package org.appng.api.support;

import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.appng.api.PermissionOwner;
import org.appng.api.PermissionProcessor;
import org.appng.api.model.Application;
import org.appng.api.model.Group;
import org.appng.api.model.Role;
import org.appng.api.model.Site;
import org.appng.api.model.Subject;
import org.appng.xml.platform.FieldDef;
import org.appng.xml.platform.FieldPermissionType;
import org.appng.xml.platform.FieldPermissions;
import org.appng.xml.platform.Permission;
import org.appng.xml.platform.PermissionMode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/appng-api-1.18.0-RC4.jar:org/appng/api/support/DefaultPermissionProcessor.class */
public class DefaultPermissionProcessor implements PermissionProcessor {
    static final String PREFIX_ANONYMOUS = "anonymous";
    private static Logger log = LoggerFactory.getLogger((Class<?>) DefaultPermissionProcessor.class);
    private Site site;
    private Application application;
    private Subject subject;

    public DefaultPermissionProcessor(Subject subject, Site site, Application application) {
        this.site = site;
        this.application = application;
        this.subject = subject;
        log.debug("created PermissionProcessor for " + getPrefix());
    }

    private String getPrefix() {
        return (null == this.subject ? "{[no user]" : "user '" + this.subject.getName() + "'") + " in application '" + this.application.getName() + "' of site '" + this.site.getName() + "'";
    }

    @Override // org.appng.api.PermissionProcessor
    public boolean hasPermissions(PermissionOwner permissionOwner) {
        boolean z = true;
        Collection<Permission> permissions = permissionOwner.getPermissions();
        if (permissions != null) {
            log.trace("checking permissions for " + permissionOwner.getName());
            z = hasPermissions(permissions);
        } else {
            log.trace("no permissions given for " + permissionOwner.getName());
        }
        if (z) {
            log.debug("permission granted for " + permissionOwner.getName());
        } else {
            log.debug("permission denied for " + permissionOwner.getName());
        }
        return z;
    }

    private boolean hasPermissions(Collection<Permission> collection) {
        boolean z = true;
        for (Permission permission : collection) {
            if (!permission.getRef().startsWith(PREFIX_ANONYMOUS)) {
                PermissionMode mode = permission.getMode();
                boolean hasPermission = hasPermission(permission);
                permission.setValue(Boolean.toString(hasPermission));
                if (PermissionMode.SET.equals(mode)) {
                    z &= hasPermission;
                } else if (mode == null) {
                    permission.setMode(PermissionMode.READ);
                }
            }
        }
        return z;
    }

    @Override // org.appng.api.PermissionProcessor
    public boolean hasPermission(String str) {
        Permission permission = new Permission();
        permission.setRef(str);
        return hasPermission(permission);
    }

    private boolean hasPermission(Permission permission) {
        if (null == this.subject) {
            log.debug("no subject given, so permission \"" + permission.getRef() + "\" is not present");
            return false;
        }
        List<Group> groups = this.subject.getGroups();
        log.debug("checking permission '" + permission.getRef() + "' for subject '" + this.subject.getName() + "'");
        if (groups == null || groups.size() == 0) {
            log.info("subject '" + this.subject.getName() + "' does not belong to any group, thus has no permissions");
        }
        for (Group group : groups) {
            log.debug(this.subject.getName() + " belongs to group " + group.getName());
            if (0 == group.getRoles().size()) {
                log.debug("group '" + group.getName() + "' does not contain any applicationroles!");
            }
            for (Role role : group.getRoles()) {
                Application application = role.getApplication();
                if (null == application) {
                    log.warn("invalid Role#" + role.getId() + ", no Application set for role!");
                } else {
                    log.debug("'" + group.getName() + "' contains role '" + role.getName() + "' from application '" + application.getName() + "'");
                    if (null != this.application && this.application.equals(application)) {
                        Set<org.appng.api.model.Permission> permissions = role.getPermissions();
                        if (0 == permissions.size()) {
                            log.debug("role '" + role.getName() + "' does not contain any permissions!");
                        }
                        for (org.appng.api.model.Permission permission2 : permissions) {
                            if (permission2.getName().equals(permission.getRef())) {
                                log.debug("found required permission '" + permission2.getName() + "'");
                                return true;
                            }
                            log.trace("skipping permission '" + permission2.getName() + "', (required '" + permission.getRef() + "')");
                        }
                    }
                }
            }
        }
        return false;
    }

    @Override // org.appng.api.PermissionProcessor
    public boolean hasWritePermission(FieldDef fieldDef) {
        return hasPermission(fieldDef, FieldPermissionType.WRITE, !Boolean.TRUE.toString().equalsIgnoreCase(fieldDef.getReadonly()));
    }

    @Override // org.appng.api.PermissionProcessor
    public boolean hasReadPermission(FieldDef fieldDef) {
        return hasPermission(fieldDef, FieldPermissionType.READ, true);
    }

    private boolean hasPermission(FieldDef fieldDef, FieldPermissionType fieldPermissionType, boolean z) {
        List<FieldPermissions> permissions = fieldDef.getPermissions();
        if (null != permissions) {
            for (FieldPermissions fieldPermissions : permissions) {
                FieldPermissionType mode = fieldPermissions.getMode();
                if (mode == null || fieldPermissionType.equals(mode)) {
                    return z && hasPermissions(fieldPermissions.getPermission());
                }
            }
        }
        return z;
    }
}
