package org.duracloud.security.vote;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.duracloud.common.constant.Constants;
import org.duracloud.common.model.AclType;
import org.duracloud.security.domain.HttpVerb;
import org.duracloud.security.util.SecurityUtil;
import org.duracloud.storage.domain.StorageAccount;
import org.duracloud.storage.domain.StorageProviderType;
import org.duracloud.storage.error.NotFoundException;
import org.duracloud.storage.util.StorageProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;

/* loaded from: input_file:WEB-INF/lib/security-6.1.1.jar:org/duracloud/security/vote/SpaceWriteAccessVoter.class */
public class SpaceWriteAccessVoter extends SpaceAccessVoter {
    private final Logger log;

    public SpaceWriteAccessVoter(StorageProviderFactory storageProviderFactory, UserDetailsService userDetailsService) {
        super(storageProviderFactory, userDetailsService);
        this.log = LoggerFactory.getLogger(SpaceReadAccessVoter.class);
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public int vote(Authentication authentication, Object obj, Collection collection) {
        if (obj != null && !supports(obj.getClass())) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 0));
            return 0;
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest(obj);
        if (null == httpServletRequest) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        HttpVerb httpVerb = getHttpVerb(httpServletRequest);
        if (null == httpVerb) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (httpVerb.isRead()) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 0));
            return 0;
        }
        if (authentication instanceof AnonymousAuthenticationToken) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (isRoot(authentication)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 1));
            return 1;
        }
        if (isTask(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 1));
            return 1;
        }
        if (isSnapshotMetadataSpace(httpServletRequest) && isDeleteAction(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (isSnapshotInProgress(httpServletRequest) && !isSpaceAclUpdate(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (isAdmin(authentication.getName())) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 1));
            return 1;
        }
        if (isSpaceCreation(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (isSpaceDeletion(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        if (isSpaceAclUpdate(httpServletRequest)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
            return -1;
        }
        Map<String, AclType> spaceACLs = getSpaceACLs(httpServletRequest);
        if (hasWriteAccess(authentication.getName(), spaceACLs)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 1));
            return 1;
        }
        if (groupsHaveWriteAccess(getUserGroups(authentication), spaceACLs)) {
            this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, 1));
            return 1;
        }
        this.log.debug(VoterUtil.debugText("SpaceWriteAccessVoterImpl", authentication, collection, obj, -1));
        return -1;
    }

    private boolean isTask(HttpServletRequest httpServletRequest) {
        return "task".equals(getSpaceId(httpServletRequest));
    }

    private boolean isRoot(Authentication authentication) {
        return SecurityUtil.isRoot(authentication);
    }

    private boolean isSnapshotInProgress(HttpServletRequest httpServletRequest) {
        String storeId = getStoreId(httpServletRequest);
        StorageProviderFactory storageProviderFactory = getStorageProviderFactory();
        List<StorageAccount> storageAccounts = storageProviderFactory.getStorageAccounts();
        if (storeId == null) {
            Iterator<StorageAccount> it = storageAccounts.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                StorageAccount next = it.next();
                if (next.isPrimary()) {
                    storeId = next.getId();
                    break;
                }
            }
        }
        for (StorageAccount storageAccount : storageAccounts) {
            if (storageAccount.getId().equals(storeId)) {
                if (!storageAccount.getType().equals(StorageProviderType.CHRONOPOLIS)) {
                    return false;
                }
                try {
                    return storageProviderFactory.getStorageProvider(storeId).getSpaceProperties(getSpaceId(httpServletRequest)).containsKey(Constants.SNAPSHOT_ID_PROP);
                } catch (NotFoundException e) {
                    return false;
                }
            }
        }
        return false;
    }

    private boolean isSpaceCreation(HttpServletRequest httpServletRequest) {
        return HttpVerb.PUT.equals(getHttpVerb(httpServletRequest)) && !hasContentId(httpServletRequest);
    }

    private boolean isSpaceDeletion(HttpServletRequest httpServletRequest) {
        return HttpVerb.DELETE.equals(getHttpVerb(httpServletRequest)) && !hasContentId(httpServletRequest);
    }

    private boolean isSpaceAclUpdate(HttpServletRequest httpServletRequest) {
        if (!HttpVerb.POST.equals(getHttpVerb(httpServletRequest))) {
            return false;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        return pathInfo.startsWith("/acl/") || pathInfo.startsWith("acl/");
    }

    private boolean isDeleteAction(HttpServletRequest httpServletRequest) {
        return HttpVerb.DELETE.equals(getHttpVerb(httpServletRequest));
    }
}
