package org.drools.guvnor.server.security.rules;

import java.io.Serializable;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import org.drools.guvnor.server.security.CategoryPathType;
import org.drools.guvnor.server.security.PathHelper;
import org.drools.guvnor.server.security.RoleBasedPermission;
import org.drools.guvnor.server.security.RoleType;
import org.drools.guvnor.server.util.LoggingHelper;

@ApplicationScoped
/* loaded from: input_file:org/drools/workbench/jcr2vfsmigration/migrationExample.jcr/libs/guvnor-webapp-core-5.5.1-20130811.153057-166.jar:org/drools/guvnor/server/security/rules/CategoryPathTypePermissionRule.class */
public class CategoryPathTypePermissionRule implements PermissionRule, Serializable {
    private static final LoggingHelper log = LoggingHelper.getLogger(CategoryPathTypePermissionRule.class);

    @Override // org.drools.guvnor.server.security.rules.PermissionRule
    public boolean hasPermission(Object obj, String str, List<RoleBasedPermission> list) {
        String categoryPath = ((CategoryPathType) obj).getCategoryPath();
        String name = str == null ? RoleType.ANALYST.getName() : str;
        if (!name.equals("navigate")) {
            for (RoleBasedPermission roleBasedPermission : list) {
                if (isRoleAnalyst(roleBasedPermission) && isPermissionToCurrentDirectory(name, roleBasedPermission) && isPermittedCategoryPath(categoryPath, roleBasedPermission.getCategoryPath())) {
                    log.debug("Requested permission: " + name + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                    return true;
                }
            }
            log.debug("Requested permission: " + name + ", Requested object: " + categoryPath + " , Permission granted: No");
            return false;
        }
        for (RoleBasedPermission roleBasedPermission2 : list) {
            if (roleBasedPermission2.getCategoryPath() != null) {
                if (isCategoryPathMatched(categoryPath, roleBasedPermission2)) {
                    return true;
                }
                if (PathHelper.isSubPath(categoryPath, roleBasedPermission2.getCategoryPath())) {
                    log.debug("Requested permission: " + name + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                    return true;
                }
                if (PathHelper.isSubPath(roleBasedPermission2.getCategoryPath(), categoryPath)) {
                    log.debug("Requested permission: " + name + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                    return true;
                }
            }
        }
        log.debug("Requested permission: " + name + ", Requested object: " + categoryPath + " , Permission granted: No");
        return false;
    }

    private boolean isPermissionToCurrentDirectory(String str, RoleBasedPermission roleBasedPermission) {
        return str.equals(roleBasedPermission.getRole()) || (str.equals(RoleType.ANALYST_READ.getName()) && roleBasedPermission.getRole().equals(RoleType.ANALYST.getName()));
    }

    private boolean isRoleAnalyst(RoleBasedPermission roleBasedPermission) {
        return roleBasedPermission.getRole().equals(RoleType.ANALYST.getName()) || roleBasedPermission.getRole().equals(RoleType.ANALYST_READ.getName());
    }

    private boolean isCategoryPathMatched(String str, RoleBasedPermission roleBasedPermission) {
        return roleBasedPermission.getCategoryPath().equals(str);
    }

    private boolean isPermittedCategoryPath(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        return str.equals(str2) || PathHelper.isSubPath(str2, str);
    }
}
