package sk.seges.acris.security.server.spring.configuration.acl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider;
import org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.domain.DefaultPermissionFactory;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.SidRetrievalStrategy;
import sk.seges.acris.security.server.spring.acl.provider.BetterAclEntryAfterInvocationCollectionFilteringProvider;
import sk.seges.acris.security.server.spring.acl.sid.RolesPublicSidRetrievalStrategy;
import sk.seges.acris.security.server.spring.acl.vote.AclEntryVoter;
import sk.seges.acris.security.server.spring.acl.vote.VoterPermissions;
import sk.seges.sesam.security.shared.domain.ISecuredObject;

/* loaded from: input_file:sk/seges/acris/security/server/spring/configuration/acl/AclVotersConfiguration.class */
public class AclVotersConfiguration {

    @Autowired
    private AclService aclService;

    @Autowired
    private RoleVoter roleVoter;

    @Bean
    public DefaultPermissionFactory permissionFactory() {
        HashMap hashMap = new HashMap();
        hashMap.put(BasePermission.READ.getPattern(), BasePermission.READ);
        hashMap.put(BasePermission.WRITE.getPattern(), BasePermission.WRITE);
        hashMap.put(BasePermission.CREATE.getPattern(), BasePermission.CREATE);
        hashMap.put(BasePermission.DELETE.getPattern(), BasePermission.DELETE);
        return new DefaultPermissionFactory(hashMap);
    }

    @Bean
    public VoterPermissions voterPermissions() {
        VoterPermissions voterPermissions = new VoterPermissions();
        voterPermissions.setPermissionFactory(permissionFactory());
        voterPermissions.init();
        return voterPermissions;
    }

    @Bean
    public AclEntryVoter aclObjectReadVoter() {
        return getVoter(this.aclService, "ACL_OBJECT_VIEW", voterPermissions().READ);
    }

    @Bean
    public AclEntryVoter aclEntryListReadVoter() {
        return getVoter(this.aclService, "ACL_LIST_OBJECTS_VIEW", voterPermissions().READ);
    }

    @Bean
    public AclEntryVoter aclObjectWriteVoter() {
        return getVoter(this.aclService, "ACL_OBJECT_EDIT", voterPermissions().WRITE);
    }

    @Bean
    public AclEntryVoter aclEntryWriteVoter() {
        return getVoter(this.aclService, "ACL_OBJECTS_EDIT", voterPermissions().WRITE);
    }

    @Bean
    public AclEntryVoter aclEntryListWriteVoter() {
        return getVoter(this.aclService, "ACL_LIST_OBJECTS_EDIT", voterPermissions().WRITE);
    }

    @Bean
    public AclEntryVoter aclObjectDeleteVoter() {
        return getVoter(this.aclService, "ACL_OBJECT_DELETE", voterPermissions().DELETE);
    }

    @Bean
    public AclEntryVoter aclEntryDeleteVoter() {
        return getVoter(this.aclService, "ACL_OBJECTS_DELETE", voterPermissions().DELETE);
    }

    @Bean
    public AclEntryVoter aclEntryListDeleteVoter() {
        return getVoter(this.aclService, "ACL_LIST_OBJECTS_DELETE", voterPermissions().DELETE);
    }

    @Bean
    public AclEntryAfterInvocationCollectionFilteringProvider afterAclCollectionRead(SidRetrievalStrategy sidRetrievalStrategy) {
        BetterAclEntryAfterInvocationCollectionFilteringProvider betterAclEntryAfterInvocationCollectionFilteringProvider = new BetterAclEntryAfterInvocationCollectionFilteringProvider(this.aclService, voterPermissions().READ);
        betterAclEntryAfterInvocationCollectionFilteringProvider.setSidRetrievalStrategy(sidRetrievalStrategy);
        return betterAclEntryAfterInvocationCollectionFilteringProvider;
    }

    @Bean
    public AclEntryAfterInvocationProvider afterAclRead(SidRetrievalStrategy sidRetrievalStrategy) {
        AclEntryAfterInvocationProvider aclEntryAfterInvocationProvider = new AclEntryAfterInvocationProvider(this.aclService, voterPermissions().READ);
        aclEntryAfterInvocationProvider.setSidRetrievalStrategy(sidRetrievalStrategy);
        return aclEntryAfterInvocationProvider;
    }

    @Bean
    public SidRetrievalStrategy sidRetrievalStrategy() {
        return new RolesPublicSidRetrievalStrategy();
    }

    @Bean
    public UnanimousBased businessAccessDecisionManager() {
        UnanimousBased unanimousBased = new UnanimousBased();
        unanimousBased.setAllowIfAllAbstainDecisions(true);
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.roleVoter);
        arrayList.add(aclObjectReadVoter());
        arrayList.add(aclObjectWriteVoter());
        arrayList.add(aclObjectDeleteVoter());
        arrayList.add(aclEntryListReadVoter());
        arrayList.add(aclEntryListWriteVoter());
        arrayList.add(aclEntryListDeleteVoter());
        return unanimousBased;
    }

    private AclEntryVoter getVoter(AclService aclService, String str, List<Permission> list) {
        AclEntryVoter aclEntryVoter = new AclEntryVoter(aclService, str, list);
        aclEntryVoter.setProcessDomainObjectClass(ISecuredObject.class);
        aclEntryVoter.setSidRetrievalStrategy(sidRetrievalStrategy());
        return aclEntryVoter;
    }
}
