package com.evolveum.midpoint.schema.selector.spec;

import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismValue;
import com.evolveum.midpoint.prism.Referencable;
import com.evolveum.midpoint.prism.query.FilterCreationUtil;
import com.evolveum.midpoint.prism.query.builder.S_FilterExit;
import com.evolveum.midpoint.schema.selector.eval.FilteringContext;
import com.evolveum.midpoint.schema.selector.eval.MatchingContext;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.web.page.admin.roles.SearchBoxConfigurationHelper;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TenantSelectorType;
import org.apache.commons.lang3.BooleanUtils;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/schema-4.8.9-SNAPSHOT.jar:com/evolveum/midpoint/schema/selector/spec/TenantClause.class */
public class TenantClause extends SelectorClause {

    @NotNull
    private final TenantSelectorType bean;

    private TenantClause(@NotNull TenantSelectorType tenantSelectorType) {
        this.bean = tenantSelectorType;
        tenantSelectorType.freeze();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TenantClause of(@NotNull TenantSelectorType tenantSelectorType) {
        return new TenantClause(tenantSelectorType);
    }

    @Override // com.evolveum.midpoint.schema.selector.spec.SelectorClause
    public boolean requiresFullInformation() {
        return true;
    }

    @Override // com.evolveum.midpoint.schema.selector.spec.SelectorClause
    @NotNull
    public String getName() {
        return SearchBoxConfigurationHelper.F_TENANT;
    }

    @Override // com.evolveum.midpoint.schema.selector.spec.SelectorClause
    public boolean matches(@NotNull PrismValue prismValue, @NotNull MatchingContext matchingContext) {
        ObjectType asObjectTypeIfPossible = ObjectTypeUtil.asObjectTypeIfPossible(prismValue);
        if (asObjectTypeIfPossible == null) {
            traceNotApplicable(matchingContext, "not an object", new Object[0]);
            return false;
        }
        if (!BooleanUtils.isTrue(this.bean.isSameAsSubject())) {
            traceNotApplicable(matchingContext, "unsupported tenant specification", new Object[0]);
            return false;
        }
        FocusType principalFocus = matchingContext.getPrincipalFocus();
        ObjectReferenceType tenantRef = principalFocus != null ? principalFocus.getTenantRef() : null;
        if (tenantRef == null || tenantRef.getOid() == null) {
            traceNotApplicable(matchingContext, "subject does not have tenantRef", new Object[0]);
            return false;
        }
        ObjectReferenceType tenantRef2 = asObjectTypeIfPossible.getTenantRef();
        if (tenantRef2 == null || tenantRef2.getOid() == null) {
            traceNotApplicable(matchingContext, "object does not have tenantRef", new Object[0]);
            return false;
        }
        if (!tenantRef.getOid().equals(tenantRef2.getOid())) {
            traceNotApplicable(matchingContext, "tenant mismatch", new Object[0]);
            return false;
        }
        if (BooleanUtils.isTrue(this.bean.isIncludeTenantOrg()) || !(asObjectTypeIfPossible instanceof OrgType) || !BooleanUtils.isTrue(((OrgType) asObjectTypeIfPossible).isTenant())) {
            return true;
        }
        traceNotApplicable(matchingContext, "object is a tenant org and it is not included", new Object[0]);
        return false;
    }

    @Override // com.evolveum.midpoint.schema.selector.spec.SelectorClause
    public boolean toFilter(@NotNull FilteringContext filteringContext) {
        if (!Boolean.TRUE.equals(this.bean.isSameAsSubject())) {
            addConjunct(filteringContext, FilterCreationUtil.createNone(), "tenant authorization empty", new Object[0]);
            return false;
        }
        String oid = Referencable.getOid(filteringContext.getPrincipalFocus().getTenantRef());
        if (oid == null) {
            addConjunct(filteringContext, FilterCreationUtil.createNone(), "subject tenant empty", new Object[0]);
            return false;
        }
        S_FilterExit ref = PrismContext.get().queryFor(ObjectType.class).item(ObjectType.F_TENANT_REF).ref(oid);
        addConjunct(filteringContext, Boolean.TRUE.equals(this.bean.isIncludeTenantOrg()) ? ref.buildFilter() : ref.and().not().type(OrgType.class).item(OrgType.F_TENANT).eq(true).buildFilter());
        return true;
    }

    @Override // com.evolveum.midpoint.schema.selector.spec.SelectorClause
    void addDebugDumpContent(StringBuilder sb, int i) {
        sb.append("\n");
        DebugUtil.debugDumpWithLabel(sb, "specification", this.bean, i + 1);
    }

    public String toString() {
        return "TenantClause{bean=" + this.bean + "}";
    }
}
