package co.pishfa.security.service.handler;

import co.pishfa.accelerate.persistence.query.QueryBuilder;
import co.pishfa.security.entity.authentication.Identity;
import co.pishfa.security.entity.authentication.User;
import co.pishfa.security.entity.authorization.AccessLevel;
import co.pishfa.security.entity.authorization.Permission;
import co.pishfa.security.entity.authorization.PermissionDef;
import co.pishfa.security.entity.authorization.PermissionDefParam;
import co.pishfa.security.entity.authorization.SecuredEntity;
import co.pishfa.security.exception.AuthorizationException;
import co.pishfa.security.repo.UserRepo;

@ScopeHandler("selfShared")
/* loaded from: input_file:co/pishfa/security/service/handler/SelfSharedPermissionHandler.class */
public class SelfSharedPermissionHandler implements PermissionScopeHandler<SecuredEntity> {
    @Override // co.pishfa.security.service.handler.PermissionScopeHandler
    public boolean check(Identity identity, SecuredEntity securedEntity, String str, Permission permission) throws AuthorizationException {
        User createdBy = securedEntity.getCreatedBy();
        if (createdBy != null) {
            return (createdBy.equals(identity.getUser()) || createdBy.equals(UserRepo.getInstance().findGuest())) && checkAccessLevel(permission.getDefinition(), securedEntity);
        }
        return false;
    }

    @Override // co.pishfa.security.service.handler.PermissionScopeHandler
    public void addConditions(Identity identity, Permission permission, QueryBuilder<SecuredEntity> queryBuilder) {
        queryBuilder.and("(e.createdBy.id = :createdBy or e.createdBy.id = :sharedUserId)");
        queryBuilder.and("e.accessLevel >= :perm_req_level");
        queryBuilder.with("createdBy", identity.getUser().getId());
        queryBuilder.with("sharedUserId", UserRepo.getInstance().getSharedUserId());
        queryBuilder.with("perm_req_level", computeRequiredLevel(permission.getDefinition()));
    }

    protected boolean checkAccessLevel(PermissionDef permissionDef, SecuredEntity securedEntity) {
        return securedEntity.getAccessLevel() == null || computeRequiredLevel(permissionDef).getLevel() <= securedEntity.getAccessLevel().getLevel();
    }

    private AccessLevel computeRequiredLevel(PermissionDef permissionDef) {
        PermissionDefParam param = permissionDef.getParam("requiredLevel");
        AccessLevel accessLevel = AccessLevel.READ_WRITE;
        if (param != null) {
            accessLevel = AccessLevel.valueOf(param.getValue());
        }
        return accessLevel;
    }
}
