package org.rhq.enterprise.server.search;

import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.criteria.SavedSearchCriteria;
import org.rhq.core.domain.search.SavedSearch;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.authz.AuthorizationManagerLocal;
import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.util.CriteriaQueryGenerator;
import org.rhq.enterprise.server.util.CriteriaQueryRunner;

@Stateless
/* loaded from: input_file:rhq-server.jar/org/rhq/enterprise/server/search/SavedSearchManagerBean.class */
public class SavedSearchManagerBean implements SavedSearchManagerLocal {

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @EJB
    private AuthorizationManagerLocal authorizationManager;

    @Override // org.rhq.enterprise.server.search.SavedSearchManagerRemote
    public int createSavedSearch(Subject subject, SavedSearch savedSearch) {
        validateManipulatePermission(subject, savedSearch);
        this.entityManager.persist(savedSearch);
        return savedSearch.getId().intValue();
    }

    @Override // org.rhq.enterprise.server.search.SavedSearchManagerRemote
    public boolean updateSavedSearch(Subject subject, SavedSearch savedSearch) {
        validateManipulatePermission(subject, savedSearch);
        SavedSearch savedSearch2 = (SavedSearch) this.entityManager.find(SavedSearch.class, savedSearch.getId());
        if (null == savedSearch2 || savedSearch2.equals(savedSearch)) {
            return false;
        }
        this.entityManager.merge(savedSearch);
        return true;
    }

    @Override // org.rhq.enterprise.server.search.SavedSearchManagerRemote
    public void deleteSavedSearch(Subject subject, int i) {
        SavedSearch savedSearch = (SavedSearch) this.entityManager.find(SavedSearch.class, Integer.valueOf(i));
        if (null != savedSearch) {
            validateManipulatePermission(subject, savedSearch);
            this.entityManager.remove(savedSearch);
        }
    }

    @Override // org.rhq.enterprise.server.search.SavedSearchManagerRemote
    public SavedSearch getSavedSearchById(Subject subject, int i) {
        SavedSearch savedSearch = (SavedSearch) this.entityManager.find(SavedSearch.class, Integer.valueOf(i));
        validateReadPermission(subject, savedSearch);
        return savedSearch;
    }

    @Override // org.rhq.enterprise.server.search.SavedSearchManagerRemote
    public PageList<SavedSearch> findSavedSearchesByCriteria(Subject subject, SavedSearchCriteria savedSearchCriteria) {
        CriteriaQueryGenerator criteriaQueryGenerator = new CriteriaQueryGenerator(subject, savedSearchCriteria);
        if (!this.authorizationManager.isInventoryManager(subject)) {
            criteriaQueryGenerator.setAuthorizationCustomConditionFragment("(subject.id=" + subject.getId() + " OR global=true)");
        }
        return new CriteriaQueryRunner(savedSearchCriteria, criteriaQueryGenerator, this.entityManager).execute();
    }

    private void validateManipulatePermission(Subject subject, SavedSearch savedSearch) {
        if (savedSearch.isGlobal()) {
            throw new UnsupportedOperationException("Global saved searches are not yet supported");
        }
        if (subject.getId() != savedSearch.getSubjectId() && !this.authorizationManager.isInventoryManager(subject)) {
            throw new PermissionException("Users without inventory manager permission can only manipulate their own saved searches");
        }
    }

    private void validateReadPermission(Subject subject, SavedSearch savedSearch) {
        if (!savedSearch.isGlobal() && subject.getId() != savedSearch.getSubjectId() && !this.authorizationManager.isInventoryManager(subject)) {
            throw new PermissionException("Users without inventory manager permission can only view their own saved searches");
        }
    }
}
