package org.apache.rave.portal.security.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import org.apache.rave.model.Page;
import org.apache.rave.model.PageUser;
import org.apache.rave.model.Region;
import org.apache.rave.model.User;
import org.apache.rave.portal.repository.RegionRepository;
import org.apache.rave.portal.repository.UserRepository;
import org.apache.rave.portal.security.ModelPermissionEvaluator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/rave-core-0.21.1.jar:org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.class */
public class DefaultRegionPermissionEvaluator extends AbstractModelPermissionEvaluator<Region> {
    private Logger log = LoggerFactory.getLogger(getClass());
    private RegionRepository regionRepository;
    private UserRepository userRepository;

    @Autowired
    public DefaultRegionPermissionEvaluator(RegionRepository regionRepository, UserRepository userRepository) {
        this.regionRepository = regionRepository;
        this.userRepository = userRepository;
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public Class<Region> getType() {
        return Region.class;
    }

    @Override // org.apache.rave.portal.security.impl.AbstractModelPermissionEvaluator, org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, Region region, ModelPermissionEvaluator.Permission permission) {
        return hasPermission(authentication, region, permission, false);
    }

    @Override // org.apache.rave.portal.security.ModelPermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, ModelPermissionEvaluator.Permission permission) {
        return serializable instanceof RaveSecurityContext ? verifyRaveSecurityContext(authentication, (RaveSecurityContext) serializable) : hasPermission(authentication, this.regionRepository.get((String) serializable), permission, true);
    }

    private boolean hasPermission(Authentication authentication, Region region, ModelPermissionEvaluator.Permission permission, boolean z) {
        ArrayList arrayList = new ArrayList();
        if (super.hasPermission(authentication, (Authentication) region, permission)) {
            return true;
        }
        boolean z2 = false;
        switch (permission) {
            case ADMINISTER:
                break;
            case CREATE:
            case DELETE:
            case UPDATE:
                z2 = isRegionOwner(authentication, region, arrayList, z) || isRegionMember(authentication, region, arrayList, z, true);
                break;
            case READ:
                z2 = isRegionOwner(authentication, region, arrayList, z) || isRegionMember(authentication, region, arrayList, z, false);
                break;
            default:
                this.log.warn("unknown permission: " + permission);
                break;
        }
        return z2;
    }

    private Region getTrustedRegion(String str, List<Region> list) {
        Region region;
        if (list.isEmpty()) {
            region = this.regionRepository.get(str);
            list.add(region);
        } else {
            region = list.get(0);
        }
        return region;
    }

    private boolean isRegionOwner(Authentication authentication, Region region, List<Region> list, boolean z) {
        return isRegionOwnerByUserId(authentication, (z ? region : getTrustedRegion(region.getId(), list)).getPage().getOwnerId());
    }

    private boolean isRegionOwnerByUserId(Authentication authentication, String str) {
        return ((User) authentication.getPrincipal()).getId().equals(str);
    }

    private boolean isRegionOwnerById(Authentication authentication, String str) {
        return ((User) authentication.getPrincipal()).getId().equals(str);
    }

    private boolean verifyRaveSecurityContext(Authentication authentication, RaveSecurityContext raveSecurityContext) {
        try {
            if (User.class == Class.forName(raveSecurityContext.getType())) {
                return isRegionOwnerById(authentication, (String) raveSecurityContext.getId());
            }
            throw new IllegalArgumentException("unknown RaveSecurityContext type: " + raveSecurityContext.getType());
        } catch (ClassNotFoundException e) {
            throw new IllegalArgumentException("unknown class specified in RaveSecurityContext: ", e);
        }
    }

    private boolean isRegionMember(Authentication authentication, Region region, List<Region> list, boolean z, boolean z2) {
        Page page = (z ? region : getTrustedRegion(region.getId(), list)).getPage();
        if (page.getMembers() == null) {
            return false;
        }
        String username = ((User) authentication.getPrincipal()).getUsername();
        for (PageUser pageUser : page.getMembers()) {
            if (this.userRepository.get(pageUser.getUserId()).getUsername().equals(username)) {
                this.log.info("User " + username + " is a member of page " + page.getId());
                if (z2) {
                    return pageUser.isEditor();
                }
                return true;
            }
        }
        return false;
    }
}
