package edu.stanford.protege.webprotege.authorization;

import edu.stanford.protege.webprotege.common.ProjectId;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.data.mongodb.core.query.Update;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/edu/stanford/protege/webprotege/authorization/AccessManagerImpl.class */
public class AccessManagerImpl implements AccessManager {
    private final RoleOracle roleOracle;
    private final MongoTemplate mongoTemplate;

    public AccessManagerImpl(RoleOracle roleOracle, MongoTemplate mongoTemplate) {
        this.roleOracle = roleOracle;
        this.mongoTemplate = mongoTemplate;
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public void setAssignedRoles(@Nonnull Subject subject, @Nonnull Resource resource, @Nonnull Collection<RoleId> collection) {
        RoleAssignment roleAssignment = new RoleAssignment(toUserName(subject), toProjectId(resource), (List) collection.stream().map((v0) -> {
            return v0.id();
        }).collect(Collectors.toList()), getRoleClosure(collection), getActionClosure(collection));
        this.mongoTemplate.remove(withUserAndTarget(subject, resource), RoleAssignment.class);
        this.mongoTemplate.save(roleAssignment);
    }

    private List<String> getActionClosure(@Nonnull Collection<RoleId> collection) {
        return (List) collection.stream().flatMap(roleId -> {
            return this.roleOracle.getRoleClosure(roleId).stream();
        }).flatMap(role -> {
            return role.actions().stream();
        }).map((v0) -> {
            return v0.id();
        }).sorted().collect(Collectors.toList());
    }

    private List<String> getRoleClosure(@Nonnull Collection<RoleId> collection) {
        return (List) collection.stream().flatMap(roleId -> {
            return this.roleOracle.getRoleClosure(roleId).stream();
        }).map(role -> {
            return role.roleId().id();
        }).collect(Collectors.toList());
    }

    private Query withUserAndTarget(Subject subject, Resource resource) {
        return Query.query(Criteria.where(RoleAssignment.USER_NAME).is(toUserName(subject))).addCriteria(Criteria.where(RoleAssignment.PROJECT_ID).is(toProjectId(resource)));
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    @Nonnull
    public Collection<RoleId> getAssignedRoles(@Nonnull Subject subject, @Nonnull Resource resource) {
        return (Collection) this.mongoTemplate.find(withUserAndTarget(subject, resource), RoleAssignment.class).stream().flatMap(roleAssignment -> {
            return roleAssignment.getAssignedRoles().stream();
        }).map(RoleId::new).distinct().collect(Collectors.toList());
    }

    private Query withUserOrAnyUserAndTarget(Subject subject, Resource resource) {
        String userName = toUserName(subject);
        Query query = Query.query(Criteria.where(RoleAssignment.PROJECT_ID).is(toProjectId(resource)));
        if (subject.isGuest()) {
            query.addCriteria(Criteria.where(RoleAssignment.USER_NAME).is(userName));
        } else {
            query.addCriteria(Criteria.where(RoleAssignment.USER_NAME).in(userName, null));
        }
        return query;
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    @Nonnull
    public Collection<RoleId> getRoleClosure(@Nonnull Subject subject, @Nonnull Resource resource) {
        return (Collection) this.mongoTemplate.find(withUserOrAnyUserAndTarget(subject, resource), RoleAssignment.class).stream().flatMap(roleAssignment -> {
            return roleAssignment.getRoleClosure().stream();
        }).distinct().map(RoleId::new).collect(Collectors.toList());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    @Nonnull
    public Set<ActionId> getActionClosure(@Nonnull Subject subject, @Nonnull Resource resource) {
        return (Set) this.mongoTemplate.find(withUserOrAnyUserAndTarget(subject, resource), RoleAssignment.class).stream().flatMap(roleAssignment -> {
            return roleAssignment.getActionClosure().stream();
        }).map(ActionId::new).collect(Collectors.toSet());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public boolean hasPermission(@Nonnull Subject subject, @Nonnull Resource resource, @Nonnull ActionId actionId) {
        return this.mongoTemplate.count(withUserOrAnyUserAndTarget(subject, resource).addCriteria(Criteria.where(RoleAssignment.ACTION_CLOSURE).is(actionId.id())).limit(1), RoleAssignment.class) == 1;
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public boolean hasPermission(@Nonnull Subject subject, @Nonnull Resource resource, @Nonnull BuiltInAction builtInAction) {
        return hasPermission(subject, resource, builtInAction.getActionId());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public Collection<Subject> getSubjectsWithAccessToResource(Resource resource) {
        return getSubjectsWithAccessToResource(resource, Optional.empty());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public Collection<Subject> getSubjectsWithAccessToResource(Resource resource, ActionId actionId) {
        return getSubjectsWithAccessToResource(resource, Optional.of(actionId));
    }

    private Collection<Subject> getSubjectsWithAccessToResource(Resource resource, Optional<ActionId> optional) {
        Query query = Query.query(Criteria.where(RoleAssignment.PROJECT_ID).is(toProjectId(resource)));
        optional.ifPresent(actionId -> {
            query.addCriteria(Criteria.where(RoleAssignment.ACTION_CLOSURE).in(actionId.toString()));
        });
        return (Collection) this.mongoTemplate.find(query, RoleAssignment.class).stream().map(roleAssignment -> {
            Optional<String> userName = roleAssignment.getUserName();
            return userName.isPresent() ? Subject.forUser(userName.get()) : Subject.forAnySignedInUser();
        }).collect(Collectors.toList());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public Collection<Resource> getResourcesAccessibleToSubject(Subject subject, ActionId actionId) {
        return (Collection) this.mongoTemplate.find(Query.query(Criteria.where(RoleAssignment.USER_NAME).is(toUserName(subject)).and(RoleAssignment.ACTION_CLOSURE).is(actionId.id())), RoleAssignment.class).stream().map(roleAssignment -> {
            Optional<String> projectId = roleAssignment.getProjectId();
            return projectId.isPresent() ? new ProjectResource(new ProjectId(projectId.get())) : ApplicationResource.get();
        }).collect(Collectors.toList());
    }

    @Override // edu.stanford.protege.webprotege.authorization.AccessManager
    public void rebuild() {
        this.mongoTemplate.find(new Query(), RoleAssignment.class).forEach(roleAssignment -> {
            List list = (List) roleAssignment.getAssignedRoles().stream().map(RoleId::new).collect(Collectors.toList());
            List<String> roleClosure = getRoleClosure(list);
            List<String> actionClosure = getActionClosure(list);
            this.mongoTemplate.updateMulti(Query.query(Criteria.where(RoleAssignment.USER_NAME).is(roleAssignment.getUserName().orElse(null)).and(RoleAssignment.PROJECT_ID).is(roleAssignment.getProjectId().orElse(null))), new Update().set(RoleAssignment.ACTION_CLOSURE, actionClosure).set(RoleAssignment.ROLE_CLOSURE, roleClosure), RoleAssignment.class);
        });
    }

    @Nullable
    private static String toUserName(@Nonnull Subject subject) {
        return subject.getUserName().orElse(null);
    }

    @Nullable
    private static String toProjectId(Resource resource) {
        return (String) resource.getProjectId().map((v0) -> {
            return v0.id();
        }).orElse(null);
    }
}
