package com.sap.cds.services.impl.cds;

import com.sap.cds.ql.CQL;
import com.sap.cds.ql.cqn.CqnPredicate;
import com.sap.cds.ql.cqn.CqnSelect;
import com.sap.cds.ql.cqn.CqnStatement;
import com.sap.cds.reflect.CdsEntity;
import com.sap.cds.services.EventContext;
import com.sap.cds.services.authorization.AuthorizationService;
import com.sap.cds.services.cds.ApplicationService;
import com.sap.cds.services.cds.CdsDeleteEventContext;
import com.sap.cds.services.cds.CdsReadEventContext;
import com.sap.cds.services.cds.CdsUpdateEventContext;
import com.sap.cds.services.draft.DraftEditEventContext;
import com.sap.cds.services.draft.DraftSaveEventContext;
import com.sap.cds.services.handler.EventHandler;
import com.sap.cds.services.handler.annotations.Before;
import com.sap.cds.services.handler.annotations.HandlerOrder;
import com.sap.cds.services.handler.annotations.ServiceName;
import com.sap.cds.services.impl.authorization.ReadStatementAuthorizationModifier;
import com.sap.cds.services.impl.utils.CdsModelUtils;
import com.sap.cds.services.utils.DraftUtils;
import com.sap.cds.services.utils.model.CqnUtils;
import com.sap.cds.util.CqnStatementUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ServiceName(value = {"*"}, type = {ApplicationService.class})
/* loaded from: input_file:com/sap/cds/services/impl/cds/InstanceBasedAuthorizationHandler.class */
public class InstanceBasedAuthorizationHandler implements EventHandler {
    private static final Logger logger = LoggerFactory.getLogger(InstanceBasedAuthorizationHandler.class);

    @HandlerOrder(-10700)
    @Before(event = {"*"})
    private void checkAuthorization(EventContext eventContext) {
        if (eventContext.getUserInfo().isPrivileged()) {
            return;
        }
        extendStatements(eventContext);
    }

    private void extendStatements(EventContext eventContext) {
        AuthorizationService service = eventContext.getServiceCatalog().getService(AuthorizationService.class, "AuthorizationService$Default");
        String event = eventContext.getEvent();
        String qualifiedName = eventContext.getService().getDefinition().getQualifiedName();
        CdsEntity target = eventContext.getTarget();
        String str = null;
        if (target != null) {
            str = target.getQualifiedName();
        }
        if (event.equals("READ")) {
            CdsReadEventContext as = eventContext.as(CdsReadEventContext.class);
            if (Boolean.TRUE.equals(eventContext.getCdsRuntime().getEnvironment().getCdsProperties().getSecurity().getAuthorization().getDeep().isEnabled())) {
                CqnSelect copy = CQL.copy(as.getCqn(), new ReadStatementAuthorizationModifier(service, as));
                if (logger.isDebugEnabled()) {
                    logger.debug("Statement is extended with security conditions for target '{}' of service '{}': '{}'", new Object[]{str, qualifiedName, CqnStatementUtils.anonymizeStatement(copy)});
                }
                as.setCqn(copy);
            } else {
                CqnStatement cqn = as.getCqn();
                CqnPredicate calcWhereCondition = service.calcWhereCondition(str, "READ");
                if (calcWhereCondition != null) {
                    if (target != null && DraftUtils.isDraftEnabled(eventContext.getTarget())) {
                        calcWhereCondition = CQL.or(calcWhereCondition, CQL.get("IsActiveEntity").eq(false));
                    }
                    cqn = (CqnSelect) CqnUtils.addWhere(cqn, calcWhereCondition);
                }
                as.setCqn(cqn);
            }
        }
        if (event.equals("DELETE") || event.equals("UPDATE") || event.equals("draftEdit") || event.equals("draftActivate")) {
            CqnPredicate calcWhereCondition2 = service.calcWhereCondition(str, event);
            if (calcWhereCondition2 != null) {
                if (eventContext.getEvent().equals("DELETE")) {
                    CdsDeleteEventContext as2 = eventContext.as(CdsDeleteEventContext.class);
                    if (target != null && DraftUtils.isDraftEnabled(target)) {
                        calcWhereCondition2 = CQL.or(calcWhereCondition2, CQL.get("IsActiveEntity").eq(false));
                    }
                    as2.setCqn(CqnUtils.addWhere(as2.getCqn(), calcWhereCondition2));
                } else if (eventContext.getEvent().equals("UPDATE")) {
                    CdsUpdateEventContext as3 = eventContext.as(CdsUpdateEventContext.class);
                    if (target != null && DraftUtils.isDraftEnabled(target)) {
                        calcWhereCondition2 = CQL.or(calcWhereCondition2, CQL.get("IsActiveEntity").eq(false));
                    }
                    as3.setCqn(CqnUtils.addWhere(as3.getCqn(), calcWhereCondition2));
                } else if (event.equals("draftEdit")) {
                    DraftEditEventContext as4 = eventContext.as(DraftEditEventContext.class);
                    as4.setCqn(CqnUtils.addWhere(as4.getCqn(), calcWhereCondition2));
                } else if (event.equals("draftActivate")) {
                    DraftSaveEventContext as5 = eventContext.as(DraftSaveEventContext.class);
                    as5.setCqn(CqnUtils.addWhere(as5.getCqn(), calcWhereCondition2));
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Created CQN authorization predicate {} for entity '{}' of service '{}', event {} and user {}", new Object[]{calcWhereCondition2.toJson(), str, qualifiedName, event, eventContext.getUserInfo().getName()});
                }
            } else if (logger.isDebugEnabled()) {
                logger.debug("No CQN authorization predicate required for entity '{}' of service '{}', event {} and user {}", new Object[]{str, qualifiedName, event, eventContext.getUserInfo().getName()});
            }
        } else if (eventContext.getCdsRuntime().getEnvironment().getCdsProperties().getSecurity().getAuthorization().getInstanceBased().getCustomEvents().isEnabled().booleanValue() && !CdsModelUtils.isStandardCdsEvent(event) && str != null) {
            CqnPredicate calcWhereCondition3 = service.calcWhereCondition(str, event);
            if (calcWhereCondition3 != null && target != null && DraftUtils.isDraftEnabled(target)) {
                calcWhereCondition3 = CQL.or(calcWhereCondition3, CQL.get("IsActiveEntity").eq(false));
            }
            CqnStatement cqnStatement = (CqnStatement) eventContext.get("cqn");
            if (cqnStatement != null && (cqnStatement.isSelect() || cqnStatement.isUpdate() || cqnStatement.isDelete())) {
                eventContext.put("cqn", CqnUtils.addWhere(cqnStatement, calcWhereCondition3));
            }
            if (logger.isDebugEnabled() && calcWhereCondition3 != null) {
                logger.debug("Created CQN authorization predicate {} for entity '{}' of service '{}', event {} and user {}", new Object[]{calcWhereCondition3.toJson(), str, qualifiedName, event, eventContext.getUserInfo().getName()});
            }
        }
        logger.debug("Instance-based authorization check passed for event '{}' on service '{}'", event, qualifiedName);
    }
}
