package org.sentilo.web.catalog.security;

import org.sentilo.common.utils.SentiloConstants;
import org.sentilo.web.catalog.context.TenantContextHolder;
import org.sentilo.web.catalog.domain.CatalogDocument;
import org.sentilo.web.catalog.domain.Tenant;
import org.sentilo.web.catalog.domain.TenantResource;
import org.sentilo.web.catalog.domain.User;
import org.sentilo.web.catalog.security.enums.ActionType;
import org.sentilo.web.catalog.utils.TenantUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:WEB-INF/classes/org/sentilo/web/catalog/security/SecurityUtils.class */
public class SecurityUtils {
    public static boolean isFederationEnabled() {
        return "true".equals(System.getProperty(SentiloConstants.SENTILO_FEDERATION_ENABLED_PROP_KEY, "false"));
    }

    public static boolean showAdminControls(ActionType actionType, Object obj) {
        if (obj instanceof String) {
            return _showAdminControls(actionType, (String) obj);
        }
        if (obj instanceof CatalogDocument) {
            return _showAdminControls(actionType, (CatalogDocument) obj);
        }
        return false;
    }

    private static boolean _showAdminControls(ActionType actionType, String str) {
        try {
            return _showAdminControls(actionType, (CatalogDocument) ClassUtils.forName(str, ClassUtils.getDefaultClassLoader()).newInstance());
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean _showAdminControls(ActionType actionType, CatalogDocument catalogDocument) {
        CatalogUserDetails catalogUserDetails = (CatalogUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        boolean isEnabled = TenantContextHolder.isEnabled();
        if (catalogUserDetails.isSuperAdminUser()) {
            return isEnabled && allowSuperAdminUserAdminResource(catalogDocument);
        }
        if (catalogUserDetails.isAdminUser()) {
            return !isEnabled || allowAdminUserAdminResource(actionType, catalogUserDetails, catalogDocument);
        }
        return false;
    }

    private static boolean allowSuperAdminUserAdminResource(CatalogDocument catalogDocument) {
        return TenantContextHolder.isEnabled() && (!(catalogDocument instanceof TenantResource) || (catalogDocument instanceof User));
    }

    private static boolean allowAdminUserAdminResource(ActionType actionType, CatalogUserDetails catalogUserDetails, CatalogDocument catalogDocument) {
        boolean z = catalogDocument instanceof TenantResource;
        boolean z2 = catalogDocument instanceof Tenant;
        boolean z3 = false;
        switch (actionType) {
            case LIST:
            case CREATE:
                z3 = z;
                break;
            case READ:
            case EDIT:
                z3 = (z || z2) && TenantUtils.isCurrentTenantResource(catalogDocument);
                break;
        }
        return z3;
    }
}
