package org.activiti.cloud.services.query.rest;

import com.querydsl.core.BooleanBuilder;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import io.swagger.v3.oas.annotations.Parameter;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.cloud.alfresco.data.domain.AlfrescoPagedModelAssembler;
import org.activiti.cloud.api.process.model.CloudProcessDefinition;
import org.activiti.cloud.services.query.app.repository.ProcessDefinitionRepository;
import org.activiti.cloud.services.query.model.ProcessDefinitionEntity;
import org.activiti.cloud.services.query.model.QProcessDefinitionEntity;
import org.activiti.cloud.services.query.rest.assembler.ProcessDefinitionRepresentationModelAssembler;
import org.activiti.cloud.services.security.ProcessDefinitionRestrictionService;
import org.activiti.core.common.spring.security.policies.SecurityPolicyAccess;
import org.springframework.data.domain.Pageable;
import org.springframework.data.querydsl.binding.QuerydslPredicate;
import org.springframework.hateoas.EntityModel;
import org.springframework.hateoas.PagedModel;
import org.springframework.hateoas.server.ExposesResourceFor;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping(value = {"/v1/process-definitions"}, produces = {"application/hal+json", "application/json"})
@RestController
@ExposesResourceFor(ProcessDefinitionEntity.class)
/* loaded from: input_file:org/activiti/cloud/services/query/rest/ProcessDefinitionController.class */
public class ProcessDefinitionController {
    private static final String EVERYONE_GROUP = "*";
    private ProcessDefinitionRepository repository;
    private AlfrescoPagedModelAssembler<ProcessDefinitionEntity> pagedCollectionModelAssembler;
    private ProcessDefinitionRepresentationModelAssembler processDefinitionRepresentationModelAssembler;
    private ProcessDefinitionRestrictionService processDefinitionRestrictionService;
    private SecurityManager securityManager;

    public ProcessDefinitionController(ProcessDefinitionRepository processDefinitionRepository, AlfrescoPagedModelAssembler<ProcessDefinitionEntity> alfrescoPagedModelAssembler, ProcessDefinitionRepresentationModelAssembler processDefinitionRepresentationModelAssembler, ProcessDefinitionRestrictionService processDefinitionRestrictionService, SecurityManager securityManager) {
        this.repository = processDefinitionRepository;
        this.pagedCollectionModelAssembler = alfrescoPagedModelAssembler;
        this.processDefinitionRepresentationModelAssembler = processDefinitionRepresentationModelAssembler;
        this.processDefinitionRestrictionService = processDefinitionRestrictionService;
        this.securityManager = securityManager;
    }

    @GetMapping
    public PagedModel<EntityModel<CloudProcessDefinition>> findAllProcess(@QuerydslPredicate(root = ProcessDefinitionEntity.class) @Parameter(description = "Predicate binding to core entity parameter values.", example = "{\"name\": \"Real name\"}") Predicate predicate, Pageable pageable) {
        return this.pagedCollectionModelAssembler.toModel(pageable, this.repository.findAll(applyRestrictions(predicate), pageable), this.processDefinitionRepresentationModelAssembler);
    }

    private Predicate applyRestrictions(Predicate predicate) {
        Predicate restrictProcessDefinitionQuery = this.processDefinitionRestrictionService.restrictProcessDefinitionQuery((Predicate) Optional.ofNullable(predicate).orElseGet(BooleanBuilder::new), SecurityPolicyAccess.READ);
        BooleanExpression eq = QProcessDefinitionEntity.processDefinitionEntity.candidateStarterUsers.any().userId.eq(this.securityManager.getAuthenticatedUserId());
        List<String> currentUserGroupsIncludingEveryOneGroup = getCurrentUserGroupsIncludingEveryOneGroup();
        if (!currentUserGroupsIncludingEveryOneGroup.isEmpty()) {
            eq = eq.or(QProcessDefinitionEntity.processDefinitionEntity.candidateStarterGroups.any().groupId.in(currentUserGroupsIncludingEveryOneGroup));
        }
        return eq.and(restrictProcessDefinitionQuery);
    }

    private List<String> getCurrentUserGroupsIncludingEveryOneGroup() {
        ArrayList arrayList = new ArrayList(this.securityManager.getAuthenticatedUserGroups());
        arrayList.add(EVERYONE_GROUP);
        return arrayList;
    }
}
