package org.lamsfoundation.lams.security;

import java.io.Serializable;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.lamsfoundation.lams.lesson.Lesson;
import org.lamsfoundation.lams.usermanagement.Organisation;
import org.lamsfoundation.lams.usermanagement.OrganisationType;
import org.lamsfoundation.lams.usermanagement.Role;
import org.lamsfoundation.lams.usermanagement.UserOrganisation;
import org.springframework.orm.hibernate4.support.HibernateDaoSupport;

/* loaded from: input_file:org/lamsfoundation/lams/security/SecurityDAO.class */
public class SecurityDAO extends HibernateDaoSupport implements ISecurityDAO {
    private static final String CHECK_LESSON_LEARNER = "SELECT 1 FROM lams_lesson AS l JOIN lams_grouping AS ging ON l.lesson_id = ? AND l.class_grouping_id = ging.grouping_id JOIN lams_group AS g USING (grouping_id) JOIN lams_user_group AS ug USING (group_id) WHERE ug.user_id = ?";
    private static final String CHECK_LESSON_MONITOR = "FROM " + Lesson.class.getName() + " AS lesson INNER JOIN lesson.lessonClass.staffGroup.users AS monitor WHERE lesson.lessonId = ? AND monitor.userId = ?";
    private static final String CHECK_ORG_ROLE = "FROM " + UserOrganisation.class.getName() + " AS userOrganisation INNER JOIN userOrganisation.userOrganisationRoles AS userOrganisationRole WHERE userOrganisation.organisation.organisationId = :orgId AND userOrganisation.user.userId = :userId AND userOrganisationRole.role.name IN (:roles)";
    private static final String CHECK_SYSADMIN = "FROM " + UserOrganisation.class.getName() + " AS userOrganisation INNER JOIN userOrganisation.userOrganisationRoles AS userOrganisationRole WHERE userOrganisation.organisation.organisationType.organisationTypeId = 1 AND userOrganisation.user.userId = ? AND userOrganisationRole.role.name = '" + Role.SYSADMIN + "'";

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public Object find(Class cls, Serializable serializable) {
        return getHibernateTemplate().get(cls, serializable);
    }

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public boolean hasOrgRole(Integer num, Integer num2, String... strArr) {
        Query createQuery = getHibernateTemplate().getSessionFactory().getCurrentSession().createQuery(CHECK_ORG_ROLE);
        createQuery.setParameter("orgId", num);
        createQuery.setParameter("userId", num2);
        createQuery.setParameterList("roles", strArr);
        return !createQuery.list().isEmpty();
    }

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public boolean isGroupManager(Integer num, Integer num2) {
        Organisation organisation = (Organisation) find(Organisation.class, num);
        if (organisation == null) {
            return false;
        }
        if (OrganisationType.CLASS_TYPE.equals(organisation.getOrganisationType().getOrganisationTypeId())) {
            organisation = organisation.getParentOrganisation();
        }
        return hasOrgRole(organisation.getOrganisationId(), num2, Role.GROUP_MANAGER);
    }

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public boolean isLessonLearner(Long l, Integer num) {
        SQLQuery createSQLQuery = getHibernateTemplate().getSessionFactory().getCurrentSession().createSQLQuery(CHECK_LESSON_LEARNER);
        createSQLQuery.setLong(0, l.longValue());
        createSQLQuery.setInteger(1, num.intValue());
        return !createSQLQuery.list().isEmpty();
    }

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public boolean isLessonMonitor(Long l, Integer num, boolean z) {
        boolean z2 = !getHibernateTemplate().find(CHECK_LESSON_MONITOR, new Object[]{l, num}).isEmpty();
        if (!z2 && z) {
            Lesson lesson = (Lesson) find(Lesson.class, l);
            z2 = lesson != null && num.equals(lesson.getUser().getUserId());
        }
        return z2;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityDAO
    public boolean isSysadmin(Integer num) {
        return !getHibernateTemplate().find(CHECK_SYSADMIN, new Object[]{num}).isEmpty();
    }
}
