package io.tesler.core.security.impl.pdp;

import io.tesler.api.security.CheckDecision;
import io.tesler.api.security.ICheckResult;
import io.tesler.api.security.IPolicyDecisionPoint;
import io.tesler.api.security.attributes.IAttributeSet;
import io.tesler.core.crudma.CrudmaActionHolder;
import io.tesler.core.crudma.bc.BusinessComponent;
import io.tesler.core.crudma.bc.impl.InnerBcDescription;
import io.tesler.core.security.impl.AbstractObjectAccessPoint;
import io.tesler.core.security.impl.CheckResult;
import io.tesler.core.service.ResponseFactory;
import io.tesler.core.service.ResponseService;
import io.tesler.model.core.api.security.AccessService;
import io.tesler.model.core.entity.BaseEntity;
import io.tesler.model.core.entity.security.SecurableEntity;
import io.tesler.model.core.entity.security.types.Permission;
import lombok.Generated;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/tesler/core/security/impl/pdp/ObjectAccessDecision.class */
public class ObjectAccessDecision extends AbstractObjectAccessPoint implements IPolicyDecisionPoint<CrudmaActionHolder.CrudmaAction> {
    private final AccessService accessService;
    private final ResponseFactory respFactory;

    public ICheckResult check(IAttributeSet iAttributeSet, CrudmaActionHolder.CrudmaAction crudmaAction) {
        BusinessComponent bc = crudmaAction.getBc();
        ResponseService service = this.respFactory.getService((InnerBcDescription) bc.getDescription());
        BaseEntity oneAsEntity = service.hasPersister() ? service.getOneAsEntity(bc) : null;
        if (oneAsEntity instanceof SecurableEntity) {
            return new CheckResult(this.accessService.getPermission((SecurableEntity) oneAsEntity).compareTo(getRequiredPermission(crudmaAction)) >= 0 ? CheckDecision.Permit : CheckDecision.Deny);
        }
        return new CheckResult(CheckDecision.Permit);
    }

    private Permission getRequiredPermission(CrudmaActionHolder.CrudmaAction crudmaAction) {
        switch (crudmaAction.getActionType()) {
            case DELETE:
                return Permission.DELETE;
            case INVOKE:
            case UPDATE:
            case PREVIEW:
                return Permission.WRITE;
            default:
                return Permission.READ;
        }
    }

    @Generated
    public ObjectAccessDecision(AccessService accessService, ResponseFactory responseFactory) {
        this.accessService = accessService;
        this.respFactory = responseFactory;
    }
}
