package org.apache.causeway.security.shiro.authorization;

import jakarta.annotation.Priority;
import jakarta.inject.Named;
import org.apache.causeway.applib.Identifier;
import org.apache.causeway.applib.services.iactnlayer.InteractionContext;
import org.apache.causeway.core.security.authorization.Authorizor;
import org.apache.causeway.security.shiro.context.ShiroSecurityContext;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;

@Named("causeway.security.AuthorizorShiro")
@Priority(536870911)
@Service
@Qualifier("Shiro")
/* loaded from: input_file:org/apache/causeway/security/shiro/authorization/AuthorizorShiro.class */
public class AuthorizorShiro implements Authorizor {
    public boolean isVisible(InteractionContext interactionContext, Identifier identifier) {
        return isPermitted(interactionContext.getUser().getName(), identifier, "r");
    }

    public boolean isUsable(InteractionContext interactionContext, Identifier identifier) {
        return isPermitted(interactionContext.getUser().getName(), identifier, "w");
    }

    private boolean isPermitted(String str, Identifier identifier, String str2) {
        if (getSecurityManager() == null) {
            return true;
        }
        try {
            boolean isPermitted = SecurityUtils.getSubject().isPermitted(asPermissionsString(identifier) + ":" + str2);
            CausewayPermission.resetVetoedPermissions();
            return isPermitted;
        } catch (Throwable th) {
            CausewayPermission.resetVetoedPermissions();
            throw th;
        }
    }

    private String asPermissionsString(Identifier identifier) {
        return identifier.getLogicalType().getLogicalTypeNameFormatted(":", ":") + ":" + identifier.getMemberLogicalName();
    }

    protected RealmSecurityManager getSecurityManager() {
        return ShiroSecurityContext.getSecurityManager();
    }
}
