package de.cismet.cids.server.actions.graphql;

import Sirius.server.localserver.attribute.MemberAttributeInfo;
import Sirius.server.middleware.interfaces.domainserver.MetaService;
import Sirius.server.middleware.types.MetaClass;
import Sirius.server.newuser.User;
import de.cismet.cids.server.actions.graphql.exceptions.FieldNotFoundException;
import de.cismet.cids.server.actions.graphql.exceptions.TableNotFoundException;
import de.cismet.connectioncontext.ConnectionContext;
import de.cismet.connectioncontext.ConnectionContextProvider;
import graphql.language.Argument;
import graphql.language.AstPrinter;
import graphql.language.AstTransformer;
import graphql.language.Field;
import graphql.language.Node;
import graphql.language.NodeVisitorStub;
import graphql.language.ObjectField;
import graphql.language.ObjectValue;
import graphql.language.OperationDefinition;
import graphql.parser.InvalidSyntaxException;
import graphql.parser.Parser;
import graphql.util.TraversalControl;
import graphql.util.TraverserContext;
import graphql.util.TreeTransformerUtil;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;

/* loaded from: input_file:de/cismet/cids/server/actions/graphql/GraphQlPermissionEvaluator.class */
public class GraphQlPermissionEvaluator implements ConnectionContextProvider {
    private static final transient Logger LOG = Logger.getLogger(GraphQlPermissionEvaluator.class);
    private List<CidsField> fieldsWithoutReadPermission;
    private final MetaService ms;
    private final User user;
    private final ConnectionContext cc;
    private List<String> tablesWithoutPermissionCheck = new ArrayList();

    /* loaded from: input_file:de/cismet/cids/server/actions/graphql/GraphQlPermissionEvaluator$CidsVisitor.class */
    private class CidsVisitor extends NodeVisitorStub {
        private final List<String> readArguments = new ArrayList();
        private final List<String> operators = new ArrayList();
        private final List<CidsDataSource> fieldsWithoutPermission = new ArrayList();
        private CidsTable lastTable = null;
        private Map<String, CidsTable> fieldToTable = new HashMap();
        private OperationDefinition.Operation operation = null;

        public CidsVisitor() {
            this.readArguments.add("where");
            this.operators.add("_and");
            this.operators.add("_not");
            this.operators.add("_or");
        }

        public TraversalControl visitArgument(Argument argument, TraverserContext<Node> traverserContext) {
            return TraversalControl.CONTINUE;
        }

        public TraversalControl visitObjectField(ObjectField objectField, TraverserContext<Node> traverserContext) {
            String name = objectField.getName();
            Argument argument = getArgument(traverserContext.getParentNodes());
            String name2 = argument != null ? argument.getName() : null;
            String parentTableName = getParentTableName(traverserContext.getParentNodes());
            if (this.operation.equals(OperationDefinition.Operation.MUTATION)) {
                if (isSpecialMutationField(name)) {
                    return TraversalControl.CONTINUE;
                }
                name = mutationFieldNameToFieldName(name);
                parentTableName = mutationFieldNameToFieldName(parentTableName);
            }
            CidsTable cidsTable = parentTableName != null ? new CidsTable(parentTableName) : null;
            if (GraphQlPermissionEvaluator.this.isFieldArgument(objectField, name2.equalsIgnoreCase("where"))) {
                if (!this.operators.contains(name)) {
                    try {
                        if (isMutationArgument(name2) && cidsTable != null && !GraphQlPermissionEvaluator.this.hasWritePermission(cidsTable, name)) {
                            return TreeTransformerUtil.deleteNode(traverserContext);
                        }
                        if (cidsTable != null) {
                            GraphQlPermissionEvaluator.this.checkReadPermission(cidsTable, name);
                        }
                    } catch (RemoteException e) {
                        GraphQlPermissionEvaluator.LOG.error("Remote Exception ", e);
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (FieldNotFoundException e2) {
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (TableNotFoundException e3) {
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    }
                }
            } else if (GraphQlPermissionEvaluator.this.isTable(objectField, name2.equalsIgnoreCase("where"))) {
                try {
                    GraphQlPermissionEvaluator.this.determineForeignKeyField(cidsTable, name);
                    if (isMutationArgument(name2) && !GraphQlPermissionEvaluator.this.hasWritePermission(cidsTable, name)) {
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    }
                } catch (TableNotFoundException e4) {
                    return TreeTransformerUtil.deleteNode(traverserContext);
                } catch (RemoteException e5) {
                    GraphQlPermissionEvaluator.LOG.error("Remote Exception ", e5);
                    return TreeTransformerUtil.deleteNode(traverserContext);
                } catch (FieldNotFoundException e6) {
                    return TreeTransformerUtil.deleteNode(traverserContext);
                }
            }
            return super.visitObjectField(objectField, traverserContext);
        }

        public TraversalControl visitOperationDefinition(OperationDefinition operationDefinition, TraverserContext<Node> traverserContext) {
            this.operation = operationDefinition.getOperation();
            return super.visitOperationDefinition(operationDefinition, traverserContext);
        }

        public TraversalControl visitField(Field field, TraverserContext<Node> traverserContext) {
            String name = field.getName();
            Field parentField = getParentField(traverserContext.getParentNodes());
            String name2 = parentField != null ? parentField.getName() : null;
            if (this.operation != null && this.operation.equals(OperationDefinition.Operation.MUTATION)) {
                if (isSpecialMutationField(name)) {
                    return TraversalControl.CONTINUE;
                }
                name = mutationFieldNameToFieldName(name);
                name2 = mutationFieldNameToFieldName(name2);
            }
            if (this.lastTable == null || name2 == null) {
                this.lastTable = new CidsTable(name);
                if (this.operation != null && this.operation.equals(OperationDefinition.Operation.MUTATION)) {
                    try {
                        if (!GraphQlPermissionEvaluator.this.hasWritePermission(this.lastTable)) {
                            this.fieldsWithoutPermission.add(this.lastTable);
                            return TreeTransformerUtil.deleteNode(traverserContext);
                        }
                    } catch (RemoteException e) {
                        GraphQlPermissionEvaluator.LOG.error("remote exception", e);
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (TableNotFoundException e2) {
                        this.fieldsWithoutPermission.add(this.lastTable);
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    }
                }
            } else {
                if (field.getSelectionSet() == null) {
                    CidsTable cidsTable = this.fieldToTable.get(name2);
                    if (cidsTable == null) {
                        cidsTable = new CidsTable(name2);
                    }
                    try {
                        GraphQlPermissionEvaluator.this.checkReadPermission(cidsTable, name);
                    } catch (FieldNotFoundException e3) {
                        this.fieldsWithoutPermission.add(new CidsField(cidsTable, name));
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (TableNotFoundException e4) {
                        this.fieldsWithoutPermission.add(new CidsField(cidsTable, name));
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (RemoteException e5) {
                        GraphQlPermissionEvaluator.LOG.error("remote exception", e5);
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    }
                }
                if (field.getSelectionSet() != null && this.lastTable != null) {
                    CidsTable cidsTable2 = this.fieldToTable.get(name2);
                    if (cidsTable2 == null) {
                        cidsTable2 = new CidsTable(name2);
                    }
                    try {
                        GraphQlPermissionEvaluator.this.determineForeignKeyField(cidsTable2, name);
                        this.lastTable = new CidsTable(GraphQlPermissionEvaluator.this.determineTableForForeignKeyField(cidsTable2, name));
                        this.fieldToTable.put(name, this.lastTable);
                    } catch (RemoteException e6) {
                        GraphQlPermissionEvaluator.LOG.error("remote exception", e6);
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (FieldNotFoundException e7) {
                        this.fieldsWithoutPermission.add(new CidsField(cidsTable2, name));
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    } catch (TableNotFoundException e8) {
                        this.fieldsWithoutPermission.add(new CidsField(cidsTable2, name));
                        return TreeTransformerUtil.deleteNode(traverserContext);
                    }
                }
            }
            return TraversalControl.CONTINUE;
        }

        private String getParentTableName(List<Node> list) {
            if (list == null) {
                return null;
            }
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                Field field = (Node) it.next();
                String str = null;
                if (field instanceof Field) {
                    str = field.getName();
                } else if (field instanceof ObjectField) {
                    str = ((ObjectField) field).getName();
                }
                if (str != null && !this.operators.contains(str)) {
                    if (str.endsWith("Array") || str.endsWith("Object")) {
                        return null;
                    }
                    return str;
                }
            }
            return null;
        }

        private String getParent(ObjectField objectField, String str) {
            if (objectField.getName().equals(str)) {
                return null;
            }
            String str2 = null;
            ObjectField objectField2 = objectField;
            if (!this.operators.contains(objectField.getName())) {
                str2 = objectField.getName();
            }
            while (objectField2.getValue() != null && (objectField2.getValue() instanceof ObjectValue)) {
                ObjectValue value = objectField2.getValue();
                ObjectField objectField3 = (Node) value.getNamedChildren().getChildren("objectFields").get(value.getNamedChildren().getChildren("objectFields").size() - 1);
                if (!(objectField3 instanceof ObjectField)) {
                    return null;
                }
                if (objectField3.getName().equals(str)) {
                    return str2;
                }
                objectField2 = objectField3;
                if (!this.operators.contains(objectField3.getName())) {
                    str2 = objectField3.getName();
                }
            }
            return null;
        }

        private String mutationFieldNameToFieldName(String str) {
            if (str == null) {
                return null;
            }
            return str.startsWith("update_") ? str.substring("update_".length()) : str.startsWith("delete_") ? str.substring("delete_".length()) : str.startsWith("insert_") ? str.substring("insert_".length()) : str;
        }

        private boolean isSpecialMutationField(String str) {
            if (str == null) {
                return false;
            }
            return str.equalsIgnoreCase("affected_rows") || str.equalsIgnoreCase("returning");
        }

        private Field getParentField(List<Node> list) {
            if (list == null) {
                return null;
            }
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                Field field = (Node) it.next();
                if (field instanceof Field) {
                    return field;
                }
            }
            return null;
        }

        private OperationDefinition.Operation getOperation(List<Node> list) {
            if (list == null) {
                return null;
            }
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                OperationDefinition operationDefinition = (Node) it.next();
                if (operationDefinition instanceof OperationDefinition) {
                    return operationDefinition.getOperation();
                }
            }
            return null;
        }

        private Argument getArgument(List<Node> list) {
            if (list == null) {
                return null;
            }
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                Argument argument = (Node) it.next();
                if (argument instanceof Argument) {
                    return argument;
                }
            }
            return null;
        }

        private boolean isMutationArgument(String str) {
            return !this.readArguments.contains(str);
        }

        public List<CidsDataSource> getFieldsWithoutPermission() {
            return this.fieldsWithoutPermission;
        }
    }

    public GraphQlPermissionEvaluator(MetaService metaService, User user, ConnectionContext connectionContext) {
        this.ms = metaService;
        this.user = user;
        this.cc = connectionContext;
    }

    public String evaluate(String str) {
        try {
            this.fieldsWithoutReadPermission = new ArrayList();
            return AstPrinter.printAstCompact(new AstTransformer().transform(new Parser().parseDocument(str), new CidsVisitor()));
        } catch (InvalidSyntaxException e) {
            LOG.error("Error while evaluating graphql query", e);
            return null;
        }
    }

    public void setTablesWithoutPermissionCheck(List<String> list) {
        this.tablesWithoutPermissionCheck = list;
    }

    public List<CidsField> getFieldsWithoutPermissions() {
        return this.fieldsWithoutReadPermission;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isFieldArgument(ObjectField objectField, boolean z) {
        if (!(objectField.getValue() instanceof ObjectValue)) {
            return !z;
        }
        ObjectValue value = objectField.getValue();
        if (value.getObjectFields().size() <= 0 || !(value.getObjectFields().get(0) instanceof ObjectField) || !(((ObjectField) value.getObjectFields().get(0)).getValue() instanceof ObjectValue)) {
            return true;
        }
        ObjectValue value2 = ((ObjectField) value.getObjectFields().get(0)).getValue();
        return value2.getObjectFields().size() <= 0 || (value2.getObjectFields().get(0) instanceof ObjectField);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isTable(ObjectField objectField, boolean z) {
        if (isFieldArgument(objectField, z) || !(objectField.getValue() instanceof ObjectValue)) {
            return false;
        }
        ObjectValue value = objectField.getValue();
        if (value.getObjectFields().size() <= 0 || !(value.getObjectFields().get(0) instanceof ObjectField) || !(((ObjectField) value.getObjectFields().get(0)).getValue() instanceof ObjectValue)) {
            return false;
        }
        ObjectValue value2 = ((ObjectField) value.getObjectFields().get(0)).getValue();
        return value2.getObjectFields().size() > 0 && (value2.getObjectFields().get(0) instanceof ObjectField);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CidsField determineForeignKeyField(CidsTable cidsTable, String str) throws RemoteException, TableNotFoundException, FieldNotFoundException {
        MetaClass metaClassById;
        MetaClass metaClassByName = getMetaClassByName(cidsTable.getName());
        if (metaClassByName == null) {
            throw new TableNotFoundException(cidsTable.getName());
        }
        for (Object obj : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo = (MemberAttributeInfo) obj;
                if (!memberAttributeInfo.isForeignKey()) {
                    continue;
                } else {
                    if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str)) {
                        return new CidsField(cidsTable, str);
                    }
                    if (str.endsWith("Array")) {
                        if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 5))) {
                            return new CidsField(cidsTable, str.substring(0, str.length() - 5));
                        }
                    } else if (str.endsWith("Object") && memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 6))) {
                        return new CidsField(cidsTable, str.substring(0, str.length() - 6));
                    }
                }
            }
        }
        for (Object obj2 : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj2 instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo2 = (MemberAttributeInfo) obj2;
                if (memberAttributeInfo2.isForeignKey() && (metaClassById = getMetaClassById(memberAttributeInfo2.getForeignKeyClassId())) != null && metaClassById.getTableName().equalsIgnoreCase(str)) {
                    return new CidsField(cidsTable, memberAttributeInfo2.getFieldName());
                }
            }
        }
        throw new TableNotFoundException(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String determineTableForForeignKeyField(CidsTable cidsTable, String str) throws RemoteException, TableNotFoundException, FieldNotFoundException {
        MetaClass metaClassById;
        MetaClass metaClassById2;
        MetaClass metaClassByName = getMetaClassByName(cidsTable.getName());
        if (metaClassByName == null) {
            throw new TableNotFoundException(cidsTable.getName());
        }
        for (Object obj : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo = (MemberAttributeInfo) obj;
                if (!memberAttributeInfo.isForeignKey()) {
                    continue;
                } else if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str)) {
                    MetaClass metaClassById3 = getMetaClassById(memberAttributeInfo.getForeignKeyClassId());
                    if (metaClassById3 != null) {
                        return metaClassById3.getTableName();
                    }
                } else {
                    boolean z = false;
                    if (str.endsWith("Array")) {
                        if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 5))) {
                            z = true;
                        }
                    } else if (str.endsWith("Object") && memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 6))) {
                        z = true;
                    }
                    if (z && (metaClassById2 = getMetaClassById(memberAttributeInfo.getForeignKeyClassId())) != null) {
                        return metaClassById2.getTableName();
                    }
                }
            }
        }
        for (Object obj2 : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj2 instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo2 = (MemberAttributeInfo) obj2;
                if (memberAttributeInfo2.isForeignKey() && (metaClassById = getMetaClassById(memberAttributeInfo2.getForeignKeyClassId())) != null && metaClassById.getTableName().equalsIgnoreCase(str)) {
                    return metaClassById.getTableName();
                }
            }
        }
        throw new TableNotFoundException(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkReadPermission(CidsTable cidsTable, String str) throws RemoteException, TableNotFoundException, FieldNotFoundException {
        MetaClass metaClassById;
        if (this.tablesWithoutPermissionCheck.contains(cidsTable.getName())) {
            return;
        }
        MetaClass metaClassByName = getMetaClassByName(cidsTable.getName());
        if (metaClassByName == null) {
            throw new TableNotFoundException(cidsTable.getName());
        }
        for (Object obj : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo = (MemberAttributeInfo) obj;
                if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str)) {
                    return;
                }
                if (str.endsWith("Array")) {
                    if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 5))) {
                        return;
                    }
                } else if (str.endsWith("Object") && memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 6))) {
                    return;
                }
            }
        }
        if (str.endsWith("Array")) {
            checkReadPermission(cidsTable, str.substring(0, str.length() - 5));
        } else if (str.endsWith("Object")) {
            checkReadPermission(cidsTable, str.substring(0, str.length() - 6));
        }
        for (Object obj2 : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj2 instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo2 = (MemberAttributeInfo) obj2;
                if (memberAttributeInfo2.isForeignKey() && (metaClassById = getMetaClassById(memberAttributeInfo2.getForeignKeyClassId())) != null && metaClassById.getTableName().equalsIgnoreCase(str)) {
                    return;
                }
            }
        }
        throw new FieldNotFoundException(cidsTable.getName(), str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasWritePermission(CidsTable cidsTable, String str) throws RemoteException, TableNotFoundException, FieldNotFoundException {
        if (this.tablesWithoutPermissionCheck.contains(cidsTable.getName())) {
            return true;
        }
        MetaClass metaClassByName = getMetaClassByName(cidsTable.getName());
        if (metaClassByName == null) {
            throw new TableNotFoundException(cidsTable.getName());
        }
        for (Object obj : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo = (MemberAttributeInfo) obj;
                boolean z = false;
                if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str)) {
                    z = true;
                } else if (str.endsWith("Array")) {
                    if (memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 5))) {
                        z = true;
                    }
                } else if (str.endsWith("Object") && memberAttributeInfo.getFieldName().equalsIgnoreCase(str.substring(0, str.length() - 6))) {
                    z = true;
                }
                if (z) {
                    return metaClassByName.getPermissions().hasWritePermission(this.user) && !memberAttributeInfo.isExtensionAttribute();
                }
            }
        }
        if (str.endsWith("Array")) {
            hasWritePermission(cidsTable, str.substring(0, str.length() - 5));
        } else if (str.endsWith("Object")) {
            hasWritePermission(cidsTable, str.substring(0, str.length() - 6));
        }
        for (Object obj2 : metaClassByName.getMemberAttributeInfos().values()) {
            if (obj2 instanceof MemberAttributeInfo) {
                MemberAttributeInfo memberAttributeInfo2 = (MemberAttributeInfo) obj2;
                if (memberAttributeInfo2.getFieldName().equalsIgnoreCase(str)) {
                    return metaClassByName.getPermissions().hasWritePermission(this.user) && !memberAttributeInfo2.isExtensionAttribute();
                }
            }
        }
        throw new FieldNotFoundException(cidsTable.getName(), str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasWritePermission(CidsTable cidsTable) throws RemoteException, TableNotFoundException {
        if (this.tablesWithoutPermissionCheck.contains(cidsTable.getName())) {
            return true;
        }
        MetaClass metaClassByName = getMetaClassByName(cidsTable.getName());
        if (metaClassByName == null) {
            throw new TableNotFoundException(cidsTable.getName());
        }
        return metaClassByName.getPermissions().hasWritePermission(this.user);
    }

    private MetaClass getMetaClassByName(String str) throws RemoteException {
        MetaClass classByTableName = this.ms.getClassByTableName(this.user, str, this.cc);
        if (classByTableName == null) {
            classByTableName = this.ms.getClassByTableName(this.user, str.toLowerCase(), this.cc);
        }
        if (classByTableName == null && str.endsWith("Object")) {
            classByTableName = this.ms.getClassByTableName(this.user, str.substring(0, str.indexOf("Object")), this.cc);
        }
        if (classByTableName == null && str.endsWith("Array")) {
            classByTableName = this.ms.getClassByTableName(this.user, str.substring(0, str.indexOf("Array")), this.cc);
        }
        return classByTableName;
    }

    private MetaClass getMetaClassById(int i) throws RemoteException {
        return this.ms.getClass(this.user, i, this.cc);
    }

    public ConnectionContext getConnectionContext() {
        return this.cc;
    }
}
