package org.apache.isis.extensions.secman.integration.authorizor;

import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import lombok.NonNull;
import org.apache.isis.applib.Identifier;
import org.apache.isis.applib.annotation.InteractionScope;
import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
import org.apache.isis.applib.services.iactnlayer.InteractionContext;
import org.apache.isis.commons.internal.collections._Maps;
import org.apache.isis.core.security.authorization.Authorizor;
import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionMode;
import org.apache.isis.extensions.secman.applib.permission.dom.ApplicationPermissionValueSet;
import org.apache.isis.extensions.secman.applib.user.dom.ApplicationUserRepository;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;

@Service
@Named("isis.ext.secman.AuthorizorSecman")
@Priority(536870901)
@Qualifier("Secman")
/* loaded from: input_file:org/apache/isis/extensions/secman/integration/authorizor/AuthorizorSecman.class */
public class AuthorizorSecman implements Authorizor {

    @Inject
    ApplicationUserRepository applicationUserRepository;

    @Inject
    Provider<PermissionCache> cache;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Component
    @Named("isis.ext.secman.AuthorizorSecman.PermissionCache")
    @InteractionScope
    /* loaded from: input_file:org/apache/isis/extensions/secman/integration/authorizor/AuthorizorSecman$PermissionCache.class */
    public static class PermissionCache implements DisposableBean {
        private Map<String, Optional<ApplicationPermissionValueSet>> permissionsByUsername;

        PermissionCache() {
        }

        public void destroy() throws Exception {
            this.permissionsByUsername = null;
        }

        Optional<ApplicationPermissionValueSet> computeIfAbsent(@NonNull String str, Supplier<Optional<ApplicationPermissionValueSet>> supplier) {
            if (str == null) {
                throw new NullPointerException("userName is marked non-null but is null");
            }
            if (this.permissionsByUsername == null) {
                this.permissionsByUsername = _Maps.newHashMap();
            }
            return this.permissionsByUsername.computeIfAbsent(str, str2 -> {
                return (Optional) supplier.get();
            });
        }
    }

    public boolean isVisible(InteractionContext interactionContext, Identifier identifier) {
        return grants(interactionContext, identifier, ApplicationPermissionMode.VIEWING);
    }

    public boolean isUsable(InteractionContext interactionContext, Identifier identifier) {
        return grants(interactionContext, identifier, ApplicationPermissionMode.CHANGING);
    }

    private boolean grants(InteractionContext interactionContext, Identifier identifier, ApplicationPermissionMode applicationPermissionMode) {
        String name = interactionContext.getUser().getName();
        return ((Boolean) ((PermissionCache) this.cache.get()).computeIfAbsent(name, () -> {
            return this.applicationUserRepository.findByUsername(name).map((v0) -> {
                return v0.getPermissionSet();
            });
        }).map(applicationPermissionValueSet -> {
            return Boolean.valueOf(applicationPermissionValueSet.grants(ApplicationFeatureId.fromIdentifier(identifier), applicationPermissionMode));
        }).orElse(false)).booleanValue();
    }
}
