package org.activiti.cloud.services.security;

import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.core.types.dsl.StringPath;
import java.util.Map;
import java.util.Set;
import org.activiti.api.runtime.shared.identity.UserGroupManager;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.cloud.services.query.model.QProcessInstanceEntity;
import org.activiti.cloud.services.query.model.QProcessVariableEntity;
import org.activiti.core.common.spring.security.policies.BaseSecurityPoliciesManagerImpl;
import org.activiti.core.common.spring.security.policies.SecurityPolicyAccess;
import org.activiti.core.common.spring.security.policies.conf.SecurityPoliciesProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/activiti-cloud-services-query-rest-7.0.68.jar:org/activiti/cloud/services/security/SecurityPoliciesApplicationServiceImpl.class */
public class SecurityPoliciesApplicationServiceImpl extends BaseSecurityPoliciesManagerImpl {

    @Value("${spring.application.name}")
    private String appName;

    public SecurityPoliciesApplicationServiceImpl(UserGroupManager userGroupManager, SecurityManager securityManager, SecurityPoliciesProperties securityPoliciesProperties) {
        super(userGroupManager, securityManager, securityPoliciesProperties);
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canRead(String str) {
        return canRead(str, this.appName);
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canWrite(String str) {
        return canWrite(str, this.appName);
    }

    public Predicate restrictProcessInstanceQuery(Predicate predicate, SecurityPolicyAccess securityPolicyAccess) {
        return !arePoliciesDefined() ? predicate : buildPredicateForQProcessInstance(predicate, securityPolicyAccess, QProcessInstanceEntity.processInstanceEntity);
    }

    public Predicate restrictProcessInstanceVariableQuery(Predicate predicate, SecurityPolicyAccess securityPolicyAccess) {
        if (!arePoliciesDefined()) {
            return predicate;
        }
        QProcessInstanceEntity qProcessInstanceEntity = QProcessVariableEntity.processVariableEntity.processInstance;
        BooleanExpression isNotNull = qProcessInstanceEntity.isNotNull();
        BooleanExpression booleanExpression = isNotNull;
        if (predicate != null) {
            booleanExpression = isNotNull.and(predicate);
        }
        return buildPredicateForQProcessInstance(booleanExpression, securityPolicyAccess, qProcessInstanceEntity);
    }

    public Predicate buildPredicateForQProcessInstance(Predicate predicate, SecurityPolicyAccess securityPolicyAccess, QProcessInstanceEntity qProcessInstanceEntity) {
        BooleanExpression booleanExpression = null;
        Map<String, Set<String>> allowedKeys = getAllowedKeys(securityPolicyAccess);
        for (String str : allowedKeys.keySet()) {
            booleanExpression = addProcessDefRestrictionToExpression(qProcessInstanceEntity, booleanExpression, str, allowedKeys.get(str));
        }
        return (booleanExpression == null && arePoliciesDefined()) ? getImpossiblePredicate(qProcessInstanceEntity) : booleanExpression != null ? booleanExpression.and(predicate) : predicate;
    }

    public BooleanExpression getImpossiblePredicate(QProcessInstanceEntity qProcessInstanceEntity) {
        return qProcessInstanceEntity.id.eq((StringPath) "1").and(qProcessInstanceEntity.id.eq((StringPath) "2"));
    }

    public BooleanExpression addProcessDefRestrictionToExpression(QProcessInstanceEntity qProcessInstanceEntity, BooleanExpression booleanExpression, String str, Set<String> set) {
        BooleanExpression or = Expressions.stringTemplate("replace({0},'-','')", qProcessInstanceEntity.serviceName).equalsIgnoreCase(str.replace("-", "")).or(Expressions.stringTemplate("replace({0},'-','')", qProcessInstanceEntity.serviceFullName).equalsIgnoreCase(str.replace("-", "")));
        BooleanExpression booleanExpression2 = or;
        if (!set.contains(getSecurityPoliciesProperties().getWildcard())) {
            booleanExpression2 = restrictByAppNameAndProcDefKeys(qProcessInstanceEntity, set, or);
        }
        return booleanExpression == null ? booleanExpression2 : booleanExpression.or(booleanExpression2);
    }

    public BooleanExpression restrictByAppNameAndProcDefKeys(QProcessInstanceEntity qProcessInstanceEntity, Set<String> set, BooleanExpression booleanExpression) {
        return qProcessInstanceEntity.processDefinitionKey.in(set).and(booleanExpression);
    }
}
