package ome.security.basic;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import ome.model.enums.AdminPrivilege;
import ome.model.internal.NamedValue;
import ome.model.meta.Experimenter;
import ome.model.meta.Session;
import ome.system.Roles;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ome/security/basic/LightAdminPrivileges.class */
public class LightAdminPrivileges {
    private static final Logger LOGGER = LoggerFactory.getLogger(LightAdminPrivileges.class);
    private static final String USER_CONFIG_NAME_PREFIX = AdminPrivilege.class.getSimpleName() + ':';
    private static final ImmutableSet<AdminPrivilege> ADMIN_PRIVILEGES;
    private static final ImmutableMap<String, AdminPrivilege> ADMIN_PRIVILEGES_BY_VALUE;
    private final long rootId;
    private final LoadingCache<SessionEqualById, ImmutableSet<AdminPrivilege>> PRIVILEGE_CACHE = CacheBuilder.newBuilder().expireAfterWrite(1, TimeUnit.MINUTES).build(new CacheLoader<SessionEqualById, ImmutableSet<AdminPrivilege>>() { // from class: ome.security.basic.LightAdminPrivileges.1
        public ImmutableSet<AdminPrivilege> load(SessionEqualById sessionEqualById) {
            try {
                return LightAdminPrivileges.this.getPrivileges(sessionEqualById.session);
            } catch (Throwable th) {
                LightAdminPrivileges.LOGGER.error("failed to check permissions for session #" + sessionEqualById.sessionId, th);
                throw th;
            }
        }
    });

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ome/security/basic/LightAdminPrivileges$SessionEqualById.class */
    public static final class SessionEqualById {
        private final Session session;
        private final Long sessionId;

        private SessionEqualById(Session session) {
            this.session = session;
            this.sessionId = session.getId();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj instanceof SessionEqualById) {
                return this.sessionId.equals(((SessionEqualById) obj).sessionId);
            }
            return false;
        }

        public int hashCode() {
            return Objects.hash(getClass(), this.sessionId);
        }
    }

    public static ImmutableSet<AdminPrivilege> getAllPrivileges() {
        return ADMIN_PRIVILEGES;
    }

    public AdminPrivilege getPrivilegeForConfigName(String str) {
        if (str.startsWith(USER_CONFIG_NAME_PREFIX)) {
            return getPrivilege(str.substring(USER_CONFIG_NAME_PREFIX.length()));
        }
        return null;
    }

    public String getConfigNameForPrivilege(AdminPrivilege adminPrivilege) {
        return USER_CONFIG_NAME_PREFIX + adminPrivilege.getValue();
    }

    public AdminPrivilege getPrivilege(String str) {
        AdminPrivilege adminPrivilege = (AdminPrivilege) ADMIN_PRIVILEGES_BY_VALUE.get(str);
        if (adminPrivilege != null) {
            return adminPrivilege;
        }
        if (!LOGGER.isDebugEnabled()) {
            return null;
        }
        LOGGER.debug("checked for unknown privilege " + str);
        return null;
    }

    public ImmutableSet<AdminPrivilege> getSessionPrivileges(Session session) {
        return getSessionPrivileges(session, true);
    }

    private ImmutableSet<AdminPrivilege> getSessionPrivileges(Session session, boolean z) {
        SessionEqualById sessionEqualById = new SessionEqualById(session);
        try {
            if (z) {
                return (ImmutableSet) this.PRIVILEGE_CACHE.get(sessionEqualById);
            }
            ImmutableSet<AdminPrivilege> immutableSet = (ImmutableSet) this.PRIVILEGE_CACHE.getIfPresent(sessionEqualById);
            return immutableSet != null ? immutableSet : getPrivileges(session);
        } catch (ExecutionException e) {
            LOGGER.warn("failed to check privileges for session " + session.getId(), e.getCause());
            return ImmutableSet.of();
        }
    }

    public LightAdminPrivileges(Roles roles) {
        this.rootId = roles.getRootId();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ImmutableSet<AdminPrivilege> getPrivileges(Session session) {
        HashSet hashSet = new HashSet((Collection) getAllPrivileges());
        removeUserPrivileges(session.getSudoer(), hashSet);
        removeUserPrivileges(session.getOwner(), hashSet);
        return ImmutableSet.copyOf(hashSet);
    }

    private void removeUserPrivileges(Experimenter experimenter, Set<AdminPrivilege> set) {
        if (experimenter == null || experimenter.getId().longValue() == this.rootId) {
            return;
        }
        List<NamedValue> config = experimenter.getConfig();
        if (CollectionUtils.isNotEmpty(config)) {
            for (NamedValue namedValue : config) {
                if (!Boolean.parseBoolean(namedValue.getValue())) {
                    String name = namedValue.getName();
                    if (name.startsWith(USER_CONFIG_NAME_PREFIX)) {
                        set.remove(ADMIN_PRIVILEGES_BY_VALUE.get(name.substring(USER_CONFIG_NAME_PREFIX.length())));
                    }
                }
            }
        }
    }

    static {
        ImmutableSet of = ImmutableSet.of("Chgrp", "Chown", "DeleteFile", "DeleteManagedRepo", "DeleteOwned", "DeleteScriptRepo", new String[]{"ModifyGroup", "ModifyGroupMembership", "ModifyUser", "ReadSession", "Sudo", "WriteFile", "WriteManagedRepo", "WriteOwned", "WriteScriptRepo"});
        ImmutableMap.Builder builder = ImmutableMap.builder();
        UnmodifiableIterator it = of.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            builder.put(str, new AdminPrivilege(str));
        }
        ADMIN_PRIVILEGES_BY_VALUE = builder.build();
        ADMIN_PRIVILEGES = ImmutableSet.copyOf(ADMIN_PRIVILEGES_BY_VALUE.values());
    }
}
