package org.openfact.services.security;

import java.util.List;
import java.util.function.BiFunction;
import java.util.stream.Stream;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.ForbiddenException;
import org.openfact.models.AdminRoles;
import org.openfact.models.OpenfactSession;
import org.openfact.models.OrganizationModel;
import org.openfact.models.OrganizationProvider;
import org.openfact.provider.SingleProviderType;
import org.openfact.services.resource.security.ClientUser;
import org.openfact.services.resource.security.OrganizationAuth;
import org.openfact.services.resource.security.Resource;
import org.openfact.services.resource.security.SecurityContextProvider;

@SingleProviderType(provider = "restSecurity", value = "basic")
@Stateless
/* loaded from: input_file:org/openfact/services/security/BasicSecurityContextProvider.class */
public class BasicSecurityContextProvider implements SecurityContextProvider {

    @Inject
    private OrganizationProvider organizationProvider;
    private static BiFunction<HttpServletRequest, String, Boolean> checkHasRole = (httpServletRequest, str) -> {
        return Boolean.valueOf(Stream.of(str).filter(str -> {
            return httpServletRequest.isUserInRole(str);
        }).findAny().isPresent());
    };
    private static BiFunction<HttpServletRequest, String[], Boolean> checkHasOneRole = (httpServletRequest, strArr) -> {
        return Boolean.valueOf(Stream.of((Object[]) strArr).anyMatch(str -> {
            return httpServletRequest.isUserInRole(str);
        }));
    };

    /* loaded from: input_file:org/openfact/services/security/BasicSecurityContextProvider$DefaultOrganizationAuth.class */
    public class DefaultOrganizationAuth implements OrganizationAuth {
        private final HttpServletRequest httpServletRequest;
        private Resource resource;

        public DefaultOrganizationAuth(HttpServletRequest httpServletRequest, Resource resource) {
            this.httpServletRequest = httpServletRequest;
            this.resource = resource;
        }

        public void init(Resource resource) {
            this.resource = resource;
        }

        public void requireAny() {
            if (!((Boolean) BasicSecurityContextProvider.checkHasOneRole.apply(this.httpServletRequest, AdminRoles.ALL_ORGANIZATION_ROLES)).booleanValue()) {
                throw new ForbiddenException();
            }
        }

        public boolean hasView() {
            return ((Boolean) BasicSecurityContextProvider.checkHasRole.apply(this.httpServletRequest, AdminRoles.getViewRole(this.resource))).booleanValue();
        }

        public boolean hasManage() {
            return ((Boolean) BasicSecurityContextProvider.checkHasRole.apply(this.httpServletRequest, AdminRoles.getManageRole(this.resource))).booleanValue();
        }

        public void requireView() {
            if (!hasView()) {
                throw new ForbiddenException();
            }
        }

        public void requireManage() {
            if (!hasManage()) {
                throw new ForbiddenException();
            }
        }
    }

    public List<OrganizationModel> getPermittedOrganizations(OpenfactSession openfactSession) {
        return this.organizationProvider.getOrganizations();
    }

    public ClientUser getClientUser(OpenfactSession openfactSession) {
        final HttpServletRequest httpServletRequest = (HttpServletRequest) openfactSession.getContext().getContextObject(HttpServletRequest.class);
        return new ClientUser() { // from class: org.openfact.services.security.BasicSecurityContextProvider.1
            public String getUsername() {
                return httpServletRequest.getUserPrincipal().getName();
            }

            public boolean hasOrganizationRole(String str) {
                return ((Boolean) BasicSecurityContextProvider.checkHasRole.apply(httpServletRequest, str)).booleanValue();
            }

            public boolean hasOneOfOrganizationRole(String... strArr) {
                return ((Boolean) BasicSecurityContextProvider.checkHasOneRole.apply(httpServletRequest, strArr)).booleanValue();
            }

            public boolean hasAppRole(String str) {
                return ((Boolean) BasicSecurityContextProvider.checkHasRole.apply(httpServletRequest, str)).booleanValue();
            }

            public boolean hasOneOfAppRole(String... strArr) {
                return ((Boolean) BasicSecurityContextProvider.checkHasOneRole.apply(httpServletRequest, strArr)).booleanValue();
            }

            public OrganizationAuth organizationAuth(Resource resource) {
                return new DefaultOrganizationAuth(httpServletRequest, resource);
            }
        };
    }
}
