package org.squashtest.tm.service.internal.security;

import java.lang.reflect.Field;
import java.util.Arrays;
import javax.inject.Inject;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.service.security.PermissionEvaluationService;
import org.squashtest.tm.service.security.UserContextService;
import org.squashtest.tm.service.security.acls.CustomPermission;

@Transactional(readOnly = true)
@Service("squashtest.core.security.PermissionEvaluationService")
/* loaded from: input_file:org/squashtest/tm/service/internal/security/AclPermissionEvaluationService.class */
public class AclPermissionEvaluationService implements PermissionEvaluationService {

    @Inject
    private UserContextService userContextService;

    @Inject
    private PermissionEvaluator permissionEvaluator;

    @Inject
    private PermissionFactory permissionFactory;

    private boolean hasRoleOrPermissionOnObject(String str, Permission permission, Object obj) {
        if (this.userContextService.hasRole(str)) {
            return true;
        }
        return this.permissionEvaluator.hasPermission(this.userContextService.getPrincipal(), obj, permission);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRoleOrPermissionOnObject(String str, String str2, Object obj) {
        return hasRoleOrPermissionOnObject(str, this.permissionFactory.buildFromName(str2), obj);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRoleOrPermissionOnObject(String str, String str2, Long l, String str3) {
        if (this.userContextService.hasRole(str)) {
            return true;
        }
        return this.permissionEvaluator.hasPermission(this.userContextService.getPrincipal(), l, str3, this.permissionFactory.buildFromName(str2));
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean canRead(Object obj) {
        return hasRoleOrPermissionOnObject("ROLE_ADMIN", "READ", obj);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRole(String str) {
        return this.userContextService.hasRole(str);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasMoreThanRead(Object obj) {
        boolean z = false;
        if (this.userContextService.hasRole("ROLE_ADMIN")) {
            z = true;
        } else {
            Authentication principal = this.userContextService.getPrincipal();
            Field[] fields = CustomPermission.class.getFields();
            for (int i = 0; i < fields.length; i++) {
                try {
                    if (!fields[i].getName().equals("READ") && this.permissionEvaluator.hasPermission(principal, obj, fields[i].getName())) {
                        return true;
                    }
                } catch (IllegalArgumentException e) {
                    if (!Arrays.asList("Unknown permission 'RESERVED_ON'", "Unknown permission 'RESERVED_OFF'", "Unknown permission 'THIRTY_TWO_RESERVED_OFF'").contains(e.getMessage())) {
                        throw e;
                    }
                }
            }
        }
        return z;
    }
}
