package sk.seges.acris.security.server.spring.acl.provider;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;
import sk.seges.acris.security.server.spring.annotation.processor.DefaultSecurityAnnotationProcessor;
import sk.seges.acris.security.shared.exception.SecurityException;
import sk.seges.sesam.dao.PagedResult;

/* loaded from: input_file:sk/seges/acris/security/server/spring/acl/provider/BetterAclEntryAfterInvocationCollectionFilteringProvider.class */
public class BetterAclEntryAfterInvocationCollectionFilteringProvider extends AclEntryAfterInvocationCollectionFilteringProvider {
    public BetterAclEntryAfterInvocationCollectionFilteringProvider(AclService aclService, List<Permission> list) {
        super(aclService, list);
    }

    public Object decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection, Object obj2) throws AccessDeniedException {
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            if (DefaultSecurityAnnotationProcessor.AFTER_ACL_COLLECTION_READ_TOKEN.equals(it.next().getAttribute())) {
                boolean z = (obj2 == null || isEmpty(obj2)) ? false : true;
                Object decide = super.decide(authentication, obj, collection, obj2);
                if (z && (decide == null || isEmpty(decide))) {
                    throw new SecurityException("User does not have permission for object: " + obj + " returned object: " + obj2);
                }
                return decide;
            }
        }
        return obj2;
    }

    private boolean isEmpty(Object obj) {
        if (obj instanceof ArrayList) {
            return ((ArrayList) obj).size() <= 0;
        }
        if (obj instanceof Collection) {
            return ((Collection) obj).size() <= 0;
        }
        if ((obj instanceof PagedResult) && (((PagedResult) obj).getResult() instanceof List)) {
            return ((List) ((PagedResult) obj).getResult()).size() <= 0;
        }
        throw new SecurityException("A Collection or an array (or null) was required as the returnedObject, but the returnedObject was: " + obj);
    }
}
