package com.xpn.xwiki.internal.objects.classes;

import com.xpn.xwiki.objects.classes.DBListClass;
import java.io.StringWriter;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.velocity.VelocityContext;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.query.Query;
import org.xwiki.query.QueryBuilder;
import org.xwiki.query.QueryException;
import org.xwiki.query.QueryManager;
import org.xwiki.security.authorization.AuthorExecutor;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;
import org.xwiki.velocity.VelocityEngine;
import org.xwiki.velocity.VelocityManager;

@Singleton
@Component
@Named("explicitlyAllowedValues")
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-9.11.jar:com/xpn/xwiki/internal/objects/classes/ExplicitlyAllowedValuesDBListQueryBuilder.class */
public class ExplicitlyAllowedValuesDBListQueryBuilder implements QueryBuilder<DBListClass> {

    @Inject
    private Logger logger;

    @Inject
    private AuthorizationManager authorizationManager;

    @Inject
    private AuthorExecutor authorExecutor;

    @Inject
    private Provider<VelocityManager> velocityManagerProvider;

    @Inject
    private EntityReferenceSerializer<String> entityReferenceSerializer;

    @Inject
    @Named("secure")
    private QueryManager secureQueryManager;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v1, types: [org.xwiki.model.reference.EntityReference] */
    @Override // org.xwiki.query.QueryBuilder
    public Query build(DBListClass dBListClass) throws QueryException {
        String sql = dBListClass.getSql();
        DocumentReference authorReference = dBListClass.getOwnerDocument().getAuthorReference();
        if (this.authorizationManager.hasAccess(Right.SCRIPT, authorReference, dBListClass.getReference())) {
            String serialize = this.entityReferenceSerializer.serialize(dBListClass.getDocumentReference(), new Object[0]);
            try {
                sql = (String) this.authorExecutor.call(() -> {
                    return evaluateVelocityCode(dBListClass.getSql(), serialize);
                }, authorReference);
            } catch (Exception e) {
                this.logger.warn("Failed to evaluate the Velocity code from the query [{}]. Root cause is [{}]. Continuing with the raw query.", sql, ExceptionUtils.getRootCauseMessage(e));
            }
        }
        Query createQuery = this.secureQueryManager.createQuery(sql, Query.HQL);
        createQuery.setWiki(dBListClass.getOwnerDocument().getDocumentReference().getWikiReference().getName());
        return createQuery;
    }

    private String evaluateVelocityCode(String str, String str2) throws Exception {
        VelocityManager velocityManager = this.velocityManagerProvider.get();
        VelocityContext velocityContext = velocityManager.getVelocityContext();
        VelocityEngine velocityEngine = velocityManager.getVelocityEngine();
        StringWriter stringWriter = new StringWriter();
        velocityEngine.evaluate(velocityContext, stringWriter, str2, str);
        return stringWriter.toString();
    }
}
