package org.rhq.enterprise.server.authz;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.interceptor.ExcludeDefaultInterceptors;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.annotation.IgnoreDependency;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.criteria.RoleCriteria;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.resource.group.ResourceGroup;
import org.rhq.core.domain.server.PersistenceUtility;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
import org.rhq.core.util.collection.ArrayUtils;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.alert.AlertNotificationManagerLocal;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.sync.SynchronizationConstants;
import org.rhq.enterprise.server.util.CriteriaQueryGenerator;
import org.rhq.enterprise.server.util.CriteriaQueryRunner;

@Stateless
/* loaded from: input_file:org/rhq/enterprise/server/authz/RoleManagerBean.class */
public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
    private final Log log = LogFactory.getLog(RoleManagerBean.class);

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @EJB
    private RoleManagerLocal roleManager;

    @EJB
    private SubjectManagerLocal subjectManager;

    @EJB
    private AuthorizationManagerLocal authorizationManager;

    @IgnoreDependency
    @EJB
    private AlertNotificationManagerLocal alertNotificationManager;

    @IgnoreDependency
    @EJB
    private LdapGroupManagerLocal ldapGroupManager;

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    @ExcludeDefaultInterceptors
    public PageList<Role> findRolesBySubject(int i, PageControl pageControl) {
        PageList<Role> createPaginationFilter = PersistenceUtility.createPaginationFilter(this.entityManager, ((Subject) this.entityManager.find(Subject.class, Integer.valueOf(i))).getRoles(), pageControl);
        if (createPaginationFilter != null) {
            Iterator it = createPaginationFilter.iterator();
            while (it.hasNext()) {
                ((Role) it.next()).getMemberCount();
            }
        }
        return createPaginationFilter;
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    public PageList<Role> findRoles(PageControl pageControl) {
        pageControl.initDefaultOrderingField("r.name");
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, "Role.findAll");
        Query createQueryWithOrderBy = PersistenceUtility.createQueryWithOrderBy(this.entityManager, "Role.findAll", pageControl);
        long longValue = ((Long) createCountQuery.getSingleResult()).longValue();
        List resultList = createQueryWithOrderBy.getResultList();
        if (resultList != null) {
            Iterator it = resultList.iterator();
            while (it.hasNext()) {
                ((Role) it.next()).getMemberCount();
            }
        } else {
            resultList = new ArrayList();
        }
        return new PageList<>(resultList, (int) longValue, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public Role createRole(Subject subject, Role role) {
        if (role.getFsystem().booleanValue()) {
            throw new IllegalArgumentException("Unable to create system role [" + role.getName() + "] - new system roles cannot be created.");
        }
        processDependentPermissions(role);
        Iterator it = role.getLdapGroups().iterator();
        while (it.hasNext()) {
            ((LdapGroup) it.next()).setRole(role);
        }
        this.entityManager.persist(role);
        int[] iArr = new int[role.getSubjects().size()];
        int i = 0;
        Iterator it2 = role.getSubjects().iterator();
        while (it2.hasNext()) {
            int i2 = i;
            i++;
            iArr[i2] = ((Subject) it2.next()).getId();
        }
        addSubjectsToRole(subject, role.getId(), iArr);
        int[] iArr2 = new int[role.getResourceGroups().size()];
        int i3 = 0;
        Iterator it3 = role.getResourceGroups().iterator();
        while (it3.hasNext()) {
            int i4 = i3;
            i3++;
            iArr2[i4] = ((ResourceGroup) it3.next()).getId();
        }
        addResourceGroupsToRole(subject, role.getId(), iArr2);
        return role;
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void deleteRoles(Subject subject, int[] iArr) {
        if (iArr != null) {
            for (int i : iArr) {
                Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
                for (Subject subject2 : new HashSet(role.getSubjects())) {
                    role.removeSubject(subject2);
                    this.entityManager.merge(subject2);
                }
                for (ResourceGroup resourceGroup : new HashSet(role.getResourceGroups())) {
                    role.removeResourceGroup(resourceGroup);
                    this.entityManager.merge(resourceGroup);
                }
                for (Subject subject3 : new HashSet(role.getLdapSubjects())) {
                    role.removeLdapSubject(subject3);
                    this.entityManager.merge(subject3);
                }
                Role role2 = (Role) this.entityManager.merge(role);
                if (role2.getFsystem().booleanValue()) {
                    throw new PermissionException("You cannot delete an internal system role");
                }
                this.alertNotificationManager.cleanseAlertNotificationByRole(role2.getId());
                role2.getResourceGroups().size();
                role2.getSubjects().size();
                role2.getLdapGroups().size();
                this.entityManager.remove(role2);
            }
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addRolesToSubject(Subject subject, int i, int[] iArr) {
        addRolesToSubject(subject, i, iArr, false);
    }

    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addRolesToSubject(Subject subject, int i, int[] iArr, boolean z) {
        if (iArr != null) {
            Subject subjectById = this.subjectManager.getSubjectById(i);
            if (subjectById == null) {
                throw new IllegalArgumentException("Could not find subject[" + i + "] to add roles to");
            }
            if (subjectById.getFsystem() || this.authorizationManager.isSystemSuperuser(subjectById)) {
                throw new PermissionException("You cannot assign roles to user [" + subjectById.getName() + "] - roles are fixed for this user");
            }
            subjectById.getRoles().size();
            for (int i2 : iArr) {
                Integer valueOf = Integer.valueOf(i2);
                Role role = (Role) this.entityManager.find(Role.class, valueOf);
                if (role == null) {
                    throw new IllegalArgumentException("Tried to add role[" + valueOf + "] to subject[" + i + "], but role was not found");
                }
                role.addSubject(subjectById);
                if (z) {
                    role.addLdapSubject(subjectById);
                }
            }
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addSubjectsToRole(Subject subject, int i, int[] iArr) {
        if (iArr != null) {
            Role roleById = getRoleById(Integer.valueOf(i));
            if (roleById == null) {
                throw new IllegalArgumentException("Could not find role[" + i + "] to add subjects to");
            }
            for (int i2 : iArr) {
                Integer valueOf = Integer.valueOf(i2);
                Subject subject2 = (Subject) this.entityManager.find(Subject.class, valueOf);
                if (subject2 == null) {
                    throw new IllegalArgumentException("Tried to add subject[" + valueOf + "] to role[" + i + "], but subject was not found");
                }
                if (subject2.getFsystem() || this.authorizationManager.isSystemSuperuser(subject2)) {
                    throw new PermissionException("You cannot alter the roles for user [" + subject2.getName() + "] - roles are fixed for this user");
                }
                roleById.addSubject(subject2);
            }
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeRolesFromSubject(Subject subject, int i, int[] iArr) {
        if (iArr != null) {
            Subject subjectById = this.subjectManager.getSubjectById(i);
            if (subjectById.getFsystem() || this.authorizationManager.isSystemSuperuser(subjectById)) {
                throw new PermissionException("You cannot remove roles from user [" + subjectById.getName() + "] - roles are fixed for this user");
            }
            for (int i2 : iArr) {
                Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i2));
                if (role != null) {
                    role.removeSubject(subjectById);
                }
            }
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedSubjectRoles(Subject subject, int i, int[] iArr) {
        Subject subjectById = this.subjectManager.getSubjectById(i);
        ArrayList arrayList = new ArrayList();
        Iterator it = subjectById.getRoles().iterator();
        while (it.hasNext()) {
            arrayList.add(Integer.valueOf(((Role) it.next()).getId()));
        }
        List wrapInList = ArrayUtils.wrapInList(iArr);
        wrapInList.removeAll(arrayList);
        if (wrapInList.size() > 0) {
            int[] iArr2 = new int[wrapInList.size()];
            int i2 = 0;
            Iterator it2 = wrapInList.iterator();
            while (it2.hasNext()) {
                int i3 = i2;
                i2++;
                iArr2[i3] = ((Integer) it2.next()).intValue();
            }
            this.roleManager.addRolesToSubject(subject, i, iArr2);
        }
        ArrayList arrayList2 = new ArrayList(arrayList);
        arrayList2.removeAll(ArrayUtils.wrapInList(iArr));
        if (arrayList2.size() > 0) {
            int[] iArr3 = new int[arrayList2.size()];
            int i4 = 0;
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                int i5 = i4;
                i4++;
                iArr3[i5] = ((Integer) it3.next()).intValue();
            }
            this.roleManager.removeRolesFromSubject(subject, i, iArr3);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    public Role getRoleById(Integer num) {
        return (Role) this.entityManager.find(Role.class, num);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setPermissions(Subject subject, Integer num, Set<Permission> set) {
        Role role = (Role) this.entityManager.find(Role.class, num);
        Set permissions = role.getPermissions();
        permissions.clear();
        permissions.addAll(set);
        this.entityManager.merge(role);
        this.entityManager.flush();
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    public Set<Permission> getPermissions(Integer num) {
        return ((Role) this.entityManager.find(Role.class, num)).getPermissions();
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public Role updateRole(Subject subject, Role role) {
        Role role2 = (Role) this.entityManager.find(Role.class, Integer.valueOf(role.getId()));
        if (role2 == null) {
            throw new IllegalStateException("Cannot update " + role + ", since no role exists with that id.");
        }
        role2.setName(role.getName());
        role2.setDescription(role.getDescription());
        role2.setPermissions(role.getPermissions());
        processDependentPermissions(role2);
        Set subjects = role.getSubjects();
        if (subjects != null) {
            Set<Subject> subjects2 = role2.getSubjects();
            HashSet hashSet = new HashSet(subjects2);
            for (Subject subject2 : subjects2) {
                if (subject2.getFsystem()) {
                    hashSet.remove(subject2);
                }
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                role2.removeSubject((Subject) it.next());
            }
            Iterator it2 = subjects.iterator();
            while (it2.hasNext()) {
                role2.addSubject((Subject) this.entityManager.find(Subject.class, Integer.valueOf(((Subject) it2.next()).getId())));
            }
        }
        Set resourceGroups = role.getResourceGroups();
        if (resourceGroups != null) {
            Iterator it3 = new HashSet(role2.getResourceGroups()).iterator();
            while (it3.hasNext()) {
                role2.removeResourceGroup((ResourceGroup) it3.next());
            }
            Iterator it4 = resourceGroups.iterator();
            while (it4.hasNext()) {
                role2.addResourceGroup((ResourceGroup) this.entityManager.find(ResourceGroup.class, Integer.valueOf(((ResourceGroup) it4.next()).getId())));
            }
        }
        Set<LdapGroup> ldapGroups = role.getLdapGroups();
        if (ldapGroups != null) {
            for (LdapGroup ldapGroup : new HashSet(role2.getLdapGroups())) {
                if (!ldapGroups.contains(ldapGroup)) {
                    role2.removeLdapGroup(ldapGroup);
                    this.entityManager.remove(ldapGroup);
                }
            }
            for (LdapGroup ldapGroup2 : ldapGroups) {
                LdapGroup ldapGroup3 = ldapGroup2.getId() != 0 ? (LdapGroup) this.entityManager.find(LdapGroup.class, Integer.valueOf(ldapGroup2.getId())) : null;
                if (ldapGroup3 == null) {
                    ldapGroup2.setRole(role2);
                    this.entityManager.persist(ldapGroup2);
                    ldapGroup3 = ldapGroup2;
                }
                role2.addLdapGroup(ldapGroup3);
            }
        }
        role2.getResourceGroups().size();
        role2.getSubjects().size();
        role2.getLdapGroups().size();
        return role2;
    }

    public PageList<Subject> findSubjectsByRole(Subject subject, Integer num, PageControl pageControl) {
        return findSubjectsByRole(num, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    public PageList<Subject> findSubjectsByRole(Integer num, PageControl pageControl) {
        pageControl.initDefaultOrderingField("s.name");
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, "Subject.getSubjectsAssignedToRole");
        Query createQueryWithOrderBy = PersistenceUtility.createQueryWithOrderBy(this.entityManager, "Subject.getSubjectsAssignedToRole", pageControl);
        createCountQuery.setParameter(SynchronizationConstants.ID_ATTRIBUTE, num);
        createQueryWithOrderBy.setParameter(SynchronizationConstants.ID_ATTRIBUTE, num);
        return new PageList<>(createQueryWithOrderBy.getResultList(), (int) ((Long) createCountQuery.getSingleResult()).longValue(), pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    public PageList<Role> findRolesByIds(Integer[] numArr, PageControl pageControl) {
        if (numArr == null || numArr.length == 0) {
            return new PageList<>(pageControl);
        }
        pageControl.initDefaultOrderingField("r.name");
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, "Role.findByIds");
        Query createQueryWithOrderBy = PersistenceUtility.createQueryWithOrderBy(this.entityManager, "Role.findByIds", pageControl);
        List asList = Arrays.asList(numArr);
        createCountQuery.setParameter("ids", asList);
        createQueryWithOrderBy.setParameter("ids", asList);
        long longValue = ((Long) createCountQuery.getSingleResult()).longValue();
        List resultList = createQueryWithOrderBy.getResultList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            ((Role) it.next()).getMemberCount();
        }
        return new PageList<>(resultList, (int) longValue, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public PageList<Role> findAvailableRolesForSubject(Subject subject, Integer num, Integer[] numArr, PageControl pageControl) {
        pageControl.initDefaultOrderingField("r.name");
        String str = (numArr == null || numArr.length == 0) ? "Role.findAvailableRoles" : "Role.findAvailableRolesWithExcludes";
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, str, "distinct r");
        Query createQueryWithOrderBy = PersistenceUtility.createQueryWithOrderBy(this.entityManager, str, pageControl);
        createCountQuery.setParameter("subjectId", num);
        createQueryWithOrderBy.setParameter("subjectId", num);
        if (numArr != null && numArr.length > 0) {
            List asList = Arrays.asList(numArr);
            createCountQuery.setParameter("excludes", asList);
            createQueryWithOrderBy.setParameter("excludes", asList);
        }
        long longValue = ((Long) createCountQuery.getSingleResult()).longValue();
        List resultList = createQueryWithOrderBy.getResultList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            ((Role) it.next()).getMemberCount();
        }
        return new PageList<>(resultList, (int) longValue, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public PageList<Role> findSubjectUnassignedRoles(Subject subject, int i, PageControl pageControl) {
        return findAvailableRolesForSubject(subject, Integer.valueOf(i), null, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addResourceGroupsToRole(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to add resourceGroups to");
        }
        role.getResourceGroups().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            ResourceGroup resourceGroup = (ResourceGroup) this.entityManager.find(ResourceGroup.class, valueOf);
            if (resourceGroup == null) {
                throw new IllegalArgumentException("Tried to add resourceGroup[" + valueOf + "] to role[" + i + "], but resourceGroup was not found.");
            }
            role.addResourceGroup(resourceGroup);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeResourceGroupsFromRole(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to remove resourceGroups from");
        }
        role.getResourceGroups().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            ResourceGroup resourceGroup = (ResourceGroup) this.entityManager.find(ResourceGroup.class, valueOf);
            if (resourceGroup == null) {
                throw new IllegalArgumentException("Tried to remove doomedGroup[" + valueOf + "] from role[" + i + "], but subject was not found");
            }
            role.removeResourceGroup(resourceGroup);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedResourceGroups(Subject subject, int i, int[] iArr) {
        Role role = getRole(subject, i);
        ArrayList arrayList = new ArrayList();
        Iterator it = role.getResourceGroups().iterator();
        while (it.hasNext()) {
            arrayList.add(Integer.valueOf(((ResourceGroup) it.next()).getId()));
        }
        List wrapInList = ArrayUtils.wrapInList(iArr);
        wrapInList.removeAll(arrayList);
        this.roleManager.addResourceGroupsToRole(subject, i, ArrayUtils.unwrapCollection(wrapInList));
        ArrayList arrayList2 = new ArrayList(arrayList);
        arrayList2.removeAll(ArrayUtils.wrapInList(iArr));
        this.roleManager.removeResourceGroupsFromRole(subject, i, ArrayUtils.unwrapCollection(arrayList2));
    }

    private void processDependentPermissions(Role role) {
        if (role.getPermissions().contains(Permission.MANAGE_SECURITY)) {
            role.getPermissions().addAll(EnumSet.allOf(Permission.class));
        }
        if (role.getPermissions().contains(Permission.MANAGE_INVENTORY)) {
            role.getPermissions().addAll(Permission.RESOURCE_ALL);
        }
        if (role.getPermissions().contains(Permission.CONFIGURE_WRITE)) {
            role.getPermissions().add(Permission.CONFIGURE_READ);
        }
        if (role.getPermissions().contains(Permission.CONFIGURE_READ)) {
            return;
        }
        role.getPermissions().remove(Permission.CONFIGURE_WRITE);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    public PageList<Role> findSubjectAssignedRoles(Subject subject, int i, PageControl pageControl) {
        return findRolesBySubject(i, pageControl);
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeSubjectsFromRole(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to remove subjects from");
        }
        role.getSubjects().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            Subject subject2 = (Subject) this.entityManager.find(Subject.class, valueOf);
            if (subject2 == null) {
                throw new IllegalArgumentException("Tried to remove subject[" + valueOf + "] from role[" + i + "], but subject was not found");
            }
            if (subject2.getFsystem() || this.authorizationManager.isSystemSuperuser(subject2)) {
                throw new PermissionException("You cannot remove user[" + subject2.getName() + "] from role[" + i + "] - roles are fixed for this user");
            }
            role.removeSubject(subject2);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setAssignedSubjects(Subject subject, int i, int[] iArr) {
        Role role = getRole(subject, i);
        ArrayList arrayList = new ArrayList();
        Iterator it = role.getSubjects().iterator();
        while (it.hasNext()) {
            arrayList.add(Integer.valueOf(((Subject) it.next()).getId()));
        }
        List wrapInList = ArrayUtils.wrapInList(iArr);
        wrapInList.removeAll(arrayList);
        if (wrapInList.size() > 0) {
            int[] iArr2 = new int[wrapInList.size()];
            int i2 = 0;
            Iterator it2 = wrapInList.iterator();
            while (it2.hasNext()) {
                int i3 = i2;
                i2++;
                iArr2[i3] = ((Integer) it2.next()).intValue();
            }
            this.roleManager.addSubjectsToRole(subject, i, iArr2);
        }
        ArrayList arrayList2 = new ArrayList(arrayList);
        arrayList2.removeAll(ArrayUtils.wrapInList(iArr));
        if (arrayList2.size() > 0) {
            int[] iArr3 = new int[arrayList2.size()];
            int i4 = 0;
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                int i5 = i4;
                i4++;
                iArr3[i5] = ((Integer) it3.next()).intValue();
            }
            this.roleManager.removeSubjectsFromRole(subject, i, iArr3);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeRolesFromResourceGroup(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        ResourceGroup resourceGroup = (ResourceGroup) this.entityManager.find(ResourceGroup.class, Integer.valueOf(i));
        if (resourceGroup == null) {
            throw new IllegalArgumentException("Could not find resourceGroup[" + i + "] to remove roles from");
        }
        resourceGroup.getRoles().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            Role role = (Role) this.entityManager.find(Role.class, valueOf);
            if (role == null) {
                throw new IllegalArgumentException("Tried to remove role[" + valueOf + "] from resourceGroup[" + i + "], but role was not found");
            }
            resourceGroup.removeRole(role);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    public Role getRole(Subject subject, int i) {
        return (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addRolesToResourceGroup(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        ResourceGroup resourceGroup = (ResourceGroup) this.entityManager.find(ResourceGroup.class, Integer.valueOf(i));
        if (resourceGroup == null) {
            throw new IllegalArgumentException("Could not find resourceGroup[" + i + "] to add roles to");
        }
        resourceGroup.getRoles().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            Role role = (Role) this.entityManager.find(Role.class, valueOf);
            if (role == null) {
                throw new IllegalArgumentException("Tried to add role[" + valueOf + "] to resourceGroup[" + i + "], but role was not found");
            }
            resourceGroup.addRole(role);
        }
    }

    @Override // org.rhq.enterprise.server.authz.RoleManagerLocal, org.rhq.enterprise.server.authz.RoleManagerRemote
    public PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria roleCriteria) {
        if (!roleCriteria.isSecurityManagerRequired() || this.authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SECURITY)) {
            return new CriteriaQueryRunner(roleCriteria, new CriteriaQueryGenerator(subject, roleCriteria), this.entityManager).execute();
        }
        throw new PermissionException("Subject [" + subject.getName() + "] requires SecurityManager permission for requested query criteria.");
    }
}
