefinition, ProcessDefinition processDefinition2) {
        checkReadProcessDefinition(processDefinition);
        checkReadProcessDefinition(processDefinition2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkMigrateProcessInstance(ExecutionEntity executionEntity, ProcessDefinition processDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessInstance(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinition = executionEntity.getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.READ);
        permissionCheck.setResource(Resources.PROCESS_INSTANCE);
        permissionCheck.setResourceId(executionEntity.getProcessInstanceId());
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.READ_INSTANCE);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinition.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(permissionCheck, permissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadJob(JobEntity jobEntity) {
        if (jobEntity.getProcessDefinitionKey() == null) {
            return;
        }
        PermissionCheck newPermissionCheck = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck.setPermission(Permissions.READ);
        newPermissionCheck.setResource(Resources.PROCESS_INSTANCE);
        newPermissionCheck.setResourceId(jobEntity.getProcessInstanceId());
        PermissionCheck newPermissionCheck2 = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck2.setPermission(Permissions.READ_INSTANCE);
        newPermissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        newPermissionCheck2.setResourceId(jobEntity.getProcessDefinitionKey());
        newPermissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(newPermissionCheck, newPermissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() == null) {
            if (taskEntity.getCaseExecutionId() == null) {
                getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.TASK, id);
                return;
            }
            return;
        }
        ProcessDefinitionEntity processDefinition = taskEntity.getExecution().getProcessDefinition();
        PermissionCheck newPermissionCheck = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck.setPermission(Permissions.READ);
        newPermissionCheck.setResource(Resources.TASK);
        newPermissionCheck.setResourceId(id);
        PermissionCheck newPermissionCheck2 = getAuthorizationManager().newPermissionCheck();
        newPermissionCheck2.setPermission(Permissions.READ_TASK);
        newPermissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        newPermissionCheck2.setResourceId(processDefinition.getKey());
        newPermissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(newPermissionCheck, newPermissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() == null) {
            if (taskEntity.getCaseExecutionId() == null) {
                getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.TASK, id);
                return;
            }
            return;
        }
        ProcessDefinitionEntity processDefinition = taskEntity.getExecution().getProcessDefinition();
        PermissionCheck permissionCheck = new PermissionCheck();
        permissionCheck.setPermission(Permissions.UPDATE);
        permissionCheck.setResource(Resources.TASK);
        permissionCheck.setResourceId(id);
        PermissionCheck permissionCheck2 = new PermissionCheck();
        permissionCheck2.setPermission(Permissions.UPDATE_TASK);
        permissionCheck2.setResource(Resources.PROCESS_DEFINITION);
        permissionCheck2.setResourceId(processDefinition.getKey());
        permissionCheck2.setAuthorizationNotFoundReturnValue(0L);
        getAuthorizationManager().checkAuthorization(permissionCheck, permissionCheck2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricBatch(HistoricBatchEntity historicBatchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.BATCH, historicBatchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkSuspendBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkActivateBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateDeployment() {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.DEPLOYMENT);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDeployment(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DEPLOYMENT, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteDeployment(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.DEPLOYMENT, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDecisionDefinition(DecisionDefinitionEntity decisionDefinitionEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DECISION_DEFINITION, decisionDefinitionEntity.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDecisionRequirementsDefinition(DecisionRequirementsDefinitionEntity decisionRequirementsDefinitionEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DECISION_REQUIREMENTS_DEFINITION, decisionRequirementsDefinitionEntity.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadCaseDefinition(CaseDefinition caseDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricTaskInstance(HistoricTaskInstanceEntity historicTaskInstanceEntity) {
        if (historicTaskInstanceEntity == null || historicTaskInstanceEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, historicTaskInstanceEntity.getProcessDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricProcessInstance(HistoricProcessInstance historicProcessInstance) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, historicProcessInstance.getProcessDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricCaseInstance(HistoricCaseInstance historicCaseInstance) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricDecisionInstance(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.DECISION_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricDecisionInstance(HistoricDecisionInstance historicDecisionInstance) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.DECISION_DEFINITION, historicDecisionInstance.getDecisionDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoricJobLog(HistoricJobLogEventEntity historicJobLogEventEntity) {
        if (historicJobLogEventEntity.getProcessDefinitionKey() != null) {
            getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, historicJobLogEventEntity.getProcessDefinitionKey());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoryAnyProcessDefinition() {
        getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, Authorization.ANY);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoryAnyTaskInstance() {
        getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.TASK, Authorization.ANY);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateCaseInstance(CaseExecution caseExecution) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadCaseInstance(CaseExecution caseExecution) {
    }

    protected AuthorizationManager getAuthorizationManager() {
        return Context.getCommandContext().getAuthorizationManager();
    }

    protected ProcessDefinitionEntity findLatestProcessDefinitionById(String str) {
        return Context.getCommandContext().getProcessDefinitionManager().findLatestProcessDefinitionById(str);
    }

    protected ExecutionEntity findExecutionById(String str) {
        return Context.getCommandContext().getExecutionManager().findExecutionById(str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkTaskAssign(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.UPDATE_TASK).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateTask(TaskEntity taskEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.TASK);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateTask() {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.TASK);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkTaskWork(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_WORK).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.TASK_WORK).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.UPDATE_TASK).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_WORK).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        String executionId = taskEntity.getExecutionId();
        String caseExecutionId = taskEntity.getCaseExecutionId();
        if (executionId == null && caseExecutionId == null) {
            getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.TASK, id);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteUserOperationLog(UserOperationLogEntry userOperationLogEntry) {
        String processDefinitionKey;
        if (userOperationLogEntry == null || (processDefinitionKey = userOperationLogEntry.getProcessDefinitionKey()) == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, processDefinitionKey);
    }
}
