package com.ibm.tenx.app.security;

import com.ibm.tenx.core.ApplicationSecurityManager;
import com.ibm.tenx.core.Grantable;
import com.ibm.tenx.core.Identifier;
import com.ibm.tenx.core.User;
import com.ibm.tenx.core.exception.BaseRuntimeException;
import com.ibm.tenx.db.Entity;
import com.ibm.tenx.db.metadata.EntityDefinition;
import com.ibm.tenx.db.metadata.MetadataManager;
import com.ibm.tenx.db.metadata.RoleDefinition;
import com.ibm.tenx.db.metadata.RolePermissionDefinition;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* JADX WARN: Classes with same name are omitted:
  input_file:healthCheck/exploded_wars/healthcheck/WEB-INF/lib/10x-app-2.2.2.8.jar:com/ibm/tenx/app/security/DefaultApplicationSecurityManager.class
 */
/* loaded from: input_file:healthCheck/healthCheck/exploded_wars/healthcheck/WEB-INF/lib/10x-app-2.2.2.8.jar:com/ibm/tenx/app/security/DefaultApplicationSecurityManager.class */
public class DefaultApplicationSecurityManager implements ApplicationSecurityManager {
    private static final ThreadLocal<DefaultApplicationSecurityManager> s_managers = new ThreadLocal<>();
    private User _user;
    private Boolean _adminRole;
    private Boolean _sysAdmin;
    private Map<EntityDefinition, EntityPermission> _permissionsByEntity;
    private List<String> _grantedIdentifiers;
    private boolean _anythingGoes;

    @Override // com.ibm.tenx.core.ApplicationSecurityManager
    public synchronized void init(User user) {
        this._user = user;
        this._sysAdmin = null;
        this._adminRole = null;
        this._permissionsByEntity = null;
        this._grantedIdentifiers = null;
    }

    @Override // com.ibm.tenx.core.ApplicationSecurityManager
    public synchronized void reset() {
        init(this._user);
    }

    private synchronized void ensureInitialized() {
        if (this._permissionsByEntity != null) {
            return;
        }
        this._sysAdmin = false;
        this._adminRole = false;
        this._permissionsByEntity = new HashMap();
        this._grantedIdentifiers = new ArrayList();
        if (this._user != null) {
            this._user = this._user.refetch(false);
            if (this._user == null) {
                throw new BaseRuntimeException("User.refetch(false) returned null!");
            }
            this._sysAdmin = Boolean.valueOf(this._user.isSystemAdministrator());
            if (this._user instanceof Entity) {
                this._user = (User) ((Entity) this._user).refetch(true);
            }
            List<Identifier> roleIds = this._user.getRoleIds();
            if (roleIds != null) {
                Iterator<Identifier> it = roleIds.iterator();
                while (it.hasNext()) {
                    RoleDefinition role = MetadataManager.getInstance().getRole(it.next());
                    if (role != null) {
                        ArrayList<RoleDefinition> arrayList = new ArrayList();
                        while (role != null) {
                            arrayList.add(0, role);
                            role = role.getInheritsFrom();
                        }
                        ArrayList<String> arrayList2 = new ArrayList();
                        for (RoleDefinition roleDefinition : arrayList) {
                            if (!this._adminRole.booleanValue()) {
                                this._adminRole = Boolean.valueOf(roleDefinition.getName().equals(RoleDefinition.ADMINISTRATOR_NAME));
                            }
                            for (RolePermissionDefinition rolePermissionDefinition : roleDefinition.getPermissions()) {
                                if (rolePermissionDefinition.getPermission() == RolePermissionDefinition.Permission.GRANTED) {
                                    if (rolePermissionDefinition.isTrue()) {
                                        arrayList2.add(rolePermissionDefinition.getId());
                                    } else {
                                        arrayList2.remove(rolePermissionDefinition.getId());
                                    }
                                }
                            }
                        }
                        for (String str : arrayList2) {
                            if (!this._grantedIdentifiers.contains(str)) {
                                this._grantedIdentifiers.add(str);
                            }
                        }
                    }
                }
            }
        }
    }

    public EntityPermission getPermission(EntityDefinition entityDefinition) {
        ensureInitialized();
        EntityPermission entityPermission = this._permissionsByEntity.get(entityDefinition);
        if (entityPermission == null) {
            entityPermission = this._anythingGoes ? new EntityPermission() : new EntityPermission(this._user, entityDefinition);
            this._permissionsByEntity.put(entityDefinition, entityPermission);
        }
        return entityPermission;
    }

    public static void setCurrentSecurityManager(DefaultApplicationSecurityManager defaultApplicationSecurityManager) {
        if (s_managers.get() != null) {
            throw new BaseRuntimeException("Security manager already set for " + Thread.currentThread() + "!");
        }
        s_managers.set(defaultApplicationSecurityManager);
    }

    public static void clear() {
        s_managers.set(null);
    }

    @Override // com.ibm.tenx.core.ApplicationSecurityManager
    public boolean isGranted(Grantable grantable) {
        if (this._anythingGoes) {
            return true;
        }
        ensureInitialized();
        Identifier identifier = grantable.getIdentifier();
        if (identifier == null || this._adminRole.booleanValue() || this._sysAdmin.booleanValue()) {
            return true;
        }
        return grantable instanceof EntityDefinition ? getPermission((EntityDefinition) grantable).canRead() : this._grantedIdentifiers.contains(identifier.getId());
    }
}
