package org.rhq.enterprise.server.authz;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ejb.Stateless;
import javax.interceptor.ExcludeDefaultInterceptors;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.content.Repo;
import org.rhq.core.domain.criteria.MeasurementScheduleCriteria;
import org.rhq.core.domain.resource.group.ResourceGroup;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.plugins.alertCli.CliSender;

@ExcludeDefaultInterceptors
@Stateless
/* loaded from: input_file:rhq-server.jar/org/rhq/enterprise/server/authz/AuthorizationManagerBean.class */
public class AuthorizationManagerBean implements AuthorizationManagerLocal {
    private static final int SUBJECT_ID_OVERLORD = 1;
    private static final int SUBJECT_ID_RHQADMIN = 2;

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitGlobalPermissions(Subject subject) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_GLOBAL_PERMISSIONS);
        createNamedQuery.setParameter("subject", subject);
        List<Permission> resultList = createNamedQuery.getResultList();
        HashSet hashSet = new HashSet();
        for (Permission permission : resultList) {
            if (permission.getTarget() == Permission.Target.GLOBAL) {
                hashSet.add(permission);
            }
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitGroupPermissions(Subject subject, int i) {
        HashSet hashSet = new HashSet();
        Subject subject2 = ((ResourceGroup) this.entityManager.find(ResourceGroup.class, Integer.valueOf(i))).getSubject();
        if (null == subject2) {
            Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_GROUP_ID);
            createNamedQuery.setParameter("subject", subject);
            createNamedQuery.setParameter("groupId", Integer.valueOf(i));
            Iterator it = createNamedQuery.getResultList().iterator();
            while (it.hasNext()) {
                hashSet.add((Permission) it.next());
            }
        } else if (subject.equals(subject2)) {
            Query createNamedQuery2 = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_PRIVATE_GROUP_ID);
            createNamedQuery2.setParameter("subjectId", Integer.valueOf(subject.getId()));
            createNamedQuery2.setParameter("privateGroupId", Integer.valueOf(i));
            Iterator it2 = createNamedQuery2.getResultList().iterator();
            while (it2.hasNext()) {
                hashSet.add((Permission) ((Object[]) it2.next())[0]);
            }
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getImplicitGroupPermissions(Subject subject, int i) {
        return isInventoryManager(subject) ? Permission.RESOURCE_ALL : getExplicitGroupPermissions(subject, i);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getExplicitResourcePermissions(Subject subject, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_RESOURCE_ID);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        List resultList = createNamedQuery.getResultList();
        HashSet hashSet = new HashSet();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            hashSet.add((Permission) it.next());
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getImplicitResourcePermissions(Subject subject, int i) {
        return isInventoryManager(subject) ? Permission.RESOURCE_ALL : getExplicitResourcePermissions(subject, i);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasGlobalPermission(Subject subject, Permission permission) {
        if (isOverlord(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_GLOBAL_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasGroupPermission(Subject subject, Permission permission, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Subject subject2 = ((ResourceGroup) this.entityManager.find(ResourceGroup.class, Integer.valueOf(i))).getSubject();
        if (null == subject2) {
            Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_GROUP_PERMISSION);
            createNamedQuery.setParameter("subject", subject);
            createNamedQuery.setParameter("permission", permission);
            createNamedQuery.setParameter("groupId", Integer.valueOf(i));
            return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
        }
        if (!subject.equals(subject2)) {
            return false;
        }
        Query createNamedQuery2 = this.entityManager.createNamedQuery(Subject.QUERY_HAS_PRIVATE_GROUP_PERMISSION);
        createNamedQuery2.setParameter("subjectId", Integer.valueOf(subject.getId()));
        createNamedQuery2.setParameter("permission", permission);
        createNamedQuery2.setParameter("privateGroupId", Integer.valueOf(i));
        return !createNamedQuery2.getResultList().isEmpty();
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasResourcePermission(Subject subject, Permission permission, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_RESOURCE_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasBundlePermission(Subject subject, Permission permission, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_BUNDLE_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("bundleId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getBundlePermissions(Subject subject, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_BUNDLE_ID);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("bundleId", Integer.valueOf(i));
        List resultList = createNamedQuery.getResultList();
        HashSet hashSet = new HashSet();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            hashSet.add((Permission) it.next());
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public Set<Permission> getBundleGroupPermissions(Subject subject, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_PERMISSIONS_BY_BUNDLE_GROUP_ID);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("bundleGroupId", Integer.valueOf(i));
        List resultList = createNamedQuery.getResultList();
        HashSet hashSet = new HashSet();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            hashSet.add((Permission) it.next());
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasBundlePermission(Subject subject, Permission permission, Collection<Integer> collection) {
        if (isSystemSuperuser(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_BUNDLES_BY_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        return createNamedQuery.getResultList().containsAll(collection);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasBundleGroupPermission(Subject subject, Permission permission, int i) {
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_BUNDLE_GROUP_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("bundleGroupId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasAutoGroupPermission(Subject subject, Permission permission, int i, int i2) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_HAS_AUTO_GROUP_PERMISSION);
        createNamedQuery.setParameter("permission", permission);
        createNamedQuery.setParameter("parentResourceId", Integer.valueOf(i));
        createNamedQuery.setParameter(MeasurementScheduleCriteria.FILTER_FIELD_RESOURCE_TYPE_ID, Integer.valueOf(i2));
        createNamedQuery.setParameter("subjectId", (Object) (-1));
        long longValue = ((Long) createNamedQuery.getSingleResult()).longValue();
        createNamedQuery.setParameter("subjectId", Integer.valueOf(subject.getId()));
        return longValue == ((Long) createNamedQuery.getSingleResult()).longValue();
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewResource(Subject subject, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_RESOURCE);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewResources(Subject subject, List<Integer> list) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_RESOURCES);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("resourceIds", list);
        return ((Long) createNamedQuery.getSingleResult()).longValue() == ((long) list.size());
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewGroup(Subject subject, int i) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_GROUP);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("groupId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewAutoGroup(Subject subject, int i, int i2) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_AUTO_GROUP);
        createNamedQuery.setParameter("parentResourceId", Integer.valueOf(i));
        createNamedQuery.setParameter(MeasurementScheduleCriteria.FILTER_FIELD_RESOURCE_TYPE_ID, Integer.valueOf(i2));
        createNamedQuery.setParameter("subjectId", (Object) (-1));
        long longValue = ((Long) createNamedQuery.getSingleResult()).longValue();
        createNamedQuery.setParameter("subjectId", Integer.valueOf(subject.getId()));
        return longValue == ((Long) createNamedQuery.getSingleResult()).longValue();
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewBundle(Subject subject, int i) {
        if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("bundleId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewBundleGroup(Subject subject, int i) {
        if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE_GROUP);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("bundleGroupId", Integer.valueOf(i));
        return ((Long) createNamedQuery.getSingleResult()).longValue() != 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isInventoryManager(Subject subject) {
        return hasGlobalPermission(subject, Permission.MANAGE_INVENTORY);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean hasResourcePermission(Subject subject, Permission permission, Collection<Integer> collection) {
        if (isInventoryManager(subject)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Subject.QUERY_GET_RESOURCES_BY_PERMISSION);
        createNamedQuery.setParameter("subject", subject);
        createNamedQuery.setParameter("permission", permission);
        return createNamedQuery.getResultList().containsAll(collection);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isSystemSuperuser(Subject subject) {
        return subject != null && (subject.getId() == 1 || subject.getId() == 2);
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean isOverlord(Subject subject) {
        return subject != null && subject.getId() == 1;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canUpdateRepo(Subject subject, int i) {
        if (hasGlobalPermission(subject, Permission.MANAGE_REPOSITORIES)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Repo.QUERY_CHECK_REPO_OWNED_BY_SUBJECT_ID);
        createNamedQuery.setParameter(CliSender.PROP_REPO_ID, Integer.valueOf(i));
        createNamedQuery.setParameter("subjectId", Integer.valueOf(subject.getId()));
        return ((Long) createNamedQuery.getSingleResult()).longValue() > 0;
    }

    @Override // org.rhq.enterprise.server.authz.AuthorizationManagerLocal
    public boolean canViewRepo(Subject subject, int i) {
        if (hasGlobalPermission(subject, Permission.MANAGE_REPOSITORIES)) {
            return true;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(Repo.QUERY_CHECK_REPO_VISIBLE_BY_SUBJECT_ID);
        createNamedQuery.setParameter(CliSender.PROP_REPO_ID, Integer.valueOf(i));
        createNamedQuery.setParameter("subjectId", Integer.valueOf(subject.getId()));
        return ((Long) createNamedQuery.getSingleResult()).longValue() > 0;
    }
}
