package de.terrestris.shoguncore.util.interceptor.secure;

import de.terrestris.shoguncore.dao.LayerDao;
import de.terrestris.shoguncore.dao.UserDao;
import de.terrestris.shoguncore.model.User;
import de.terrestris.shoguncore.model.UserGroup;
import de.terrestris.shoguncore.model.layer.Layer;
import de.terrestris.shoguncore.model.layer.source.ImageWmsLayerDataSource;
import de.terrestris.shoguncore.model.layer.source.WfsLayerDataSource;
import de.terrestris.shoguncore.model.security.Permission;
import de.terrestris.shoguncore.model.security.PermissionCollection;
import de.terrestris.shoguncore.service.LayerService;
import de.terrestris.shoguncore.service.UserService;
import de.terrestris.shoguncore.util.enumeration.OgcEnum;
import de.terrestris.shoguncore.util.interceptor.GeoserverAuthHeaderRequest;
import de.terrestris.shoguncore.util.interceptor.MutableHttpServletRequest;
import de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:de/terrestris/shoguncore/util/interceptor/secure/WfsRequestInterceptor.class */
public class WfsRequestInterceptor extends BaseInterceptor implements WfsRequestInterceptorInterface {
    private static final Logger LOG = LogManager.getLogger(WfsRequestInterceptor.class);

    @Autowired
    @Qualifier("userService")
    protected UserService<User, UserDao<User>> userService;

    @Autowired
    @Qualifier("layerService")
    protected LayerService<Layer, LayerDao<Layer>> layerService;

    @Value("${geoserver.username:}")
    private String gsUser;

    @Value("${geoserver.password:}")
    private String gsPass;

    @Override // de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface
    public MutableHttpServletRequest interceptGetCapabilities(MutableHttpServletRequest mutableHttpServletRequest) {
        LOG.debug("Intercepting WFS GetCapabilities");
        return new GeoserverAuthHeaderRequest(mutableHttpServletRequest, this.gsUser, this.gsPass);
    }

    @Override // de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface
    public MutableHttpServletRequest interceptDescribeFeatureType(MutableHttpServletRequest mutableHttpServletRequest) {
        LOG.debug("Intercepting WFS DescribeFeatureType");
        return new GeoserverAuthHeaderRequest(mutableHttpServletRequest, this.gsUser, this.gsPass);
    }

    @Override // de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface
    public MutableHttpServletRequest interceptGetFeature(MutableHttpServletRequest mutableHttpServletRequest) {
        LOG.debug("Intercepting WFS GetFeature");
        return isAllowed(mutableHttpServletRequest, "READ") ? new GeoserverAuthHeaderRequest(mutableHttpServletRequest, this.gsUser, this.gsPass) : forbidRequest(mutableHttpServletRequest);
    }

    @Override // de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface
    public MutableHttpServletRequest interceptLockFeature(MutableHttpServletRequest mutableHttpServletRequest) {
        LOG.debug("Intercepting WFS LockFeature");
        return isAllowed(mutableHttpServletRequest, "UPDATE") ? new GeoserverAuthHeaderRequest(mutableHttpServletRequest, this.gsUser, this.gsPass) : forbidRequest(mutableHttpServletRequest);
    }

    @Override // de.terrestris.shoguncore.util.interceptor.WfsRequestInterceptorInterface
    public MutableHttpServletRequest interceptTransaction(MutableHttpServletRequest mutableHttpServletRequest) {
        LOG.debug("Intercepting WFS Transaction");
        return isAllowed(mutableHttpServletRequest, "UPDATE") ? new GeoserverAuthHeaderRequest(mutableHttpServletRequest, this.gsUser, this.gsPass) : forbidRequest(mutableHttpServletRequest);
    }

    private boolean isAllowed(MutableHttpServletRequest mutableHttpServletRequest, String str, String str2) {
        String parameterIgnoreCase = mutableHttpServletRequest.getParameterIgnoreCase(str);
        boolean z = false;
        Iterator it = this.layerService.findAll().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Layer layer = (Layer) it.next();
            if (layer.getSource() instanceof WfsLayerDataSource) {
                WfsLayerDataSource wfsLayerDataSource = (WfsLayerDataSource) layer.getSource();
                if (wfsLayerDataSource.getTypeName().equalsIgnoreCase(parameterIgnoreCase) || wfsLayerDataSource.getTypeNames().equalsIgnoreCase(parameterIgnoreCase)) {
                    if (wfsLayerDataSource.getUrl().equalsIgnoreCase(mutableHttpServletRequest.getContextPath() + "/geoserver.action")) {
                        if (str2.equals("UPDATE")) {
                            z = checkForPermission(layer, Permission.UPDATE);
                        } else if (str2.equals("READ")) {
                            z = true;
                        }
                    }
                }
            } else if (layer.getSource() instanceof ImageWmsLayerDataSource) {
                ImageWmsLayerDataSource imageWmsLayerDataSource = (ImageWmsLayerDataSource) layer.getSource();
                if (imageWmsLayerDataSource.getLayerNames().equalsIgnoreCase(parameterIgnoreCase) && imageWmsLayerDataSource.getUrl().equalsIgnoreCase(mutableHttpServletRequest.getContextPath() + "/geoserver.action")) {
                    if (str2.equals("UPDATE")) {
                        z = checkForPermission(layer, Permission.UPDATE);
                    } else if (str2.equals("READ")) {
                        z = true;
                    }
                }
            } else {
                continue;
            }
        }
        return z;
    }

    private boolean isAllowed(MutableHttpServletRequest mutableHttpServletRequest, String str) {
        String endPoint = OgcEnum.EndPoint.TYPENAMES.toString();
        if (StringUtils.isEmpty(mutableHttpServletRequest.getParameterIgnoreCase(endPoint))) {
            endPoint = OgcEnum.EndPoint.TYPENAME.toString();
        }
        return isAllowed(mutableHttpServletRequest, endPoint, str);
    }

    private boolean checkForPermission(Layer layer, Permission permission) {
        Map<User, PermissionCollection> userPermissions = layer.getUserPermissions();
        Map<UserGroup, PermissionCollection> groupPermissions = layer.getGroupPermissions();
        User userBySession = this.userService.getUserBySession();
        boolean contains = userPermissions.containsKey(userBySession) ? userPermissions.get(userBySession).getPermissions().contains(permission) : false;
        boolean z = false;
        Set<UserGroup> userGroups = userBySession.getUserGroups();
        if (userGroups != null) {
            for (UserGroup userGroup : userGroups) {
                if (groupPermissions.containsKey(userGroup) && !z) {
                    z = groupPermissions.get(userGroup).getPermissions().contains(permission);
                }
            }
        }
        return contains || z;
    }
}
