package com.liferay.portal.security.permission;

import com.liferay.portal.kernel.security.pacl.DoPrivileged;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
import com.liferay.portal.service.ResourceTypePermissionLocalServiceUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.util.dao.orm.CustomSQLUtil;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import org.apache.portals.bridges.struts.StrutsPortlet;

@DoPrivileged
/* loaded from: input_file:com/liferay/portal/security/permission/InlineSQLHelperImpl.class */
public class InlineSQLHelperImpl implements InlineSQLHelper {
    private static final String _GROUP_BY_CLAUSE = " GROUP BY ";
    private static final long _NO_RESOURCE_BLOCKS_ID = -1;
    private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
    private static final String _WHERE_CLAUSE = " WHERE ";
    public static final String FILTER_BY_RESOURCE_BLOCK_ID = String.valueOf(InlineSQLHelper.class.getName()) + ".filterByResourceBlockId";
    public static final String FILTER_BY_RESOURCE_BLOCK_ID_OWNER = String.valueOf(InlineSQLHelper.class.getName()) + ".filterByResourceBlockIdOwner";
    public static final String FIND_BY_RESOURCE_BLOCK_ID = String.valueOf(InlineSQLHelper.class.getName()) + ".findByResourceBlockId";
    public static final String JOIN_RESOURCE_PERMISSION = String.valueOf(InlineSQLHelper.class.getName()) + ".joinResourcePermission";
    private static final long[] _NO_ROLE_IDS = new long[1];

    public boolean isEnabled() {
        return isEnabled(0L);
    }

    public boolean isEnabled(long j) {
        PermissionChecker permissionChecker;
        if (PropsValues.PERMISSIONS_INLINE_SQL_CHECK_ENABLED && (permissionChecker = PermissionThreadLocal.getPermissionChecker()) != null) {
            return j > 0 ? (permissionChecker.isGroupAdmin(j) || permissionChecker.isGroupOwner(j)) ? false : true : !permissionChecker.isCompanyAdmin();
        }
        return false;
    }

    public boolean isEnabled(long[] jArr) {
        if (!PropsValues.PERMISSIONS_INLINE_SQL_CHECK_ENABLED) {
            return false;
        }
        for (long j : jArr) {
            if (isEnabled(j)) {
                return true;
            }
        }
        return false;
    }

    public String replacePermissionCheck(String str, String str2, String str3) {
        return replacePermissionCheck(str, str2, str3, (String) null, new long[1], (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, long j) {
        return replacePermissionCheck(str, str2, str3, (String) null, new long[]{j}, (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, long j, String str4) {
        return replacePermissionCheck(str, str2, str3, (String) null, new long[]{j}, str4);
    }

    public String replacePermissionCheck(String str, String str2, String str3, long[] jArr) {
        return replacePermissionCheck(str, str2, str3, (String) null, jArr, (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, long[] jArr, String str4) {
        return replacePermissionCheck(str, str2, str3, (String) null, jArr, str4);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4) {
        return replacePermissionCheck(str, str2, str3, str4, new long[1], (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, long j) {
        return replacePermissionCheck(str, str2, str3, str4, new long[]{j}, (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, long j, String str5) {
        return replacePermissionCheck(str, str2, str3, str4, new long[]{j}, str5);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, long[] jArr) {
        return replacePermissionCheck(str, str2, str3, str4, jArr, (String) null);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, long[] jArr, String str5) {
        return replacePermissionCheck(str, str2, str3, str4, null, jArr, str5);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, String str5) {
        return replacePermissionCheck(str, str2, str3, str4, 0L, str5);
    }

    public String replacePermissionCheck(String str, String str2, String str3, String str4, String str5, long[] jArr, String str6) {
        if (!isEnabled(jArr)) {
            return str;
        }
        if (Validator.isNull(str2)) {
            throw new IllegalArgumentException("className is null");
        }
        return Validator.isNull(str) ? str : ResourceBlockLocalServiceUtil.isSupported(str2) ? replacePermissionCheckBlocks(str, str2, str3, str4, jArr, str6) : replacePermissionCheckJoin(str, str2, str3, str4, str5, jArr, str6);
    }

    protected Set<Long> getOwnerResourceBlockIds(long j, long[] jArr, String str) {
        HashSet hashSet = new HashSet();
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        for (long j2 : jArr) {
            hashSet.addAll(permissionChecker.getOwnerResourceBlockIds(j, j2, str, StrutsPortlet.VIEW_REQUEST));
        }
        return hashSet;
    }

    protected String getOwnerResourceBlockIdsSQL(PermissionChecker permissionChecker, long j, String str, Set<Long> set) {
        return set.size() < PropsValues.PERMISSIONS_INLINE_SQL_RESOURCE_BLOCK_QUERY_THRESHHOLD ? StringUtil.merge(set) : StringUtil.replace(CustomSQLUtil.get(FIND_BY_RESOURCE_BLOCK_ID), new String[]{"[$COMPANY_ID$]", "[$GROUP_ID$]", "[$RESOURCE_BLOCK_NAME$]", "[$ROLE_ID$]"}, new String[]{String.valueOf(permissionChecker.getCompanyId()), String.valueOf(j), str, StringUtil.valueOf(Long.valueOf(permissionChecker.getOwnerRoleId()))});
    }

    protected Set<Long> getResourceBlockIds(long j, long[] jArr, String str) {
        HashSet hashSet = new HashSet();
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        for (long j2 : jArr) {
            hashSet.addAll(permissionChecker.getResourceBlockIds(j, j2, permissionChecker.getUserId(), str, StrutsPortlet.VIEW_REQUEST));
        }
        return hashSet;
    }

    protected long[] getRoleIds(long j) {
        long[] jArr = PermissionChecker.DEFAULT_ROLE_IDS;
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        if (permissionChecker != null) {
            jArr = permissionChecker.getRoleIds(permissionChecker.getUserId(), j);
        }
        return jArr;
    }

    protected long[] getRoleIds(long[] jArr) {
        HashSet hashSet = new HashSet();
        for (long j : jArr) {
            for (long j2 : getRoleIds(j)) {
                hashSet.add(Long.valueOf(j2));
            }
        }
        return ArrayUtil.toLongArray(hashSet);
    }

    protected String getRoleIdsOrOwnerIdSQL(PermissionChecker permissionChecker, long[] jArr, String str) {
        StringBundler stringBundler = new StringBundler();
        stringBundler.append("(");
        stringBundler.append("ResourcePermission.roleId IN (");
        long[] roleIds = getRoleIds(jArr);
        if (roleIds.length == 0) {
            roleIds = _NO_ROLE_IDS;
        }
        stringBundler.append(StringUtil.merge(roleIds));
        stringBundler.append(")");
        if (permissionChecker.isSignedIn()) {
            stringBundler.append(" OR ");
            long userId = permissionChecker.getUserId();
            if (Validator.isNotNull(str)) {
                stringBundler.append("(");
                stringBundler.append(str);
                stringBundler.append(" = ");
                stringBundler.append(userId);
                stringBundler.append(")");
            } else {
                stringBundler.append("(ResourcePermission.ownerId = ");
                stringBundler.append(userId);
                stringBundler.append(")");
            }
        }
        stringBundler.append(")");
        return stringBundler.toString();
    }

    protected long getUserId() {
        long j = 0;
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        if (permissionChecker != null) {
            j = permissionChecker.getUserId();
        }
        return j;
    }

    protected String getUserResourceBlockIdsSQL(PermissionChecker permissionChecker, long j, long[] jArr, String str, Set<Long> set) {
        return set.size() < PropsValues.PERMISSIONS_INLINE_SQL_RESOURCE_BLOCK_QUERY_THRESHHOLD ? StringUtil.merge(set) : StringUtil.replace(CustomSQLUtil.get(FIND_BY_RESOURCE_BLOCK_ID), new String[]{"[$COMPANY_ID$]", "[$GROUP_ID$]", "[$RESOURCE_BLOCK_NAME$]", "[$ROLE_ID$]"}, new String[]{String.valueOf(permissionChecker.getCompanyId()), String.valueOf(j), str, StringUtil.merge(jArr)});
    }

    protected String replacePermissionCheckBlocks(String str, String str2, String str3, String str4, long[] jArr, String str5) {
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        long j = jArr.length == 1 ? jArr[0] : 0L;
        long[] roleIds = permissionChecker.getRoleIds(getUserId(), j);
        try {
            for (long j2 : roleIds) {
                if (ResourceTypePermissionLocalServiceUtil.hasCompanyScopePermission(permissionChecker.getCompanyId(), str2, j2, StrutsPortlet.VIEW_REQUEST)) {
                    return str;
                }
            }
        } catch (Exception unused) {
        }
        Set<Long> resourceBlockIds = getResourceBlockIds(permissionChecker.getCompanyId(), jArr, str2);
        String str6 = Validator.isNotNull(str5) ? str5 : "";
        Set<Long> ownerResourceBlockIds = getOwnerResourceBlockIds(permissionChecker.getCompanyId(), jArr, str2);
        ownerResourceBlockIds.removeAll(resourceBlockIds);
        if (ownerResourceBlockIds.isEmpty()) {
            ownerResourceBlockIds.add(-1L);
        }
        if (resourceBlockIds.isEmpty()) {
            resourceBlockIds.add(-1L);
        }
        String replace = Validator.isNotNull(str4) ? StringUtil.replace(str6.concat(CustomSQLUtil.get(FILTER_BY_RESOURCE_BLOCK_ID_OWNER)), new String[]{"[$OWNER_RESOURCE_BLOCK_ID$]", "[$USER_ID$]", "[$USER_ID_FIELD$]", "[$USER_RESOURCE_BLOCK_ID$]"}, new String[]{getOwnerResourceBlockIdsSQL(permissionChecker, j, str2, ownerResourceBlockIds), String.valueOf(permissionChecker.getUserId()), str4, getUserResourceBlockIdsSQL(permissionChecker, j, roleIds, str2, resourceBlockIds)}) : StringUtil.replace(str6.concat(CustomSQLUtil.get(FILTER_BY_RESOURCE_BLOCK_ID)), "[$USER_RESOURCE_BLOCK_ID$]", getUserResourceBlockIdsSQL(permissionChecker, j, roleIds, str2, resourceBlockIds));
        int indexOf = str.indexOf(_WHERE_CLAUSE);
        if (indexOf == -1) {
            int indexOf2 = str.indexOf(_GROUP_BY_CLAUSE);
            if (indexOf2 != -1) {
                return str.substring(0, indexOf2 + 1).concat(replace).concat(str.substring(indexOf2 + 1));
            }
            int indexOf3 = str.indexOf(_ORDER_BY_CLAUSE);
            return indexOf3 != -1 ? str.substring(0, indexOf3 + 1).concat(replace).concat(str.substring(indexOf3 + 1)) : str.concat(" ").concat(replace);
        }
        StringBundler stringBundler = new StringBundler(4);
        stringBundler.append(str.substring(0, indexOf));
        stringBundler.append(replace);
        stringBundler.append(" AND ");
        stringBundler.append(str.substring(indexOf + 7));
        return stringBundler.toString();
    }

    protected String replacePermissionCheckJoin(String str, String str2, String str3, String str4, String str5, long[] jArr, String str6) {
        if (Validator.isNull(str3)) {
            throw new IllegalArgumentException("classPKField is null");
        }
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        if (permissionChecker.hasPermission(jArr.length == 1 ? jArr[0] : 0L, str2, 0L, StrutsPortlet.VIEW_REQUEST)) {
            return str;
        }
        String str7 = String.valueOf(Validator.isNotNull(str6) ? str6 : "") + CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
        StringBundler stringBundler = new StringBundler();
        stringBundler.append("(((ResourcePermission.primKey = CAST_TEXT(");
        stringBundler.append(str3);
        stringBundler.append(")) AND ((");
        boolean z = false;
        ArrayList<Long> arrayList = new ArrayList();
        for (int i = 0; i < jArr.length; i++) {
            long j = jArr[i];
            if (permissionChecker.hasPermission(j, str2, 0L, StrutsPortlet.VIEW_REQUEST)) {
                arrayList.add(Long.valueOf(j));
            } else {
                if (i > 0 && z) {
                    stringBundler.append(" OR ");
                }
                z = true;
                stringBundler.append("(");
                if (Validator.isNull(str5)) {
                    stringBundler.append(str3.substring(0, str3.lastIndexOf(46)));
                    stringBundler.append(".groupId = ");
                } else {
                    stringBundler.append(str5);
                    stringBundler.append(" = ");
                }
                stringBundler.append(j);
                stringBundler.append(")");
            }
        }
        stringBundler.append(")");
        if (!arrayList.isEmpty()) {
            for (Long l : arrayList) {
                stringBundler.append(" OR (");
                if (Validator.isNull(str5)) {
                    stringBundler.append(str3.substring(0, str3.lastIndexOf(46)));
                    stringBundler.append(".groupId = ");
                } else {
                    stringBundler.append(str5);
                    stringBundler.append(" = ");
                }
                stringBundler.append(l);
                stringBundler.append(")");
            }
        }
        stringBundler.append(")))");
        String replace = StringUtil.replace(str7, new String[]{"[$CLASS_NAME$]", "[$COMPANY_ID$]", "[$PRIM_KEYS$]", "[$RESOURCE_SCOPE_INDIVIDUAL$]", "[$ROLE_IDS_OR_OWNER_ID$]"}, new String[]{str2, String.valueOf(permissionChecker.getCompanyId()), stringBundler.toString(), String.valueOf(4), getRoleIdsOrOwnerIdSQL(permissionChecker, jArr, str4)});
        int indexOf = str.indexOf(_WHERE_CLAUSE);
        if (indexOf != -1) {
            return str.substring(0, indexOf + 1).concat(replace).concat(str.substring(indexOf + 1));
        }
        int indexOf2 = str.indexOf(_GROUP_BY_CLAUSE);
        if (indexOf2 != -1) {
            return str.substring(0, indexOf2 + 1).concat(replace).concat(str.substring(indexOf2 + 1));
        }
        int indexOf3 = str.indexOf(_ORDER_BY_CLAUSE);
        return indexOf3 != -1 ? str.substring(0, indexOf3 + 1).concat(replace).concat(str.substring(indexOf3 + 1)) : str.concat(" ").concat(replace);
    }
}
