package ome.security.sharing;

import java.util.Set;
import ome.conditions.SecurityViolation;
import ome.model.IObject;
import ome.model.internal.Details;
import ome.model.internal.Permissions;
import ome.security.ACLVoter;
import ome.security.SystemTypes;
import ome.security.basic.CurrentDetails;
import ome.security.basic.TokenHolder;
import ome.services.sharing.ShareStore;
import org.hibernate.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:ome/security/sharing/SharingACLVoter.class */
public class SharingACLVoter implements ACLVoter {
    private static final Logger log = LoggerFactory.getLogger(SharingACLVoter.class);
    private final SystemTypes sysTypes;
    private final ShareStore store;
    private final CurrentDetails cd;
    private final TokenHolder tokenHolder;

    public SharingACLVoter(CurrentDetails currentDetails, SystemTypes systemTypes, ShareStore shareStore, TokenHolder tokenHolder) {
        this.tokenHolder = tokenHolder;
        this.sysTypes = systemTypes;
        this.store = shareStore;
        this.cd = currentDetails;
    }

    @Override // ome.security.ACLVoter
    public boolean allowChmod(IObject iObject) {
        return false;
    }

    @Override // ome.security.ACLVoter
    public boolean allowLoad(Session session, Class<? extends IObject> cls, Details details, long j) {
        Assert.notNull(cls);
        if (details == null || this.sysTypes.isSystemType(cls) || this.sysTypes.isInSystemGroup(details)) {
            return true;
        }
        return this.store.contains(this.cd.getCurrentEventContext().getCurrentShareId().longValue(), cls, j);
    }

    @Override // ome.security.ACLVoter
    public void throwLoadViolation(IObject iObject) throws SecurityViolation {
        Assert.notNull(iObject);
        throw new SecurityViolation(iObject + " not contained in share");
    }

    @Override // ome.security.ACLVoter
    public boolean allowCreation(IObject iObject) {
        return this.tokenHolder.hasPrivilegedToken(iObject);
    }

    @Override // ome.security.ACLVoter
    public void throwCreationViolation(IObject iObject) throws SecurityViolation {
        throwDisabled("Creation");
    }

    @Override // ome.security.ACLVoter
    public boolean allowAnnotate(IObject iObject, Details details) {
        return false;
    }

    @Override // ome.security.ACLVoter
    public boolean allowUpdate(IObject iObject, Details details) {
        return false;
    }

    @Override // ome.security.ACLVoter
    public void throwUpdateViolation(IObject iObject) throws SecurityViolation {
        throwDisabled("Update");
    }

    @Override // ome.security.ACLVoter
    public boolean allowDelete(IObject iObject, Details details) {
        return false;
    }

    @Override // ome.security.ACLVoter
    public void throwDeleteViolation(IObject iObject) throws SecurityViolation {
        throwDisabled("Delete");
    }

    @Override // ome.security.ACLVoter
    public Set<String> restrictions(IObject iObject) {
        return null;
    }

    @Override // ome.security.ACLVoter
    public void postProcess(IObject iObject) {
        if (iObject == null || !iObject.isLoaded()) {
            return;
        }
        Details details = iObject.getDetails();
        Permissions permissions = new Permissions(details.getPermissions());
        permissions.copyRestrictions(0, (Set) null);
        details.setPermissions(permissions);
    }

    protected void throwDisabled(String str) {
        throw new SecurityViolation(str + " is not allowed while in share.");
    }

    private Long group(Details details) {
        if (details == null || details.getGroup() == null) {
            return null;
        }
        return details.getGroup().getId();
    }
}
