package io.dialob.security.spring.tenant;

import io.dialob.security.tenant.Tenant;
import java.util.Objects;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/dialob-security-spring-2.1.5.jar:io/dialob/security/spring/tenant/GrantedTenantAccessEvaluator.class */
public class GrantedTenantAccessEvaluator implements TenantAccessEvaluator {
    private final Tenant publicTenant;

    public GrantedTenantAccessEvaluator() {
        this(null);
    }

    public GrantedTenantAccessEvaluator(Tenant tenant) {
        this.publicTenant = tenant;
    }

    @Override // io.dialob.security.spring.tenant.TenantAccessEvaluator
    public boolean doesUserHaveAccessToTenant(Tenant tenant) {
        if (this.publicTenant != null && this.publicTenant.getId().equals(tenant.getId())) {
            return true;
        }
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || !(context.getAuthentication() instanceof AbstractAuthenticationToken)) {
            return false;
        }
        AbstractAuthenticationToken abstractAuthenticationToken = (AbstractAuthenticationToken) context.getAuthentication();
        if (canAccessAnyTenant(abstractAuthenticationToken)) {
            return true;
        }
        return abstractAuthenticationToken.getAuthorities().stream().filter(grantedAuthority -> {
            return grantedAuthority instanceof TenantGrantedAuthority;
        }).anyMatch(grantedAuthority2 -> {
            return ((TenantGrantedAuthority) grantedAuthority2).getTenantId().equals(tenant.getId());
        });
    }

    protected boolean canAccessAnyTenant(AbstractAuthenticationToken abstractAuthenticationToken) {
        Objects.requireNonNull(abstractAuthenticationToken);
        return false;
    }
}
