package org.apache.rave.portal.security.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import org.apache.rave.portal.model.Category;
import org.apache.rave.portal.model.User;
import org.apache.rave.portal.repository.CategoryRepository;
import org.apache.rave.portal.security.ModelPermissionEvaluator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/rave-core-0.15.jar:org/apache/rave/portal/security/impl/DefaultCategoryPermissionEvaluator.class */
public class DefaultCategoryPermissionEvaluator extends AbstractModelPermissionEvaluator<Category> {
    private Logger log = LoggerFactory.getLogger(getClass());
    private CategoryRepository categoryRepository;

    @Autowired
    public DefaultCategoryPermissionEvaluator(CategoryRepository categoryRepository) {
        this.categoryRepository = categoryRepository;
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public Class<Category> getType() {
        return Category.class;
    }

    @Override // org.apache.rave.portal.security.impl.AbstractModelPermissionEvaluator, org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, Category category, ModelPermissionEvaluator.Permission permission) {
        return hasPermission(authentication, category, permission, false);
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, ModelPermissionEvaluator.Permission permission) {
        return serializable instanceof RaveSecurityContext ? verifyRaveSecurityContext(authentication, (RaveSecurityContext) serializable) : hasPermission(authentication, this.categoryRepository.get(((Long) serializable).longValue()), permission, true);
    }

    private boolean hasPermission(Authentication authentication, Category category, ModelPermissionEvaluator.Permission permission, boolean z) {
        new ArrayList();
        if (super.hasPermission(authentication, (Authentication) category, permission)) {
            return true;
        }
        boolean z2 = false;
        switch (permission) {
            case READ:
                z2 = true;
                break;
            case ADMINISTER:
            case CREATE:
            case DELETE:
            case UPDATE:
                break;
            default:
                this.log.warn("unknown permission: " + permission);
                break;
        }
        return z2;
    }

    private Category getTrustedCategory(long j, List<Category> list) {
        Category category;
        if (list.isEmpty()) {
            category = this.categoryRepository.get(j);
            list.add(category);
        } else {
            category = list.get(0);
        }
        return category;
    }

    private boolean isCategoryCreatedUser(Authentication authentication, Category category, List<Category> list, boolean z) {
        return isCategoryCreatedUserByUsername(authentication, (z ? category : getTrustedCategory(category.getId().longValue(), list)).getCreatedUser().getUsername());
    }

    private boolean isCategoryCreatedUserByUsername(Authentication authentication, String str) {
        return ((User) authentication.getPrincipal()).getUsername().equals(str);
    }

    private boolean isCategoryCreatedUserById(Authentication authentication, Long l) {
        return ((User) authentication.getPrincipal()).getId().equals(l);
    }

    private boolean verifyRaveSecurityContext(Authentication authentication, RaveSecurityContext raveSecurityContext) {
        try {
            if (User.class == Class.forName(raveSecurityContext.getType())) {
                return isCategoryCreatedUserById(authentication, (Long) raveSecurityContext.getId());
            }
            throw new IllegalArgumentException("unknown RaveSecurityContext type: " + raveSecurityContext.getType());
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException("unknown class specified in RaveSecurityContext: ", e);
        }
    }
}
