package org.activiti.cloud.services.query.rest;

import com.querydsl.core.BooleanBuilder;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import java.util.List;
import java.util.Optional;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.transaction.Transactional;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.cloud.services.query.app.repository.EntityFinder;
import org.activiti.cloud.services.query.app.repository.ProcessInstanceRepository;
import org.activiti.cloud.services.query.app.repository.TaskRepository;
import org.activiti.cloud.services.query.events.handlers.QueryEventHandlerContextOptimizer;
import org.activiti.cloud.services.query.model.ProcessInstanceEntity;
import org.activiti.cloud.services.query.model.QProcessInstanceEntity;
import org.activiti.cloud.services.query.model.QTaskEntity;
import org.activiti.cloud.services.security.ProcessInstanceRestrictionService;
import org.activiti.core.common.spring.security.policies.ActivitiForbiddenException;
import org.activiti.core.common.spring.security.policies.SecurityPoliciesManager;
import org.activiti.core.common.spring.security.policies.SecurityPolicyAccess;
import org.hibernate.Hibernate;
import org.hibernate.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;

/* loaded from: input_file:org/activiti/cloud/services/query/rest/ProcessInstanceService.class */
public class ProcessInstanceService {
    private static final Logger LOGGER = LoggerFactory.getLogger(ProcessInstanceService.class);
    private final ProcessInstanceRepository processInstanceRepository;
    private final TaskRepository taskRepository;
    private final ProcessInstanceRestrictionService processInstanceRestrictionService;
    private final SecurityPoliciesManager securityPoliciesApplicationService;
    private final SecurityManager securityManager;
    private final EntityFinder entityFinder;

    @PersistenceContext
    private EntityManager entityManager;

    public ProcessInstanceService(ProcessInstanceRepository processInstanceRepository, TaskRepository taskRepository, ProcessInstanceRestrictionService processInstanceRestrictionService, SecurityPoliciesManager securityPoliciesManager, SecurityManager securityManager, EntityFinder entityFinder) {
        this.processInstanceRepository = processInstanceRepository;
        this.taskRepository = taskRepository;
        this.processInstanceRestrictionService = processInstanceRestrictionService;
        this.securityPoliciesApplicationService = securityPoliciesManager;
        this.securityManager = securityManager;
        this.entityFinder = entityFinder;
    }

    public Page<ProcessInstanceEntity> findAll(Predicate predicate, Pageable pageable) {
        return this.processInstanceRepository.findAll(this.processInstanceRestrictionService.restrictProcessInstanceQuery((Predicate) Optional.ofNullable(predicate).orElseGet(BooleanBuilder::new), SecurityPolicyAccess.READ), pageable);
    }

    @Transactional
    public Page<ProcessInstanceEntity> findAllWithVariables(Predicate predicate, List<String> list, Pageable pageable) {
        ((Session) this.entityManager.unwrap(Session.class)).enableFilter("variableDefinitionIds").setParameterList(QueryEventHandlerContextOptimizer.VARIABLES, list);
        Page<ProcessInstanceEntity> findAll = findAll(predicate, pageable);
        findAll.forEach(processInstanceEntity -> {
            Hibernate.initialize(processInstanceEntity.getVariables());
        });
        return findAll;
    }

    public ProcessInstanceEntity findById(String str) {
        ProcessInstanceEntity processInstanceEntity = (ProcessInstanceEntity) this.entityFinder.findById(this.processInstanceRepository, str, String.format("Unable to find process instance for the given id:'%s'", str));
        if (canRead(processInstanceEntity)) {
            return processInstanceEntity;
        }
        LOGGER.debug(String.format("User %s not permitted to access definition %s and/or process instance id %s", this.securityManager.getAuthenticatedUserId(), processInstanceEntity.getProcessDefinitionKey(), str));
        throw new ActivitiForbiddenException(String.format("Operation not permitted for %s and/or process instance", processInstanceEntity.getProcessDefinitionKey()));
    }

    public Page<ProcessInstanceEntity> subprocesses(String str, Predicate predicate, Pageable pageable) {
        Predicate predicate2 = (Predicate) Optional.ofNullable(predicate).orElseGet(BooleanBuilder::new);
        ProcessInstanceEntity processInstanceEntity = (ProcessInstanceEntity) this.entityFinder.findById(this.processInstanceRepository, str, "Unable to find process for the given id:'" + str + "'");
        if (canRead(processInstanceEntity)) {
            return this.processInstanceRepository.findAll(QProcessInstanceEntity.processInstanceEntity.parentId.eq(str).and(predicate2), pageable);
        }
        LOGGER.debug("User " + this.securityManager.getAuthenticatedUserId() + " not permitted to access definition " + processInstanceEntity.getProcessDefinitionKey() + " and/or process instance id " + str);
        throw new ActivitiForbiddenException("Operation not permitted for " + processInstanceEntity.getProcessDefinitionKey() + " and/or process instance");
    }

    private boolean canRead(ProcessInstanceEntity processInstanceEntity) {
        return this.securityPoliciesApplicationService.canRead(processInstanceEntity.getProcessDefinitionKey(), processInstanceEntity.getServiceName()) && (this.securityManager.getAuthenticatedUserId().equals(processInstanceEntity.getInitiator()) || isInvolvedInATask(processInstanceEntity.getId()));
    }

    private boolean isInvolvedInATask(String str) {
        String authenticatedUserId = this.securityManager.getAuthenticatedUserId();
        List authenticatedUserGroups = this.securityManager.getAuthenticatedUserGroups();
        QTaskEntity qTaskEntity = QTaskEntity.taskEntity;
        BooleanExpression or = qTaskEntity.assignee.eq(authenticatedUserId).or(qTaskEntity.owner.eq(authenticatedUserId)).or(qTaskEntity.taskCandidateUsers.any().userId.eq(authenticatedUserId));
        if (authenticatedUserGroups != null && authenticatedUserGroups.size() > 0) {
            or = or.or(qTaskEntity.taskCandidateGroups.any().groupId.in(authenticatedUserGroups));
        }
        return this.taskRepository.exists(qTaskEntity.processInstanceId.eq(str).and(or));
    }
}
