package org.drools.guvnor.server.security;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.drools.guvnor.server.security.rules.CategoryPathTypePermissionRule;
import org.drools.guvnor.server.security.rules.PackageNameTypeConverter;
import org.drools.guvnor.server.security.rules.PackagePermissionRule;
import org.drools.guvnor.server.security.rules.PackageUUIDTypePermissionRule;
import org.drools.guvnor.server.security.rules.PermissionRule;
import org.drools.guvnor.server.security.rules.PermissionRuleObjectConverter;
import org.drools.guvnor.server.util.LoggingHelper;
import org.jboss.seam.security.permission.PermissionResolver;

@ApplicationScoped
/* loaded from: input_file:org/drools/guvnor/server/security/RoleBasedPermissionResolver.class */
public class RoleBasedPermissionResolver implements PermissionResolver, Serializable {
    private static final LoggingHelper log = LoggingHelper.getLogger(RoleBasedPermissionResolver.class);
    private boolean enableRoleBasedAuthorization = false;
    private final Map<Class<?>, PermissionRule> permissionRules = new HashMap();
    private final Map<Class<?>, PermissionRuleObjectConverter> permissionRuleObjectConverters = new HashMap();

    @Inject
    private RoleBasedPermissionManager roleBasedPermissionManager;

    @Inject
    private CategoryPathTypePermissionRule categoryPathTypePermissionRule;

    @Inject
    private PackageUUIDTypePermissionRule packageUUIDTypePermissionRule;

    @Inject
    private PackagePermissionRule packagePermissionRule;

    @Inject
    private PackageNameTypeConverter packageNameTypeConverter;

    @PostConstruct
    public void setupPermissionRules() {
        this.permissionRules.put(CategoryPathType.class, this.categoryPathTypePermissionRule);
        this.permissionRules.put(ModuleUUIDType.class, this.packageUUIDTypePermissionRule);
        this.permissionRules.put(ModuleNameType.class, this.packagePermissionRule);
        this.permissionRules.put(WebDavPackageNameType.class, this.packagePermissionRule);
        this.permissionRuleObjectConverters.put(ModuleNameType.class, this.packageNameTypeConverter);
        this.permissionRuleObjectConverters.put(WebDavPackageNameType.class, this.packageNameTypeConverter);
    }

    public boolean hasPermission(Object obj, String str) {
        if (isInvalidInstance(obj)) {
            log.debug("Requested permission is not an instance of CategoryPathType|PackageNameType|WebDavPackageNameType|AdminType|PackageUUIDType");
            return false;
        }
        if (!this.enableRoleBasedAuthorization) {
            return true;
        }
        List<RoleBasedPermission> fetchAllRoleBasedPermissionsForCurrentUser = fetchAllRoleBasedPermissionsForCurrentUser();
        boolean hasAdminPermission = hasAdminPermission(fetchAllRoleBasedPermissionsForCurrentUser);
        return (hasAdminPermission || RoleType.ADMIN.getName().equals(str)) ? hasAdminPermission : getPermissionRuleFor(obj).hasPermission(convertFor(obj), str, fetchAllRoleBasedPermissionsForCurrentUser);
    }

    private PermissionRule getPermissionRuleFor(Object obj) {
        return this.permissionRules.get(obj.getClass());
    }

    private Object convertFor(Object obj) {
        PermissionRuleObjectConverter permissionRuleObjectConverter = this.permissionRuleObjectConverters.get(obj.getClass());
        return permissionRuleObjectConverter == null ? obj : permissionRuleObjectConverter.convert(obj);
    }

    private List<RoleBasedPermission> fetchAllRoleBasedPermissionsForCurrentUser() {
        return this.roleBasedPermissionManager.getRoleBasedPermission();
    }

    private boolean isInvalidInstance(Object obj) {
        return ((obj instanceof CategoryPathType) || (obj instanceof ModuleNameType) || (obj instanceof WebDavPackageNameType) || (obj instanceof AdminType) || (obj instanceof ModuleUUIDType)) ? false : true;
    }

    private boolean hasAdminPermission(List<RoleBasedPermission> list) {
        Iterator<RoleBasedPermission> it = list.iterator();
        while (it.hasNext()) {
            if (RoleType.ADMIN.getName().equalsIgnoreCase(it.next().getRole())) {
                log.debug("Requested permission: unknown, Permission granted: Yes");
                return true;
            }
        }
        log.debug("Requested permission: admin, Permission granted: No");
        return false;
    }

    public void filterSetByAction(Set<Object> set, String str) {
    }

    public boolean isEnableRoleBasedAuthorization() {
        return this.enableRoleBasedAuthorization;
    }

    public void setEnableRoleBasedAuthorization(boolean z) {
        this.enableRoleBasedAuthorization = z;
    }
}
