package org.rhq.enterprise.server.authz;

import java.util.Collection;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ejb.Stateless;
import javax.interceptor.ExcludeDefaultInterceptors;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.operation.GroupOperationJob;

@ExcludeDefaultInterceptors
@Stateless
/* loaded from: input_file:WEB-INF/lib/rhq-enterprise-server-3.0.0.EmbJopr5.jar:org/rhq/enterprise/server/authz/AuthorizationManagerBean.class */
public class AuthorizationManagerBean implements AuthorizationManagerLocal {

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitGlobalPermissions(Subject subject) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_GLOBAL_PERMISSIONS);
        createNamedQuery.setParameter("subject", subject);
        List<Permission> resultList = createNamedQuery.getResultList();
        EnumSet noneOf = EnumSet.noneOf(Permission.class);
        for (Permission permission : resultList) {
            if (permission.getTarget() == Permission.Target.GLOBAL) {
                noneOf.add(permission);
            }
        }
        return noneOf;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitGroupPermissions(Subject subject, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_GROUP_ID);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter(GroupOperationJob.DATAMAP_INT_GROUP_ID, Integer.valueOf(i));
        List resultList = createNamedQuery.getResultList();
        EnumSet noneOf = EnumSet.noneOf(Permission.class);
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            noneOf.add((Permission) it.next());
        }
        return noneOf;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getImplicitGroupPermissions(Subject subject, int i) {
        return isInventoryManager(subject) ? Permission.RESOURCE_ALL : getExplicitGroupPermissions(subject, i);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitResourcePermissions(Subject subject, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_RESOURCE_ID);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        List resultList = createNamedQuery.getResultList();
        EnumSet noneOf = EnumSet.noneOf(Permission.class);
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            noneOf.add((Permission) it.next());
        }
        return noneOf;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getImplicitResourcePermissions(Subject subject, int i) {
        return isInventoryManager(subject) ? Permission.RESOURCE_ALL : getExplicitResourcePermissions(subject, i);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasGlobalPermission(Subject subject, Permission permission) {
        if (isOverlord(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_GLOBAL_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasGroupPermission(Subject subject, Permission permission, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_GROUP_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter(GroupOperationJob.DATAMAP_INT_GROUP_ID, Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasResourcePermission(Subject subject, Permission permission, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_RESOURCE_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasAutoGroupPermission(Subject subject, Permission permission, int i, int i2) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_AUTO_GROUP_PERMISSION);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("parentResourceId", Integer.valueOf(i));
        createNamedQuery.setParameter("resourceTypeId", Integer.valueOf(i2));
        createNamedQuery.setParameter("subject", (Object) (-1));
        long longValue = ((Long) createNamedQuery.getSingleResult()).longValue();
        createNamedQuery.setParameter("subject", subject);
        return longValue == ((Long) createNamedQuery.getSingleResult()).longValue();
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewResource(Subject subject, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_RESOURCE);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewResources(Subject subject, List<Integer> list) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_RESOURCES);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceIds", list);
        return ((Long) createNamedQuery.getSingleResult()).longValue() == ((long) list.size());
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewGroup(Subject subject, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_GROUP);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter(GroupOperationJob.DATAMAP_INT_GROUP_ID, Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewAutoGroup(Subject subject, int i, int i2) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_AUTO_GROUP);
        createNamedQuery.setParameter("parentResourceId", Integer.valueOf(i));
        createNamedQuery.setParameter("resourceTypeId", Integer.valueOf(i2));
        createNamedQuery.setParameter("subject", (Object) (-1));
        long longValue = ((Long) createNamedQuery.getSingleResult()).longValue();
        createNamedQuery.setParameter("subject", subject);
        return longValue == ((Long) createNamedQuery.getSingleResult()).longValue();
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isInventoryManager(Subject subject) {
        return hasGlobalPermission(subject, Permission.MANAGE_INVENTORY);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasResourcePermission(Subject subject, Permission permission, Collection<Integer> collection) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_RESOURCES_BY_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        return createNamedQuery.getResultList().containsAll(collection);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isSystemSuperuser(Subject subject) {
        if (subject == null) {
            return false;
        }
        return subject.getId() == 1 || subject.getId() == 2;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isOverlord(Subject subject) {
        return subject != null && subject.getId() == 1;
    }
}
