package ch.systemsx.cisd.openbis.generic.shared.authorization.predicate;

import ch.systemsx.cisd.common.exceptions.Status;
import ch.systemsx.cisd.openbis.generic.shared.authorization.IAuthorizationDataProvider;
import ch.systemsx.cisd.openbis.generic.shared.authorization.RoleWithIdentifier;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.IExpressionUpdates;
import ch.systemsx.cisd.openbis.generic.shared.dto.AbstractExpressionPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractExpressionPredicate.class */
public abstract class AbstractExpressionPredicate<T> extends AbstractPredicate<T> {
    private final String description;
    protected IAuthorizationDataProvider authorizationDataProvider;

    /* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractExpressionPredicate$DeleteGridCustomColumnPredicate.class */
    public static class DeleteGridCustomColumnPredicate extends AbstractExpressionPredicate<TechId> {
        public DeleteGridCustomColumnPredicate() {
            super("delete grid custom column");
        }

        @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractExpressionPredicate
        public AbstractExpressionPE<?> convert(TechId techId) {
            return this.authorizationDataProvider.getGridCustomColumn(techId);
        }
    }

    /* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractExpressionPredicate$DeleteGridCustomFilterPredicate.class */
    public static class DeleteGridCustomFilterPredicate extends AbstractExpressionPredicate<TechId> {
        public DeleteGridCustomFilterPredicate() {
            super("delete grid custom filter");
        }

        @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractExpressionPredicate
        public AbstractExpressionPE<?> convert(TechId techId) {
            return this.authorizationDataProvider.getGridCustomFilter(techId);
        }
    }

    /* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractExpressionPredicate$UpdateGridCustomColumnPredicate.class */
    public static class UpdateGridCustomColumnPredicate extends AbstractExpressionPredicate<IExpressionUpdates> {
        public UpdateGridCustomColumnPredicate() {
            super("update grid custom column");
        }

        @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractExpressionPredicate
        public AbstractExpressionPE<?> convert(IExpressionUpdates iExpressionUpdates) {
            return this.authorizationDataProvider.getGridCustomColumn(TechId.create(iExpressionUpdates));
        }
    }

    /* loaded from: input_file:lib/dss_client.jar:ch/systemsx/cisd/openbis/generic/shared/authorization/predicate/AbstractExpressionPredicate$UpdateGridCustomFilterPredicate.class */
    public static class UpdateGridCustomFilterPredicate extends AbstractExpressionPredicate<IExpressionUpdates> {
        public UpdateGridCustomFilterPredicate() {
            super("update grid custom filter");
        }

        @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractExpressionPredicate
        public AbstractExpressionPE<?> convert(IExpressionUpdates iExpressionUpdates) {
            return this.authorizationDataProvider.getGridCustomFilter(TechId.create(iExpressionUpdates));
        }
    }

    protected abstract AbstractExpressionPE<?> convert(T t);

    public AbstractExpressionPredicate(String str) {
        this.description = str;
    }

    @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractPredicate
    public final String getCandidateDescription() {
        return this.description;
    }

    @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.IPredicate
    public void init(IAuthorizationDataProvider iAuthorizationDataProvider) {
        this.authorizationDataProvider = iAuthorizationDataProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // ch.systemsx.cisd.openbis.generic.shared.authorization.predicate.AbstractPredicate
    public final Status doEvaluation(PersonPE personPE, List<RoleWithIdentifier> list, T t) {
        AbstractExpressionPE<?> convert = convert(t);
        return isMatching(personPE, convert) ? Status.OK : Status.createError(createErrorMsg(convert, personPE.getUserId()));
    }

    private static boolean isMatching(PersonPE personPE, AbstractExpressionPE<?> abstractExpressionPE) {
        return isRegistrator(personPE, abstractExpressionPE) || isInstanceAdmin(personPE, abstractExpressionPE.getDatabaseInstance());
    }

    private String createErrorMsg(AbstractExpressionPE<?> abstractExpressionPE, String str) {
        return String.format("User '%s' does not have enough privileges to perform " + this.description + " '%s'. One needs to be either registrator or database instance admin.", str, abstractExpressionPE);
    }

    private static boolean isRegistrator(PersonPE personPE, AbstractExpressionPE<?> abstractExpressionPE) {
        return personPE.equals(abstractExpressionPE.getRegistrator());
    }

    private static boolean isInstanceAdmin(PersonPE personPE, DatabaseInstancePE databaseInstancePE) {
        Iterator<RoleAssignmentPE> it = personPE.getAllPersonRoles().iterator();
        while (it.hasNext()) {
            if (databaseInstancePE.equals(it.next().getDatabaseInstance())) {
                return true;
            }
        }
        return false;
    }
}
