package com.acciente.oacc.sql.internal;

import com.acciente.oacc.AccessControlContext;
import com.acciente.oacc.AuthenticationProvider;
import com.acciente.oacc.Credentials;
import com.acciente.oacc.DomainCreatePermission;
import com.acciente.oacc.DomainCreatePermissions;
import com.acciente.oacc.DomainPermission;
import com.acciente.oacc.DomainPermissions;
import com.acciente.oacc.NotAuthenticatedException;
import com.acciente.oacc.NotAuthorizedException;
import com.acciente.oacc.OaccException;
import com.acciente.oacc.Resource;
import com.acciente.oacc.ResourceClassInfo;
import com.acciente.oacc.ResourceCreatePermission;
import com.acciente.oacc.ResourceCreatePermissions;
import com.acciente.oacc.ResourcePermission;
import com.acciente.oacc.ResourcePermissions;
import com.acciente.oacc.Resources;
import com.acciente.oacc.sql.SQLProfile;
import com.acciente.oacc.sql.internal.persister.DomainPersister;
import com.acciente.oacc.sql.internal.persister.GrantDomainCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantDomainCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantDomainPermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantGlobalResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.GrantGlobalResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantResourceCreatePermissionPostCreatePersister;
import com.acciente.oacc.sql.internal.persister.GrantResourceCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantResourceCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.GrantResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.GrantResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveDomainPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantDomainCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantDomainCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantDomainPermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantGlobalResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantGlobalResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantResourceCreatePermissionPostCreatePersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantResourceCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantResourceCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveGrantResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.NonRecursiveResourcePersister;
import com.acciente.oacc.sql.internal.persister.RecursiveDomainPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantDomainCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantDomainCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantDomainPermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantGlobalResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantGlobalResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantResourceCreatePermissionPostCreatePersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantResourceCreatePermissionPostCreateSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantResourceCreatePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantResourcePermissionPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveGrantResourcePermissionSysPersister;
import com.acciente.oacc.sql.internal.persister.RecursiveResourcePersister;
import com.acciente.oacc.sql.internal.persister.ResourceClassPermissionPersister;
import com.acciente.oacc.sql.internal.persister.ResourceClassPersister;
import com.acciente.oacc.sql.internal.persister.ResourcePersister;
import com.acciente.oacc.sql.internal.persister.SQLConnection;
import com.acciente.oacc.sql.internal.persister.SQLStrings;
import com.acciente.oacc.sql.internal.persister.id.DomainId;
import com.acciente.oacc.sql.internal.persister.id.Id;
import com.acciente.oacc.sql.internal.persister.id.ResourceClassId;
import com.acciente.oacc.sql.internal.persister.id.ResourcePermissionId;
import java.io.Serializable;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.sql.DataSource;

/* loaded from: input_file:com/acciente/oacc/sql/internal/SQLAccessControlContext.class */
public class SQLAccessControlContext implements AccessControlContext, Serializable {
    private static final long serialVersionUID = 1;
    private transient DataSource dataSource;
    private transient Connection connection;
    private AuthenticationProvider authenticationProvider;
    private boolean hasDefaultAuthenticationProvider;
    private Resource authenticatedResource;
    private Resource defensiveCopyOfAuthenticatedResource;
    private String authenticatedResourceDomainName;
    private Resource sessionResource;
    private Resource defensiveCopyOfSessionResource;
    private String sessionResourceDomainName;
    private static final Long SYSTEM_RESOURCE_ID = 0L;
    private static final DomainPermission DomainPermission_CREATE_CHILD_DOMAIN = DomainPermissions.getInstance(DomainPermissions.CREATE_CHILD_DOMAIN);
    private static final DomainPermission DomainPermission_CREATE_CHILD_DOMAIN_GRANT = DomainPermissions.getInstanceWithGrantOption(DomainPermissions.CREATE_CHILD_DOMAIN);
    private static final DomainPermission DomainPermission_DELETE = DomainPermissions.getInstance(DomainPermissions.DELETE);
    private static final DomainPermission DomainPermission_DELETE_GRANT = DomainPermissions.getInstanceWithGrantOption(DomainPermissions.DELETE);
    private static final DomainPermission DomainPermission_SUPER_USER = DomainPermissions.getInstance(DomainPermissions.SUPER_USER);
    private static final DomainPermission DomainPermission_SUPER_USER_GRANT = DomainPermissions.getInstanceWithGrantOption(DomainPermissions.SUPER_USER);
    private static final ResourcePermission ResourcePermission_INHERIT = ResourcePermissions.getInstance(ResourcePermissions.INHERIT);
    private static final ResourcePermission ResourcePermission_INHERIT_GRANT = ResourcePermissions.getInstanceWithGrantOption(ResourcePermissions.INHERIT);
    private static final ResourcePermission ResourcePermission_IMPERSONATE = ResourcePermissions.getInstance(ResourcePermissions.IMPERSONATE);
    private static final ResourcePermission ResourcePermission_IMPERSONATE_GRANT = ResourcePermissions.getInstanceWithGrantOption(ResourcePermissions.IMPERSONATE);
    private static final ResourcePermission ResourcePermission_RESET_CREDENTIALS = ResourcePermissions.getInstance(ResourcePermissions.RESET_CREDENTIALS);
    private static final ResourcePermission ResourcePermission_RESET_CREDENTIALS_GRANT = ResourcePermissions.getInstanceWithGrantOption(ResourcePermissions.RESET_CREDENTIALS);
    private static final ResourcePermission ResourcePermission_DELETE = ResourcePermissions.getInstance(ResourcePermissions.DELETE);
    private static final ResourcePermission ResourcePermission_DELETE_GRANT = ResourcePermissions.getInstanceWithGrantOption(ResourcePermissions.DELETE);
    private static final ResourcePermission ResourcePermission_QUERY = ResourcePermissions.getInstance(ResourcePermissions.QUERY);
    private static final ResourcePermission ResourcePermission_QUERY_GRANT = ResourcePermissions.getInstanceWithGrantOption(ResourcePermissions.QUERY);
    private final ResourceClassPersister resourceClassPersister;
    private final ResourceClassPermissionPersister resourceClassPermissionPersister;
    private final DomainPersister domainPersister;
    private final GrantDomainCreatePermissionSysPersister grantDomainCreatePermissionSysPersister;
    private final GrantDomainCreatePermissionPostCreateSysPersister grantDomainCreatePermissionPostCreateSysPersister;
    private final GrantDomainPermissionSysPersister grantDomainPermissionSysPersister;
    private final ResourcePersister resourcePersister;
    private final GrantResourceCreatePermissionSysPersister grantResourceCreatePermissionSysPersister;
    private final GrantResourceCreatePermissionPostCreateSysPersister grantResourceCreatePermissionPostCreateSysPersister;
    private final GrantResourceCreatePermissionPostCreatePersister grantResourceCreatePermissionPostCreatePersister;
    private final GrantResourcePermissionSysPersister grantResourcePermissionSysPersister;
    private final GrantGlobalResourcePermissionSysPersister grantGlobalResourcePermissionSysPersister;
    private final GrantResourcePermissionPersister grantResourcePermissionPersister;
    private final GrantGlobalResourcePermissionPersister grantGlobalResourcePermissionPersister;

    public static AccessControlContext getAccessControlContext(Connection connection, String str, SQLProfile sQLProfile) {
        __assertConnectionSpecified(connection);
        return new SQLAccessControlContext(connection, str, sQLProfile);
    }

    public static AccessControlContext getAccessControlContext(DataSource dataSource, String str, SQLProfile sQLProfile) {
        __assertDataSourceSpecified(dataSource);
        return new SQLAccessControlContext(dataSource, str, sQLProfile);
    }

    public static AccessControlContext getAccessControlContext(Connection connection, String str, SQLProfile sQLProfile, AuthenticationProvider authenticationProvider) {
        __assertConnectionSpecified(connection);
        return new SQLAccessControlContext(connection, str, sQLProfile, authenticationProvider);
    }

    public static AccessControlContext getAccessControlContext(DataSource dataSource, String str, SQLProfile sQLProfile, AuthenticationProvider authenticationProvider) {
        __assertDataSourceSpecified(dataSource);
        return new SQLAccessControlContext(dataSource, str, sQLProfile, authenticationProvider);
    }

    @Deprecated
    public static void preSerialize(AccessControlContext accessControlContext) {
    }

    public static void postDeserialize(AccessControlContext accessControlContext, Connection connection) {
        if (accessControlContext instanceof SQLAccessControlContext) {
            ((SQLAccessControlContext) accessControlContext).__postDeserialize(connection);
        }
    }

    public static void postDeserialize(AccessControlContext accessControlContext, DataSource dataSource) {
        if (accessControlContext instanceof SQLAccessControlContext) {
            ((SQLAccessControlContext) accessControlContext).__postDeserialize(dataSource);
        }
    }

    private SQLAccessControlContext(Connection connection, String str, SQLProfile sQLProfile) {
        this(str, sQLProfile);
        this.connection = connection;
        this.authenticationProvider = new SQLPasswordAuthenticationProvider(connection, str, sQLProfile.getSqlDialect());
        this.hasDefaultAuthenticationProvider = true;
    }

    private SQLAccessControlContext(Connection connection, String str, SQLProfile sQLProfile, AuthenticationProvider authenticationProvider) {
        this(str, sQLProfile);
        this.connection = connection;
        this.authenticationProvider = authenticationProvider;
        this.hasDefaultAuthenticationProvider = false;
    }

    private SQLAccessControlContext(DataSource dataSource, String str, SQLProfile sQLProfile) {
        this(str, sQLProfile);
        this.dataSource = dataSource;
        this.authenticationProvider = new SQLPasswordAuthenticationProvider(dataSource, str, sQLProfile.getSqlDialect());
        this.hasDefaultAuthenticationProvider = true;
    }

    private SQLAccessControlContext(DataSource dataSource, String str, SQLProfile sQLProfile, AuthenticationProvider authenticationProvider) {
        this(str, sQLProfile);
        this.dataSource = dataSource;
        this.authenticationProvider = authenticationProvider;
        this.hasDefaultAuthenticationProvider = false;
    }

    private SQLAccessControlContext(String str, SQLProfile sQLProfile) {
        SchemaNameValidator.assertValid(str);
        SQLStrings sQLStrings = SQLStrings.getSQLStrings(str, sQLProfile);
        this.resourceClassPersister = new ResourceClassPersister(sQLProfile, sQLStrings);
        this.resourceClassPermissionPersister = new ResourceClassPermissionPersister(sQLProfile, sQLStrings);
        if (sQLProfile.isRecursiveCTEEnabled()) {
            this.grantDomainCreatePermissionSysPersister = new RecursiveGrantDomainCreatePermissionSysPersister(sQLProfile, sQLStrings);
            this.grantDomainCreatePermissionPostCreateSysPersister = new RecursiveGrantDomainCreatePermissionPostCreateSysPersister(sQLProfile, sQLStrings);
            this.grantDomainPermissionSysPersister = new RecursiveGrantDomainPermissionSysPersister(sQLProfile, sQLStrings);
            this.domainPersister = new RecursiveDomainPersister(sQLProfile, sQLStrings);
            this.resourcePersister = new RecursiveResourcePersister(sQLProfile, sQLStrings);
            this.grantResourceCreatePermissionSysPersister = new RecursiveGrantResourceCreatePermissionSysPersister(sQLProfile, sQLStrings);
            this.grantResourceCreatePermissionPostCreateSysPersister = new RecursiveGrantResourceCreatePermissionPostCreateSysPersister(sQLProfile, sQLStrings);
            this.grantResourceCreatePermissionPostCreatePersister = new RecursiveGrantResourceCreatePermissionPostCreatePersister(sQLProfile, sQLStrings);
            this.grantResourcePermissionSysPersister = new RecursiveGrantResourcePermissionSysPersister(sQLProfile, sQLStrings);
            this.grantGlobalResourcePermissionSysPersister = new RecursiveGrantGlobalResourcePermissionSysPersister(sQLProfile, sQLStrings);
            this.grantResourcePermissionPersister = new RecursiveGrantResourcePermissionPersister(sQLProfile, sQLStrings);
            this.grantGlobalResourcePermissionPersister = new RecursiveGrantGlobalResourcePermissionPersister(sQLProfile, sQLStrings);
            return;
        }
        this.grantDomainCreatePermissionSysPersister = new NonRecursiveGrantDomainCreatePermissionSysPersister(sQLProfile, sQLStrings);
        this.grantDomainCreatePermissionPostCreateSysPersister = new NonRecursiveGrantDomainCreatePermissionPostCreateSysPersister(sQLProfile, sQLStrings);
        this.grantDomainPermissionSysPersister = new NonRecursiveGrantDomainPermissionSysPersister(sQLProfile, sQLStrings);
        this.domainPersister = new NonRecursiveDomainPersister(sQLProfile, sQLStrings);
        this.resourcePersister = new NonRecursiveResourcePersister(sQLProfile, sQLStrings);
        this.grantResourceCreatePermissionSysPersister = new NonRecursiveGrantResourceCreatePermissionSysPersister(sQLProfile, sQLStrings);
        this.grantResourceCreatePermissionPostCreateSysPersister = new NonRecursiveGrantResourceCreatePermissionPostCreateSysPersister(sQLProfile, sQLStrings);
        this.grantResourceCreatePermissionPostCreatePersister = new NonRecursiveGrantResourceCreatePermissionPostCreatePersister(sQLProfile, sQLStrings);
        this.grantResourcePermissionSysPersister = new NonRecursiveGrantResourcePermissionSysPersister(sQLProfile, sQLStrings);
        this.grantGlobalResourcePermissionSysPersister = new NonRecursiveGrantGlobalResourcePermissionSysPersister(sQLProfile, sQLStrings);
        this.grantResourcePermissionPersister = new NonRecursiveGrantResourcePermissionPersister(sQLProfile, sQLStrings);
        this.grantGlobalResourcePermissionPersister = new NonRecursiveGrantGlobalResourcePermissionPersister(sQLProfile, sQLStrings);
    }

    private void __postDeserialize(DataSource dataSource) {
        if (this.dataSource != null || this.connection != null) {
            throw new IllegalStateException("Cannot re-initialize an already initialized SQLAccessControlContext");
        }
        this.dataSource = dataSource;
        this.connection = null;
        if (this.hasDefaultAuthenticationProvider) {
            ((SQLPasswordAuthenticationProvider) this.authenticationProvider).postDeserialize(dataSource);
        }
    }

    private void __postDeserialize(Connection connection) {
        if (this.dataSource != null || this.connection != null) {
            throw new IllegalStateException("Cannot re-initialize an already initialized SQLAccessControlContext");
        }
        this.dataSource = null;
        this.connection = connection;
        if (this.hasDefaultAuthenticationProvider) {
            ((SQLPasswordAuthenticationProvider) this.authenticationProvider).postDeserialize(connection);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void authenticate(Resource resource, Credentials credentials) {
        __assertResourceSpecified(resource);
        __assertCredentialsSpecified(credentials);
        __authenticate(resource, credentials);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void authenticate(Resource resource) {
        __assertResourceSpecified(resource);
        __authenticate(resource, null);
    }

    private void __authenticate(Resource resource, Credentials credentials) {
        try {
            SQLConnection __getConnection = __getConnection();
            Resource __resolveResource = __resolveResource(__getConnection, resource);
            ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(__getConnection, __resolveResource);
            if (!resourceClassInfoByResourceId.isAuthenticatable()) {
                throw new IllegalArgumentException("Resource " + __resolveResource + " is not of an authenticatable resource class: " + resourceClassInfoByResourceId.getResourceClassName());
            }
            String resourceDomainNameByResourceId = this.domainPersister.getResourceDomainNameByResourceId(__getConnection, __resolveResource);
            __closeConnection(__getConnection);
            if (credentials != null) {
                this.authenticationProvider.authenticate(__resolveResource, credentials);
            } else {
                this.authenticationProvider.authenticate(__resolveResource);
            }
            this.authenticatedResource = __resolveResource;
            this.defensiveCopyOfAuthenticatedResource = null;
            this.authenticatedResourceDomainName = resourceDomainNameByResourceId;
            this.sessionResource = this.authenticatedResource;
            this.defensiveCopyOfSessionResource = null;
            this.sessionResourceDomainName = this.authenticatedResourceDomainName;
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void unauthenticate() {
        this.authenticatedResource = null;
        this.sessionResource = null;
        this.defensiveCopyOfAuthenticatedResource = null;
        this.defensiveCopyOfSessionResource = null;
        this.authenticatedResourceDomainName = null;
        this.sessionResourceDomainName = null;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void impersonate(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertImpersonatePermission(sQLConnection, __resolveResource);
            this.sessionResource = __resolveResource;
            this.defensiveCopyOfSessionResource = null;
            this.sessionResourceDomainName = this.domainPersister.getResourceDomainNameByResourceId(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __assertImpersonatePermission(SQLConnection sQLConnection, Resource resource) {
        ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource);
        if (!resourceClassInfoByResourceId.isAuthenticatable()) {
            throw new IllegalArgumentException("Resource " + resource + " is not of an authenticatable resource class: " + resourceClassInfoByResourceId.getResourceClassName());
        }
        boolean z = false;
        Set<ResourcePermission> __getEffectiveResourcePermissions = __getEffectiveResourcePermissions(sQLConnection, this.authenticatedResource, resource);
        if (__getEffectiveResourcePermissions.contains(ResourcePermission_IMPERSONATE) || __getEffectiveResourcePermissions.contains(ResourcePermission_IMPERSONATE_GRANT)) {
            z = true;
        }
        if (!z) {
            Set<ResourcePermission> __getEffectiveGlobalResourcePermissions = __getEffectiveGlobalResourcePermissions(sQLConnection, this.authenticatedResource, resourceClassInfoByResourceId.getResourceClassName(), this.domainPersister.getResourceDomainNameByResourceId(sQLConnection, resource));
            if (__getEffectiveGlobalResourcePermissions.contains(ResourcePermission_IMPERSONATE) || __getEffectiveGlobalResourcePermissions.contains(ResourcePermission_IMPERSONATE_GRANT)) {
                z = true;
            }
        }
        if (!z && __isSuperUserOfResource(sQLConnection, this.authenticatedResource, resource)) {
            z = true;
        }
        if (!z) {
            throw NotAuthorizedException.newInstanceForActionOnResource(this.authenticatedResource, "impersonate", resource);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void unimpersonate() {
        this.sessionResource = this.authenticatedResource;
        this.defensiveCopyOfSessionResource = this.defensiveCopyOfAuthenticatedResource;
        this.sessionResourceDomainName = this.authenticatedResourceDomainName;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setCredentials(Resource resource, Credentials credentials) {
        String resourceDomainNameByResourceId;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        if (!this.authenticatedResource.equals(this.sessionResource)) {
            throw new IllegalStateException("Calling setCredentials while impersonating another resource is not valid");
        }
        __assertCredentialsSpecified(credentials);
        try {
            SQLConnection __getConnection = __getConnection();
            Resource __resolveResource = __resolveResource(__getConnection, resource);
            ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(__getConnection, __resolveResource);
            if (!resourceClassInfoByResourceId.isAuthenticatable()) {
                throw new IllegalArgumentException("Calling setCredentials for an unauthenticatable resource is not valid");
            }
            if (this.authenticatedResource.equals(__resolveResource)) {
                resourceDomainNameByResourceId = this.authenticatedResourceDomainName;
            } else {
                resourceDomainNameByResourceId = this.domainPersister.getResourceDomainNameByResourceId(__getConnection, __resolveResource);
                __assertResetCredentialsResourcePermission(__getConnection, __resolveResource, resourceClassInfoByResourceId.getResourceClassName(), resourceDomainNameByResourceId);
            }
            __closeConnection(__getConnection);
            this.authenticationProvider.validateCredentials(resourceClassInfoByResourceId.getResourceClassName(), resourceDomainNameByResourceId, credentials);
            this.authenticationProvider.setCredentials(__resolveResource, credentials);
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    private void __assertResetCredentialsResourcePermission(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        boolean z = false;
        Set<ResourcePermission> __getEffectiveResourcePermissions = __getEffectiveResourcePermissions(sQLConnection, this.authenticatedResource, resource);
        if (__getEffectiveResourcePermissions.contains(ResourcePermission_RESET_CREDENTIALS) || __getEffectiveResourcePermissions.contains(ResourcePermission_RESET_CREDENTIALS_GRANT)) {
            z = true;
        }
        if (!z) {
            Set<ResourcePermission> __getEffectiveGlobalResourcePermissions = __getEffectiveGlobalResourcePermissions(sQLConnection, this.authenticatedResource, str, str2);
            if (__getEffectiveGlobalResourcePermissions.contains(ResourcePermission_RESET_CREDENTIALS) || __getEffectiveGlobalResourcePermissions.contains(ResourcePermission_RESET_CREDENTIALS_GRANT)) {
                z = true;
            }
        }
        if (!z && __isSuperUserOfResource(sQLConnection, this.authenticatedResource, resource)) {
            z = true;
        }
        if (!z) {
            throw NotAuthorizedException.newInstanceForActionOnResource(this.authenticatedResource, "reset credentials", resource);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void createResourceClass(String str, boolean z, boolean z2) {
        __assertAuthenticated();
        __assertAuthenticatedAsSystemResource();
        __assertResourceClassNameValid(str);
        try {
            SQLConnection __getConnection = __getConnection();
            String trim = str.trim();
            if (this.resourceClassPersister.getResourceClassId(__getConnection, trim) != null) {
                throw new IllegalArgumentException("Duplicate resource class: " + trim);
            }
            this.resourceClassPersister.addResourceClass(__getConnection, trim, z, z2);
            __closeConnection(__getConnection);
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void createResourcePermission(String str, String str2) {
        __assertAuthenticated();
        __assertAuthenticatedAsSystemResource();
        __assertResourceClassSpecified(str);
        __assertPermissionNameValid(str2);
        try {
            SQLConnection __getConnection = __getConnection();
            String trim = str.trim();
            String trim2 = str2.trim();
            Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(__getConnection, trim);
            if (resourceClassId == null) {
                throw new IllegalArgumentException("Could not find resource class: " + trim);
            }
            if (this.resourceClassPermissionPersister.getResourceClassPermissionId(__getConnection, resourceClassId, trim2) != null) {
                throw new IllegalArgumentException("Duplicate permission: " + trim2 + " for resource class: " + trim);
            }
            this.resourceClassPermissionPersister.addResourceClassPermission(__getConnection, resourceClassId, trim2);
            __closeConnection(__getConnection);
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void createDomain(String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertDomainSpecified(str);
        try {
            sQLConnection = __getConnection();
            __createDomain(sQLConnection, str.trim(), null);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void createDomain(String str, String str2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertDomainSpecified(str);
        __assertParentDomainSpecified(str2);
        try {
            sQLConnection = __getConnection();
            __createDomain(sQLConnection, str.trim(), str2.trim());
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __createDomain(SQLConnection sQLConnection, String str, String str2) {
        if (this.grantDomainCreatePermissionSysPersister.getDomainCreateSysPermissionsIncludeInherited(sQLConnection, this.sessionResource).isEmpty()) {
            throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "create domain");
        }
        Set<DomainPermission> __getPostCreateDomainPermissions = __getPostCreateDomainPermissions(this.grantDomainCreatePermissionPostCreateSysPersister.getDomainCreatePostCreateSysPermissionsIncludeInherited(sQLConnection, this.sessionResource));
        if (this.domainPersister.getResourceDomainId(sQLConnection, str) != null) {
            throw new IllegalArgumentException("Duplicate domain: " + str);
        }
        if (str2 == null) {
            this.domainPersister.addResourceDomain(sQLConnection, str);
        } else {
            Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
            if (resourceDomainId == null) {
                throw new IllegalArgumentException("Parent domain: " + str2 + " not found!");
            }
            Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, this.sessionResource, str2);
            if (!__getEffectiveDomainPermissions.contains(DomainPermission_CREATE_CHILD_DOMAIN) && !__getEffectiveDomainPermissions.contains(DomainPermission_CREATE_CHILD_DOMAIN_GRANT) && !__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) && !__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT)) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "create child domain in domain: " + str2);
            }
            this.domainPersister.addResourceDomain(sQLConnection, str, resourceDomainId);
        }
        if (__getPostCreateDomainPermissions.size() > 0) {
            __setDirectDomainPermissions(sQLConnection, this.sessionResource, str, __getPostCreateDomainPermissions, true);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean deleteDomain(String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertDomainSpecified(str);
        try {
            sQLConnection = __getConnection();
            boolean __deleteDomain = __deleteDomain(sQLConnection, str);
            __closeConnection(sQLConnection);
            return __deleteDomain;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __deleteDomain(SQLConnection sQLConnection, String str) {
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str);
        if (resourceDomainId == null) {
            return false;
        }
        if (!__hasDomainPermissions(sQLConnection, this.sessionResource, str, Collections.singleton(DomainPermission_DELETE))) {
            throw NotAuthorizedException.newInstanceForDomainPermissions(this.sessionResource, str, DomainPermission_DELETE, new DomainPermission[0]);
        }
        if (!this.resourcePersister.isDomainEmpty(sQLConnection, resourceDomainId)) {
            throw new IllegalArgumentException("Deleting a domain (" + str + ") that contains resources directly or in a descendant domain is invalid");
        }
        this.grantDomainPermissionSysPersister.removeAllDomainSysPermissions(sQLConnection, resourceDomainId);
        this.grantResourceCreatePermissionPostCreatePersister.removeAllResourceCreatePostCreatePermissions(sQLConnection, resourceDomainId);
        this.grantResourceCreatePermissionPostCreateSysPersister.removeAllResourceCreatePostCreateSysPermissions(sQLConnection, resourceDomainId);
        this.grantResourceCreatePermissionSysPersister.removeAllResourceCreateSysPermissions(sQLConnection, resourceDomainId);
        this.grantGlobalResourcePermissionPersister.removeAllGlobalResourcePermissions(sQLConnection, resourceDomainId);
        this.grantGlobalResourcePermissionSysPersister.removeAllGlobalSysPermissions(sQLConnection, resourceDomainId);
        this.domainPersister.deleteDomain(sQLConnection, resourceDomainId);
        return true;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource createResource(String str, String str2) {
        SQLConnection sQLConnection = null;
        try {
            sQLConnection = __getConnection();
            Resource __createResource = __createResource(sQLConnection, str, str2, null, null);
            __closeConnection(sQLConnection);
            return __createResource;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource createResource(String str, String str2, Credentials credentials) {
        SQLConnection sQLConnection = null;
        __assertCredentialsSpecified(credentials);
        try {
            sQLConnection = __getConnection();
            Resource __createResource = __createResource(sQLConnection, str, str2, null, credentials);
            __closeConnection(sQLConnection);
            return __createResource;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource createResource(String str, String str2, String str3) {
        SQLConnection sQLConnection = null;
        __assertExternalIdSpecified(str3);
        try {
            sQLConnection = __getConnection();
            Resource __createResource = __createResource(sQLConnection, str, str2, str3, null);
            __closeConnection(sQLConnection);
            return __createResource;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource createResource(String str, String str2, String str3, Credentials credentials) {
        SQLConnection sQLConnection = null;
        __assertExternalIdSpecified(str3);
        __assertCredentialsSpecified(credentials);
        try {
            sQLConnection = __getConnection();
            Resource __createResource = __createResource(sQLConnection, str, str2, str3, credentials);
            __closeConnection(sQLConnection);
            return __createResource;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Resource __createResource(SQLConnection sQLConnection, String str, String str2, String str3, Credentials credentials) {
        Set<ResourcePermission> __getPostCreateResourcePermissions;
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        String trim = str.trim();
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, trim);
        if (!__getResourceClassInternalInfo.isUnauthenticatedCreateAllowed()) {
            __assertAuthenticated();
        }
        if (__getResourceClassInternalInfo.isAuthenticatable()) {
            this.authenticationProvider.validateCredentials(trim, str2, credentials);
        } else {
            __assertCredentialsNotSpecified(credentials);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        if (str3 != null && this.resourcePersister.resolveResourceByExternalId(sQLConnection, str3) != null) {
            throw new IllegalArgumentException("External id is not unique: " + str3);
        }
        if (this.sessionResource == null) {
            __getPostCreateResourcePermissions = new HashSet();
            Iterator<String> it = this.resourceClassPermissionPersister.getPermissionNames(sQLConnection, trim).iterator();
            while (it.hasNext()) {
                __getPostCreateResourcePermissions.add(ResourcePermissions.getInstanceWithGrantOption(it.next()));
            }
            __getPostCreateResourcePermissions.add(ResourcePermission_DELETE_GRANT);
            __getPostCreateResourcePermissions.add(ResourcePermission_QUERY_GRANT);
            if (__getResourceClassInternalInfo.isAuthenticatable()) {
                __getPostCreateResourcePermissions.add(ResourcePermission_RESET_CREDENTIALS_GRANT);
                __getPostCreateResourcePermissions.add(ResourcePermission_IMPERSONATE_GRANT);
            }
        } else {
            boolean z = false;
            Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges = __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, trim, str2);
            __getPostCreateResourcePermissions = __getPostCreateResourcePermissions(__getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges);
            if (__getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges.size() > 0) {
                z = true;
            }
            if (!z) {
                z = __isSuperUserOfDomain(sQLConnection, this.sessionResource, str2);
            }
            if (!z) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "create resource of resource class " + trim);
            }
        }
        Resource createResource = this.resourcePersister.createResource(sQLConnection, Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId())), resourceDomainId, str3);
        if (__getPostCreateResourcePermissions != null && __getPostCreateResourcePermissions.size() > 0) {
            if (this.sessionResource != null) {
                __setDirectResourcePermissions(sQLConnection, this.sessionResource, createResource, __getPostCreateResourcePermissions, this.sessionResource, true);
            } else {
                __setDirectResourcePermissions(sQLConnection, createResource, createResource, __getPostCreateResourcePermissions, createResource, true);
            }
        }
        if (credentials != null) {
            this.authenticationProvider.setCredentials(createResource, credentials);
        }
        return createResource;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource setExternalId(Resource resource, String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertExternalIdSpecified(str);
        try {
            sQLConnection = __getConnection();
            Resource __setExternalId = __setExternalId(sQLConnection, __resolveResource(sQLConnection, resource), str);
            __closeConnection(sQLConnection);
            return __setExternalId;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Resource __setExternalId(SQLConnection sQLConnection, Resource resource, String str) {
        Resource resolveResourceByExternalId = this.resourcePersister.resolveResourceByExternalId(sQLConnection, str);
        if (resolveResourceByExternalId != null) {
            if (resource.getId().equals(resolveResourceByExternalId.getId())) {
                return resource;
            }
            throw new IllegalArgumentException("External id is not unique: " + str);
        }
        if (resource.getExternalId() != null) {
            throw new IllegalArgumentException("Could not reset the resource's external id to a different value");
        }
        Id<ResourceClassId> from = Id.from(Long.valueOf(this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource).getResourceClassId()));
        Id<DomainId> domainIdByResource = this.resourcePersister.getDomainIdByResource(sQLConnection, resource);
        boolean z = false;
        if (this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissionsIncludeInherited(sQLConnection, this.sessionResource, from, domainIdByResource).size() > 0) {
            z = true;
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, this.sessionResource, domainIdByResource);
        }
        if (z) {
            return this.resourcePersister.setExternalId(sQLConnection, Id.from(resource.getId()), str);
        }
        throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "set external id of resource " + resource);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean deleteResource(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            boolean __deleteResource = __deleteResource(sQLConnection, resource);
            __closeConnection(sQLConnection);
            return __deleteResource;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __deleteResource(SQLConnection sQLConnection, Resource resource) {
        try {
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            if (!__isSuperUserOfResource(sQLConnection, this.sessionResource, __resolveResource)) {
                Set<ResourcePermission> __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges = __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, __resolveResource);
                if (!__getEffectiveResourcePermissionsIgnoringSuperUserPrivileges.contains(ResourcePermission_DELETE) && !__getEffectiveResourcePermissionsIgnoringSuperUserPrivileges.contains(ResourcePermission_DELETE_GRANT)) {
                    throw NotAuthorizedException.newInstanceForActionOnResource(this.sessionResource, "delete", __resolveResource);
                }
            }
            if (this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, __resolveResource).isAuthenticatable()) {
                this.authenticationProvider.deleteCredentials(__resolveResource);
            }
            this.grantDomainCreatePermissionPostCreateSysPersister.removeDomainCreatePostCreateSysPermissions(sQLConnection, __resolveResource);
            this.grantDomainCreatePermissionSysPersister.removeDomainCreateSysPermissions(sQLConnection, __resolveResource);
            this.grantDomainPermissionSysPersister.removeAllDomainSysPermissions(sQLConnection, __resolveResource);
            this.grantResourceCreatePermissionPostCreatePersister.removeAllResourceCreatePostCreatePermissions(sQLConnection, __resolveResource);
            this.grantResourceCreatePermissionPostCreateSysPersister.removeAllResourceCreatePostCreateSysPermissions(sQLConnection, __resolveResource);
            this.grantResourceCreatePermissionSysPersister.removeAllResourceCreateSysPermissions(sQLConnection, __resolveResource);
            this.grantGlobalResourcePermissionPersister.removeAllGlobalResourcePermissions(sQLConnection, __resolveResource);
            this.grantGlobalResourcePermissionSysPersister.removeAllGlobalSysPermissions(sQLConnection, __resolveResource);
            this.grantResourcePermissionPersister.removeAllResourcePermissionsAsAccessorOrAccessed(sQLConnection, __resolveResource);
            this.grantResourcePermissionSysPersister.removeAllResourceSysPermissionsAsAccessorOrAccessed(sQLConnection, __resolveResource);
            this.resourcePersister.deleteResource(sQLConnection, __resolveResource);
            if (this.authenticatedResource.equals(__resolveResource)) {
                unauthenticate();
                return true;
            }
            if (!this.sessionResource.equals(__resolveResource)) {
                return true;
            }
            unimpersonate();
            return true;
        } catch (IllegalArgumentException e) {
            if (e.getMessage().toLowerCase().contains("not found")) {
                return false;
            }
            throw e;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setDomainPermissions(Resource resource, String str, Set<DomainPermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionsSpecified(set);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(set);
        try {
            sQLConnection = __getConnection();
            __setDirectDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions, false);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __setDirectDomainPermissions(SQLConnection sQLConnection, Resource resource, String str, Set<DomainPermission> set, boolean z) {
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str);
        }
        if (set == null) {
            throw new IllegalArgumentException("Set of requested domain permissions may not be null");
        }
        if (!z) {
            Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, this.sessionResource, str);
            if (!__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) && !__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT)) {
                Set<DomainPermission> __getDirectDomainPermissions = __getDirectDomainPermissions(sQLConnection, resource, resourceDomainId);
                Set<DomainPermission> __subtract = __subtract(set, __getDirectDomainPermissions);
                if (!__subtract.isEmpty()) {
                    Set<DomainPermission> __subtractDomainPermissionsIfGrantableFrom = __subtractDomainPermissionsIfGrantableFrom(__subtract, __getEffectiveDomainPermissions);
                    if (__subtractDomainPermissionsIfGrantableFrom.size() > 0) {
                        throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "add the following domain permission(s): " + __subtractDomainPermissionsIfGrantableFrom);
                    }
                }
                Set<DomainPermission> __subtract2 = __subtract(__getDirectDomainPermissions, set);
                if (!__subtract2.isEmpty()) {
                    Set<DomainPermission> __subtractDomainPermissionsIfGrantableFrom2 = __subtractDomainPermissionsIfGrantableFrom(__subtract2, __getEffectiveDomainPermissions);
                    if (__subtractDomainPermissionsIfGrantableFrom2.size() > 0) {
                        throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "remove the following domain permission(s): " + __subtractDomainPermissionsIfGrantableFrom2);
                    }
                }
            }
            this.grantDomainPermissionSysPersister.removeDomainSysPermissions(sQLConnection, resource, resourceDomainId);
        }
        this.grantDomainPermissionSysPersister.addDomainSysPermissions(sQLConnection, resource, this.sessionResource, resourceDomainId, set);
    }

    private Set<DomainPermission> __getDirectDomainPermissions(SQLConnection sQLConnection, Resource resource, Id<DomainId> id) {
        return this.grantDomainPermissionSysPersister.getDomainSysPermissions(sQLConnection, resource, id);
    }

    private Set<DomainPermission> __subtractDomainPermissionsIfGrantableFrom(Set<DomainPermission> set, Set<DomainPermission> set2) {
        HashSet hashSet = new HashSet(set);
        for (DomainPermission domainPermission : set) {
            Iterator<DomainPermission> it = set2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (domainPermission.isGrantableFrom(it.next())) {
                    hashSet.remove(domainPermission);
                    break;
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantDomainPermissions(Resource resource, String str, Set<DomainPermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(set);
        try {
            sQLConnection = __getConnection();
            __grantDirectDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantDomainPermissions(Resource resource, String str, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionSpecified(domainPermission);
        __assertVarargPermissionsSpecified(domainPermissionArr);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(__getSetWithoutNullsOrDuplicates(domainPermission, domainPermissionArr));
        try {
            sQLConnection = __getConnection();
            __grantDirectDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __grantDirectDomainPermissions(SQLConnection sQLConnection, Resource resource, String str, Set<DomainPermission> set) {
        __assertUniqueDomainPermissionsNames(set);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str);
        }
        if (set == null) {
            throw new IllegalArgumentException("Set of requested domain permissions may not be null");
        }
        Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, this.sessionResource, str);
        if (!__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) && !__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT)) {
            Set<DomainPermission> __subtractDomainPermissionsIfGrantableFrom = __subtractDomainPermissionsIfGrantableFrom(set, __getEffectiveDomainPermissions);
            if (__subtractDomainPermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "grant the following domain permission(s): " + __subtractDomainPermissionsIfGrantableFrom);
            }
        }
        Set<DomainPermission> __getDirectDomainPermissions = __getDirectDomainPermissions(sQLConnection, resource, resourceDomainId);
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (DomainPermission domainPermission : set) {
            boolean z = false;
            Iterator<DomainPermission> it = __getDirectDomainPermissions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                DomainPermission next = it.next();
                if (domainPermission.equalsIgnoreGrantOption(next)) {
                    if (!domainPermission.equals(next) && !domainPermission.isGrantableFrom(next)) {
                        hashSet2.add(domainPermission);
                    }
                    z = true;
                }
            }
            if (!z) {
                hashSet.add(domainPermission);
            }
        }
        this.grantDomainPermissionSysPersister.updateDomainSysPermissions(sQLConnection, resource, this.sessionResource, resourceDomainId, hashSet2);
        this.grantDomainPermissionSysPersister.addDomainSysPermissions(sQLConnection, resource, this.sessionResource, resourceDomainId, hashSet);
    }

    private void __assertUniqueDomainPermissionsNames(Set<DomainPermission> set) {
        HashSet hashSet = new HashSet(set.size());
        for (DomainPermission domainPermission : set) {
            if (hashSet.contains(domainPermission.getPermissionName())) {
                throw new IllegalArgumentException("Duplicate permission: " + domainPermission.getPermissionName() + " that only differs in 'withGrant' option");
            }
            hashSet.add(domainPermission.getPermissionName());
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeDomainPermissions(Resource resource, String str, Set<DomainPermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(set);
        try {
            sQLConnection = __getConnection();
            __revokeDirectDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeDomainPermissions(Resource resource, String str, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionSpecified(domainPermission);
        __assertVarargPermissionsSpecified(domainPermissionArr);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(__getSetWithoutNullsOrDuplicates(domainPermission, domainPermissionArr));
        try {
            sQLConnection = __getConnection();
            __revokeDirectDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __revokeDirectDomainPermissions(SQLConnection sQLConnection, Resource resource, String str, Set<DomainPermission> set) {
        __assertUniqueDomainPermissionsNames(set);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str);
        }
        if (set == null) {
            throw new IllegalArgumentException("Set of requested domain permissions to be revoked may not be null");
        }
        Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, this.sessionResource, str);
        if (!__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) && !__getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT)) {
            Set<DomainPermission> __subtractDomainPermissionsIfGrantableFrom = __subtractDomainPermissionsIfGrantableFrom(set, __getEffectiveDomainPermissions);
            if (__subtractDomainPermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "revoke the following domain permission(s): " + __subtractDomainPermissionsIfGrantableFrom);
            }
        }
        Set<DomainPermission> __getDirectDomainPermissions = __getDirectDomainPermissions(sQLConnection, resource, resourceDomainId);
        HashSet hashSet = new HashSet(set.size());
        for (DomainPermission domainPermission : set) {
            Iterator<DomainPermission> it = __getDirectDomainPermissions.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (domainPermission.equalsIgnoreGrantOption(it.next())) {
                        hashSet.add(domainPermission);
                        break;
                    }
                } else {
                    break;
                }
            }
        }
        this.grantDomainPermissionSysPersister.removeDomainSysPermissions(sQLConnection, resource, resourceDomainId, hashSet);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<DomainPermission> getDomainPermissions(Resource resource, String str) {
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        try {
            SQLConnection __getConnection = __getConnection();
            Resource __resolveResource = __resolveResource(__getConnection, resource);
            __assertQueryAuthorization(__getConnection, __resolveResource);
            Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(__getConnection, str);
            if (resourceDomainId == null) {
                throw new IllegalArgumentException("Could not find domain: " + str);
            }
            Set<DomainPermission> __getDirectDomainPermissions = __getDirectDomainPermissions(__getConnection, __resolveResource, resourceDomainId);
            __closeConnection(__getConnection);
            return __getDirectDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Set<DomainPermission>> getDomainPermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Set<DomainPermission>> __collapseDomainPermissions = __collapseDomainPermissions(this.grantDomainPermissionSysPersister.getDomainSysPermissions(sQLConnection, __resolveResource));
            __closeConnection(sQLConnection);
            return __collapseDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<DomainPermission> getEffectiveDomainPermissions(Resource resource, String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, __resolveResource, str);
            __closeConnection(sQLConnection);
            return __getEffectiveDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<DomainPermission> __getEffectiveDomainPermissions(SQLConnection sQLConnection, Resource resource, String str) {
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str);
        }
        return __getEffectiveDomainPermissions(sQLConnection, resource, resourceDomainId);
    }

    private Set<DomainPermission> __getEffectiveDomainPermissions(SQLConnection sQLConnection, Resource resource, Id<DomainId> id) {
        Set<DomainPermission> domainSysPermissionsIncludeInherited = this.grantDomainPermissionSysPersister.getDomainSysPermissionsIncludeInherited(sQLConnection, resource, id);
        Iterator<DomainPermission> it = domainSysPermissionsIncludeInherited.iterator();
        while (it.hasNext()) {
            if (DomainPermissions.SUPER_USER.equals(it.next().getPermissionName())) {
                return __getApplicableDomainPermissions();
            }
        }
        return __collapseDomainPermissions(domainSysPermissionsIncludeInherited);
    }

    private Set<DomainPermission> __collapseDomainPermissions(Set<DomainPermission> set) {
        HashSet hashSet = new HashSet(set);
        for (DomainPermission domainPermission : set) {
            Iterator<DomainPermission> it = set.iterator();
            while (true) {
                if (it.hasNext()) {
                    DomainPermission next = it.next();
                    if (domainPermission.isGrantableFrom(next) && !domainPermission.equals(next)) {
                        hashSet.remove(domainPermission);
                        break;
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Set<DomainPermission>> getEffectiveDomainPermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Set<DomainPermission>> __getEffectiveDomainPermissionsMap = __getEffectiveDomainPermissionsMap(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getEffectiveDomainPermissionsMap;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Map<String, Set<DomainPermission>> __getEffectiveDomainPermissionsMap(SQLConnection sQLConnection, Resource resource) {
        Map<String, Set<DomainPermission>> domainSysPermissionsIncludeInherited = this.grantDomainPermissionSysPersister.getDomainSysPermissionsIncludeInherited(sQLConnection, resource);
        for (Map.Entry<String, Set<DomainPermission>> entry : domainSysPermissionsIncludeInherited.entrySet()) {
            Set<DomainPermission> value = entry.getValue();
            if (value.contains(DomainPermission_SUPER_USER) || value.contains(DomainPermission_SUPER_USER_GRANT)) {
                domainSysPermissionsIncludeInherited.put(entry.getKey(), __getApplicableDomainPermissions());
            }
        }
        return __collapseDomainPermissions(domainSysPermissionsIncludeInherited);
    }

    private static Set<DomainPermission> __getApplicableDomainPermissions() {
        HashSet hashSet = new HashSet(3);
        hashSet.add(DomainPermission_SUPER_USER_GRANT);
        hashSet.add(DomainPermission_CREATE_CHILD_DOMAIN_GRANT);
        hashSet.add(DomainPermission_DELETE_GRANT);
        return hashSet;
    }

    private Map<String, Set<DomainPermission>> __collapseDomainPermissions(Map<String, Set<DomainPermission>> map) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, Set<DomainPermission>> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), __collapseDomainPermissions(entry.getValue()));
        }
        return hashMap;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setDomainCreatePermissions(Resource resource, Set<DomainCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionsSpecified(set);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(set);
        try {
            sQLConnection = __getConnection();
            __setDirectDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __setDirectDomainCreatePermissions(SQLConnection sQLConnection, Resource resource, Set<DomainCreatePermission> set) {
        __assertSetContainsDomainCreateSystemPermission(set);
        __assertUniqueSystemOrPostCreateDomainPermissionNames(set);
        Set<DomainCreatePermission> __getEffectiveDomainCreatePermissions = __getEffectiveDomainCreatePermissions(sQLConnection, this.sessionResource);
        Set<DomainCreatePermission> __getDirectDomainCreatePermissions = __getDirectDomainCreatePermissions(sQLConnection, resource);
        Set<DomainCreatePermission> __subtract = __subtract(set, __getDirectDomainCreatePermissions);
        if (!__subtract.isEmpty()) {
            Set<DomainCreatePermission> __subtractDomainCreatePermissionsIfGrantableFrom = __subtractDomainCreatePermissionsIfGrantableFrom(__subtract, __getEffectiveDomainCreatePermissions);
            if (__subtractDomainCreatePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "add the following domain create permission(s): " + __subtractDomainCreatePermissionsIfGrantableFrom);
            }
        }
        Set<DomainCreatePermission> __subtract2 = __subtract(__getDirectDomainCreatePermissions, set);
        if (!__subtract2.isEmpty()) {
            Set<DomainCreatePermission> __subtractDomainCreatePermissionsIfGrantableFrom2 = __subtractDomainCreatePermissionsIfGrantableFrom(__subtract2, __getEffectiveDomainCreatePermissions);
            if (__subtractDomainCreatePermissionsIfGrantableFrom2.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "remove the following domain create permission(s): " + __subtractDomainCreatePermissionsIfGrantableFrom2);
            }
        }
        this.grantDomainCreatePermissionSysPersister.removeDomainCreateSysPermissions(sQLConnection, resource);
        this.grantDomainCreatePermissionPostCreateSysPersister.removeDomainCreatePostCreateSysPermissions(sQLConnection, resource);
        this.grantDomainCreatePermissionSysPersister.addDomainCreateSysPermissions(sQLConnection, resource, this.sessionResource, set);
        this.grantDomainCreatePermissionPostCreateSysPersister.addDomainCreatePostCreateSysPermissions(sQLConnection, resource, this.sessionResource, set);
    }

    private void __assertSetContainsDomainCreateSystemPermission(Set<DomainCreatePermission> set) {
        if (!set.isEmpty() && !__setContainsDomainCreateSystemPermission(set)) {
            throw new IllegalArgumentException("Domain create permission *CREATE must be specified");
        }
    }

    private boolean __setContainsDomainCreateSystemPermission(Set<DomainCreatePermission> set) {
        for (DomainCreatePermission domainCreatePermission : set) {
            if (domainCreatePermission.isSystemPermission() && DomainCreatePermissions.CREATE.equals(domainCreatePermission.getPermissionName())) {
                return true;
            }
        }
        return false;
    }

    private Set<DomainCreatePermission> __getDirectDomainCreatePermissions(SQLConnection sQLConnection, Resource resource) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantDomainCreatePermissionSysPersister.getDomainCreateSysPermissions(sQLConnection, resource));
        hashSet.addAll(this.grantDomainCreatePermissionPostCreateSysPersister.getDomainCreatePostCreateSysPermissions(sQLConnection, resource));
        return hashSet;
    }

    private Set<DomainCreatePermission> __subtractDomainCreatePermissionsIfGrantableFrom(Set<DomainCreatePermission> set, Set<DomainCreatePermission> set2) {
        HashSet hashSet = new HashSet(set);
        for (DomainCreatePermission domainCreatePermission : set) {
            Iterator<DomainCreatePermission> it = set2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (domainCreatePermission.isGrantableFrom(it.next())) {
                    hashSet.remove(domainCreatePermission);
                    break;
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantDomainCreatePermissions(Resource resource, Set<DomainCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(set);
        try {
            sQLConnection = __getConnection();
            __grantDirectDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantDomainCreatePermissions(Resource resource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionSpecified(domainCreatePermission);
        __assertVarargPermissionsSpecified(domainCreatePermissionArr);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(__getSetWithoutNullsOrDuplicates(domainCreatePermission, domainCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            __grantDirectDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __grantDirectDomainCreatePermissions(SQLConnection sQLConnection, Resource resource, Set<DomainCreatePermission> set) {
        __assertUniqueSystemOrPostCreateDomainPermissionNames(set);
        Set<DomainCreatePermission> __subtractDomainCreatePermissionsIfGrantableFrom = __subtractDomainCreatePermissionsIfGrantableFrom(set, __getEffectiveDomainCreatePermissions(sQLConnection, this.sessionResource));
        if (__subtractDomainCreatePermissionsIfGrantableFrom.size() > 0) {
            throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "grant the following domain create permission(s): " + __subtractDomainCreatePermissionsIfGrantableFrom);
        }
        Set<DomainCreatePermission> __getDirectDomainCreatePermissions = __getDirectDomainCreatePermissions(sQLConnection, resource);
        if (__getDirectDomainCreatePermissions.isEmpty()) {
            __assertSetContainsDomainCreateSystemPermission(set);
        }
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (DomainCreatePermission domainCreatePermission : set) {
            boolean z = false;
            if (!domainCreatePermission.isSystemPermission()) {
                DomainPermission postCreateDomainPermission = domainCreatePermission.getPostCreateDomainPermission();
                Iterator<DomainCreatePermission> it = __getDirectDomainCreatePermissions.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    DomainCreatePermission next = it.next();
                    if (!next.isSystemPermission()) {
                        DomainPermission postCreateDomainPermission2 = next.getPostCreateDomainPermission();
                        if (postCreateDomainPermission.equalsIgnoreGrantOption(postCreateDomainPermission2)) {
                            if (domainCreatePermission.isWithGrantOption() != postCreateDomainPermission.isWithGrantOption() && next.isWithGrantOption() != postCreateDomainPermission2.isWithGrantOption() && domainCreatePermission.isWithGrantOption() != next.isWithGrantOption()) {
                                throw new IllegalArgumentException("Requested create permissions " + set + " are incompatible with existing create permissions " + __getDirectDomainCreatePermissions);
                            }
                            if (!domainCreatePermission.equals(next) && ((domainCreatePermission.isWithGrantOption() && postCreateDomainPermission.isWithGrantOption()) || (!next.isWithGrantOption() && !postCreateDomainPermission2.isWithGrantOption()))) {
                                hashSet2.add(domainCreatePermission);
                            }
                            z = true;
                        }
                    }
                }
            } else {
                Iterator<DomainCreatePermission> it2 = __getDirectDomainCreatePermissions.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    DomainCreatePermission next2 = it2.next();
                    if (next2.isSystemPermission() && domainCreatePermission.getSystemPermissionId() == next2.getSystemPermissionId()) {
                        if (!domainCreatePermission.equals(next2) && !domainCreatePermission.isGrantableFrom(next2)) {
                            hashSet2.add(domainCreatePermission);
                        }
                        z = true;
                    }
                }
            }
            if (!z) {
                hashSet.add(domainCreatePermission);
            }
        }
        this.grantDomainCreatePermissionSysPersister.updateDomainCreateSysPermissions(sQLConnection, resource, this.sessionResource, hashSet2);
        this.grantDomainCreatePermissionPostCreateSysPersister.updateDomainCreatePostCreateSysPermissions(sQLConnection, resource, this.sessionResource, hashSet2);
        this.grantDomainCreatePermissionSysPersister.addDomainCreateSysPermissions(sQLConnection, resource, this.sessionResource, hashSet);
        this.grantDomainCreatePermissionPostCreateSysPersister.addDomainCreatePostCreateSysPermissions(sQLConnection, resource, this.sessionResource, hashSet);
    }

    private void __assertUniqueSystemOrPostCreateDomainPermissionNames(Set<DomainCreatePermission> set) {
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (DomainCreatePermission domainCreatePermission : set) {
            if (!domainCreatePermission.isSystemPermission()) {
                DomainPermission postCreateDomainPermission = domainCreatePermission.getPostCreateDomainPermission();
                if (hashSet2.contains(postCreateDomainPermission.getPermissionName())) {
                    throw new IllegalArgumentException("Duplicate permission: " + postCreateDomainPermission.getPermissionName() + " that only differs in 'withGrant' option");
                }
                hashSet2.add(postCreateDomainPermission.getPermissionName());
            } else {
                if (hashSet.contains(domainCreatePermission.getPermissionName())) {
                    throw new IllegalArgumentException("Duplicate permission: " + domainCreatePermission.getPermissionName() + " that only differs in 'withGrant' option");
                }
                hashSet.add(domainCreatePermission.getPermissionName());
            }
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeDomainCreatePermissions(Resource resource, Set<DomainCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(set);
        try {
            sQLConnection = __getConnection();
            __revokeDirectDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeDomainCreatePermissions(Resource resource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionSpecified(domainCreatePermission);
        __assertVarargPermissionsSpecified(domainCreatePermissionArr);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(__getSetWithoutNullsOrDuplicates(domainCreatePermission, domainCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            __revokeDirectDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __revokeDirectDomainCreatePermissions(SQLConnection sQLConnection, Resource resource, Set<DomainCreatePermission> set) {
        __assertUniqueSystemOrPostCreateDomainPermissionNames(set);
        Set<DomainCreatePermission> __subtractDomainCreatePermissionsIfGrantableFrom = __subtractDomainCreatePermissionsIfGrantableFrom(set, __getEffectiveDomainCreatePermissions(sQLConnection, this.sessionResource));
        if (__subtractDomainCreatePermissionsIfGrantableFrom.size() > 0) {
            throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "revoke the following domain create permission(s): " + __subtractDomainCreatePermissionsIfGrantableFrom);
        }
        Set<DomainCreatePermission> __getDirectDomainCreatePermissions = __getDirectDomainCreatePermissions(sQLConnection, resource);
        if (__getDirectDomainCreatePermissions.size() > set.size() && __setContainsDomainCreateSystemPermission(set)) {
            throw new IllegalArgumentException("Attempt to revoke a subset of domain create permissions that includes the *CREATE system permission: " + set);
        }
        HashSet hashSet = new HashSet(set.size());
        for (DomainCreatePermission domainCreatePermission : set) {
            if (domainCreatePermission.isSystemPermission()) {
                Iterator<DomainCreatePermission> it = __getDirectDomainCreatePermissions.iterator();
                while (true) {
                    if (it.hasNext()) {
                        DomainCreatePermission next = it.next();
                        if (next.isSystemPermission() && domainCreatePermission.getSystemPermissionId() == next.getSystemPermissionId()) {
                            hashSet.add(domainCreatePermission);
                            break;
                        }
                    }
                }
            } else {
                DomainPermission postCreateDomainPermission = domainCreatePermission.getPostCreateDomainPermission();
                Iterator<DomainCreatePermission> it2 = __getDirectDomainCreatePermissions.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        DomainCreatePermission next2 = it2.next();
                        if (!next2.isSystemPermission() && postCreateDomainPermission.equalsIgnoreGrantOption(next2.getPostCreateDomainPermission())) {
                            hashSet.add(domainCreatePermission);
                            break;
                        }
                    }
                }
            }
        }
        this.grantDomainCreatePermissionSysPersister.removeDomainCreateSysPermissions(sQLConnection, resource, hashSet);
        this.grantDomainCreatePermissionPostCreateSysPersister.removeDomainCreatePostCreateSysPermissions(sQLConnection, resource, hashSet);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<DomainCreatePermission> getDomainCreatePermissions(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<DomainCreatePermission> __getDirectDomainCreatePermissions = __getDirectDomainCreatePermissions(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getDirectDomainCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<DomainCreatePermission> getEffectiveDomainCreatePermissions(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<DomainCreatePermission> __getEffectiveDomainCreatePermissions = __getEffectiveDomainCreatePermissions(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getEffectiveDomainCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<DomainCreatePermission> __getEffectiveDomainCreatePermissions(SQLConnection sQLConnection, Resource resource) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantDomainCreatePermissionSysPersister.getDomainCreateSysPermissionsIncludeInherited(sQLConnection, resource));
        hashSet.addAll(this.grantDomainCreatePermissionPostCreateSysPersister.getDomainCreatePostCreateSysPermissionsIncludeInherited(sQLConnection, resource));
        return __collapseDomainCreatePermissions(hashSet);
    }

    private Set<DomainCreatePermission> __collapseDomainCreatePermissions(Set<DomainCreatePermission> set) {
        HashSet hashSet = new HashSet(set);
        for (DomainCreatePermission domainCreatePermission : set) {
            Iterator<DomainCreatePermission> it = set.iterator();
            while (true) {
                if (it.hasNext()) {
                    DomainCreatePermission next = it.next();
                    if (domainCreatePermission.isGrantableFrom(next) && !domainCreatePermission.equals(next)) {
                        hashSet.remove(domainCreatePermission);
                        break;
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setResourceCreatePermissions(Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(set);
        try {
            sQLConnection = __getConnection();
            __setDirectResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, str2, __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __setDirectResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<ResourceClassId> from = Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId()));
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertSetContainsResourceCreateSystemPermission(set);
        __assertUniquePostCreatePermissionsNamesForResourceClass(sQLConnection, set, __getResourceClassInternalInfo);
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges = __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2);
            Set<ResourceCreatePermission> __getDirectResourceCreatePermissions = __getDirectResourceCreatePermissions(sQLConnection, resource, from, resourceDomainId);
            Set<ResourceCreatePermission> __subtract = __subtract(set, __getDirectResourceCreatePermissions);
            if (!__subtract.isEmpty()) {
                Set<ResourceCreatePermission> __subtractResourceCreatePermissionsIfGrantableFrom = __subtractResourceCreatePermissionsIfGrantableFrom(__subtract, __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges);
                if (__subtractResourceCreatePermissionsIfGrantableFrom.size() > 0) {
                    throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "add the following permission(s): " + __subtractResourceCreatePermissionsIfGrantableFrom);
                }
            }
            Set<ResourceCreatePermission> __subtract2 = __subtract(__getDirectResourceCreatePermissions, set);
            if (!__subtract2.isEmpty()) {
                Set<ResourceCreatePermission> __subtractResourceCreatePermissionsIfGrantableFrom2 = __subtractResourceCreatePermissionsIfGrantableFrom(__subtract2, __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges);
                if (__subtractResourceCreatePermissionsIfGrantableFrom2.size() > 0) {
                    throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "remove the following permission(s): " + __subtractResourceCreatePermissionsIfGrantableFrom2);
                }
            }
        }
        this.grantResourceCreatePermissionSysPersister.removeResourceCreateSysPermissions(sQLConnection, resource, from, resourceDomainId);
        this.grantResourceCreatePermissionPostCreateSysPersister.removeResourceCreatePostCreateSysPermissions(sQLConnection, resource, from, resourceDomainId);
        this.grantResourceCreatePermissionPostCreatePersister.removeResourceCreatePostCreatePermissions(sQLConnection, resource, from, resourceDomainId);
        this.grantResourceCreatePermissionSysPersister.addResourceCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, set, this.sessionResource);
        this.grantResourceCreatePermissionPostCreateSysPersister.addResourceCreatePostCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, set, this.sessionResource);
        this.grantResourceCreatePermissionPostCreatePersister.addResourceCreatePostCreatePermissions(sQLConnection, resource, from, resourceDomainId, set, this.sessionResource);
    }

    private void __assertSetContainsResourceCreateSystemPermission(Set<ResourceCreatePermission> set) {
        if (set.isEmpty()) {
            return;
        }
        boolean z = false;
        Iterator<ResourceCreatePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourceCreatePermission next = it.next();
            if (next.isSystemPermission() && ResourceCreatePermissions.CREATE.equals(next.getPermissionName())) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new IllegalArgumentException("Permission: *CREATE must be specified");
        }
    }

    private void __assertUniquePostCreatePermissionsNamesForResourceClass(SQLConnection sQLConnection, Set<ResourceCreatePermission> set, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, resourceClassInternalInfo);
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (ResourceCreatePermission resourceCreatePermission : set) {
            if (!resourceCreatePermission.isSystemPermission()) {
                ResourcePermission postCreateResourcePermission = resourceCreatePermission.getPostCreateResourcePermission();
                if (!__getApplicableResourcePermissionNames.contains(postCreateResourcePermission.getPermissionName())) {
                    if (!postCreateResourcePermission.isSystemPermission()) {
                        throw new IllegalArgumentException("Permission: " + postCreateResourcePermission.getPermissionName() + " is not defined for resource class: " + resourceClassInternalInfo.getResourceClassName());
                    }
                    throw new IllegalArgumentException("Permission: " + postCreateResourcePermission.getPermissionName() + ", not valid for unauthenticatable resource");
                }
                if (hashSet2.contains(postCreateResourcePermission.getPermissionName())) {
                    throw new IllegalArgumentException("Duplicate permission: " + postCreateResourcePermission.getPermissionName() + " that only differs in 'withGrant' option");
                }
                hashSet2.add(postCreateResourcePermission.getPermissionName());
            } else {
                if (hashSet.contains(resourceCreatePermission.getPermissionName())) {
                    throw new IllegalArgumentException("Duplicate permission: " + resourceCreatePermission.getPermissionName() + " that only differs in 'withGrant' option");
                }
                hashSet.add(resourceCreatePermission.getPermissionName());
            }
        }
    }

    private Set<ResourceCreatePermission> __subtractResourceCreatePermissionsIfGrantableFrom(Set<ResourceCreatePermission> set, Set<ResourceCreatePermission> set2) {
        HashSet hashSet = new HashSet(set);
        for (ResourceCreatePermission resourceCreatePermission : set) {
            Iterator<ResourceCreatePermission> it = set2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (resourceCreatePermission.isGrantableFrom(it.next())) {
                    hashSet.remove(resourceCreatePermission);
                    break;
                }
            }
        }
        return hashSet;
    }

    private <T> Set<T> __subtract(Set<T> set, Set<T> set2) {
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(set2);
        return hashSet;
    }

    private Set<ResourceCreatePermission> __getDirectResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, Id<ResourceClassId> id, Id<DomainId> id2) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissions(sQLConnection, resource, id, id2));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreateSysPersister.getResourceCreatePostCreateSysPermissions(sQLConnection, resource, id, id2));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreatePersister.getResourceCreatePostCreatePermissions(sQLConnection, resource, id, id2));
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantResourceCreatePermissions(Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(set);
        try {
            sQLConnection = __getConnection();
            __grantDirectResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, str2, __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantResourceCreatePermissions(Resource resource, String str, String str2, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourceCreatePermission);
        __assertVarargPermissionsSpecified(resourceCreatePermissionArr);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(__getSetWithoutNullsOrDuplicates(resourceCreatePermission, resourceCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            __grantDirectResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, str2, __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __grantDirectResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<ResourceClassId> from = Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId()));
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertUniquePostCreatePermissionsNamesForResourceClass(sQLConnection, set, __getResourceClassInternalInfo);
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourceCreatePermission> __subtractResourceCreatePermissionsIfGrantableFrom = __subtractResourceCreatePermissionsIfGrantableFrom(set, __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2));
            if (__subtractResourceCreatePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "grant the following permission(s): " + __subtractResourceCreatePermissionsIfGrantableFrom);
            }
        }
        Set<ResourceCreatePermission> __getDirectResourceCreatePermissions = __getDirectResourceCreatePermissions(sQLConnection, resource, from, resourceDomainId);
        if (__getDirectResourceCreatePermissions.isEmpty()) {
            __assertSetContainsResourceCreateSystemPermission(set);
        }
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (ResourceCreatePermission resourceCreatePermission : set) {
            boolean z = false;
            if (!resourceCreatePermission.isSystemPermission()) {
                ResourcePermission postCreateResourcePermission = resourceCreatePermission.getPostCreateResourcePermission();
                Iterator<ResourceCreatePermission> it = __getDirectResourceCreatePermissions.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    ResourceCreatePermission next = it.next();
                    if (!next.isSystemPermission()) {
                        ResourcePermission postCreateResourcePermission2 = next.getPostCreateResourcePermission();
                        if (postCreateResourcePermission.equalsIgnoreGrantOption(postCreateResourcePermission2)) {
                            if (resourceCreatePermission.isWithGrantOption() != postCreateResourcePermission.isWithGrantOption() && next.isWithGrantOption() != postCreateResourcePermission2.isWithGrantOption() && resourceCreatePermission.isWithGrantOption() != next.isWithGrantOption()) {
                                throw new IllegalArgumentException("Requested create permissions " + set + " are incompatible with existing create permissions " + __getDirectResourceCreatePermissions);
                            }
                            if (!resourceCreatePermission.equals(next) && ((resourceCreatePermission.isWithGrantOption() && postCreateResourcePermission.isWithGrantOption()) || (!next.isWithGrantOption() && !postCreateResourcePermission2.isWithGrantOption()))) {
                                hashSet2.add(resourceCreatePermission);
                            }
                            z = true;
                        }
                    }
                }
            } else {
                Iterator<ResourceCreatePermission> it2 = __getDirectResourceCreatePermissions.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    ResourceCreatePermission next2 = it2.next();
                    if (next2.isSystemPermission() && resourceCreatePermission.getSystemPermissionId() == next2.getSystemPermissionId()) {
                        if (!resourceCreatePermission.equals(next2) && !resourceCreatePermission.isGrantableFrom(next2)) {
                            hashSet2.add(resourceCreatePermission);
                        }
                        z = true;
                    }
                }
            }
            if (!z) {
                hashSet.add(resourceCreatePermission);
            }
        }
        this.grantResourceCreatePermissionSysPersister.updateResourceCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet2, this.sessionResource);
        this.grantResourceCreatePermissionPostCreateSysPersister.updateResourceCreatePostCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet2, this.sessionResource);
        this.grantResourceCreatePermissionPostCreatePersister.updateResourceCreatePostCreatePermissions(sQLConnection, resource, from, resourceDomainId, hashSet2, this.sessionResource);
        this.grantResourceCreatePermissionSysPersister.addResourceCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet, this.sessionResource);
        this.grantResourceCreatePermissionPostCreateSysPersister.addResourceCreatePostCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet, this.sessionResource);
        this.grantResourceCreatePermissionPostCreatePersister.addResourceCreatePostCreatePermissions(sQLConnection, resource, from, resourceDomainId, hashSet, this.sessionResource);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeResourceCreatePermissions(Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(set);
        try {
            sQLConnection = __getConnection();
            __revokeDirectResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, str2, __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeResourceCreatePermissions(Resource resource, String str, String str2, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourceCreatePermission);
        __assertVarargPermissionsSpecified(resourceCreatePermissionArr);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(__getSetWithoutNullsOrDuplicates(resourceCreatePermission, resourceCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            __revokeDirectResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, str2, __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __revokeDirectResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<ResourceClassId> from = Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId()));
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertUniquePostCreatePermissionsNamesForResourceClass(sQLConnection, set, __getResourceClassInternalInfo);
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourceCreatePermission> __subtractResourceCreatePermissionsIfGrantableFrom = __subtractResourceCreatePermissionsIfGrantableFrom(set, __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2));
            if (__subtractResourceCreatePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "revoke the following permission(s): " + __subtractResourceCreatePermissionsIfGrantableFrom);
            }
        }
        Set<ResourceCreatePermission> __getDirectResourceCreatePermissions = __getDirectResourceCreatePermissions(sQLConnection, resource, from, resourceDomainId);
        if (__getDirectResourceCreatePermissions.size() > set.size() && __setContainsResourceCreateSystemPermission(set)) {
            throw new IllegalArgumentException("Attempt to revoke a subset of resource create permissions that includes the *CREATE system permission: " + set);
        }
        HashSet hashSet = new HashSet(set.size());
        for (ResourceCreatePermission resourceCreatePermission : set) {
            if (resourceCreatePermission.isSystemPermission()) {
                Iterator<ResourceCreatePermission> it = __getDirectResourceCreatePermissions.iterator();
                while (true) {
                    if (it.hasNext()) {
                        ResourceCreatePermission next = it.next();
                        if (next.isSystemPermission() && resourceCreatePermission.getSystemPermissionId() == next.getSystemPermissionId()) {
                            hashSet.add(resourceCreatePermission);
                            break;
                        }
                    }
                }
            } else {
                ResourcePermission postCreateResourcePermission = resourceCreatePermission.getPostCreateResourcePermission();
                Iterator<ResourceCreatePermission> it2 = __getDirectResourceCreatePermissions.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        ResourceCreatePermission next2 = it2.next();
                        if (!next2.isSystemPermission() && postCreateResourcePermission.equalsIgnoreGrantOption(next2.getPostCreateResourcePermission())) {
                            hashSet.add(resourceCreatePermission);
                            break;
                        }
                    }
                }
            }
        }
        this.grantResourceCreatePermissionSysPersister.removeResourceCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet);
        this.grantResourceCreatePermissionPostCreateSysPersister.removeResourceCreatePostCreateSysPermissions(sQLConnection, resource, from, resourceDomainId, hashSet);
        this.grantResourceCreatePermissionPostCreatePersister.removeResourceCreatePostCreatePermissions(sQLConnection, resource, from, resourceDomainId, hashSet);
    }

    private boolean __setContainsResourceCreateSystemPermission(Set<ResourceCreatePermission> set) {
        for (ResourceCreatePermission resourceCreatePermission : set) {
            if (resourceCreatePermission.isSystemPermission() && ResourceCreatePermissions.CREATE.equals(resourceCreatePermission.getPermissionName())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourceCreatePermission> getResourceCreatePermissions(Resource resource, String str, String str2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourceCreatePermission> __getDirectResourceCreatePermissions = __getDirectResourceCreatePermissions(sQLConnection, __resolveResource, str.trim(), str2.trim());
            __closeConnection(sQLConnection);
            return __getDirectResourceCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourceCreatePermission> __getDirectResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        return __getDirectResourceCreatePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Map<String, Set<ResourceCreatePermission>>> getResourceCreatePermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Map<String, Set<ResourceCreatePermission>>> __getDirectResourceCreatePermissionsMap = __getDirectResourceCreatePermissionsMap(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getDirectResourceCreatePermissionsMap;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Map<String, Map<String, Set<ResourceCreatePermission>>> __getDirectResourceCreatePermissionsMap(SQLConnection sQLConnection, Resource resource) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissions(sQLConnection, resource));
        __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(this.grantResourceCreatePermissionPostCreateSysPersister.getResourceCreatePostCreateSysPermissions(sQLConnection, resource), hashMap);
        __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(this.grantResourceCreatePermissionPostCreatePersister.getResourceCreatePostCreatePermissions(sQLConnection, resource), hashMap);
        return __collapseResourceCreatePermissions(hashMap);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourceCreatePermission> getEffectiveResourceCreatePermissions(Resource resource, String str, String str2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissions = __getEffectiveResourceCreatePermissions(sQLConnection, __resolveResource, str.trim(), str2.trim());
            __closeConnection(sQLConnection);
            return __getEffectiveResourceCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissionsIgnoringSuperUserPrivileges(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissionsIncludeInherited(sQLConnection, resource, resourceClassId, resourceDomainId));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreateSysPersister.getResourceCreatePostCreateSysPermissionsIncludeInherited(sQLConnection, resource, resourceClassId, resourceDomainId));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreatePersister.getResourceCreatePostCreatePermissionsIncludeInherited(sQLConnection, resource, resourceClassId, resourceDomainId));
        return __collapseResourceCreatePermissions(hashSet);
    }

    private Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        if (__isSuperUserOfDomain(sQLConnection, resource, str2)) {
            return __getApplicableResourceCreatePermissions(sQLConnection, __getResourceClassInternalInfo);
        }
        Id<ResourceClassId> from = Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId()));
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissionsIncludeInherited(sQLConnection, resource, from, resourceDomainId));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreateSysPersister.getResourceCreatePostCreateSysPermissionsIncludeInherited(sQLConnection, resource, from, resourceDomainId));
        hashSet.addAll(this.grantResourceCreatePermissionPostCreatePersister.getResourceCreatePostCreatePermissionsIncludeInherited(sQLConnection, resource, from, resourceDomainId));
        return __collapseResourceCreatePermissions(hashSet);
    }

    private Set<ResourceCreatePermission> __collapseResourceCreatePermissions(Set<ResourceCreatePermission> set) {
        HashSet hashSet = new HashSet(set);
        for (ResourceCreatePermission resourceCreatePermission : set) {
            Iterator<ResourceCreatePermission> it = set.iterator();
            while (true) {
                if (it.hasNext()) {
                    ResourceCreatePermission next = it.next();
                    if (resourceCreatePermission.isGrantableFrom(next) && !resourceCreatePermission.equals(next)) {
                        hashSet.remove(resourceCreatePermission);
                        break;
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Map<String, Set<ResourceCreatePermission>>> getEffectiveResourceCreatePermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Map<String, Set<ResourceCreatePermission>>> __getEffectiveResourceCreatePermissionsMap = __getEffectiveResourceCreatePermissionsMap(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getEffectiveResourceCreatePermissionsMap;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Map<String, Map<String, Set<ResourceCreatePermission>>> __getEffectiveResourceCreatePermissionsMap(SQLConnection sQLConnection, Resource resource) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.grantResourceCreatePermissionSysPersister.getResourceCreateSysPermissionsIncludeInherited(sQLConnection, resource));
        __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(this.grantResourceCreatePermissionPostCreateSysPersister.getResourceCreatePostCreateSysPermissionsIncludeInherited(sQLConnection, resource), hashMap);
        __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(this.grantResourceCreatePermissionPostCreatePersister.getResourceCreatePostCreatePermissionsIncludeInherited(sQLConnection, resource), hashMap);
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = null;
        for (Map.Entry<String, Set<DomainPermission>> entry : __getEffectiveDomainPermissionsMap(sQLConnection, resource).entrySet()) {
            Set<DomainPermission> value = entry.getValue();
            if (value.contains(DomainPermission_SUPER_USER) || value.contains(DomainPermission_SUPER_USER_GRANT)) {
                if (hashMap3 == null) {
                    List<String> resourceClassNames = this.resourceClassPersister.getResourceClassNames(sQLConnection);
                    hashMap3 = new HashMap(resourceClassNames.size());
                    for (String str : resourceClassNames) {
                        hashMap3.put(str, __getApplicableResourceCreatePermissions(sQLConnection, __getResourceClassInternalInfo(sQLConnection, str)));
                    }
                }
                hashMap2.put(entry.getKey(), hashMap3);
            }
        }
        __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(hashMap2, hashMap);
        return __collapseResourceCreatePermissions(hashMap);
    }

    private void __mergeSourceCreatePermissionsMapIntoTargetCreatePermissionsMap(Map<String, Map<String, Set<ResourceCreatePermission>>> map, Map<String, Map<String, Set<ResourceCreatePermission>>> map2) {
        for (Map.Entry<String, Map<String, Set<ResourceCreatePermission>>> entry : map.entrySet()) {
            String key = entry.getKey();
            Map<String, Set<ResourceCreatePermission>> map3 = map2.get(key);
            if (map3 == null) {
                map3 = new HashMap();
                map2.put(key, map3);
            }
            for (Map.Entry<String, Set<ResourceCreatePermission>> entry2 : entry.getValue().entrySet()) {
                String key2 = entry2.getKey();
                Set<ResourceCreatePermission> set = map3.get(key2);
                if (set == null) {
                    set = new HashSet();
                    map3.put(key2, set);
                }
                set.addAll(entry2.getValue());
            }
        }
    }

    private Map<String, Map<String, Set<ResourceCreatePermission>>> __collapseResourceCreatePermissions(Map<String, Map<String, Set<ResourceCreatePermission>>> map) {
        Iterator<Map.Entry<String, Map<String, Set<ResourceCreatePermission>>>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map<String, Set<ResourceCreatePermission>> value = it.next().getValue();
            for (Map.Entry<String, Set<ResourceCreatePermission>> entry : value.entrySet()) {
                value.put(entry.getKey(), __collapseResourceCreatePermissions(entry.getValue()));
            }
        }
        return map;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setResourcePermissions(Resource resource, Resource resource2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionsSpecified(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __setDirectResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission, this.sessionResource, false);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __setDirectResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2, Set<ResourcePermission> set, Resource resource3, boolean z) {
        ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2);
        __assertUniqueResourcePermissionsNamesForResourceClass(sQLConnection, set, resourceClassInfoByResourceId);
        if (!z) {
            if (!__isSuperUserOfResource(sQLConnection, resource3, resource2)) {
                Set<ResourcePermission> __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges = __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, resource3, resource2);
                Set<ResourcePermission> __getDirectResourcePermissions = __getDirectResourcePermissions(sQLConnection, resource, resource2);
                Set<ResourcePermission> __subtract = __subtract(set, __getDirectResourcePermissions);
                if (__subtract.size() > 0) {
                    Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(__subtract, __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges);
                    if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                        throw NotAuthorizedException.newInstanceForAction(resource3, "add the following permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
                    }
                }
                Set<ResourcePermission> __subtract2 = __subtract(__getDirectResourcePermissions, set);
                if (__subtract2.size() > 0) {
                    Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom2 = __subtractResourcePermissionsIfGrantableFrom(__subtract2, __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges);
                    if (__subtractResourcePermissionsIfGrantableFrom2.size() > 0) {
                        throw NotAuthorizedException.newInstanceForAction(resource3, "remove the following permission(s): " + __subtractResourcePermissionsIfGrantableFrom2);
                    }
                }
            }
            if (set.contains(ResourcePermission_INHERIT) || set.contains(ResourcePermission_INHERIT_GRANT)) {
                Set<ResourcePermission> __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges2 = __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, resource2, resource);
                if (__getEffectiveResourcePermissionsIgnoringSuperUserPrivileges2.contains(ResourcePermission_INHERIT) || __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges2.contains(ResourcePermission_INHERIT_GRANT) || resource.equals(resource2)) {
                    throw new OaccException("Granting the requested permission(s): " + set + " will cause a cycle between: " + resource + " and: " + resource2);
                }
            }
            this.grantResourcePermissionSysPersister.removeResourceSysPermissions(sQLConnection, resource, resource2);
            this.grantResourcePermissionPersister.removeResourcePermissions(sQLConnection, resource, resource2);
        }
        this.grantResourcePermissionSysPersister.addResourceSysPermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), set, resource3);
        this.grantResourcePermissionPersister.addResourcePermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), set, resource3);
    }

    private void __assertUniqueResourcePermissionsNamesForResourceClass(SQLConnection sQLConnection, Set<ResourcePermission> set, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, resourceClassInternalInfo);
        HashSet hashSet = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            if (!__getApplicableResourcePermissionNames.contains(resourcePermission.getPermissionName())) {
                if (!resourcePermission.isSystemPermission()) {
                    throw new IllegalArgumentException("Permission: " + resourcePermission.getPermissionName() + " is not defined for resource class: " + resourceClassInternalInfo.getResourceClassName());
                }
                throw new IllegalArgumentException("Permission: " + resourcePermission.getPermissionName() + ", not valid for unauthenticatable resource");
            }
            if (hashSet.contains(resourcePermission.getPermissionName())) {
                throw new IllegalArgumentException("Duplicate permission: " + resourcePermission.getPermissionName() + " that only differs in 'withGrant' option");
            }
            hashSet.add(resourcePermission.getPermissionName());
        }
    }

    private Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom(Set<ResourcePermission> set, Set<ResourcePermission> set2) {
        HashSet hashSet = new HashSet(set);
        for (ResourcePermission resourcePermission : set) {
            Iterator<ResourcePermission> it = set2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (resourcePermission.isGrantableFrom(it.next())) {
                    hashSet.remove(resourcePermission);
                    break;
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantResourcePermissions(Resource resource, Resource resource2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __grantDirectResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantResourcePermissions(Resource resource, Resource resource2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            __grantDirectResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __grantDirectResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2, Set<ResourcePermission> set) {
        ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2);
        __assertUniqueResourcePermissionsNamesForResourceClass(sQLConnection, set, resourceClassInfoByResourceId);
        if (!__isSuperUserOfResource(sQLConnection, this.sessionResource, resource2)) {
            Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(set, __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, resource2));
            if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "grant the following permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
            }
        }
        Set<ResourcePermission> __getDirectResourcePermissions = __getDirectResourcePermissions(sQLConnection, resource, resource2);
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            boolean z = false;
            Iterator<ResourcePermission> it = __getDirectResourcePermissions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ResourcePermission next = it.next();
                if (resourcePermission.equalsIgnoreGrantOption(next)) {
                    if (!resourcePermission.equals(next) && !resourcePermission.isGrantableFrom(next)) {
                        hashSet2.add(resourcePermission);
                    }
                    z = true;
                }
            }
            if (!z) {
                hashSet.add(resourcePermission);
            }
        }
        if (hashSet.contains(ResourcePermission_INHERIT) || hashSet.contains(ResourcePermission_INHERIT_GRANT)) {
            Set<ResourcePermission> __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges = __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, resource2, resource);
            if (__getEffectiveResourcePermissionsIgnoringSuperUserPrivileges.contains(ResourcePermission_INHERIT) || __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges.contains(ResourcePermission_INHERIT_GRANT) || resource.equals(resource2)) {
                throw new OaccException("Granting the requested permission(s): " + set + " will cause a cycle between: " + resource + " and: " + resource2);
            }
        }
        this.grantResourcePermissionSysPersister.updateResourceSysPermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet2, this.sessionResource);
        this.grantResourcePermissionPersister.updateResourcePermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet2, this.sessionResource);
        this.grantResourcePermissionSysPersister.addResourceSysPermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet, this.sessionResource);
        this.grantResourcePermissionPersister.addResourcePermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet, this.sessionResource);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeResourcePermissions(Resource resource, Resource resource2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __revokeDirectResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeResourcePermissions(Resource resource, Resource resource2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            __revokeDirectResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __revokeDirectResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2, Set<ResourcePermission> set) {
        ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2);
        __assertUniqueResourcePermissionsNamesForResourceClass(sQLConnection, set, resourceClassInfoByResourceId);
        if (!__isSuperUserOfResource(sQLConnection, this.sessionResource, resource2)) {
            Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(set, __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, resource2));
            if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "revoke the following permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
            }
        }
        Set<ResourcePermission> __getDirectResourcePermissions = __getDirectResourcePermissions(sQLConnection, resource, resource2);
        HashSet hashSet = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            Iterator<ResourcePermission> it = __getDirectResourcePermissions.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (resourcePermission.equalsIgnoreGrantOption(it.next())) {
                        hashSet.add(resourcePermission);
                        break;
                    }
                } else {
                    break;
                }
            }
        }
        this.grantResourcePermissionSysPersister.removeResourceSysPermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet);
        this.grantResourcePermissionPersister.removeResourcePermissions(sQLConnection, resource, resource2, Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId())), hashSet);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourcePermission> getResourcePermissions(Resource resource, Resource resource2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            Resource __resolveResource2 = __resolveResource(sQLConnection, resource2);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourcePermission> __getDirectResourcePermissions = __getDirectResourcePermissions(sQLConnection, __resolveResource, __resolveResource2);
            __closeConnection(sQLConnection);
            return __getDirectResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourcePermission> __getDirectResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantResourcePermissionSysPersister.getResourceSysPermissions(sQLConnection, resource, resource2));
        hashSet.addAll(this.grantResourcePermissionPersister.getResourcePermissions(sQLConnection, resource, resource2));
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourcePermission> getEffectiveResourcePermissions(Resource resource, Resource resource2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            Resource __resolveResource2 = __resolveResource(sQLConnection, resource2);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourcePermission> __getEffectiveResourcePermissions = __getEffectiveResourcePermissions(sQLConnection, __resolveResource, __resolveResource2);
            __closeConnection(sQLConnection);
            return __getEffectiveResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourcePermission> __getEffectiveResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2) {
        HashSet hashSet = new HashSet();
        Id<DomainId> domainIdByResource = this.resourcePersister.getDomainIdByResource(sQLConnection, resource2);
        ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2);
        if (__isSuperUserOfDomain(sQLConnection, resource, domainIdByResource)) {
            return __getApplicableResourcePermissions(sQLConnection, resourceClassInfoByResourceId);
        }
        hashSet.addAll(this.grantResourcePermissionSysPersister.getResourceSysPermissionsIncludeInherited(sQLConnection, resource, resource2));
        hashSet.addAll(this.grantResourcePermissionPersister.getResourcePermissionsIncludeInherited(sQLConnection, resource, resource2));
        Id<ResourceClassId> from = Id.from(Long.valueOf(resourceClassInfoByResourceId.getResourceClassId()));
        hashSet.addAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissionsIncludeInherited(sQLConnection, resource, from, domainIdByResource));
        hashSet.addAll(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissionsIncludeInherited(sQLConnection, resource, from, domainIdByResource));
        return __collapseResourcePermissions(hashSet);
    }

    private Set<ResourcePermission> __getEffectiveResourcePermissionsIgnoringSuperUserPrivileges(SQLConnection sQLConnection, Resource resource, Resource resource2) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantResourcePermissionSysPersister.getResourceSysPermissionsIncludeInherited(sQLConnection, resource, resource2));
        hashSet.addAll(this.grantResourcePermissionPersister.getResourcePermissionsIncludeInherited(sQLConnection, resource, resource2));
        Id<DomainId> domainIdByResource = this.resourcePersister.getDomainIdByResource(sQLConnection, resource2);
        Id<ResourceClassId> from = Id.from(Long.valueOf(this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2).getResourceClassId()));
        hashSet.addAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissionsIncludeInherited(sQLConnection, resource, from, domainIdByResource));
        hashSet.addAll(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissionsIncludeInherited(sQLConnection, resource, from, domainIdByResource));
        return __collapseResourcePermissions(hashSet);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void setGlobalResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __setDirectGlobalPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __setDirectGlobalPermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        ResourceClassInternalInfo resourceClassInfo = this.resourceClassPersister.getResourceClassInfo(sQLConnection, str);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertUniqueGlobalResourcePermissionNamesForResourceClass(sQLConnection, set, resourceClassInfo);
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourcePermission> __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges = __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2);
            Set<ResourcePermission> __getDirectGlobalResourcePermissions = __getDirectGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
            Set<ResourcePermission> __subtract = __subtract(set, __getDirectGlobalResourcePermissions);
            if (!__subtract.isEmpty()) {
                Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(__subtract, __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges);
                if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                    throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "add the following global permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
                }
            }
            Set<ResourcePermission> __subtract2 = __subtract(__getDirectGlobalResourcePermissions, set);
            if (!__subtract2.isEmpty()) {
                Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom2 = __subtractResourcePermissionsIfGrantableFrom(__subtract2, __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges);
                if (__subtractResourcePermissionsIfGrantableFrom2.size() > 0) {
                    throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "remove the following global permission(s): " + __subtractResourcePermissionsIfGrantableFrom2);
                }
            }
        }
        this.grantGlobalResourcePermissionSysPersister.removeGlobalSysPermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
        this.grantGlobalResourcePermissionPersister.removeGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
        this.grantGlobalResourcePermissionSysPersister.addGlobalSysPermissions(sQLConnection, resource, resourceClassId, resourceDomainId, set, this.sessionResource);
        this.grantGlobalResourcePermissionPersister.addGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId, set, this.sessionResource);
    }

    private Set<ResourcePermission> __getDirectGlobalResourcePermissions(SQLConnection sQLConnection, Resource resource, Id<ResourceClassId> id, Id<DomainId> id2) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissions(sQLConnection, resource, id, id2));
        hashSet.addAll(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissions(sQLConnection, resource, id, id2));
        return hashSet;
    }

    private void __assertUniqueGlobalResourcePermissionNamesForResourceClass(SQLConnection sQLConnection, Set<ResourcePermission> set, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, resourceClassInternalInfo);
        HashSet hashSet = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            if (resourcePermission.isSystemPermission() && ResourcePermission_INHERIT.equals(resourcePermission)) {
                throw new IllegalArgumentException("Permission: " + String.valueOf(resourcePermission) + ", not valid in this context");
            }
            if (!__getApplicableResourcePermissionNames.contains(resourcePermission.getPermissionName())) {
                if (!resourcePermission.isSystemPermission()) {
                    throw new IllegalArgumentException("Permission: " + resourcePermission.getPermissionName() + " is not defined for resource class: " + resourceClassInternalInfo.getResourceClassName());
                }
                throw new IllegalArgumentException("Permission " + resourcePermission.getPermissionName() + " not valid for unauthenticatable resource of class " + resourceClassInternalInfo.getResourceClassName());
            }
            if (hashSet.contains(resourcePermission.getPermissionName())) {
                throw new IllegalArgumentException("Duplicate permission: " + resourcePermission.getPermissionName() + " that only differs in 'withGrant' option");
            }
            hashSet.add(resourcePermission.getPermissionName());
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantGlobalResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __grantDirectGlobalPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void grantGlobalResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            __grantDirectGlobalPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __grantDirectGlobalPermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        ResourceClassInternalInfo resourceClassInfo = this.resourceClassPersister.getResourceClassInfo(sQLConnection, str);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertUniqueGlobalResourcePermissionNamesForResourceClass(sQLConnection, set, resourceClassInfo);
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(set, __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2));
            if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "grant the following global permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
            }
        }
        Set<ResourcePermission> __getDirectGlobalResourcePermissions = __getDirectGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
        HashSet hashSet = new HashSet(set.size());
        HashSet hashSet2 = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            boolean z = false;
            Iterator<ResourcePermission> it = __getDirectGlobalResourcePermissions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ResourcePermission next = it.next();
                if (resourcePermission.equalsIgnoreGrantOption(next)) {
                    if (!resourcePermission.equals(next) && !resourcePermission.isGrantableFrom(next)) {
                        hashSet2.add(resourcePermission);
                    }
                    z = true;
                }
            }
            if (!z) {
                hashSet.add(resourcePermission);
            }
        }
        this.grantGlobalResourcePermissionSysPersister.updateGlobalSysPermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet2, this.sessionResource);
        this.grantGlobalResourcePermissionPersister.updateGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet2, this.sessionResource);
        this.grantGlobalResourcePermissionSysPersister.addGlobalSysPermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet, this.sessionResource);
        this.grantGlobalResourcePermissionPersister.addGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet, this.sessionResource);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeGlobalResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            __revokeDirectGlobalPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void revokeGlobalResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            __revokeDirectGlobalPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private void __revokeDirectGlobalPermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        __assertUniqueResourcePermissionsNamesForResourceClass(sQLConnection, set, __getResourceClassInternalInfo);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        if (!__isSuperUserOfDomain(sQLConnection, this.sessionResource, str2)) {
            Set<ResourcePermission> __subtractResourcePermissionsIfGrantableFrom = __subtractResourcePermissionsIfGrantableFrom(set, __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges(sQLConnection, this.sessionResource, str, str2));
            if (__subtractResourcePermissionsIfGrantableFrom.size() > 0) {
                throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "revoke the following global permission(s): " + __subtractResourcePermissionsIfGrantableFrom);
            }
        }
        Set<ResourcePermission> __getDirectGlobalResourcePermissions = __getDirectGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
        HashSet hashSet = new HashSet(set.size());
        for (ResourcePermission resourcePermission : set) {
            Iterator<ResourcePermission> it = __getDirectGlobalResourcePermissions.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (resourcePermission.equalsIgnoreGrantOption(it.next())) {
                        hashSet.add(resourcePermission);
                        break;
                    }
                } else {
                    break;
                }
            }
        }
        this.grantGlobalResourcePermissionSysPersister.removeGlobalSysPermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet);
        this.grantGlobalResourcePermissionPersister.removeGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId, hashSet);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourcePermission> getGlobalResourcePermissions(Resource resource, String str, String str2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourcePermission> __getDirectGlobalResourcePermissions = __getDirectGlobalResourcePermissions(sQLConnection, __resolveResource, str.trim(), str2.trim());
            __closeConnection(sQLConnection);
            return __getDirectGlobalResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourcePermission> __getDirectGlobalResourcePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        return __getDirectGlobalResourcePermissions(sQLConnection, resource, resourceClassId, resourceDomainId);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<ResourcePermission> getEffectiveGlobalResourcePermissions(Resource resource, String str, String str2) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<ResourcePermission> __getEffectiveGlobalResourcePermissions = __getEffectiveGlobalResourcePermissions(sQLConnection, __resolveResource, str.trim(), str2.trim());
            __closeConnection(sQLConnection);
            return __getEffectiveGlobalResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<ResourcePermission> __getEffectiveGlobalResourcePermissionsIgnoringSuperUserPrivileges(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissionsIncludeInherited(sQLConnection, resource, resourceClassId, resourceDomainId));
        hashSet.addAll(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissionsIncludeInherited(sQLConnection, resource, resourceClassId, resourceDomainId));
        return __collapseResourcePermissions(hashSet);
    }

    private Set<ResourcePermission> __getEffectiveGlobalResourcePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2) {
        ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        if (__isSuperUserOfDomain(sQLConnection, resource, str2)) {
            return __getApplicableResourcePermissions(sQLConnection, __getResourceClassInternalInfo);
        }
        Id<ResourceClassId> from = Id.from(Long.valueOf(__getResourceClassInternalInfo.getResourceClassId()));
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissionsIncludeInherited(sQLConnection, resource, from, resourceDomainId));
        hashSet.addAll(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissionsIncludeInherited(sQLConnection, resource, from, resourceDomainId));
        return __collapseResourcePermissions(hashSet);
    }

    private Set<ResourcePermission> __getApplicableResourcePermissions(SQLConnection sQLConnection, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, resourceClassInternalInfo);
        HashSet hashSet = new HashSet(__getApplicableResourcePermissionNames.size());
        Iterator<String> it = __getApplicableResourcePermissionNames.iterator();
        while (it.hasNext()) {
            hashSet.add(ResourcePermissions.getInstanceWithGrantOption(it.next()));
        }
        return hashSet;
    }

    private Set<ResourceCreatePermission> __getApplicableResourceCreatePermissions(SQLConnection sQLConnection, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, resourceClassInternalInfo);
        HashSet hashSet = new HashSet(__getApplicableResourcePermissionNames.size() + 1);
        hashSet.add(ResourceCreatePermissions.getInstanceWithGrantOption(ResourceCreatePermissions.CREATE));
        Iterator<String> it = __getApplicableResourcePermissionNames.iterator();
        while (it.hasNext()) {
            hashSet.add(ResourceCreatePermissions.getInstanceWithGrantOption(ResourcePermissions.getInstanceWithGrantOption(it.next())));
        }
        return hashSet;
    }

    private Set<ResourcePermission> __collapseResourcePermissions(Set<ResourcePermission> set) {
        HashSet hashSet = new HashSet(set);
        for (ResourcePermission resourcePermission : set) {
            Iterator<ResourcePermission> it = set.iterator();
            while (true) {
                if (it.hasNext()) {
                    ResourcePermission next = it.next();
                    if (resourcePermission.isGrantableFrom(next) && !resourcePermission.equals(next)) {
                        hashSet.remove(resourcePermission);
                        break;
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Map<String, Set<ResourcePermission>>> getGlobalResourcePermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Map<String, Set<ResourcePermission>>> __getDirectGlobalResourcePermissionsMap = __getDirectGlobalResourcePermissionsMap(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getDirectGlobalResourcePermissionsMap;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Map<String, Map<String, Set<ResourcePermission>>> __getDirectGlobalResourcePermissionsMap(SQLConnection sQLConnection, Resource resource) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissions(sQLConnection, resource));
        __mergeSourcePermissionsMapIntoTargetPermissionsMap(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissions(sQLConnection, resource), hashMap);
        return __collapseResourcePermissions(hashMap);
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Map<String, Map<String, Set<ResourcePermission>>> getEffectiveGlobalResourcePermissionsMap(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Map<String, Map<String, Set<ResourcePermission>>> __getEffectiveGlobalResourcePermissionsMap = __getEffectiveGlobalResourcePermissionsMap(sQLConnection, __resolveResource);
            __closeConnection(sQLConnection);
            return __getEffectiveGlobalResourcePermissionsMap;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Map<String, Map<String, Set<ResourcePermission>>> __getEffectiveGlobalResourcePermissionsMap(SQLConnection sQLConnection, Resource resource) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.grantGlobalResourcePermissionSysPersister.getGlobalSysPermissionsIncludeInherited(sQLConnection, resource));
        __mergeSourcePermissionsMapIntoTargetPermissionsMap(this.grantGlobalResourcePermissionPersister.getGlobalResourcePermissionsIncludeInherited(sQLConnection, resource), hashMap);
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = null;
        for (Map.Entry<String, Set<DomainPermission>> entry : __getEffectiveDomainPermissionsMap(sQLConnection, resource).entrySet()) {
            Set<DomainPermission> value = entry.getValue();
            if (value.contains(DomainPermission_SUPER_USER) || value.contains(DomainPermission_SUPER_USER_GRANT)) {
                if (hashMap3 == null) {
                    List<String> resourceClassNames = this.resourceClassPersister.getResourceClassNames(sQLConnection);
                    hashMap3 = new HashMap(resourceClassNames.size());
                    for (String str : resourceClassNames) {
                        hashMap3.put(str, __getApplicableResourcePermissions(sQLConnection, __getResourceClassInternalInfo(sQLConnection, str)));
                    }
                }
                hashMap2.put(entry.getKey(), hashMap3);
            }
        }
        __mergeSourcePermissionsMapIntoTargetPermissionsMap(hashMap2, hashMap);
        return __collapseResourcePermissions(hashMap);
    }

    private void __mergeSourcePermissionsMapIntoTargetPermissionsMap(Map<String, Map<String, Set<ResourcePermission>>> map, Map<String, Map<String, Set<ResourcePermission>>> map2) {
        for (Map.Entry<String, Map<String, Set<ResourcePermission>>> entry : map.entrySet()) {
            String key = entry.getKey();
            Map<String, Set<ResourcePermission>> map3 = map2.get(key);
            if (map3 == null) {
                map3 = new HashMap();
                map2.put(key, map3);
            }
            for (Map.Entry<String, Set<ResourcePermission>> entry2 : entry.getValue().entrySet()) {
                String key2 = entry2.getKey();
                Set<ResourcePermission> set = map3.get(key2);
                if (set == null) {
                    set = new HashSet();
                    map3.put(key2, set);
                }
                set.addAll(entry2.getValue());
            }
        }
    }

    private Map<String, Map<String, Set<ResourcePermission>>> __collapseResourcePermissions(Map<String, Map<String, Set<ResourcePermission>>> map) {
        Iterator<Map.Entry<String, Map<String, Set<ResourcePermission>>>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map<String, Set<ResourcePermission>> value = it.next().getValue();
            for (Map.Entry<String, Set<ResourcePermission>> entry : value.entrySet()) {
                value.put(entry.getKey(), __collapseResourcePermissions(entry.getValue()));
            }
        }
        return map;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public String getDomainNameByResource(Resource resource) {
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            SQLConnection __getConnection = __getConnection();
            Resource __resolveResource = __resolveResource(__getConnection, resource);
            if (this.sessionResource.equals(__resolveResource)) {
                String str = this.sessionResourceDomainName;
                __closeConnection(__getConnection);
                return str;
            }
            if (this.authenticatedResource.equals(__resolveResource)) {
                String str2 = this.authenticatedResourceDomainName;
                __closeConnection(__getConnection);
                return str2;
            }
            String resourceDomainNameByResourceId = this.domainPersister.getResourceDomainNameByResourceId(__getConnection, __resolveResource);
            __closeConnection(__getConnection);
            return resourceDomainNameByResourceId;
        } catch (Throwable th) {
            __closeConnection(null);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<String> getDomainDescendants(String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertDomainSpecified(str);
        try {
            sQLConnection = __getConnection();
            Set<String> resourceDomainNameDescendants = this.domainPersister.getResourceDomainNameDescendants(sQLConnection, str.trim());
            __closeConnection(sQLConnection);
            return resourceDomainNameDescendants;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public ResourceClassInfo getResourceClassInfo(String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceClassSpecified(str);
        try {
            sQLConnection = __getConnection();
            ResourceClassInternalInfo __getResourceClassInternalInfo = __getResourceClassInternalInfo(sQLConnection, str);
            ResourceClassInfo resourceClassInfo = new ResourceClassInfo(__getResourceClassInternalInfo.getResourceClassName(), __getResourceClassInternalInfo.isAuthenticatable(), __getResourceClassInternalInfo.isUnauthenticatedCreateAllowed());
            __closeConnection(sQLConnection);
            return resourceClassInfo;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public ResourceClassInfo getResourceClassInfoByResource(Resource resource) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        try {
            sQLConnection = __getConnection();
            ResourceClassInternalInfo resourceClassInfoByResourceId = this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, __resolveResource(sQLConnection, resource));
            ResourceClassInfo resourceClassInfo = new ResourceClassInfo(resourceClassInfoByResourceId.getResourceClassName(), resourceClassInfoByResourceId.isAuthenticatable(), resourceClassInfoByResourceId.isUnauthenticatedCreateAllowed());
            __closeConnection(sQLConnection);
            return resourceClassInfo;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource getAuthenticatedResource() {
        __assertAuthenticated();
        if (this.defensiveCopyOfAuthenticatedResource == null || !__isEqual(this.defensiveCopyOfAuthenticatedResource, this.authenticatedResource)) {
            this.defensiveCopyOfAuthenticatedResource = Resources.getInstance(this.authenticatedResource.getId().longValue(), this.authenticatedResource.getExternalId());
        }
        return this.defensiveCopyOfAuthenticatedResource;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Resource getSessionResource() {
        __assertAuthenticated();
        if (this.defensiveCopyOfSessionResource == null || !__isEqual(this.defensiveCopyOfSessionResource, this.sessionResource)) {
            this.defensiveCopyOfSessionResource = Resources.getInstance(this.sessionResource.getId().longValue(), this.sessionResource.getExternalId());
        }
        return this.defensiveCopyOfSessionResource;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertPostCreateDomainPermissions(Resource resource, Set<DomainPermission> set) {
        if (!hasPostCreateDomainPermissions(resource, set)) {
            throw NotAuthorizedException.newInstanceForPostCreateDomainPermissions(resource, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertPostCreateDomainPermissions(Resource resource, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        if (!hasPostCreateDomainPermissions(resource, domainPermission, domainPermissionArr)) {
            throw NotAuthorizedException.newInstanceForPostCreateDomainPermissions(resource, domainPermission, domainPermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasPostCreateDomainPermissions(Resource resource, Set<DomainPermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasPostCreateDomainPermissions = __hasPostCreateDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
            return __hasPostCreateDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasPostCreateDomainPermissions(Resource resource, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionSpecified(domainPermission);
        __assertVarargPermissionsSpecified(domainPermissionArr);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(__getSetWithoutNullsOrDuplicates(domainPermission, domainPermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasPostCreateDomainPermissions = __hasPostCreateDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
            return __hasPostCreateDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasPostCreateDomainPermissions(SQLConnection sQLConnection, Resource resource, Set<DomainPermission> set) {
        __assertQueryAuthorization(sQLConnection, resource);
        boolean z = false;
        Set<DomainCreatePermission> __getEffectiveDomainCreatePermissions = __getEffectiveDomainCreatePermissions(sQLConnection, resource);
        Iterator<DomainCreatePermission> it = __getEffectiveDomainCreatePermissions.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DomainCreatePermission next = it.next();
            if (next.isSystemPermission() && DomainCreatePermissions.CREATE.equals(next.getPermissionName())) {
                z = true;
                break;
            }
        }
        if (z) {
            Set<DomainPermission> __getPostCreateDomainPermissions = __getPostCreateDomainPermissions(__getEffectiveDomainCreatePermissions);
            Iterator<DomainPermission> it2 = set.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (!__isPermissible(it2.next(), __getPostCreateDomainPermissions)) {
                    z = false;
                    break;
                }
            }
            if (!z) {
                z = __getPostCreateDomainPermissions.contains(DomainPermission_SUPER_USER) || __getPostCreateDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT);
            }
        }
        return z;
    }

    private boolean __isPermissible(DomainPermission domainPermission, Set<DomainPermission> set) {
        for (DomainPermission domainPermission2 : set) {
            if (domainPermission.equals(domainPermission2) || domainPermission.isGrantableFrom(domainPermission2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertDomainPermissions(Resource resource, String str, Set<DomainPermission> set) {
        if (!hasDomainPermissions(resource, str, set)) {
            throw NotAuthorizedException.newInstanceForDomainPermissions(resource, str, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertDomainPermissions(Resource resource, String str, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        if (!hasDomainPermissions(resource, str, domainPermission, domainPermissionArr)) {
            throw NotAuthorizedException.newInstanceForDomainPermissions(resource, str, domainPermission, domainPermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasDomainPermissions(Resource resource, String str, Set<DomainPermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasDomainPermissions = __hasDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
            return __hasDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasDomainPermissions(Resource resource, String str, DomainPermission domainPermission, DomainPermission... domainPermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertDomainSpecified(str);
        __assertPermissionSpecified(domainPermission);
        __assertVarargPermissionsSpecified(domainPermissionArr);
        Set<DomainPermission> __normalizeDomainPermissions = __normalizeDomainPermissions(__getSetWithoutNullsOrDuplicates(domainPermission, domainPermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasDomainPermissions = __hasDomainPermissions(sQLConnection, __resolveResource(sQLConnection, resource), str, __normalizeDomainPermissions);
            __closeConnection(sQLConnection);
            return __hasDomainPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasDomainPermissions(SQLConnection sQLConnection, Resource resource, String str, Set<DomainPermission> set) {
        __assertQueryAuthorization(sQLConnection, resource);
        Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, resource, str);
        boolean z = true;
        Iterator<DomainPermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!__isPermissible(it.next(), __getEffectiveDomainPermissions)) {
                z = false;
                break;
            }
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, resource, str);
        }
        return z;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertDomainCreatePermissions(Resource resource, Set<DomainCreatePermission> set) {
        if (!hasDomainCreatePermissions(resource, set)) {
            throw NotAuthorizedException.newInstanceForDomainCreatePermissions(resource, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertDomainCreatePermissions(Resource resource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissionArr) {
        if (!hasDomainCreatePermissions(resource, domainCreatePermission, domainCreatePermissionArr)) {
            throw NotAuthorizedException.newInstanceForDomainCreatePermissions(resource, domainCreatePermission, domainCreatePermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasDomainCreatePermissions(Resource resource, Set<DomainCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasDomainCreatePermissions = __hasDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
            return __hasDomainCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasDomainCreatePermissions(Resource resource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertPermissionSpecified(domainCreatePermission);
        __assertVarargPermissionsSpecified(domainCreatePermissionArr);
        Set<DomainCreatePermission> __normalizeDomainCreatePermissions = __normalizeDomainCreatePermissions(__getSetWithoutNullsOrDuplicates(domainCreatePermission, domainCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasDomainCreatePermissions = __hasDomainCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __normalizeDomainCreatePermissions);
            __closeConnection(sQLConnection);
            return __hasDomainCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasDomainCreatePermissions(SQLConnection sQLConnection, Resource resource, Set<DomainCreatePermission> set) {
        __assertQueryAuthorization(sQLConnection, resource);
        Set<DomainCreatePermission> __getEffectiveDomainCreatePermissions = __getEffectiveDomainCreatePermissions(sQLConnection, resource);
        Iterator<DomainCreatePermission> it = set.iterator();
        while (it.hasNext()) {
            if (!__isPermissible(it.next(), __getEffectiveDomainCreatePermissions)) {
                return false;
            }
        }
        return true;
    }

    private boolean __isPermissible(DomainCreatePermission domainCreatePermission, Set<DomainCreatePermission> set) {
        for (DomainCreatePermission domainCreatePermission2 : set) {
            if (domainCreatePermission.equals(domainCreatePermission2) || domainCreatePermission.isGrantableFrom(domainCreatePermission2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertPostCreateResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        if (!hasPostCreateResourcePermissions(resource, str, str2, set)) {
            throw NotAuthorizedException.newInstanceForPostCreateResourcePermissions(resource, str, str2, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertPostCreateResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        if (!hasPostCreateResourcePermissions(resource, str, str2, resourcePermission, resourcePermissionArr)) {
            throw NotAuthorizedException.newInstanceForPostCreateResourcePermissions(resource, str, str2, resourcePermission, resourcePermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasPostCreateResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasPostCreateResourcePermissions = __hasPostCreateResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasPostCreateResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasPostCreateResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasPostCreateResourcePermissions = __hasPostCreateResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasPostCreateResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasPostCreateResourcePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        __assertPermissionsValid(sQLConnection, str, set);
        __assertQueryAuthorization(sQLConnection, resource);
        boolean z = false;
        Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissions = __getEffectiveResourceCreatePermissions(sQLConnection, resource, str, str2);
        Iterator<ResourceCreatePermission> it = __getEffectiveResourceCreatePermissions.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourceCreatePermission next = it.next();
            if (next.isSystemPermission() && ResourceCreatePermissions.CREATE.equals(next.getPermissionName())) {
                z = true;
                break;
            }
        }
        if (z) {
            Set<ResourcePermission> __getPostCreateResourcePermissions = __getPostCreateResourcePermissions(__getEffectiveResourceCreatePermissions);
            HashSet hashSet = new HashSet(set.size());
            for (ResourcePermission resourcePermission : set) {
                if (!__isPermissible(resourcePermission, __getPostCreateResourcePermissions)) {
                    hashSet.add(resourcePermission);
                }
            }
            if (!hashSet.isEmpty()) {
                Set<ResourcePermission> __getEffectiveGlobalResourcePermissions = __getEffectiveGlobalResourcePermissions(sQLConnection, resource, str, str2);
                Iterator it2 = hashSet.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (!__isPermissible((ResourcePermission) it2.next(), __getEffectiveGlobalResourcePermissions)) {
                        z = false;
                        break;
                    }
                }
            }
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, resource, str2);
        }
        return z;
    }

    private boolean __isPermissible(ResourcePermission resourcePermission, Set<ResourcePermission> set) {
        for (ResourcePermission resourcePermission2 : set) {
            if (resourcePermission.equals(resourcePermission2) || resourcePermission.isGrantableFrom(resourcePermission2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertGlobalResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        if (!hasGlobalResourcePermissions(resource, str, str2, set)) {
            throw NotAuthorizedException.newInstanceForGlobalResourcePermissions(resource, str, str2, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertGlobalResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        if (!hasGlobalResourcePermissions(resource, str, str2, resourcePermission, resourcePermissionArr)) {
            throw NotAuthorizedException.newInstanceForGlobalResourcePermissions(resource, str, str2, resourcePermission, resourcePermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasGlobalResourcePermissions(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasGlobalResourcePermissions = __hasGlobalResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasGlobalResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasGlobalResourcePermissions(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasGlobalResourcePermissions = __hasGlobalResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasGlobalResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasGlobalResourcePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        __assertPermissionsValid(sQLConnection, str, set);
        __assertQueryAuthorization(sQLConnection, resource);
        Set<ResourcePermission> __getEffectiveGlobalResourcePermissions = __getEffectiveGlobalResourcePermissions(sQLConnection, resource, str, str2);
        boolean z = true;
        Iterator<ResourcePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!__isPermissible(it.next(), __getEffectiveGlobalResourcePermissions)) {
                z = false;
                break;
            }
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, resource, str2);
        }
        return z;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertResourcePermissions(Resource resource, Resource resource2, Set<ResourcePermission> set) {
        if (!hasResourcePermissions(resource, resource2, set)) {
            throw NotAuthorizedException.newInstanceForResourcePermissions(resource, resource2, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertResourcePermissions(Resource resource, Resource resource2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        if (!hasResourcePermissions(resource, resource2, resourcePermission, resourcePermissionArr)) {
            throw NotAuthorizedException.newInstanceForResourcePermissions(resource, resource2, resourcePermission, resourcePermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasResourcePermissions(Resource resource, Resource resource2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasResourcePermissions = __hasResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasResourcePermissions(Resource resource, Resource resource2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceSpecified(resource2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasResourcePermissions = __hasResourcePermissions(sQLConnection, __resolveResource(sQLConnection, resource), __resolveResource(sQLConnection, resource2), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __hasResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasResourcePermissions(SQLConnection sQLConnection, Resource resource, Resource resource2, Set<ResourcePermission> set) {
        __assertQueryAuthorization(sQLConnection, resource);
        __assertPermissionsValid(sQLConnection, this.resourceClassPersister.getResourceClassInfoByResourceId(sQLConnection, resource2).getResourceClassName(), set);
        Set<ResourcePermission> __getEffectiveResourcePermissions = __getEffectiveResourcePermissions(sQLConnection, resource, resource2);
        boolean z = true;
        Iterator<ResourcePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!__isPermissible(it.next(), __getEffectiveResourcePermissions)) {
                z = false;
                break;
            }
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, resource, this.domainPersister.getResourceDomainNameByResourceId(sQLConnection, resource2));
        }
        return z;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertResourceCreatePermissions(Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        if (!hasResourceCreatePermissions(resource, str, str2, set)) {
            throw NotAuthorizedException.newInstanceForResourceCreatePermissions(resource, set);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public void assertResourceCreatePermissions(Resource resource, String str, String str2, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissionArr) {
        if (!hasResourceCreatePermissions(resource, str, str2, resourceCreatePermission, resourceCreatePermissionArr)) {
            throw NotAuthorizedException.newInstanceForResourceCreatePermissions(resource, resourceCreatePermission, resourceCreatePermissionArr);
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasResourceCreatePermissions(Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(set);
        try {
            sQLConnection = __getConnection();
            boolean __hasResourceCreatePermissions = __hasResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
            return __hasResourceCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public boolean hasResourceCreatePermissions(Resource resource, String str, String str2, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourceCreatePermission);
        __assertVarargPermissionsSpecified(resourceCreatePermissionArr);
        Set<ResourceCreatePermission> __normalizeResourceCreatePermission = __normalizeResourceCreatePermission(__getSetWithoutNullsOrDuplicates(resourceCreatePermission, resourceCreatePermissionArr));
        try {
            sQLConnection = __getConnection();
            boolean __hasResourceCreatePermissions = __hasResourceCreatePermissions(sQLConnection, __resolveResource(sQLConnection, resource), str.trim(), str2.trim(), __normalizeResourceCreatePermission);
            __closeConnection(sQLConnection);
            return __hasResourceCreatePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private boolean __hasResourceCreatePermissions(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourceCreatePermission> set) {
        __assertPermissionsValid(sQLConnection, str, __getPostCreateResourcePermissions(set));
        __assertQueryAuthorization(sQLConnection, resource);
        Set<ResourceCreatePermission> __getEffectiveResourceCreatePermissions = __getEffectiveResourceCreatePermissions(sQLConnection, resource, str, str2);
        boolean z = true;
        Iterator<ResourceCreatePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!__isPermissible(it.next(), __getEffectiveResourceCreatePermissions)) {
                z = false;
                break;
            }
        }
        if (!z) {
            z = __isSuperUserOfDomain(sQLConnection, resource, str2);
        }
        return z;
    }

    private boolean __isPermissible(ResourceCreatePermission resourceCreatePermission, Set<ResourceCreatePermission> set) {
        for (ResourceCreatePermission resourceCreatePermission2 : set) {
            if (resourceCreatePermission.equals(resourceCreatePermission2) || resourceCreatePermission.isGrantableFrom(resourceCreatePermission2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getResourcesByResourcePermissions(Resource resource, String str, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getResourcesByPermissions = __getResourcesByPermissions(sQLConnection, __resolveResource, str.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getResourcesByPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getResourcesByResourcePermissions(Resource resource, String str, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getResourcesByPermissions = __getResourcesByPermissions(sQLConnection, __resolveResource, str.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getResourcesByPermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<Resource> __getResourcesByPermissions(SQLConnection sQLConnection, Resource resource, String str, Set<ResourcePermission> set) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        __assertPermissionsValid(sQLConnection, str, set);
        HashSet hashSet = new HashSet();
        Iterator<ResourcePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourcePermission next = it.next();
            HashSet hashSet2 = new HashSet();
            if (next.isSystemPermission()) {
                hashSet2.addAll(this.grantResourcePermissionSysPersister.getResourcesByResourceSysPermission(sQLConnection, resource, resourceClassId, next));
                hashSet2.addAll(this.grantGlobalResourcePermissionSysPersister.getResourcesByGlobalSysPermission(sQLConnection, resource, resourceClassId, next));
            } else {
                Id<ResourcePermissionId> resourceClassPermissionId = this.resourceClassPermissionPersister.getResourceClassPermissionId(sQLConnection, resourceClassId, next.getPermissionName());
                if (resourceClassPermissionId == null) {
                    throw new IllegalArgumentException("Permission: " + next + " is not defined for resource class: " + str);
                }
                hashSet2.addAll(this.grantResourcePermissionPersister.getResourcesByResourcePermission(sQLConnection, resource, resourceClassId, next, resourceClassPermissionId));
                hashSet2.addAll(this.grantGlobalResourcePermissionPersister.getResourcesByGlobalResourcePermission(sQLConnection, resource, resourceClassId, next, resourceClassPermissionId));
            }
            if (hashSet2.isEmpty()) {
                hashSet = hashSet2;
                break;
            }
            if (hashSet.isEmpty()) {
                hashSet = hashSet2;
            } else {
                hashSet.retainAll(hashSet2);
                if (hashSet.isEmpty()) {
                    break;
                }
            }
        }
        hashSet.addAll(this.grantDomainPermissionSysPersister.getResourcesByDomainSuperUserPermission(sQLConnection, resource, resourceClassId));
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getResourcesByResourcePermissionsAndDomain(Resource resource, String str, String str2, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getResourcesByPermissionsAndDomain = __getResourcesByPermissionsAndDomain(sQLConnection, __resolveResource, str.trim(), str2, __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getResourcesByPermissionsAndDomain;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getResourcesByResourcePermissionsAndDomain(Resource resource, String str, String str2, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertDomainSpecified(str2);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getResourcesByPermissionsAndDomain = __getResourcesByPermissionsAndDomain(sQLConnection, __resolveResource, str.trim(), str2, __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getResourcesByPermissionsAndDomain;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private Set<Resource> __getResourcesByPermissionsAndDomain(SQLConnection sQLConnection, Resource resource, String str, String str2, Set<ResourcePermission> set) {
        Id<ResourceClassId> resourceClassId = this.resourceClassPersister.getResourceClassId(sQLConnection, str);
        if (resourceClassId == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        Id<DomainId> resourceDomainId = this.domainPersister.getResourceDomainId(sQLConnection, str2);
        if (resourceDomainId == null) {
            throw new IllegalArgumentException("Could not find domain: " + str2);
        }
        __assertPermissionsValid(sQLConnection, str, set);
        HashSet hashSet = new HashSet();
        Iterator<ResourcePermission> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ResourcePermission next = it.next();
            HashSet hashSet2 = new HashSet();
            if (next.isSystemPermission()) {
                hashSet2.addAll(this.grantResourcePermissionSysPersister.getResourcesByResourceSysPermission(sQLConnection, resource, resourceClassId, resourceDomainId, next));
                hashSet2.addAll(this.grantGlobalResourcePermissionSysPersister.getResourcesByGlobalSysPermission(sQLConnection, resource, resourceClassId, resourceDomainId, next));
            } else {
                Id<ResourcePermissionId> resourceClassPermissionId = this.resourceClassPermissionPersister.getResourceClassPermissionId(sQLConnection, resourceClassId, next.getPermissionName());
                if (resourceClassPermissionId == null) {
                    throw new IllegalArgumentException("Permission: " + next + " is not defined for resource class: " + str);
                }
                hashSet2.addAll(this.grantResourcePermissionPersister.getResourcesByResourcePermission(sQLConnection, resource, resourceClassId, resourceDomainId, next, resourceClassPermissionId));
                hashSet2.addAll(this.grantGlobalResourcePermissionPersister.getResourcesByGlobalResourcePermission(sQLConnection, resource, resourceClassId, resourceDomainId, next, resourceClassPermissionId));
            }
            if (hashSet2.isEmpty()) {
                hashSet = hashSet2;
                break;
            }
            if (hashSet.isEmpty()) {
                hashSet = hashSet2;
            } else {
                hashSet.retainAll(hashSet2);
                if (hashSet.isEmpty()) {
                    break;
                }
            }
        }
        hashSet.addAll(this.grantDomainPermissionSysPersister.getResourcesByDomainSuperUserPermission(sQLConnection, resource, resourceClassId, resourceDomainId));
        return hashSet;
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getAccessorResourcesByResourcePermissions(Resource resource, String str, Set<ResourcePermission> set) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertPermissionsSpecified(set);
        __assertPermissionsSetNotEmpty(set);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(set);
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getAccessorResourcesByResourcePermissions = __getAccessorResourcesByResourcePermissions(sQLConnection, __resolveResource, str.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getAccessorResourcesByResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public Set<Resource> getAccessorResourcesByResourcePermissions(Resource resource, String str, ResourcePermission resourcePermission, ResourcePermission... resourcePermissionArr) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceSpecified(resource);
        __assertResourceClassSpecified(str);
        __assertPermissionSpecified(resourcePermission);
        __assertVarargPermissionsSpecified(resourcePermissionArr);
        Set<ResourcePermission> __normalizeResourcePermission = __normalizeResourcePermission(__getSetWithoutNullsOrDuplicates(resourcePermission, resourcePermissionArr));
        try {
            sQLConnection = __getConnection();
            Resource __resolveResource = __resolveResource(sQLConnection, resource);
            __assertQueryAuthorization(sQLConnection, __resolveResource);
            Set<Resource> __getAccessorResourcesByResourcePermissions = __getAccessorResourcesByResourcePermissions(sQLConnection, __resolveResource, str.trim(), __normalizeResourcePermission);
            __closeConnection(sQLConnection);
            return __getAccessorResourcesByResourcePermissions;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x011e, code lost:
    
        return r15;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Set<com.acciente.oacc.Resource> __getAccessorResourcesByResourcePermissions(com.acciente.oacc.sql.internal.persister.SQLConnection r9, com.acciente.oacc.Resource r10, java.lang.String r11, java.util.Set<com.acciente.oacc.ResourcePermission> r12) {
        /*
            Method dump skipped, instructions count: 287
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.acciente.oacc.sql.internal.SQLAccessControlContext.__getAccessorResourcesByResourcePermissions(com.acciente.oacc.sql.internal.persister.SQLConnection, com.acciente.oacc.Resource, java.lang.String, java.util.Set):java.util.Set");
    }

    @Override // com.acciente.oacc.AccessControlContext
    public List<String> getResourceClassNames() {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        try {
            sQLConnection = __getConnection();
            List<String> resourceClassNames = this.resourceClassPersister.getResourceClassNames(sQLConnection);
            __closeConnection(sQLConnection);
            return resourceClassNames;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    @Override // com.acciente.oacc.AccessControlContext
    public List<String> getResourcePermissionNames(String str) {
        SQLConnection sQLConnection = null;
        __assertAuthenticated();
        __assertResourceClassSpecified(str);
        try {
            sQLConnection = __getConnection();
            List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, str.trim());
            __closeConnection(sQLConnection);
            return __getApplicableResourcePermissionNames;
        } catch (Throwable th) {
            __closeConnection(sQLConnection);
            throw th;
        }
    }

    private static Set<DomainPermission> __normalizeDomainPermissions(Set<DomainPermission> set) {
        HashSet hashSet = new HashSet(set.size());
        Iterator<DomainPermission> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(DomainPermissions.getInstance(it.next()));
        }
        return hashSet;
    }

    private static Set<DomainCreatePermission> __normalizeDomainCreatePermissions(Set<DomainCreatePermission> set) {
        HashSet hashSet = new HashSet(set.size());
        Iterator<DomainCreatePermission> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(DomainCreatePermissions.getInstance(it.next()));
        }
        return hashSet;
    }

    private static Set<ResourcePermission> __normalizeResourcePermission(Set<ResourcePermission> set) {
        HashSet hashSet = new HashSet(set.size());
        Iterator<ResourcePermission> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(ResourcePermissions.getInstance(it.next()));
        }
        return hashSet;
    }

    private static Set<ResourceCreatePermission> __normalizeResourceCreatePermission(Set<ResourceCreatePermission> set) {
        HashSet hashSet = new HashSet(set.size());
        Iterator<ResourceCreatePermission> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(ResourceCreatePermissions.getInstance(it.next()));
        }
        return hashSet;
    }

    private Resource __resolveResource(SQLConnection sQLConnection, Resource resource) {
        Resource resolveResourceByExternalId;
        if (__isEqual(this.sessionResource, resource)) {
            return this.sessionResource;
        }
        if (__isEqual(this.authenticatedResource, resource)) {
            return this.authenticatedResource;
        }
        if (resource.getId() != null) {
            if (resource.getExternalId() != null) {
                resolveResourceByExternalId = this.resourcePersister.resolveResourceByExternalId(sQLConnection, resource.getExternalId());
                if (resolveResourceByExternalId == null || !resource.equals(resolveResourceByExternalId)) {
                    throw new IllegalArgumentException("Resource " + resource + "'s id does not resolve to the specified externalId!");
                }
            } else {
                resolveResourceByExternalId = this.resourcePersister.resolveResourceByResourceId(sQLConnection, resource);
                if (resolveResourceByExternalId == null) {
                    throw new IllegalArgumentException("Resource " + resource + " not found!");
                }
            }
        } else {
            if (resource.getExternalId() == null) {
                throw new IllegalArgumentException("A resource id and/or external id is required, but neither was specified");
            }
            resolveResourceByExternalId = this.resourcePersister.resolveResourceByExternalId(sQLConnection, resource.getExternalId());
            if (resolveResourceByExternalId == null) {
                throw new IllegalArgumentException("Resource " + resource + " not found!");
            }
        }
        return resolveResourceByExternalId;
    }

    private static boolean __isEqual(Resource resource, Resource resource2) {
        if (resource == resource2) {
            return true;
        }
        return resource != null && __isEqual(resource.getId(), resource2.getId()) && __isEqual(resource.getExternalId(), resource2.getExternalId());
    }

    private static boolean __isEqual(Long l, Long l2) {
        if (l == l2) {
            return true;
        }
        if (l == null) {
            return false;
        }
        return l.equals(l2);
    }

    private static boolean __isEqual(String str, String str2) {
        if (str == str2) {
            return true;
        }
        if (str == null) {
            return false;
        }
        return str.equals(str2);
    }

    private List<String> __getApplicableResourcePermissionNames(SQLConnection sQLConnection, String str) {
        return __getApplicableResourcePermissionNames(sQLConnection, __getResourceClassInternalInfo(sQLConnection, str));
    }

    private List<String> __getApplicableResourcePermissionNames(SQLConnection sQLConnection, ResourceClassInternalInfo resourceClassInternalInfo) {
        List<String> permissionNames = this.resourceClassPermissionPersister.getPermissionNames(sQLConnection, resourceClassInternalInfo.getResourceClassName());
        permissionNames.add(ResourcePermissions.INHERIT);
        permissionNames.add(ResourcePermissions.DELETE);
        permissionNames.add(ResourcePermissions.QUERY);
        if (resourceClassInternalInfo.isAuthenticatable()) {
            permissionNames.add(ResourcePermissions.IMPERSONATE);
            permissionNames.add(ResourcePermissions.RESET_CREDENTIALS);
        }
        return permissionNames;
    }

    private ResourceClassInternalInfo __getResourceClassInternalInfo(SQLConnection sQLConnection, String str) {
        ResourceClassInternalInfo resourceClassInfo = this.resourceClassPersister.getResourceClassInfo(sQLConnection, str);
        if (resourceClassInfo == null) {
            throw new IllegalArgumentException("Could not find resource class: " + str);
        }
        return resourceClassInfo;
    }

    private boolean __isSuperUserOfResource(SQLConnection sQLConnection, Resource resource, Resource resource2) {
        return __isSuperUserOfDomain(sQLConnection, resource, this.domainPersister.getResourceDomainNameByResourceId(sQLConnection, resource2));
    }

    private boolean __isSuperUserOfDomain(SQLConnection sQLConnection, Resource resource, String str) {
        Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, resource, str);
        return __getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) || __getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT);
    }

    private boolean __isSuperUserOfDomain(SQLConnection sQLConnection, Resource resource, Id<DomainId> id) {
        Set<DomainPermission> __getEffectiveDomainPermissions = __getEffectiveDomainPermissions(sQLConnection, resource, id);
        return __getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER) || __getEffectiveDomainPermissions.contains(DomainPermission_SUPER_USER_GRANT);
    }

    private Set<DomainPermission> __getPostCreateDomainPermissions(Set<DomainCreatePermission> set) {
        HashSet hashSet = new HashSet();
        for (DomainCreatePermission domainCreatePermission : set) {
            if (!domainCreatePermission.isSystemPermission()) {
                hashSet.add(domainCreatePermission.getPostCreateDomainPermission());
            }
        }
        return hashSet;
    }

    private Set<ResourcePermission> __getPostCreateResourcePermissions(Set<ResourceCreatePermission> set) {
        HashSet hashSet = new HashSet();
        for (ResourceCreatePermission resourceCreatePermission : set) {
            if (!resourceCreatePermission.isSystemPermission()) {
                hashSet.add(resourceCreatePermission.getPostCreateResourcePermission());
            }
        }
        return hashSet;
    }

    private static void __assertConnectionSpecified(Connection connection) {
        if (connection == null) {
            throw new IllegalArgumentException("Connection required, none specified");
        }
    }

    private static void __assertDataSourceSpecified(DataSource dataSource) {
        if (dataSource == null) {
            throw new IllegalArgumentException("DataSource required, none specified");
        }
    }

    private void __assertResourceSpecified(Resource resource) {
        if (resource == null) {
            throw new NullPointerException("Resource required, none specified");
        }
    }

    private void __assertCredentialsSpecified(Credentials credentials) {
        if (credentials == null) {
            throw new NullPointerException("Credentials required, none specified");
        }
    }

    private void __assertCredentialsNotSpecified(Credentials credentials) {
        if (credentials != null) {
            throw new IllegalArgumentException("Credentials not supported, but specified for unauthenticatable resource class");
        }
    }

    private void __assertExternalIdSpecified(String str) {
        if (str == null) {
            throw new NullPointerException("External id required, none specified");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("External id required, none specified");
        }
    }

    private void __assertDomainSpecified(String str) {
        if (str == null) {
            throw new NullPointerException("Domain required, none specified");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Domain required, none specified");
        }
    }

    private void __assertParentDomainSpecified(String str) {
        if (str == null) {
            throw new NullPointerException("Parent domain required, none specified");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Parent domain required, none specified");
        }
    }

    private void __assertAuthenticatedAsSystemResource() {
        if (this.sessionResource == null || !SYSTEM_RESOURCE_ID.equals(this.sessionResource.getId())) {
            throw NotAuthorizedException.newInstanceForAction(this.sessionResource, "perform operation reserved for the system resource");
        }
    }

    private void __assertAuthenticated() {
        if (this.sessionResource == null) {
            throw new NotAuthenticatedException("Session not authenticated");
        }
    }

    private void __assertResourceClassSpecified(String str) {
        if (str == null) {
            throw new NullPointerException("Resource class required, none specified");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Resource class required, none specified");
        }
    }

    private void __assertPermissionSpecified(ResourcePermission resourcePermission) {
        if (resourcePermission == null) {
            throw new NullPointerException("Resource permission required, none specified");
        }
    }

    private void __assertVarargPermissionsSpecified(ResourcePermission... resourcePermissionArr) {
        if (resourcePermissionArr == null) {
            throw new NullPointerException("An array or a sequence of resource permissions are required, but the null value was specified");
        }
    }

    private void __assertPermissionSpecified(ResourceCreatePermission resourceCreatePermission) {
        if (resourceCreatePermission == null) {
            throw new NullPointerException("Resource create permission required, none specified");
        }
    }

    private void __assertVarargPermissionsSpecified(ResourceCreatePermission... resourceCreatePermissionArr) {
        if (resourceCreatePermissionArr == null) {
            throw new NullPointerException("An array or a sequence of resource create permissions are required, but the null value was specified");
        }
    }

    private void __assertPermissionSpecified(DomainCreatePermission domainCreatePermission) {
        if (domainCreatePermission == null) {
            throw new NullPointerException("Domain create permission required, none specified");
        }
    }

    private void __assertVarargPermissionsSpecified(DomainCreatePermission... domainCreatePermissionArr) {
        if (domainCreatePermissionArr == null) {
            throw new NullPointerException("An array or a sequence of domain create permissions are required, but the null value was specified");
        }
    }

    private void __assertPermissionSpecified(DomainPermission domainPermission) {
        if (domainPermission == null) {
            throw new NullPointerException("Domain permission required, none specified");
        }
    }

    private void __assertVarargPermissionsSpecified(DomainPermission... domainPermissionArr) {
        if (domainPermissionArr == null) {
            throw new NullPointerException("An array or a sequence of domain permissions are required, but the null value was specified");
        }
    }

    private void __assertPermissionsSpecified(Set set) {
        if (set == null) {
            throw new NullPointerException("Set of permissions required, none specified");
        }
        if (set.contains(null)) {
            throw new NullPointerException("Set of permissions contains null element");
        }
    }

    private void __assertPermissionsSetNotEmpty(Set set) {
        if (set.isEmpty()) {
            throw new IllegalArgumentException("Set of permissions required, empty set specified");
        }
    }

    private void __assertPermissionNameValid(String str) {
        if (str == null) {
            throw new NullPointerException("Permission name may not be null");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Permission name may not be blank");
        }
        if (str.trim().startsWith("*")) {
            throw new IllegalArgumentException("Permission name may not start with asterisk '*'");
        }
    }

    private void __assertResourceClassNameValid(String str) {
        if (str == null) {
            throw new NullPointerException("Resource class name may not be null");
        }
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Resource class name may not be blank");
        }
    }

    private void __assertPermissionsValid(SQLConnection sQLConnection, String str, Set<ResourcePermission> set) {
        List<String> __getApplicableResourcePermissionNames = __getApplicableResourcePermissionNames(sQLConnection, str);
        for (ResourcePermission resourcePermission : set) {
            if (!__getApplicableResourcePermissionNames.contains(resourcePermission.getPermissionName())) {
                if (!resourcePermission.isSystemPermission()) {
                    throw new IllegalArgumentException("Permission: " + resourcePermission.getPermissionName() + " is not defined for resource class: " + str);
                }
                throw new IllegalArgumentException("Permission " + resourcePermission.getPermissionName() + " not valid for unauthenticatable resource class " + str);
            }
        }
    }

    private void __assertQueryAuthorization(SQLConnection sQLConnection, Resource resource) {
        if (this.sessionResource.equals(resource)) {
            return;
        }
        Set<ResourcePermission> __getEffectiveResourcePermissions = __getEffectiveResourcePermissions(sQLConnection, this.sessionResource, resource);
        if (!__getEffectiveResourcePermissions.contains(ResourcePermission_QUERY) && !__getEffectiveResourcePermissions.contains(ResourcePermission_QUERY_GRANT) && !__getEffectiveResourcePermissions.contains(ResourcePermission_IMPERSONATE) && !__getEffectiveResourcePermissions.contains(ResourcePermission_IMPERSONATE_GRANT)) {
            throw NotAuthorizedException.newInstanceForActionOnResource(this.sessionResource, "query", resource);
        }
    }

    @SafeVarargs
    private static <T> Set<T> __getSetWithoutNullsOrDuplicates(T t, T... tArr) {
        if (tArr == null) {
            throw new NullPointerException("An array or a sequence of arguments are required, but none were specified");
        }
        HashSet hashSet = new HashSet(tArr.length + 1);
        hashSet.add(t);
        for (T t2 : tArr) {
            if (t2 == null) {
                throw new NullPointerException("A " + tArr.getClass().getSimpleName() + " argument (or sequence of varargs) without null elements is required, but received: " + Arrays.asList(tArr));
            }
            if (!hashSet.add(t2)) {
                throw new IllegalArgumentException("Duplicate element: " + t2);
            }
        }
        return hashSet;
    }

    private SQLConnection __getConnection() {
        if (this.dataSource != null) {
            try {
                return new SQLConnection(this.dataSource.getConnection());
            } catch (SQLException e) {
                throw new RuntimeException(e);
            }
        }
        if (this.connection != null) {
            return new SQLConnection(this.connection);
        }
        throw new IllegalStateException("Not initialized! No data source or connection, perhaps missing call to postDeserialize()?");
    }

    private void __closeConnection(SQLConnection sQLConnection) {
        if (this.dataSource == null || sQLConnection == null) {
            return;
        }
        try {
            sQLConnection.close();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }
}
