package io.camunda.authentication.handler;

import io.camunda.authentication.entity.CamundaUser;
import io.camunda.service.AuthorizationServices;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import java.util.Optional;
import java.util.Set;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:io/camunda/authentication/handler/CustomMethodSecurityExpressionRoot.class */
public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
    private static final Set<String> READ_ACCESS_AUTHORITIES = Set.of(PermissionType.READ.name());
    private static final Set<String> WRITE_ACCESS_AUTHORITIES = Set.of(PermissionType.UPDATE.name(), PermissionType.CREATE.name(), PermissionType.DELETE.name());
    private final AuthorizationServices authorizationServices;
    private Object filterObject;
    private Object returnObject;

    public CustomMethodSecurityExpressionRoot(Authentication authentication, AuthorizationServices authorizationServices) {
        super(authentication);
        this.authorizationServices = authorizationServices;
    }

    public boolean hasReadAccess(String str) {
        return hasReadAccess(str, "*");
    }

    public boolean hasReadAccess(String str, String str2) {
        return hasPermissions(str, str2, READ_ACCESS_AUTHORITIES);
    }

    public boolean hasWriteAccess(String str) {
        return hasWriteAccess(str, "*");
    }

    public boolean hasWriteAccess(String str, String str2) {
        return hasPermissions(str, str2, WRITE_ACCESS_AUTHORITIES);
    }

    public boolean hasPermissions(String str, String str2, Set<String> set) {
        return ((Boolean) extractOwner().map(str3 -> {
            return Boolean.valueOf(this.authorizationServices.fetchAssignedPermissions(str3, AuthorizationResourceType.valueOf(str), str2).containsAll(set));
        }).orElse(false)).booleanValue();
    }

    private Optional<String> extractOwner() {
        JwtAuthenticationToken authentication = getAuthentication();
        if (authentication != null) {
            Object principal = authentication.getPrincipal();
            if (principal instanceof CamundaUser) {
                return Optional.of(((CamundaUser) principal).getUsername());
            }
            if (authentication instanceof JwtAuthenticationToken) {
            }
        }
        return Optional.empty();
    }

    public Object getFilterObject() {
        return this.filterObject;
    }

    public Object getReturnObject() {
        return this.returnObject;
    }

    public Object getThis() {
        return this;
    }

    public void setFilterObject(Object obj) {
        this.filterObject = obj;
    }

    public void setReturnObject(Object obj) {
        this.returnObject = obj;
    }
}
