package com.sap.cds.services.impl.authorization;

import com.sap.cds.impl.builder.model.Conjunction;
import com.sap.cds.impl.builder.model.ExpandBuilder;
import com.sap.cds.impl.builder.model.StructuredTypeRefImpl;
import com.sap.cds.ql.CQL;
import com.sap.cds.ql.Predicate;
import com.sap.cds.ql.Select;
import com.sap.cds.ql.StructuredType;
import com.sap.cds.ql.cqn.CqnElementRef;
import com.sap.cds.ql.cqn.CqnExistsSubquery;
import com.sap.cds.ql.cqn.CqnExpand;
import com.sap.cds.ql.cqn.CqnInSubquery;
import com.sap.cds.ql.cqn.CqnInline;
import com.sap.cds.ql.cqn.CqnMatchPredicate;
import com.sap.cds.ql.cqn.CqnPredicate;
import com.sap.cds.ql.cqn.CqnReference;
import com.sap.cds.ql.cqn.CqnSelect;
import com.sap.cds.ql.cqn.CqnSelectListItem;
import com.sap.cds.ql.cqn.CqnStructuredTypeRef;
import com.sap.cds.ql.cqn.CqnValue;
import com.sap.cds.ql.cqn.CqnVisitor;
import com.sap.cds.ql.cqn.Modifier;
import com.sap.cds.ql.cqn.ResolvedSegment;
import com.sap.cds.ql.impl.ExpressionVisitor;
import com.sap.cds.reflect.CdsModel;
import com.sap.cds.reflect.CdsStructuredType;
import com.sap.cds.services.authorization.AuthorizationService;
import com.sap.cds.services.cds.CdsReadEventContext;
import com.sap.cds.services.utils.DraftUtils;
import com.sap.cds.util.CdsModelUtils;
import com.sap.cds.util.CqnStatementUtils;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:com/sap/cds/services/impl/authorization/ReadStatementAuthorizationModifier.class */
public class ReadStatementAuthorizationModifier implements Modifier {
    private static final Predicate IS_ACTIVE_EQ_FALSE = CQL.get("IsActiveEntity").eq(false);
    private static final StructuredType<?> $OUTER = CQL.to("$outer");
    private final AuthorizationService authorizationService;
    private final CdsModel model;
    private final String event;
    private final CdsStructuredType parentTarget;
    private final CdsStructuredType target;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sap/cds/services/impl/authorization/ReadStatementAuthorizationModifier$HasRefsWithComplexPaths.class */
    public static class HasRefsWithComplexPaths implements CqnVisitor {
        private boolean hasPath = false;

        private HasRefsWithComplexPaths() {
        }

        public void visit(CqnElementRef cqnElementRef) {
            if (this.hasPath) {
                return;
            }
            this.hasPath = ReadStatementAuthorizationModifier.isPath(cqnElementRef);
        }

        public boolean containsPaths() {
            return this.hasPath;
        }
    }

    public ReadStatementAuthorizationModifier(AuthorizationService authorizationService, CdsReadEventContext cdsReadEventContext) {
        this(authorizationService, cdsReadEventContext.getModel(), cdsReadEventContext.getEvent(), null, CqnStatementUtils.targetEntity(cdsReadEventContext.getCqn(), cdsReadEventContext.getModel()));
    }

    private ReadStatementAuthorizationModifier(AuthorizationService authorizationService, CdsModel cdsModel, String str, CdsStructuredType cdsStructuredType, CdsStructuredType cdsStructuredType2) {
        this.authorizationService = (AuthorizationService) Objects.requireNonNull(authorizationService);
        this.model = (CdsModel) Objects.requireNonNull(cdsModel);
        this.event = str;
        this.target = cdsStructuredType2;
        this.parentTarget = cdsStructuredType;
    }

    public CqnStructuredTypeRef ref(CqnStructuredTypeRef cqnStructuredTypeRef) {
        CqnReference.Segment targetSegment = cqnStructuredTypeRef.targetSegment();
        return StructuredTypeRefImpl.typeRef(ReferenceAssociationTraverser.modify(this.model.getEntity(cqnStructuredTypeRef.firstSegment()), cqnStructuredTypeRef, ReferenceAssociationTraverser.NO_COMPOSITIONS, resolvedSegment -> {
            return resolvedSegment.segment() != targetSegment ? secureSegment(resolvedSegment) : resolvedSegment.segment();
        }));
    }

    public CqnPredicate where(Predicate predicate) {
        CqnPredicate calcWhereCondition = this.authorizationService.calcWhereCondition(this.target.getQualifiedName(), this.event);
        return calcWhereCondition != null ? CQL.and(predicate, authorizedOrInactive(this.target, calcWhereCondition)) : predicate;
    }

    public CqnPredicate exists(Select<?> select) {
        return CQL.exists(CQL.copy(select, newModifier(CqnStatementUtils.targetEntity(select, this.model))));
    }

    public CqnPredicate in(CqnInSubquery cqnInSubquery) {
        CqnSelect subquery = cqnInSubquery.subquery();
        return CQL.in(cqnInSubquery.value(), CQL.copy(subquery, newModifier(CqnStatementUtils.targetEntity(subquery, this.model))));
    }

    public CqnPredicate match(CqnMatchPredicate cqnMatchPredicate) {
        return CQL.match(CQL.to(copyRef(cqnMatchPredicate.ref())).as((String) cqnMatchPredicate.ref().alias().orElse(null)).asRef(), (CqnPredicate) cqnMatchPredicate.predicate().orElse(null), cqnMatchPredicate.quantifier());
    }

    public CqnSelectListItem expand(CqnExpand cqnExpand) {
        rejectStarAndEmptyRefs(cqnExpand.ref());
        ExpandBuilder as = CQL.to(copyRef(cqnExpand.ref())).as((String) cqnExpand.ref().alias().orElse(null)).expand(ExpressionVisitor.copy(cqnExpand.items(), newModifier(CdsModelUtils.target(this.target, cqnExpand.ref().segments())))).limit(cqnExpand.top(), cqnExpand.skip()).inlineCount(cqnExpand.hasInlineCount()).orderBy(cqnExpand.orderBy()).as(cqnExpand.displayName());
        if (((ExpandBuilder) cqnExpand).lazy()) {
            as.lazy(true);
        }
        return as;
    }

    public CqnSelectListItem inline(CqnInline cqnInline) {
        rejectStarAndEmptyRefs(cqnInline.ref());
        return CQL.to(copyRef(cqnInline.ref())).as((String) cqnInline.ref().alias().orElse(null)).inline(ExpressionVisitor.copy(cqnInline.items(), newModifier(CdsModelUtils.target(this.target, cqnInline.ref().segments()))));
    }

    public CqnValue ref(CqnElementRef cqnElementRef) {
        if (isPath(cqnElementRef)) {
            return CQL.get("$outer".equals(cqnElementRef.firstSegment()) ? ReferenceAssociationTraverser.modify(this.parentTarget, cqnElementRef, ReferenceAssociationTraverser.NO_COMPOSITIONS, this::secureSegment) : ReferenceAssociationTraverser.modify(this.target, cqnElementRef, ReferenceAssociationTraverser.NO_COMPOSITIONS, this::secureSegment)).as((String) cqnElementRef.alias().orElse(null));
        }
        return cqnElementRef;
    }

    private List<CqnReference.Segment> copyRef(CqnReference cqnReference) {
        rejectStarAndEmptyRefs(cqnReference);
        return ReferenceAssociationTraverser.modify(this.target, cqnReference, ReferenceAssociationTraverser.NO_COMPOSITIONS, this::secureSegment);
    }

    private CqnReference.Segment secureSegment(ResolvedSegment resolvedSegment) {
        CqnPredicate authorizedOrInactive = authorizedOrInactive(resolvedSegment.type(), this.authorizationService.calcWhereCondition(resolvedSegment.type().getQualifiedName(), this.event));
        if (authorizedOrInactive == null) {
            return resolvedSegment.segment();
        }
        return CQL.refSegment(resolvedSegment.segment().id(), CQL.and((CqnPredicate) resolvedSegment.segment().filter().orElse(null), movePathsToExistsSubquery(resolvedSegment, authorizedOrInactive)));
    }

    private CqnPredicate authorizedOrInactive(CdsStructuredType cdsStructuredType, CqnPredicate cqnPredicate) {
        return DraftUtils.isDraftEnabled(cdsStructuredType) ? CQL.or(cqnPredicate, IS_ACTIVE_EQ_FALSE) : cqnPredicate;
    }

    private ReadStatementAuthorizationModifier newModifier(CdsStructuredType cdsStructuredType) {
        return new ReadStatementAuthorizationModifier(this.authorizationService, this.model, this.event, this.target, cdsStructuredType);
    }

    private static void rejectStarAndEmptyRefs(CqnReference cqnReference) {
        if (cqnReference.segments().isEmpty() || cqnReference.firstSegment().equals("*")) {
            throw new IllegalStateException("The star expand or empty ref are not supposed to reach authorization check");
        }
    }

    private CqnPredicate movePathsToExistsSubquery(ResolvedSegment resolvedSegment, CqnPredicate cqnPredicate) {
        if (cqnPredicate.equals(CQL.FALSE) || (cqnPredicate.asPredicate() instanceof CqnExistsSubquery)) {
            return cqnPredicate;
        }
        HasRefsWithComplexPaths hasRefsWithComplexPaths = new HasRefsWithComplexPaths();
        cqnPredicate.accept(hasRefsWithComplexPaths);
        if (!hasRefsWithComplexPaths.containsPaths()) {
            return cqnPredicate;
        }
        return CQL.exists(Select.from(resolvedSegment.type().getQualifiedName()).where(CQL.and((CqnPredicate) CdsModelUtils.targetKeys(resolvedSegment.element()).stream().map(str -> {
            return CQL.get(str).eq($OUTER.get(str));
        }).collect(Conjunction.and()), cqnPredicate)));
    }

    private static boolean isPath(CqnElementRef cqnElementRef) {
        return cqnElementRef.size() > 1 && !"$user".equals(cqnElementRef.firstSegment());
    }
}
