package org.hawkular.accounts.api.internal.impl;

import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.PermissionService;
import org.hawkular.accounts.api.PersonaService;
import org.hawkular.accounts.api.ResourceService;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.accounts.api.model.Persona;
import org.hawkular.accounts.api.model.Resource;
import org.hawkular.accounts.api.model.Role;

@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/lib/hawkular-accounts-api-2.0.9.Final.jar:org/hawkular/accounts/api/internal/impl/PermissionCheckerImpl.class */
public class PermissionCheckerImpl implements PermissionChecker {

    @Inject
    PermissionService permissionService;

    @Inject
    PersonaService personaService;

    @Inject
    ResourceService resourceService;

    @Inject
    Instance<Persona> personaInstance;

    @Override // org.hawkular.accounts.api.PermissionChecker
    public boolean isAllowedTo(Operation operation, Resource resource, Persona persona) {
        if (null == resource) {
            throw new IllegalArgumentException("Resource to be checked is invalid (null).");
        }
        if (null == operation) {
            throw new IllegalArgumentException("Operation to be checked is invalid (null).");
        }
        if (null == persona) {
            throw new IllegalArgumentException("Persona that performs the operation is invalid (null).");
        }
        if (null == resource.getPersona()) {
            return isAllowedTo(operation, resource.getParent(), persona);
        }
        if (persona.equals(resource.getPersona())) {
            return true;
        }
        Set<Role> permittedRoles = this.permissionService.getPermittedRoles(operation);
        Stream<Role> stream = this.personaService.getEffectiveRolesForResource(persona, resource).stream();
        permittedRoles.getClass();
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    @Override // org.hawkular.accounts.api.PermissionChecker
    public boolean isAllowedTo(Operation operation, String str, Persona persona) {
        return isAllowedTo(operation, this.resourceService.get(str), persona);
    }

    @Override // org.hawkular.accounts.api.PermissionChecker
    public boolean isAllowedTo(Operation operation, Resource resource) {
        return isAllowedTo(operation, resource, this.personaInstance.get());
    }

    @Override // org.hawkular.accounts.api.PermissionChecker
    public boolean isAllowedTo(Operation operation, String str) {
        return isAllowedTo(operation, this.resourceService.get(str));
    }
}
