package biz.everit.authorization.integration;

import biz.everit.authentication.api.context.AuthenticationContext;
import biz.everit.authorization.core.api.AuthorizationCacheManager;
import biz.everit.authorization.entity.PermissionEntity;
import biz.everit.authorization.entity.PermissionEntity_;
import biz.everit.resource.entity.ResourceEntity_;
import biz.everit.util.lang.validation.ValidationUtil;
import biz.everit.util.service.core.ServiceLocatorUtil;
import java.util.Collection;
import java.util.HashSet;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Path;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import javax.persistence.criteria.Subquery;

/* loaded from: input_file:biz/everit/authorization/integration/AuthorizationQueryUtil.class */
public final class AuthorizationQueryUtil {
    private static final Long ZERO = 0L;

    private static Collection<String> createActions(String str) {
        ValidationUtil.isNotNull(str, "action cannot be null");
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        return hashSet;
    }

    private static Collection<Long> getAuthorizationScope() {
        return ((AuthorizationCacheManager) ServiceLocatorUtil.getService(AuthorizationCacheManager.class)).getAuthorizationScope(AuthenticationContext.getCurrentInstance().getAuthenticatedResource().getAuthenticatedResourceId());
    }

    public static Predicate hasPermission(CriteriaBuilder criteriaBuilder, CriteriaQuery<?> criteriaQuery, Collection<Long> collection, Collection<String> collection2, Path<Long> path) {
        ValidationUtil.isNotEmpty(collection, "authorizationScope cannot be null or empty");
        ValidationUtil.isNotEmpty(collection2, "actions cannot be null or empty");
        Subquery subquery = criteriaQuery.subquery(Long.class);
        Root from = subquery.from(PermissionEntity.class);
        Predicate in = from.get(PermissionEntity_.authorizedResource).get(ResourceEntity_.resourceId).in(collection);
        Predicate in2 = from.get(PermissionEntity_.action).in(collection2);
        Predicate equal = criteriaBuilder.equal(from.get(PermissionEntity_.targetResource).get(ResourceEntity_.resourceId), path);
        subquery.select(criteriaBuilder.count(from.get(PermissionEntity_.permissionId)));
        subquery.where(new Predicate[]{in, in2, equal});
        return criteriaBuilder.greaterThan(subquery, ZERO);
    }

    public static Predicate hasPermission(CriteriaBuilder criteriaBuilder, CriteriaQuery<?> criteriaQuery, Collection<Long> collection, String str, Path<Long> path) {
        return hasPermission(criteriaBuilder, criteriaQuery, collection, createActions(str), path);
    }

    public static Predicate hasPermission(CriteriaBuilder criteriaBuilder, CriteriaQuery<?> criteriaQuery, Collection<String> collection, Path<Long> path) {
        return hasPermission(criteriaBuilder, criteriaQuery, getAuthorizationScope(), collection, path);
    }

    public static Predicate hasPermission(CriteriaBuilder criteriaBuilder, CriteriaQuery<?> criteriaQuery, String str, Path<Long> path) {
        return hasPermission(criteriaBuilder, criteriaQuery, createActions(str), path);
    }

    private AuthorizationQueryUtil() {
    }
}
