package de.terrestris.shogun2.security.access.entity;

import de.terrestris.shogun2.model.PersistentObject;
import de.terrestris.shogun2.model.SecuredPersistentObject;
import de.terrestris.shogun2.model.User;
import de.terrestris.shogun2.model.UserGroup;
import de.terrestris.shogun2.model.security.Permission;
import de.terrestris.shogun2.model.security.PermissionCollection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;

/* loaded from: input_file:de/terrestris/shogun2/security/access/entity/PersistentObjectPermissionEvaluator.class */
public class PersistentObjectPermissionEvaluator<E extends PersistentObject> {
    protected final Logger LOG = Logger.getLogger(getClass());
    private final Class<E> entityClass;

    public PersistentObjectPermissionEvaluator(Class<E> cls) {
        this.entityClass = cls;
    }

    public boolean hasPermission(Integer num, E e, Permission permission) {
        boolean isAssignableFrom = SecuredPersistentObject.class.isAssignableFrom(this.entityClass);
        String simpleName = this.entityClass.getSimpleName();
        if (!isAssignableFrom) {
            if (permission.equals(Permission.READ)) {
                this.LOG.trace("Granting READ access on unsecured object '" + simpleName + "' with ID " + e.getId());
                return true;
            }
            this.LOG.trace("Restricting " + permission + " access on unsecured object '" + simpleName + "' with ID " + e.getId());
            return false;
        }
        SecuredPersistentObject securedPersistentObject = (SecuredPersistentObject) e;
        Set permissions = extractUserPermissions(num, securedPersistentObject.getUserPermissions()).getPermissions();
        if (permissions.contains(permission) || permissions.contains(Permission.ADMIN)) {
            this.LOG.trace("Granting " + permission + " access by user permissions");
            return true;
        }
        Set permissions2 = extractGroupPermissions(num, securedPersistentObject.getGroupPermissions()).getPermissions();
        if (permissions2.contains(permission) || permissions2.contains(Permission.ADMIN)) {
            this.LOG.trace("Granting " + permission + " access by group permissions");
            return true;
        }
        this.LOG.trace("Restricting " + permission + " access on secured object '" + simpleName + "' with ID " + e.getId());
        return false;
    }

    protected static PermissionCollection extractUserPermissions(Integer num, Map<User, PermissionCollection> map) {
        for (User user : map.keySet()) {
            if (user.getId().equals(num)) {
                return map.get(user);
            }
        }
        return new PermissionCollection();
    }

    protected static PermissionCollection extractGroupPermissions(Integer num, Map<UserGroup, PermissionCollection> map) {
        HashSet hashSet = new HashSet();
        for (UserGroup userGroup : map.keySet()) {
            Iterator it = userGroup.getMembers().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (((User) it.next()).getId().equals(num)) {
                    hashSet.addAll(map.get(userGroup).getPermissions());
                    break;
                }
            }
        }
        return new PermissionCollection(hashSet);
    }

    public Class<E> getEntityClass() {
        return this.entityClass;
    }
}
