package org.sakaiproject.rubrics.security;

import java.util.HashMap;
import java.util.Map;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.rubrics.logic.AuthenticatedRequestContext;
import org.sakaiproject.rubrics.logic.Role;
import org.sakaiproject.rubrics.logic.model.Criterion;
import org.sakaiproject.rubrics.logic.model.Evaluation;
import org.sakaiproject.rubrics.logic.model.Modifiable;
import org.sakaiproject.rubrics.logic.model.Rating;
import org.sakaiproject.rubrics.logic.model.Rubric;
import org.sakaiproject.rubrics.logic.model.ToolItemRubricAssociation;
import org.sakaiproject.rubrics.logic.repository.CriterionRepository;
import org.sakaiproject.rubrics.logic.repository.EvaluationRepository;
import org.sakaiproject.rubrics.logic.repository.MetadataRepository;
import org.sakaiproject.rubrics.logic.repository.RatingRepository;
import org.sakaiproject.rubrics.logic.repository.RubricRepository;
import org.sakaiproject.rubrics.logic.repository.ToolItemRubricAssociationRepository;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/rubrics/security/CustomMethodSecurityExpressionRoot.class */
public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
    private static final String DEFAULT_RESOURCE_COPY_ID = "default";
    private final Map<String, MetadataRepository<? extends Modifiable, Long>> repositories;
    private AuthenticatedRequestContext authenticatedRequestContext;
    private SecurityService securityService;

    public CustomMethodSecurityExpressionRoot(RubricRepository rubricRepository, CriterionRepository criterionRepository, RatingRepository ratingRepository, EvaluationRepository evaluationRepository, ToolItemRubricAssociationRepository toolItemRubricAssociationRepository, SecurityService securityService, Authentication authentication) {
        super(authentication);
        this.authenticatedRequestContext = (AuthenticatedRequestContext) ((SecurityExpressionRoot) this).authentication.getPrincipal();
        this.repositories = new HashMap();
        this.repositories.put(Rubric.class.getSimpleName(), rubricRepository);
        this.repositories.put(Criterion.class.getSimpleName(), criterionRepository);
        this.repositories.put(Rating.class.getSimpleName(), ratingRepository);
        this.repositories.put(Evaluation.class.getSimpleName(), evaluationRepository);
        this.repositories.put(ToolItemRubricAssociation.class.getSimpleName(), toolItemRubricAssociationRepository);
        this.securityService = securityService;
    }

    public boolean canRead(Long l, String str) {
        Modifiable modifiable = (Modifiable) this.repositories.get(str).findOne(l);
        boolean z = modifiable.getModified().isShared() || isAuthorizedToAccessContextResource(l, str);
        if (z) {
            z = verifyResourceSpecificReadRules(modifiable);
        }
        return z;
    }

    public boolean canWrite(Long l, String str) {
        boolean z = false;
        if (l == null || isAuthorizedToAccessContextResource(l, str)) {
            z = this.authenticatedRequestContext.getAuthorities().stream().anyMatch(grantedAuthority -> {
                return Role.valueOf(grantedAuthority.getAuthority()).canCreateOrEdit(str);
            });
        }
        return z;
    }

    public <T extends Modifiable> boolean canRead(T t) {
        return canRead(t.getId(), t.getClass().getSimpleName());
    }

    public <T extends Modifiable> boolean canWrite(T t) {
        return canWrite(t.getId(), t.getClass().getSimpleName());
    }

    public boolean canCopy(String str, String str2) {
        boolean z = false;
        if (this.authenticatedRequestContext.isEditor()) {
            z = DEFAULT_RESOURCE_COPY_ID.equalsIgnoreCase(str) || this.authenticatedRequestContext.isSuperUser();
            if (!z) {
                z = canRead(Long.valueOf(Long.parseLong(str)), str2);
            }
        }
        return z;
    }

    private boolean isAuthorizedToAccessContextResource(Long l, String str) {
        boolean isSuperUser = this.authenticatedRequestContext.isSuperUser();
        if (!isSuperUser) {
            String userId = this.authenticatedRequestContext.getUserId();
            Modifiable modifiable = (Modifiable) this.repositories.get(str).findOne(l);
            isSuperUser = this.securityService.unlock(userId, "rubrics.editor", new StringBuilder().append("/site/").append(modifiable.getModified().getOwnerId()).toString()) || modifiable.getModified().getCreatorId().equalsIgnoreCase(userId);
        }
        return isSuperUser;
    }

    private <T> boolean verifyResourceSpecificReadRules(T t) {
        boolean z = false;
        if (Rubric.class.isInstance(t) || Criterion.class.isInstance(t) || Rating.class.isInstance(t)) {
            z = true;
        } else if (Evaluation.class.isInstance(t)) {
            if (this.authenticatedRequestContext.isEvaluator()) {
                z = true;
            } else if (this.authenticatedRequestContext.isEvaluee()) {
                z = this.authenticatedRequestContext.getUserId().equalsIgnoreCase(((Evaluation) t).getEvaluatedItemOwnerId());
            }
        } else if (ToolItemRubricAssociation.class.isInstance(t)) {
            z = true;
        }
        return z;
    }

    public Object getFilterObject() {
        throw new UnsupportedOperationException("Not implemented");
    }

    public void setFilterObject(Object obj) {
        throw new UnsupportedOperationException("Not implemented");
    }

    public Object getReturnObject() {
        throw new UnsupportedOperationException("Not implemented");
    }

    public void setReturnObject(Object obj) {
        throw new UnsupportedOperationException("Not implemented");
    }

    public Object getThis() {
        throw new UnsupportedOperationException("Not implemented");
    }
}
