package org.guvnor.inbox.backend.server.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.guvnor.common.services.project.model.Project;
import org.guvnor.common.services.project.service.ProjectService;
import org.guvnor.inbox.backend.server.InboxEntry;
import org.guvnor.structure.backend.repositories.ConfiguredRepositories;
import org.guvnor.structure.organizationalunit.OrganizationalUnit;
import org.guvnor.structure.organizationalunit.OrganizationalUnitService;
import org.guvnor.structure.repositories.Repository;
import org.jboss.errai.security.shared.api.identity.User;
import org.uberfire.backend.server.util.Paths;
import org.uberfire.java.nio.file.FileSystemNotFoundException;
import org.uberfire.security.authz.AuthorizationManager;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/guvnor-inbox-backend-6.5.0.Final.jar:org/guvnor/inbox/backend/server/security/InboxEntrySecurity.class */
public class InboxEntrySecurity {
    private User identity;
    private AuthorizationManager authorizationManager;
    private OrganizationalUnitService organizationalUnitService;
    private ProjectService<? extends Project> projectService;
    private ConfiguredRepositories configuredRepositories;

    public InboxEntrySecurity() {
    }

    @Inject
    public InboxEntrySecurity(User user, AuthorizationManager authorizationManager, OrganizationalUnitService organizationalUnitService, ProjectService<? extends Project> projectService, ConfiguredRepositories configuredRepositories) {
        this.identity = user;
        this.authorizationManager = authorizationManager;
        this.organizationalUnitService = organizationalUnitService;
        this.projectService = projectService;
        this.configuredRepositories = configuredRepositories;
    }

    public List<InboxEntry> secure(List<InboxEntry> list) {
        ArrayList arrayList = new ArrayList();
        Set<Repository> authorizedRepositories = getAuthorizedRepositories();
        for (InboxEntry inboxEntry : list) {
            if (canAccess(inboxEntry, authorizedRepositories)) {
                arrayList.add(inboxEntry);
            }
        }
        return arrayList;
    }

    private boolean canAccess(InboxEntry inboxEntry, Set<Repository> set) {
        Repository inboxEntryRepository = getInboxEntryRepository(inboxEntry);
        if (thereIsNoRepositoryAssociated(inboxEntryRepository)) {
            return true;
        }
        if (canAccessRepository(set, inboxEntryRepository)) {
            return canAccessProject(inboxEntry);
        }
        return false;
    }

    private boolean canAccessProject(InboxEntry inboxEntry) {
        Project inboxEntryProject = getInboxEntryProject(inboxEntry);
        if (thereIsNoProject(inboxEntryProject)) {
            return true;
        }
        return this.authorizationManager.authorize(inboxEntryProject, this.identity);
    }

    private boolean thereIsNoProject(Project project) {
        return project == null;
    }

    private boolean canAccessRepository(Set<Repository> set, Repository repository) {
        return set.contains(repository);
    }

    Project getInboxEntryProject(InboxEntry inboxEntry) {
        return this.projectService.resolveProject(Paths.convert(org.uberfire.java.nio.file.Paths.get(inboxEntry.getItemPath(), new String[0])));
    }

    private boolean thereIsNoRepositoryAssociated(Repository repository) {
        return repository == null;
    }

    Repository getInboxEntryRepository(InboxEntry inboxEntry) {
        try {
            return this.configuredRepositories.getRepositoryByRepositoryFileSystem(org.uberfire.java.nio.file.Paths.get(inboxEntry.getItemPath(), new String[0]).getFileSystem());
        } catch (FileSystemNotFoundException e) {
            return null;
        }
    }

    private Set<Repository> getAuthorizedRepositories() {
        HashSet hashSet = new HashSet();
        Iterator<OrganizationalUnit> it = getAuthorizedOrganizationUnits().iterator();
        while (it.hasNext()) {
            for (Repository repository : it.next().getRepositories()) {
                if (this.authorizationManager.authorize(repository, this.identity)) {
                    hashSet.add(repository);
                }
            }
        }
        return hashSet;
    }

    private Collection<OrganizationalUnit> getAuthorizedOrganizationUnits() {
        Collection<OrganizationalUnit> organizationalUnits = this.organizationalUnitService.getOrganizationalUnits();
        ArrayList arrayList = new ArrayList();
        for (OrganizationalUnit organizationalUnit : organizationalUnits) {
            if (this.authorizationManager.authorize(organizationalUnit, this.identity)) {
                arrayList.add(organizationalUnit);
            }
        }
        return arrayList;
    }
}
