package ru.curs.celesta.dbutils;

import java.util.ArrayList;
import java.util.List;
import ru.curs.celesta.CallContext;
import ru.curs.celesta.ICelesta;
import ru.curs.celesta.SystemCallContext;
import ru.curs.celesta.dbutils.adaptors.DBAdaptor;
import ru.curs.celesta.score.GrainElement;
import ru.curs.celesta.syscursors.PermissionsCursor;
import ru.curs.celesta.syscursors.UserrolesCursor;

/* loaded from: input_file:ru/curs/celesta/dbutils/PermissionManager.class */
public final class PermissionManager implements IPermissionManager {
    private static final int CACHE_SIZE = 8192;
    private static final int ROLE_CACHE_SIZE = 2048;
    private static final int CACHE_ENTRY_SHELF_LIFE = 20000;
    private static final int FULL_RIGHTS = ((Action.READ.getMask() | Action.INSERT.getMask()) | Action.MODIFY.getMask()) | Action.DELETE.getMask();
    private final ICelesta celesta;
    private PermissionCacheEntry[] cache = new PermissionCacheEntry[CACHE_SIZE];
    private RoleCacheEntry[] rolesCache = new RoleCacheEntry[ROLE_CACHE_SIZE];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ru/curs/celesta/dbutils/PermissionManager$BaseCacheEntry.class */
    public static class BaseCacheEntry {
        private final long expirationTime = System.currentTimeMillis() + 20000;

        BaseCacheEntry() {
        }

        public boolean isExpired() {
            return System.currentTimeMillis() > this.expirationTime;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ru/curs/celesta/dbutils/PermissionManager$PermissionCacheEntry.class */
    public static class PermissionCacheEntry extends BaseCacheEntry {
        private final String userName;
        private final GrainElement table;
        private final int permissionMask;

        PermissionCacheEntry(String str, GrainElement grainElement, int i) {
            if (str == null) {
                throw new IllegalArgumentException();
            }
            this.userName = str;
            this.table = grainElement;
            this.permissionMask = i;
        }

        public static int hash(String str, GrainElement grainElement) {
            return (str + '|' + grainElement.getGrain().getName() + '|' + grainElement.getName()).hashCode();
        }

        public boolean isActionPermitted(Action action) {
            return (this.permissionMask & action.getMask()) != 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ru/curs/celesta/dbutils/PermissionManager$RoleCacheEntry.class */
    public static class RoleCacheEntry extends BaseCacheEntry {
        private final String userId;
        private final List<String> roles = new ArrayList();

        RoleCacheEntry(String str) {
            this.userId = str;
        }
    }

    public PermissionManager(ICelesta iCelesta, DBAdaptor dBAdaptor) {
        this.celesta = iCelesta;
    }

    public boolean isActionAllowed(CallContext callContext, GrainElement grainElement, Action action) {
        if (callContext instanceof SystemCallContext) {
            return true;
        }
        int hash = PermissionCacheEntry.hash(callContext.getUserId(), grainElement) & 8191;
        PermissionCacheEntry permissionCacheEntry = this.cache[hash];
        if (permissionCacheEntry == null || permissionCacheEntry.isExpired() || permissionCacheEntry.table != grainElement || !permissionCacheEntry.userName.equals(callContext.getUserId())) {
            permissionCacheEntry = refreshPermissions(callContext, grainElement);
            this.cache[hash] = permissionCacheEntry;
        }
        return permissionCacheEntry.isActionPermitted(action);
    }

    private RoleCacheEntry getRce(String str, CallContext callContext) {
        int hashCode = str.hashCode() & 2047;
        RoleCacheEntry roleCacheEntry = this.rolesCache[hashCode];
        if (roleCacheEntry == null || roleCacheEntry.isExpired() || !roleCacheEntry.userId.equals(str)) {
            roleCacheEntry = new RoleCacheEntry(str);
            UserrolesCursor userrolesCursor = new UserrolesCursor(callContext);
            userrolesCursor.setRange(userrolesCursor.COLUMNS.userid(), str);
            while (userrolesCursor.nextInSet()) {
                roleCacheEntry.roles.add(userrolesCursor.getRoleid());
            }
            this.rolesCache[hashCode] = roleCacheEntry;
        }
        return roleCacheEntry;
    }

    private PermissionCacheEntry refreshPermissions(CallContext callContext, GrainElement grainElement) {
        SystemCallContext systemCallContext = new SystemCallContext(this.celesta, "refreshPermissions");
        Throwable th = null;
        try {
            try {
                RoleCacheEntry rce = getRce(callContext.getUserId(), systemCallContext);
                PermissionsCursor permissionsCursor = new PermissionsCursor(systemCallContext);
                int i = 0;
                for (String str : rce.roles) {
                    if (i == FULL_RIGHTS) {
                        break;
                    }
                    if ("reader".equals(str) || (grainElement.getGrain().getName() + ".reader").equals(str)) {
                        i |= Action.READ.getMask();
                    } else if ("editor".equals(str) || (grainElement.getGrain().getName() + ".editor").equals(str)) {
                        i = FULL_RIGHTS;
                    } else if (permissionsCursor.tryGet(new Object[]{str, grainElement.getGrain().getName(), grainElement.getName()})) {
                        i = i | (permissionsCursor.getR().booleanValue() ? Action.READ.getMask() : 0) | (permissionsCursor.getI().booleanValue() ? Action.INSERT.getMask() : 0) | (permissionsCursor.getM().booleanValue() ? Action.MODIFY.getMask() : 0) | (permissionsCursor.getD().booleanValue() ? Action.DELETE.getMask() : 0);
                    }
                }
                PermissionCacheEntry permissionCacheEntry = new PermissionCacheEntry(callContext.getUserId(), grainElement, i);
                if (systemCallContext != null) {
                    if (0 != 0) {
                        try {
                            systemCallContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        systemCallContext.close();
                    }
                }
                return permissionCacheEntry;
            } finally {
            }
        } catch (Throwable th3) {
            if (systemCallContext != null) {
                if (th != null) {
                    try {
                        systemCallContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    systemCallContext.close();
                }
            }
            throw th3;
        }
    }
}
