package org.squashtest.tm.service.internal.security;

import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.tm.aspect.validation.NotNullValidatorAspect;
import org.squashtest.tm.security.acls.CustomPermission;
import org.squashtest.tm.service.security.Authorizations;
import org.squashtest.tm.service.security.PermissionEvaluationService;
import org.squashtest.tm.service.security.UserContextService;

@Transactional(readOnly = true)
@Service("squashtest.core.security.PermissionEvaluationService")
/* loaded from: input_file:WEB-INF/lib/tm.service-7.0.0.IT8.jar:org/squashtest/tm/service/internal/security/AclPermissionEvaluationService.class */
public class AclPermissionEvaluationService implements PermissionEvaluationService {
    private static final String[] RIGHTS = {Authorizations.READ, "WRITE", "CREATE", "DELETE", "ADMINISTRATION", "MANAGEMENT", "EXPORT", "EXECUTE", "LINK", "IMPORT", "ATTACH", "EXTENDED_DELETE", "READ_UNASSIGNED"};
    private static final String ROLE_ADMIN = "ROLE_ADMIN";

    @Inject
    private UserContextService userContextService;

    @Inject
    @Lazy
    private AffirmativeBasedCompositePermissionEvaluator permissionEvaluator;

    @Inject
    private PermissionFactory permissionFactory;

    private boolean hasRoleOrPermissionOnObject(String str, Permission permission, Object obj) {
        if (this.userContextService.hasRole(str)) {
            return true;
        }
        return this.permissionEvaluator.hasPermission(this.userContextService.getAuthentication(), obj, permission);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRoleOrPermissionOnObject(String str, String str2, Object obj) {
        return hasRoleOrPermissionOnObject(str, this.permissionFactory.buildFromName(str2), obj);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasPermissionOnObject(String str, Object obj) {
        return this.permissionEvaluator.hasPermission(this.userContextService.getAuthentication(), obj, this.permissionFactory.buildFromName(str));
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRoleOrPermissionOnObject(String str, String str2, Long l, String str3) {
        if (this.userContextService.hasRole(str)) {
            return true;
        }
        return hasPermissionOnObject(str2, l, str3);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasRoleOrPermissionOnObject(String[] strArr, String str, Long l, String str2) {
        for (String str3 : strArr) {
            if (this.userContextService.hasRole(str3)) {
                return true;
            }
        }
        return hasPermissionOnObject(str, l, str2);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean canRead(Object obj) {
        return hasRoleOrPermissionOnObject("ROLE_ADMIN", Authorizations.READ, obj);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    @Transactional(propagation = Propagation.SUPPORTS)
    public boolean hasRole(String str) {
        return this.userContextService.hasRole(str);
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasMoreThanRead(Object obj) {
        boolean findPermission;
        if (this.userContextService.hasRole("ROLE_ADMIN")) {
            findPermission = true;
        } else {
            findPermission = findPermission(CustomPermission.class.getFields(), obj, this.userContextService.getAuthentication());
        }
        return findPermission;
    }

    boolean findPermission(Field[] fieldArr, Object obj, Authentication authentication) {
        for (Field field : fieldArr) {
            try {
                if (!Authorizations.READ.equals(field.getName()) && this.permissionEvaluator.hasPermission(authentication, obj, field.getName())) {
                    return true;
                }
            } catch (IllegalArgumentException e) {
                if (!Arrays.asList("Unknown permission 'RESERVED_ON'", "Unknown permission 'RESERVED_OFF'", "Unknown permission 'THIRTY_TWO_RESERVED_OFF'").contains(e.getMessage())) {
                    throw e;
                }
            }
        }
        return false;
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public boolean hasPermissionOnObject(String str, Long l, String str2) {
        return this.permissionEvaluator.hasPermission(this.userContextService.getAuthentication(), l, str2, this.permissionFactory.buildFromName(str));
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public Map<String, Boolean> hasRoleOrPermissionsOnObject(String str, String[] strArr, Object obj) {
        boolean hasRole = hasRole(str);
        HashMap hashMap = new HashMap(strArr.length);
        for (String str2 : strArr) {
            hashMap.put(str2, Boolean.valueOf(hasRole || hasPermissionOnObject(str2, obj)));
        }
        return hashMap;
    }

    @Override // org.squashtest.tm.service.security.PermissionEvaluationService
    public Collection<String> permissionsOn(@NotNull String str, long j) {
        NotNullValidatorAspect.aspectOf().ajc$before$org_squashtest_tm_aspect_validation_NotNullValidatorAspect$1$53d01289(str);
        ArrayList arrayList = new ArrayList();
        if (hasRole("ROLE_ADMIN")) {
            return Arrays.asList(RIGHTS);
        }
        for (String str2 : RIGHTS) {
            if (hasPermissionOnObject(str2, Long.valueOf(j), str)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }
}
