package org.opentaps.common.security;

import java.lang.reflect.InvocationTargetException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javolution.util.FastMap;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.entity.Delegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.condition.EntityCondition;
import org.ofbiz.entity.condition.EntityExpr;
import org.ofbiz.entity.condition.EntityOperator;
import org.ofbiz.entity.util.EntityUtil;
import org.ofbiz.security.Security;

/* loaded from: input_file:org/opentaps/common/security/OpentapsSecurity.class */
public class OpentapsSecurity {
    private static final String MODULE = OpentapsSecurity.class.getName();
    private static Map applicationSecurityCache = FastMap.newInstance();
    private Security security;
    private GenericValue userLogin;

    protected OpentapsSecurity() {
    }

    public OpentapsSecurity(Security security, GenericValue genericValue) {
        this.security = security;
        this.userLogin = genericValue;
    }

    public static void registerApplicationSecurity(String str, Class cls) {
        applicationSecurityCache.put(str, cls);
    }

    public boolean hasPartyRelationSecurity(String str, String str2, String str3) {
        if (this.userLogin == null || this.userLogin.getDelegator() == null) {
            Debug.logError("userLogin is null or has no associated delegator", MODULE);
            return false;
        }
        if (this.security.hasEntityPermission(str, "_MANAGER", this.userLogin) || this.security.hasEntityPermission(str, str2, this.userLogin)) {
            return true;
        }
        try {
            Delegator delegator = this.userLogin.getDelegator();
            EntityCondition filterByDateExpr = EntityUtil.getFilterByDateExpr();
            List findByConditionCache = delegator.findByConditionCache("PartyRelationshipAndPermission", EntityCondition.makeCondition(EntityOperator.AND, new EntityCondition[]{EntityCondition.makeCondition("partyIdTo", this.userLogin.getString("partyId")), EntityCondition.makeCondition(EntityOperator.OR, new EntityExpr[]{EntityCondition.makeCondition("permissionId", str + "_MANAGER"), EntityCondition.makeCondition("permissionId", str + str2)}), filterByDateExpr}), (Collection) null, (List) null);
            List filterByAnd = EntityUtil.filterByAnd(findByConditionCache, UtilMisc.toMap("partyIdFrom", str3));
            if (filterByAnd != null && filterByAnd.size() > 0) {
                if (!Debug.verboseOn()) {
                    return true;
                }
                Debug.logVerbose(this.userLogin + " has direct permitted relationship for " + str3, MODULE);
                return true;
            }
            Iterator it = findByConditionCache.iterator();
            while (it.hasNext()) {
                List findByConditionCache2 = delegator.findByConditionCache("PartyRelationship", EntityCondition.makeCondition(EntityOperator.AND, new EntityCondition[]{EntityCondition.makeCondition("partyIdFrom", str3), EntityCondition.makeCondition("partyIdTo", ((GenericValue) it.next()).getString("partyIdFrom")), filterByDateExpr}), (Collection) null, (List) null);
                if (findByConditionCache2 != null && findByConditionCache2.size() > 0) {
                    if (!Debug.verboseOn()) {
                        return true;
                    }
                    Debug.logVerbose(this.userLogin + " has indirect permitted relationship for " + str3, MODULE);
                    return true;
                }
            }
            Debug.logWarning("Checked UserLogin [" + this.userLogin + "] for permission to perform [" + str + "] + [" + str2 + "] on partyId = [" + str3 + "], but permission was denied", MODULE);
            return false;
        } catch (GenericEntityException e) {
            Debug.logError("Unable to determine security from party relationship due to error " + e.getMessage(), MODULE);
            return false;
        }
    }

    public static boolean checkSectionSecurity(String str, String str2, String str3, HttpServletRequest httpServletRequest) {
        Security security = (Security) httpServletRequest.getAttribute("security");
        GenericValue genericValue = (GenericValue) httpServletRequest.getAttribute("userLogin");
        Class cls = (Class) applicationSecurityCache.get(str);
        if (cls == null) {
            cls = OpentapsSecurity.class;
        }
        try {
            return ((OpentapsSecurity) cls.getConstructor(Security.class, GenericValue.class).newInstance(security, genericValue)).checkSectionSecurity(str2, str3, httpServletRequest);
        } catch (IllegalAccessException e) {
            Debug.logError(e, "Insufficient privileges to create [" + cls.getName() + "]: " + e.getMessage(), MODULE);
            return false;
        } catch (InstantiationException e2) {
            Debug.logError(e2, "Failed to create object [" + cls.getName() + "]: " + e2.getMessage(), MODULE);
            return false;
        } catch (NoSuchMethodException e3) {
            Debug.logError(e3, "Could not find required constructor for [" + cls.getName() + "]", MODULE);
            return false;
        } catch (InvocationTargetException e4) {
            Debug.logError(e4, "Failed to invoke constructor or [" + cls.getName() + "]: " + e4.getMessage(), MODULE);
            return false;
        }
    }

    public boolean checkSectionSecurity(String str, String str2, HttpServletRequest httpServletRequest) {
        return this.security.hasEntityPermission(str2, "_VIEW", (GenericValue) httpServletRequest.getAttribute("userLogin"));
    }
}
