package com.sap.cds.services.impl.authorization;

import com.sap.cds.Result;
import com.sap.cds.impl.builder.model.Conjunction;
import com.sap.cds.ql.CQL;
import com.sap.cds.ql.Select;
import com.sap.cds.ql.cqn.AnalysisResult;
import com.sap.cds.ql.cqn.CqnPredicate;
import com.sap.cds.ql.cqn.CqnStatement;
import com.sap.cds.ql.cqn.CqnStructuredTypeRef;
import com.sap.cds.ql.cqn.ResolvedSegment;
import com.sap.cds.reflect.CdsEntity;
import com.sap.cds.reflect.CdsModel;
import com.sap.cds.services.authorization.EntityAccessEventContext;
import com.sap.cds.services.impl.draft.ParentEntityLookup;
import com.sap.cds.services.impl.utils.CdsModelUtils;
import com.sap.cds.services.impl.utils.CdsServiceUtils;
import com.sap.cds.services.utils.CdsErrorStatuses;
import com.sap.cds.services.utils.DraftUtils;
import com.sap.cds.services.utils.ErrorStatusException;
import com.sap.cds.services.utils.model.CdsAnnotations;
import com.sap.cds.services.utils.model.Restriction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Function;

/* loaded from: input_file:com/sap/cds/services/impl/authorization/AuthorizationEntity.class */
class AuthorizationEntity {
    private final EntityAccessEventContext context;
    private final BiFunction<CdsModel, String, Restriction> restrictionLookup;
    private final Function<CdsEntity, List<ParentEntityLookup.ParentEntityLookupResult>> parentEntityLookup;
    private CdsEntity authorizationEntity;
    private CqnStructuredTypeRef authorizationPath;
    private boolean isDraft;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static AuthorizationEntity resolve(EntityAccessEventContext entityAccessEventContext, BiFunction<CdsModel, String, Restriction> biFunction, Function<CdsEntity, List<ParentEntityLookup.ParentEntityLookupResult>> function) {
        return new AuthorizationEntity(entityAccessEventContext, biFunction, function);
    }

    public CdsEntity getAuthorizationEntity() {
        return this.authorizationEntity;
    }

    public CqnStructuredTypeRef getAuthorizationPath() {
        return this.authorizationPath;
    }

    public boolean isDraft() {
        return this.isDraft;
    }

    public CqnPredicate authorizationCondition(CdsEntity cdsEntity, String str) {
        if (!this.context.getCdsRuntime().getEnvironment().getCdsProperties().getSecurity().getInstanceBasedAuthorization().isEnabled().booleanValue()) {
            return null;
        }
        if (str.equals("READ") || str.equals("DELETE") || str.equals("UPDATE") || str.equals("draftEdit") || str.equals("draftActivate")) {
            return this.context.getService().calcWhereCondition(cdsEntity.getQualifiedName(), str);
        }
        return null;
    }

    private AuthorizationEntity(EntityAccessEventContext entityAccessEventContext, BiFunction<CdsModel, String, Restriction> biFunction, Function<CdsEntity, List<ParentEntityLookup.ParentEntityLookupResult>> function) {
        this.context = entityAccessEventContext;
        this.restrictionLookup = biFunction;
        this.parentEntityLookup = function;
        if (entityAccessEventContext.getAccessQuery() == null || !entityAccessEventContext.getCdsRuntime().getEnvironment().getCdsProperties().getSecurity().getAuthorizeAutoExposedEntities().isEnabled().booleanValue()) {
            this.authorizationEntity = entityAccessEventContext.getTarget();
        } else {
            findAuthorizationEntity(entityAccessEventContext.getAccessQuery());
        }
    }

    private void findAuthorizationEntity(CqnStatement cqnStatement) {
        ArrayList arrayList = new ArrayList();
        AnalysisResult entityPath = CdsModelUtils.getEntityPath(cqnStatement, this.context.getModel());
        Iterator reverse = entityPath.reverse();
        while (reverse.hasNext()) {
            ResolvedSegment resolvedSegment = (ResolvedSegment) reverse.next();
            if (this.authorizationEntity == null && isAuthorizationEntity(resolvedSegment.entity())) {
                this.authorizationEntity = resolvedSegment.entity();
            }
            if (this.authorizationEntity != null) {
                arrayList.add(0, resolvedSegment.segment());
            }
            if (!this.isDraft && DraftUtils.isDraftEnabled(resolvedSegment.entity()) && resolvedSegment.keys() != null) {
                this.isDraft = Boolean.FALSE.equals((Boolean) resolvedSegment.keys().get("IsActiveEntity"));
            }
        }
        if (!$assertionsDisabled && this.authorizationEntity != null && arrayList.isEmpty()) {
            throw new AssertionError();
        }
        if (this.authorizationEntity != null) {
            this.authorizationPath = CQL.to(arrayList).asRef();
        } else if (DraftUtils.isDraftEnabled(entityPath.targetEntity())) {
            if (this.isDraft) {
                this.authorizationEntity = entityPath.targetEntity();
            } else {
                findAuthorizationEntity(entityPath.targetEntity(), entityPath.targetKeys());
            }
        }
    }

    private boolean isAuthorizationEntity(CdsEntity cdsEntity) {
        boolean z = cdsEntity.getQualifiedName().endsWith("_texts") || cdsEntity.getQualifiedName().endsWith(".texts");
        boolean booleanValue = ((Boolean) CdsAnnotations.AUTOEXPOSED.getOrDefault(cdsEntity)).booleanValue();
        if (booleanValue || z) {
            return (booleanValue && ((Boolean) CdsAnnotations.AUTOEXPOSE.getOrDefault(cdsEntity)).booleanValue() && !z) || this.restrictionLookup.apply(this.context.getModel(), cdsEntity.getQualifiedName()) != null;
        }
        return true;
    }

    private void findAuthorizationEntity(CdsEntity cdsEntity, Map<String, Object> map) {
        CdsEntity cdsEntity2 = cdsEntity;
        while (this.authorizationEntity == null) {
            List<ParentEntityLookup.ParentEntityLookupResult> apply = this.parentEntityLookup.apply(cdsEntity2);
            if (apply == null || apply.isEmpty()) {
                throw new ErrorStatusException(CdsErrorStatuses.NO_PARENT_ENTITY, new Object[]{cdsEntity2.getQualifiedName()});
            }
            if (apply.size() > 1) {
                break;
            }
            CdsEntity parentEntity = apply.get(0).getParentEntity();
            if (isAuthorizationEntity(parentEntity)) {
                this.authorizationEntity = parentEntity;
            } else {
                cdsEntity2 = parentEntity;
            }
        }
        if (this.authorizationEntity != null && this.restrictionLookup.apply(this.context.getModel(), this.authorizationEntity.getQualifiedName()) != null && authorizationCondition(this.authorizationEntity, this.context.getAccessEventName()) != null) {
            this.authorizationEntity = null;
        }
        if (this.authorizationEntity != null || map == null || map.isEmpty()) {
            return;
        }
        CdsEntity cdsEntity3 = cdsEntity;
        Map<String, Object> map2 = map;
        while (this.authorizationEntity == null) {
            List<ParentEntityLookup.ParentEntityLookupResult> apply2 = this.parentEntityLookup.apply(cdsEntity3);
            if (apply2 == null || apply2.isEmpty()) {
                throw new ErrorStatusException(CdsErrorStatuses.PARENT_NOT_EXISTING, new Object[]{cdsEntity3.getQualifiedName()});
            }
            int i = 0;
            CdsEntity cdsEntity4 = null;
            Map<String, Object> map3 = null;
            for (ParentEntityLookup.ParentEntityLookupResult parentEntityLookupResult : apply2) {
                String name = parentEntityLookupResult.getComposition().getName();
                Result run = CdsServiceUtils.getDefaultPersistenceService(this.context).run(Select.from(parentEntityLookupResult.getParentEntity()).where((CqnPredicate) map2.entrySet().stream().map(entry -> {
                    return CQL.to(name).get((String) entry.getKey()).eq(entry.getValue());
                }).collect(Conjunction.and())), new Object[0]);
                if (run.first().isPresent()) {
                    cdsEntity4 = parentEntityLookupResult.getParentEntity();
                    map3 = extractKeys((Map) run.first().get(), parentEntityLookupResult.getParentEntity());
                    i = (int) (i + run.rowCount());
                }
            }
            if (cdsEntity4 == null) {
                throw new ErrorStatusException(CdsErrorStatuses.PARENT_NOT_EXISTING, new Object[]{cdsEntity3.getQualifiedName()});
            }
            if (i > 1) {
                throw new ErrorStatusException(CdsErrorStatuses.MULTIPLE_PARENTS, new Object[]{Integer.valueOf(i), cdsEntity3.getQualifiedName()});
            }
            if (isAuthorizationEntity(cdsEntity4)) {
                this.authorizationEntity = cdsEntity4;
                this.authorizationPath = CQL.entity(this.authorizationEntity.getQualifiedName()).filter(CQL.matching(map3)).asRef();
            } else {
                cdsEntity3 = cdsEntity4;
                map2 = map3;
            }
        }
    }

    private static Map<String, Object> extractKeys(Map<String, Object> map, CdsEntity cdsEntity) {
        HashMap hashMap = new HashMap(map);
        hashMap.entrySet().removeIf(entry -> {
            return (((Boolean) cdsEntity.findElement((String) entry.getKey()).map(cdsElement -> {
                return Boolean.valueOf(cdsElement.isKey());
            }).orElse(false)).booleanValue() || "IsActiveEntity".equals(entry.getKey())) ? false : true;
        });
        if (hashMap.size() != cdsEntity.keyElements().count()) {
            throw new ErrorStatusException(CdsErrorStatuses.NO_KEYS_IN_RESULT, new Object[]{cdsEntity});
        }
        return hashMap;
    }

    static {
        $assertionsDisabled = !AuthorizationEntity.class.desiredAssertionStatus();
    }
}
