package org.sentilo.web.catalog.security.access.impl;

import org.sentilo.common.utils.SentiloUtils;
import org.sentilo.web.catalog.context.TenantContextHolder;
import org.sentilo.web.catalog.domain.CatalogDocument;
import org.sentilo.web.catalog.domain.Tenant;
import org.sentilo.web.catalog.domain.TenantResource;
import org.sentilo.web.catalog.domain.User;
import org.sentilo.web.catalog.exception.NotAllowedActionException;
import org.sentilo.web.catalog.security.CatalogUserDetails;
import org.sentilo.web.catalog.security.access.AccessControlContext;
import org.sentilo.web.catalog.security.access.AccessControlRepository;
import org.sentilo.web.catalog.security.access.AccessControlService;
import org.sentilo.web.catalog.security.access.ActionGrant;
import org.sentilo.web.catalog.security.enums.ActionType;
import org.sentilo.web.catalog.security.service.CatalogUserDetailsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/classes/org/sentilo/web/catalog/security/access/impl/AccessControlServiceImpl.class */
public class AccessControlServiceImpl implements AccessControlService {
    private static final Logger LOGGER = LoggerFactory.getLogger(AccessControlServiceImpl.class);
    private static final int TENANT_LINK_EQ = 0;
    private static final int TENANT_LINK_AUTH = 1;
    private static final int TENANT_LINK_OTHER = 2;

    @Autowired
    private CatalogUserDetailsService userDetailsService;

    @Autowired
    private AccessControlRepository aclRepository;

    @Override // org.sentilo.web.catalog.security.access.AccessControlService
    public void checkAccess(AccessControlContext accessControlContext) {
        if (this.userDetailsService.getCatalogUserDetails() == null) {
            LOGGER.error("Anonymous users are not allowed to {} resources of type {}", accessControlContext.getAction().name(), accessControlContext.getResourceClass().getName());
            throw new NotAllowedActionException();
        }
        CatalogUserDetails catalogUserDetails = this.userDetailsService.getCatalogUserDetails();
        ActionGrant[] grants = this.aclRepository.getGrants(accessControlContext.getResourceClass(), catalogUserDetails.isSuperAdminUser() ? "SA" : catalogUserDetails.isAdminUser() ? "A" : "U");
        if (!SentiloUtils.arrayIsEmpty(grants) && checkGrants(grants, catalogUserDetails, accessControlContext) && checkUser(catalogUserDetails, accessControlContext)) {
            return;
        }
        LOGGER.error("User {} is not allowed to {} resources of type {} ", catalogUserDetails.getUsername(), accessControlContext.getAction().name(), accessControlContext.getResourceClass().getName());
        throw new NotAllowedActionException();
    }

    private boolean checkUser(CatalogUserDetails catalogUserDetails, AccessControlContext accessControlContext) {
        if ((accessControlContext.getResource() instanceof User) && catalogUserDetails.isUser()) {
            return ((User) accessControlContext.getResource()).getUserName().equals(catalogUserDetails.getUsername());
        }
        return true;
    }

    private boolean checkGrants(ActionGrant[] actionGrantArr, CatalogUserDetails catalogUserDetails, AccessControlContext accessControlContext) {
        boolean z = false;
        int findTenantsLink = (catalogUserDetails.isSuperAdminUser() || !TenantContextHolder.isEnabled()) ? 2 : findTenantsLink(catalogUserDetails.getTenantId(), accessControlContext);
        for (ActionGrant actionGrant : actionGrantArr) {
            z |= checkGrant(actionGrant, accessControlContext.getAction(), findTenantsLink);
        }
        return z;
    }

    private boolean checkGrant(ActionGrant actionGrant, ActionType actionType, int i) {
        return actionGrant.isActionAllowed(actionType.getCode(), i);
    }

    private int findTenantsLink(String str, AccessControlContext accessControlContext) {
        int findTenantsLinkForAdminAction;
        getDefaultTenantsLink();
        switch (accessControlContext.getAction()) {
            case LIST:
            case CREATE:
                findTenantsLinkForAdminAction = getDefaultTenantsLink();
                break;
            case SAVE_NEW:
                findTenantsLinkForAdminAction = str.equals(getResourceTenant(accessControlContext.getResource())) ? 0 : getDefaultTenantsLink();
                break;
            case SAVE:
            case EDIT:
            case READ:
            case DELETE:
                findTenantsLinkForAdminAction = findTenantsLinkForAdminAction(str, accessControlContext);
                break;
            default:
                throw new IllegalArgumentException("Unknown action type");
        }
        return findTenantsLinkForAdminAction;
    }

    private int getDefaultTenantsLink() {
        return 2;
    }

    private int findTenantsLinkForAdminAction(String str, AccessControlContext accessControlContext) {
        int defaultTenantsLink = getDefaultTenantsLink();
        if (accessControlContext.getResource() instanceof TenantResource) {
            TenantResource tenantResource = (TenantResource) accessControlContext.getService().findAndThrowErrorIfNotExist(accessControlContext.getResource());
            if (str.equals(tenantResource.getTenantId())) {
                defaultTenantsLink = 0;
            } else if (tenantResource.getTenantsAuth().contains(str)) {
                defaultTenantsLink = 1;
            }
        } else if (accessControlContext.getResource() instanceof Tenant) {
            defaultTenantsLink = str.equals(accessControlContext.getResource().getId()) ? 0 : 2;
        }
        return defaultTenantsLink;
    }

    private String getResourceTenant(CatalogDocument catalogDocument) {
        return catalogDocument instanceof TenantResource ? ((TenantResource) catalogDocument).getTenantId() : catalogDocument.getId();
    }
}
