package org.molgenis.security.owned;

import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.data.AbstractRepositoryDecorator;
import org.molgenis.data.Entity;
import org.molgenis.data.Fetch;
import org.molgenis.data.Query;
import org.molgenis.data.Repository;
import org.molgenis.data.aggregation.AggregateQuery;
import org.molgenis.data.aggregation.AggregateResult;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.security.core.runas.SystemSecurityToken;
import org.molgenis.security.core.utils.SecurityUtils;
import org.molgenis.util.EntityUtils;

/* loaded from: input_file:WEB-INF/lib/molgenis-security-3.0.0.jar:org/molgenis/security/owned/OwnedEntityRepositoryDecorator.class */
public class OwnedEntityRepositoryDecorator extends AbstractRepositoryDecorator<Entity> {
    private final Repository<Entity> decoratedRepo;

    public OwnedEntityRepositoryDecorator(Repository<Entity> repository) {
        this.decoratedRepo = (Repository) Objects.requireNonNull(repository);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.molgenis.data.AbstractRepositoryDecorator, com.google.common.collect.ForwardingObject
    public Repository<Entity> delegate() {
        return this.decoratedRepo;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Query<Entity> query() {
        return new QueryImpl(this);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, java.lang.Iterable
    public Iterator<Entity> iterator() {
        return mustAddRowLevelSecurity() ? findAll(new QueryImpl()).iterator() : this.decoratedRepo.iterator();
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void forEachBatched(Fetch fetch, Consumer<List<Entity>> consumer, int i) {
        if (fetch != null) {
            fetch.field(OwnedEntityType.OWNER_USERNAME);
        }
        this.decoratedRepo.forEachBatched(fetch, list -> {
            if (mustAddRowLevelSecurity()) {
                consumer.accept(list.stream().filter(OwnedEntityRepositoryDecorator::currentUserIsOwner).collect(Collectors.toList()));
            } else {
                consumer.accept(list);
            }
        }, i);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public long count() {
        return mustAddRowLevelSecurity() ? count(new QueryImpl()) : this.decoratedRepo.count();
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public long count(Query<Entity> query) {
        if (mustAddRowLevelSecurity()) {
            addRowLevelSecurity(query);
        }
        return this.decoratedRepo.count(query);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<Entity> findAll(Query<Entity> query) {
        if (mustAddRowLevelSecurity()) {
            addRowLevelSecurity(query);
        }
        return this.decoratedRepo.findAll(query);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Entity findOne(Query<Entity> query) {
        if (mustAddRowLevelSecurity()) {
            addRowLevelSecurity(query);
        }
        return this.decoratedRepo.findOne(query);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Entity findOneById(Object obj) {
        Entity findOneById = this.decoratedRepo.findOneById(obj);
        if (!mustAddRowLevelSecurity() || currentUserIsOwner(findOneById)) {
            return findOneById;
        }
        return null;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Entity findOneById(Object obj, Fetch fetch) {
        if (fetch != null) {
            fetch.field(OwnedEntityType.OWNER_USERNAME);
        }
        Entity findOneById = this.decoratedRepo.findOneById(obj, fetch);
        if (!mustAddRowLevelSecurity() || currentUserIsOwner(findOneById)) {
            return findOneById;
        }
        return null;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<Entity> findAll(Stream<Object> stream) {
        Stream<Entity> findAll = this.decoratedRepo.findAll(stream);
        if (mustAddRowLevelSecurity()) {
            findAll = findAll.filter(OwnedEntityRepositoryDecorator::currentUserIsOwner);
        }
        return findAll;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Stream<Entity> findAll(Stream<Object> stream, Fetch fetch) {
        if (fetch != null) {
            fetch.field(OwnedEntityType.OWNER_USERNAME);
        }
        Stream<Entity> findAll = this.decoratedRepo.findAll(stream, fetch);
        if (mustAddRowLevelSecurity()) {
            findAll = findAll.filter(OwnedEntityRepositoryDecorator::currentUserIsOwner);
        }
        return findAll;
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public AggregateResult aggregate(AggregateQuery aggregateQuery) {
        if (mustAddRowLevelSecurity()) {
            addRowLevelSecurity(aggregateQuery.getQuery());
        }
        return this.decoratedRepo.aggregate(aggregateQuery);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void update(Entity entity) {
        if (isOwnedEntityType() && (mustAddRowLevelSecurity() || entity.get(OwnedEntityType.OWNER_USERNAME) == null)) {
            entity.set(OwnedEntityType.OWNER_USERNAME, SecurityUtils.getCurrentUsername());
        }
        this.decoratedRepo.update((Repository<Entity>) entity);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void update(Stream<Entity> stream) {
        if (isOwnedEntityType()) {
            boolean mustAddRowLevelSecurity = mustAddRowLevelSecurity();
            String currentUsername = SecurityUtils.getCurrentUsername();
            stream = stream.map(entity -> {
                if (mustAddRowLevelSecurity || entity.get(OwnedEntityType.OWNER_USERNAME) == null) {
                    entity.set(OwnedEntityType.OWNER_USERNAME, currentUsername);
                }
                return entity;
            });
        }
        this.decoratedRepo.update(stream);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void delete(Entity entity) {
        if (!mustAddRowLevelSecurity() || currentUserIsOwner(entity)) {
            this.decoratedRepo.delete((Repository<Entity>) entity);
        }
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void delete(Stream<Entity> stream) {
        if (mustAddRowLevelSecurity()) {
            stream = stream.filter(OwnedEntityRepositoryDecorator::currentUserIsOwner);
        }
        this.decoratedRepo.delete(stream);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteById(Object obj) {
        Entity findOneById;
        if (!mustAddRowLevelSecurity() || (findOneById = findOneById(obj)) == null || currentUserIsOwner(findOneById)) {
            this.decoratedRepo.deleteById(obj);
        }
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteAll(Stream<Object> stream) {
        if (mustAddRowLevelSecurity()) {
            delete(this.decoratedRepo.findAll(stream));
        } else {
            this.decoratedRepo.deleteAll(stream);
        }
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void deleteAll() {
        if (mustAddRowLevelSecurity()) {
            this.decoratedRepo.forEachBatched(list -> {
                delete(list.stream());
            }, 1000);
        } else {
            this.decoratedRepo.deleteAll();
        }
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public void add(Entity entity) {
        if (isOwnedEntityType() && (mustAddRowLevelSecurity() || entity.get(OwnedEntityType.OWNER_USERNAME) == null)) {
            entity.set(OwnedEntityType.OWNER_USERNAME, SecurityUtils.getCurrentUsername());
        }
        this.decoratedRepo.add((Repository<Entity>) entity);
    }

    @Override // org.molgenis.data.AbstractRepositoryDecorator, org.molgenis.data.Repository
    public Integer add(Stream<Entity> stream) {
        if (isOwnedEntityType()) {
            boolean mustAddRowLevelSecurity = mustAddRowLevelSecurity();
            String currentUsername = SecurityUtils.getCurrentUsername();
            stream = stream.map(entity -> {
                if (mustAddRowLevelSecurity || entity.get(OwnedEntityType.OWNER_USERNAME) == null) {
                    entity.set(OwnedEntityType.OWNER_USERNAME, currentUsername);
                }
                return entity;
            });
        }
        return this.decoratedRepo.add(stream);
    }

    private boolean mustAddRowLevelSecurity() {
        return (SecurityUtils.currentUserIsSu() || SecurityUtils.currentUserHasRole(SystemSecurityToken.ROLE_SYSTEM) || !isOwnedEntityType()) ? false : true;
    }

    private boolean isOwnedEntityType() {
        return EntityUtils.doesExtend(getEntityType(), OwnedEntityType.OWNED);
    }

    private static void addRowLevelSecurity(Query<Entity> query) {
        String currentUsername = SecurityUtils.getCurrentUsername();
        if (currentUsername != null) {
            if (!query.getRules().isEmpty()) {
                query.and();
            }
            query.eq(OwnedEntityType.OWNER_USERNAME, currentUsername);
        }
    }

    private static String getOwnerUserName(Entity entity) {
        return entity.getString(OwnedEntityType.OWNER_USERNAME);
    }

    private static boolean currentUserIsOwner(Entity entity) {
        return null != entity && Objects.equals(SecurityUtils.getCurrentUsername(), getOwnerUserName(entity));
    }
}
