package org.apache.rave.portal.security.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import org.apache.rave.portal.model.User;
import org.apache.rave.portal.model.WidgetTag;
import org.apache.rave.portal.repository.WidgetTagRepository;
import org.apache.rave.portal.security.ModelPermissionEvaluator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/rave-core-0.15.jar:org/apache/rave/portal/security/impl/DefaultWidgetTagPermissionEvaluator.class */
public class DefaultWidgetTagPermissionEvaluator extends AbstractModelPermissionEvaluator<WidgetTag> {
    private Logger log = LoggerFactory.getLogger(getClass());
    private WidgetTagRepository widgetTagRepository;

    @Autowired
    public DefaultWidgetTagPermissionEvaluator(WidgetTagRepository widgetTagRepository) {
        this.widgetTagRepository = widgetTagRepository;
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public Class<WidgetTag> getType() {
        return WidgetTag.class;
    }

    @Override // org.apache.rave.portal.security.impl.AbstractModelPermissionEvaluator, org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, WidgetTag widgetTag, ModelPermissionEvaluator.Permission permission) {
        return hasPermission(authentication, widgetTag, permission, false);
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, ModelPermissionEvaluator.Permission permission) {
        return serializable instanceof RaveSecurityContext ? verifyRaveSecurityContext(authentication, (RaveSecurityContext) serializable, permission) : hasPermission(authentication, this.widgetTagRepository.get(((Long) serializable).longValue()), permission, true);
    }

    private boolean hasPermission(Authentication authentication, WidgetTag widgetTag, ModelPermissionEvaluator.Permission permission, boolean z) {
        ArrayList arrayList = new ArrayList();
        if (super.hasPermission(authentication, (Authentication) widgetTag, permission)) {
            return true;
        }
        boolean z2 = false;
        switch (permission) {
            case ADMINISTER:
                break;
            case READ:
                z2 = true;
                break;
            case CREATE:
                z2 = isWidgetTagOwnerById(authentication, widgetTag.getUser().getId());
                break;
            case DELETE:
            case UPDATE:
                z2 = isWidgetTagOwner(authentication, widgetTag, arrayList, z);
                break;
            default:
                this.log.warn("unknown permission: " + permission);
                break;
        }
        return z2;
    }

    private boolean verifyRaveSecurityContext(Authentication authentication, RaveSecurityContext raveSecurityContext, ModelPermissionEvaluator.Permission permission) {
        try {
            if (WidgetTag.class != Class.forName(raveSecurityContext.getType())) {
                throw new IllegalArgumentException("unknown RaveSecurityContext type: " + raveSecurityContext.getType());
            }
            boolean z = false;
            switch (permission) {
                case ADMINISTER:
                    break;
                case READ:
                    z = true;
                    break;
                case CREATE:
                case DELETE:
                case UPDATE:
                    z = isWidgetTagOwnerById(authentication, (Long) raveSecurityContext.getId());
                    break;
                default:
                    this.log.warn("unknown permission: " + permission);
                    break;
            }
            return z;
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException("unknown class specified in RaveSecurityContext: ", e);
        }
    }

    private boolean isWidgetTagOwner(Authentication authentication, WidgetTag widgetTag, List<WidgetTag> list, boolean z) {
        return isWidgetTagOwnerByUsername(authentication, (z ? widgetTag : getTrustedWidgetTag(widgetTag.getWidgetId().longValue(), widgetTag.getTag().getKeyword(), list)).getUser().getUsername());
    }

    private WidgetTag getTrustedWidgetTag(long j, String str, List<WidgetTag> list) {
        WidgetTag widgetTag;
        if (list.isEmpty()) {
            widgetTag = this.widgetTagRepository.getByWidgetIdAndTag(Long.valueOf(j), str);
            list.add(widgetTag);
        } else {
            widgetTag = list.get(0);
        }
        return widgetTag;
    }

    private boolean isWidgetTagOwnerByUsername(Authentication authentication, String str) {
        return ((User) authentication.getPrincipal()).getUsername().equals(str);
    }

    private boolean isWidgetTagOwnerById(Authentication authentication, Long l) {
        return ((User) authentication.getPrincipal()).getId().equals(l);
    }
}
