package org.activiti.cloud.services.core;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.activiti.cloud.services.security.SecurityPoliciesService;
import org.activiti.cloud.services.security.SecurityPolicy;
import org.activiti.engine.UserGroupLookupProxy;
import org.activiti.engine.UserRoleLookupProxy;
import org.activiti.engine.repository.ProcessDefinitionQuery;
import org.activiti.engine.runtime.ProcessInstanceQuery;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/activiti-cloud-services-core-7-201802-EA.jar:org/activiti/cloud/services/core/SecurityPoliciesApplicationService.class */
public class SecurityPoliciesApplicationService {

    @Autowired(required = false)
    private UserGroupLookupProxy userGroupLookupProxy;

    @Autowired(required = false)
    private UserRoleLookupProxy userRoleLookupProxy;

    @Autowired
    private AuthenticationWrapper authenticationWrapper;

    @Autowired
    private SecurityPoliciesService securityPoliciesService;

    public ProcessDefinitionQuery restrictProcessDefQuery(ProcessDefinitionQuery processDefinitionQuery, SecurityPolicy securityPolicy) {
        Set<String> definitionKeysAllowedForRBPolicy;
        if (!noSecurityPoliciesOrNoUser() && (definitionKeysAllowedForRBPolicy = definitionKeysAllowedForRBPolicy(securityPolicy)) != null) {
            return processDefinitionQuery.processDefinitionKeys(definitionKeysAllowedForRBPolicy);
        }
        return processDefinitionQuery;
    }

    private boolean noSecurityPoliciesOrNoUser() {
        return !this.securityPoliciesService.policiesDefined() || this.authenticationWrapper.getAuthenticatedUserId() == null;
    }

    private Set<String> definitionKeysAllowedForRBPolicy(SecurityPolicy securityPolicy) {
        Map<String, Set<String>> definitionKeysAllowedForPolicy = definitionKeysAllowedForPolicy(securityPolicy);
        HashSet hashSet = new HashSet();
        Iterator<String> it = definitionKeysAllowedForPolicy.keySet().iterator();
        while (it.hasNext()) {
            hashSet.addAll(definitionKeysAllowedForPolicy.get(it.next()));
        }
        return hashSet;
    }

    private Map<String, Set<String>> definitionKeysAllowedForPolicy(SecurityPolicy securityPolicy) {
        List<String> list = null;
        if (this.userGroupLookupProxy != null && this.authenticationWrapper.getAuthenticatedUserId() != null) {
            list = this.userGroupLookupProxy.getGroupsForCandidateUser(this.authenticationWrapper.getAuthenticatedUserId());
        }
        return this.securityPoliciesService.getProcessDefinitionKeys(this.authenticationWrapper.getAuthenticatedUserId(), list, securityPolicy);
    }

    public ProcessInstanceQuery restrictProcessInstQuery(ProcessInstanceQuery processInstanceQuery, SecurityPolicy securityPolicy) {
        if (noSecurityPoliciesOrNoUser()) {
            return processInstanceQuery;
        }
        Set<String> definitionKeysAllowedForRBPolicy = definitionKeysAllowedForRBPolicy(securityPolicy);
        if (definitionKeysAllowedForRBPolicy != null && !definitionKeysAllowedForRBPolicy.isEmpty()) {
            return processInstanceQuery.processDefinitionKeys(definitionKeysAllowedForRBPolicy);
        }
        if ((definitionKeysAllowedForRBPolicy != null || !definitionKeysAllowedForRBPolicy.isEmpty()) && this.securityPoliciesService.policiesDefined()) {
            processInstanceQuery.processDefinitionId("1").processDefinitionId("2");
        }
        return processInstanceQuery;
    }

    public boolean canWrite(String str) {
        return hasPermission(str, SecurityPolicy.WRITE);
    }

    public boolean canRead(String str) {
        return hasPermission(str, SecurityPolicy.READ);
    }

    private boolean hasPermission(String str, SecurityPolicy securityPolicy) {
        if (!this.securityPoliciesService.policiesDefined() || this.userGroupLookupProxy == null || this.authenticationWrapper.getAuthenticatedUserId() == null) {
            return true;
        }
        if (this.userRoleLookupProxy != null && this.userRoleLookupProxy.isAdmin(this.authenticationWrapper.getAuthenticatedUserId())) {
            return true;
        }
        Set<String> definitionKeysAllowedForRBPolicy = definitionKeysAllowedForRBPolicy(securityPolicy);
        return definitionKeysAllowedForRBPolicy != null && definitionKeysAllowedForRBPolicy.contains(str);
    }
}
