package org.camunda.bpm.engine.impl.cfg.auth;

import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.ProcessInstancePermissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.authorization.SystemPermissions;
import org.camunda.bpm.engine.authorization.TaskPermissions;
import org.camunda.bpm.engine.authorization.UserOperationLogCategoryPermissions;
import org.camunda.bpm.engine.history.HistoricCaseInstance;
import org.camunda.bpm.engine.history.HistoricDecisionInstance;
import org.camunda.bpm.engine.history.HistoricProcessInstance;
import org.camunda.bpm.engine.history.UserOperationLogEntry;
import org.camunda.bpm.engine.impl.batch.BatchEntity;
import org.camunda.bpm.engine.impl.batch.history.HistoricBatchEntity;
import org.camunda.bpm.engine.impl.cfg.CommandChecker;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.db.PermissionCheckBuilder;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionDefinitionEntity;
import org.camunda.bpm.engine.impl.dmn.entity.repository.DecisionRequirementsDefinitionEntity;
import org.camunda.bpm.engine.impl.history.event.HistoricExternalTaskLogEntity;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager;
import org.camunda.bpm.engine.impl.persistence.entity.ExecutionEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricJobLogEventEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricProcessInstanceEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricTaskInstanceEntity;
import org.camunda.bpm.engine.impl.persistence.entity.HistoricVariableInstanceEntity;
import org.camunda.bpm.engine.impl.persistence.entity.JobEntity;
import org.camunda.bpm.engine.impl.persistence.entity.ProcessDefinitionEntity;
import org.camunda.bpm.engine.impl.persistence.entity.TaskEntity;
import org.camunda.bpm.engine.repository.CaseDefinition;
import org.camunda.bpm.engine.repository.DecisionDefinition;
import org.camunda.bpm.engine.repository.ProcessDefinition;
import org.camunda.bpm.engine.runtime.CaseExecution;

/* loaded from: input_file:org/camunda/bpm/camunda-engine/main/camunda-engine-7.19.0-SNAPSHOT.jar:org/camunda/bpm/engine/impl/cfg/auth/AuthorizationCommandChecker.class */
public class AuthorizationCommandChecker implements CommandChecker {
    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkEvaluateDecision(DecisionDefinition decisionDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE_INSTANCE, Resources.DECISION_DEFINITION, decisionDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateProcessInstance(ProcessDefinition processDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.PROCESS_INSTANCE);
        getAuthorizationManager().checkAuthorization(Permissions.CREATE_INSTANCE, Resources.PROCESS_DEFINITION, processDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessDefinition(ProcessDefinition processDefinition) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.PROCESS_DEFINITION, processDefinition.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateCaseInstance(CaseDefinition caseDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessDefinitionByKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionSuspensionStateById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessDefinitionSuspensionStateByKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateDecisionDefinitionById(String str) {
        DecisionDefinitionEntity findLatestDecisionDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestDecisionDefinitionById = findLatestDecisionDefinitionById(str)) == null) {
            return;
        }
        checkUpdateDecisionDefinition(findLatestDecisionDefinitionById);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionByKey(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.PROCESS_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessDefinitionSuspensionStateByKey(String str) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, str, ProcessDefinitionPermissions.SUSPEND).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, str, Permissions.UPDATE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessDefinitionById(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkDeleteProcessDefinitionByKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessDefinitionByKey(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.PROCESS_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceByProcessDefinitionId(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessInstanceByProcessDefinitionKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateRetriesProcessInstanceByProcessDefinitionId(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, "*", ProcessInstancePermissions.RETRY_JOB).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, findLatestProcessDefinitionById.getKey(), ProcessDefinitionPermissions.RETRY_JOB).atomicCheckForResourceId(Resources.PROCESS_INSTANCE, "*", Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, findLatestProcessDefinitionById.getKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceSuspensionStateByProcessDefinitionId(String str) {
        ProcessDefinitionEntity findLatestProcessDefinitionById;
        if (!getAuthorizationManager().isAuthorizationEnabled() || (findLatestProcessDefinitionById = findLatestProcessDefinitionById(str)) == null) {
            return;
        }
        checkUpdateProcessInstanceSuspensionStateByProcessDefinitionKey(findLatestProcessDefinitionById.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceByProcessDefinitionKey(String str) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, null, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, str, Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceSuspensionStateByProcessDefinitionKey(String str) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, null, ProcessInstancePermissions.SUSPEND).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, str, ProcessDefinitionPermissions.SUSPEND_INSTANCE).atomicCheckForResourceId(Resources.PROCESS_INSTANCE, null, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, str, Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessInstance(String str) {
        ExecutionEntity findExecutionById = findExecutionById(str);
        if (findExecutionById != null) {
            checkReadProcessInstance(findExecutionById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProcessInstance(ExecutionEntity executionEntity) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), Permissions.DELETE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, executionEntity.getProcessDefinition().getKey(), Permissions.DELETE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceById(String str) {
        ExecutionEntity findExecutionById = findExecutionById(str);
        if (findExecutionById != null) {
            checkUpdateProcessInstance(findExecutionById);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstance(ExecutionEntity executionEntity) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, executionEntity.getProcessDefinition().getKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceVariables(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinition = executionEntity.getProcessDefinition();
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), ProcessInstancePermissions.UPDATE_VARIABLE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), ProcessDefinitionPermissions.UPDATE_INSTANCE_VARIABLE).atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateProcessInstanceSuspensionStateById(String str) {
        ExecutionEntity findExecutionById = findExecutionById(str);
        if (findExecutionById != null) {
            checkUpdateProcessInstanceSuspensionState(findExecutionById);
        }
    }

    public void checkUpdateProcessInstanceSuspensionState(ExecutionEntity executionEntity) {
        ProcessDefinitionEntity processDefinition = executionEntity.getProcessDefinition();
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), ProcessInstancePermissions.SUSPEND).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), ProcessDefinitionPermissions.SUSPEND_INSTANCE).atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateJob(JobEntity jobEntity) {
        if (jobEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, jobEntity.getProcessInstanceId(), Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, jobEntity.getProcessDefinitionKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateRetriesJob(JobEntity jobEntity) {
        if (jobEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, jobEntity.getProcessInstanceId(), ProcessInstancePermissions.RETRY_JOB).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, jobEntity.getProcessDefinitionKey(), ProcessDefinitionPermissions.RETRY_JOB).atomicCheckForResourceId(Resources.PROCESS_INSTANCE, jobEntity.getProcessInstanceId(), Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, jobEntity.getProcessDefinitionKey(), Permissions.UPDATE_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateMigrationPlan(ProcessDefinition processDefinition, ProcessDefinition processDefinition2) {
        checkReadProcessDefinition(processDefinition);
        checkReadProcessDefinition(processDefinition2);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkMigrateProcessInstance(ExecutionEntity executionEntity, ProcessDefinition processDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessInstance(ExecutionEntity executionEntity) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, executionEntity.getProcessInstanceId(), Permissions.READ).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, executionEntity.getProcessDefinition().getKey(), Permissions.READ_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessInstanceVariable(ExecutionEntity executionEntity) {
        if (!getAuthorizationManager().isEnsureSpecificVariablePermission()) {
            checkReadProcessInstance(executionEntity);
            return;
        }
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, executionEntity.getProcessDefinition().getKey(), ProcessDefinitionPermissions.READ_INSTANCE_VARIABLE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadJob(JobEntity jobEntity) {
        if (jobEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_INSTANCE, jobEntity.getProcessInstanceId(), Permissions.READ).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, jobEntity.getProcessDefinitionKey(), Permissions.READ_INSTANCE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTask(TaskEntity taskEntity) {
        checkTaskPermission(taskEntity, Permissions.READ_TASK, Permissions.READ);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTaskVariable(TaskEntity taskEntity) {
        Permission permission;
        Permission permission2;
        if (getAuthorizationManager().isEnsureSpecificVariablePermission()) {
            permission = ProcessDefinitionPermissions.READ_TASK_VARIABLE;
            permission2 = TaskPermissions.READ_VARIABLE;
        } else {
            permission = Permissions.READ_TASK;
            permission2 = Permissions.READ;
        }
        checkTaskPermission(taskEntity, permission, permission2);
    }

    protected void checkTaskPermission(TaskEntity taskEntity, Permission permission, Permission permission2) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, permission2).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getExecution().getProcessDefinition().getKey(), permission).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(permission2, Resources.TASK, id);
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateTaskVariable(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            ProcessDefinitionEntity processDefinition = taskEntity.getExecution().getProcessDefinition();
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, TaskPermissions.UPDATE_VARIABLE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), ProcessDefinitionPermissions.UPDATE_TASK_VARIABLE).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinition.getKey(), Permissions.UPDATE_TASK).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, TaskPermissions.UPDATE_VARIABLE).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateBatch(Permission permission) {
        getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.BATCH, null, permission).atomicCheckForResourceId(Resources.BATCH, null, Permissions.CREATE).build());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricBatch(HistoricBatchEntity historicBatchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.BATCH, historicBatchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkSuspendBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkActivateBatch(BatchEntity batchEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.BATCH, batchEntity.getId());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoricBatch() {
        getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.BATCH);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateDeployment() {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.DEPLOYMENT);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDeployment(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DEPLOYMENT, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteDeployment(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.DEPLOYMENT, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDecisionDefinition(DecisionDefinitionEntity decisionDefinitionEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DECISION_DEFINITION, decisionDefinitionEntity.getKey());
    }

    public void checkUpdateDecisionDefinition(DecisionDefinitionEntity decisionDefinitionEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.UPDATE, Resources.DECISION_DEFINITION, decisionDefinitionEntity.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadDecisionRequirementsDefinition(DecisionRequirementsDefinitionEntity decisionRequirementsDefinitionEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.READ, Resources.DECISION_REQUIREMENTS_DEFINITION, decisionRequirementsDefinitionEntity.getKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadCaseDefinition(CaseDefinition caseDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateCaseDefinition(CaseDefinition caseDefinition) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricTaskInstance(HistoricTaskInstanceEntity historicTaskInstanceEntity) {
        if (historicTaskInstanceEntity == null || historicTaskInstanceEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, historicTaskInstanceEntity.getProcessDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricProcessInstance(HistoricProcessInstance historicProcessInstance) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, historicProcessInstance.getProcessDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricCaseInstance(HistoricCaseInstance historicCaseInstance) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricDecisionInstance(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.DECISION_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricDecisionInstance(HistoricDecisionInstance historicDecisionInstance) {
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.DECISION_DEFINITION, historicDecisionInstance.getDecisionDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoricJobLog(HistoricJobLogEventEntity historicJobLogEventEntity) {
        if (historicJobLogEventEntity.getProcessDefinitionKey() != null) {
            getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, historicJobLogEventEntity.getProcessDefinitionKey());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoryAnyProcessDefinition() {
        getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, "*");
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoryProcessDefinition(String str) {
        getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, str);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateCaseInstance(CaseExecution caseExecution) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadCaseInstance(CaseExecution caseExecution) {
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkTaskAssign(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.UPDATE_TASK).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_ASSIGN).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateTask(TaskEntity taskEntity) {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.TASK);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkCreateTask() {
        getAuthorizationManager().checkAuthorization(Permissions.CREATE, Resources.TASK);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkTaskWork(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        if (taskEntity.getExecutionId() != null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_WORK).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.TASK_WORK).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).atomicCheckForResourceId(Resources.PROCESS_DEFINITION, taskEntity.getProcessDefinition().getKey(), Permissions.UPDATE_TASK).build());
        } else if (taskEntity.getCaseExecutionId() == null) {
            getAuthorizationManager().checkAuthorization(new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.TASK, id, Permissions.TASK_WORK).atomicCheckForResourceId(Resources.TASK, id, Permissions.UPDATE).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteTask(TaskEntity taskEntity) {
        String id = taskEntity.getId();
        String executionId = taskEntity.getExecutionId();
        String caseExecutionId = taskEntity.getCaseExecutionId();
        if (executionId == null && caseExecutionId == null) {
            getAuthorizationManager().checkAuthorization(Permissions.DELETE, Resources.TASK, id);
        }
    }

    public void checkUserOperationLog(UserOperationLogEntry userOperationLogEntry, ProcessDefinitionPermissions processDefinitionPermissions, UserOperationLogCategoryPermissions userOperationLogCategoryPermissions) {
        if (userOperationLogEntry != null) {
            String category = userOperationLogEntry.getCategory();
            String processDefinitionKey = userOperationLogEntry.getProcessDefinitionKey();
            if (category == null && processDefinitionKey == null) {
                return;
            }
            getAuthorizationManager().checkAuthorization(category == null ? new PermissionCheckBuilder().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinitionKey, processDefinitionPermissions).build() : processDefinitionKey == null ? new PermissionCheckBuilder().atomicCheckForResourceId(Resources.OPERATION_LOG_CATEGORY, category, userOperationLogCategoryPermissions).build() : new PermissionCheckBuilder().disjunctive().atomicCheckForResourceId(Resources.PROCESS_DEFINITION, processDefinitionKey, processDefinitionPermissions).atomicCheckForResourceId(Resources.OPERATION_LOG_CATEGORY, category, userOperationLogCategoryPermissions).build());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteUserOperationLog(UserOperationLogEntry userOperationLogEntry) {
        checkUserOperationLog(userOperationLogEntry, ProcessDefinitionPermissions.DELETE_HISTORY, UserOperationLogCategoryPermissions.DELETE);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUpdateUserOperationLog(UserOperationLogEntry userOperationLogEntry) {
        checkUserOperationLog(userOperationLogEntry, ProcessDefinitionPermissions.UPDATE_HISTORY, UserOperationLogCategoryPermissions.UPDATE);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoricExternalTaskLog(HistoricExternalTaskLogEntity historicExternalTaskLogEntity) {
        if (historicExternalTaskLogEntity.getProcessDefinitionKey() != null) {
            getAuthorizationManager().checkAuthorization(Permissions.READ_HISTORY, Resources.PROCESS_DEFINITION, historicExternalTaskLogEntity.getProcessDefinitionKey());
        }
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricVariableInstance(HistoricVariableInstanceEntity historicVariableInstanceEntity) {
        if (historicVariableInstanceEntity == null || historicVariableInstanceEntity.getProcessDefinitionKey() == null) {
            return;
        }
        getAuthorizationManager().checkAuthorization(Permissions.DELETE_HISTORY, Resources.PROCESS_DEFINITION, historicVariableInstanceEntity.getProcessDefinitionKey());
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteHistoricVariableInstancesByProcessInstance(HistoricProcessInstanceEntity historicProcessInstanceEntity) {
        checkDeleteHistoricProcessInstance(historicProcessInstanceEntity);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTelemetryData() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkConfigureTelemetry() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTelemetryCollectionStatusData() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadHistoryLevel() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTableCount() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTableName() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadTableMetaData() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProperties() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkSetProperty() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteProperty() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.DELETE, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteLicenseKey() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.DELETE, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkSetLicenseKey() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadLicenseKey() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkRegisterProcessApplication() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUnregisterProcessApplication() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadRegisteredDeployments() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadProcessApplicationForDeployment() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkRegisterDeployment() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkUnregisterDeployment() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.SET, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteMetrics() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.DELETE, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkDeleteTaskMetrics() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.DELETE, Resources.SYSTEM);
    }

    @Override // org.camunda.bpm.engine.impl.cfg.CommandChecker
    public void checkReadSchemaLog() {
        getAuthorizationManager().checkAuthorization(SystemPermissions.READ, Resources.SYSTEM);
    }

    protected AuthorizationManager getAuthorizationManager() {
        return Context.getCommandContext().getAuthorizationManager();
    }

    protected ProcessDefinitionEntity findLatestProcessDefinitionById(String str) {
        return Context.getCommandContext().getProcessDefinitionManager().findLatestProcessDefinitionById(str);
    }

    protected DecisionDefinitionEntity findLatestDecisionDefinitionById(String str) {
        return Context.getCommandContext().getDecisionDefinitionManager().findDecisionDefinitionById(str);
    }

    protected ExecutionEntity findExecutionById(String str) {
        return Context.getCommandContext().getExecutionManager().findExecutionById(str);
    }
}
