package org.apache.kylin.rest.security;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.apache.kylin.common.persistence.AclEntity;
import org.apache.kylin.rest.service.AclService;
import org.apache.kylin.rest.util.AclPermissionUtil;
import org.springframework.security.acls.AclPermissionEvaluator;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.2.jar:org/apache/kylin/rest/security/KylinAclPermissionEvaluator.class */
public class KylinAclPermissionEvaluator extends AclPermissionEvaluator {
    private PermissionFactory kylinPermissionFactory;

    public KylinAclPermissionEvaluator(AclService aclService, PermissionFactory permissionFactory) {
        super(aclService);
        super.setPermissionFactory(permissionFactory);
        this.kylinPermissionFactory = permissionFactory;
    }

    @Override // org.springframework.security.acls.AclPermissionEvaluator, org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        ExternalAclProvider externalAclProvider = ExternalAclProvider.getInstance();
        if (externalAclProvider == null) {
            return super.hasPermission(authentication, obj, obj2);
        }
        if (obj == null) {
            return false;
        }
        AclEntity aclEntity = (AclEntity) obj;
        return checkExternalPermission(externalAclProvider, authentication, aclEntity.getClass().getSimpleName(), aclEntity.getId(), obj2);
    }

    private boolean checkExternalPermission(ExternalAclProvider externalAclProvider, Authentication authentication, String str, String str2, Object obj) {
        String name = authentication.getName();
        List<String> transformAuthorities = AclPermissionUtil.transformAuthorities(authentication.getAuthorities());
        Iterator<Permission> it = resolveKylinPermission(obj).iterator();
        while (it.hasNext()) {
            if (externalAclProvider.checkPermission(name, transformAuthorities, str, str2, it.next())) {
                return true;
            }
        }
        return false;
    }

    private List<Permission> resolveKylinPermission(Object obj) {
        Permission buildFromName;
        if (obj instanceof Integer) {
            return Arrays.asList(this.kylinPermissionFactory.buildFromMask(((Integer) obj).intValue()));
        }
        if (obj instanceof Permission) {
            return Arrays.asList((Permission) obj);
        }
        if (obj instanceof Permission[]) {
            return Arrays.asList((Permission[]) obj);
        }
        if (obj instanceof String) {
            String str = (String) obj;
            try {
                buildFromName = this.kylinPermissionFactory.buildFromName(str);
            } catch (IllegalArgumentException e) {
                buildFromName = this.kylinPermissionFactory.buildFromName(str.toUpperCase(Locale.ROOT));
            }
            if (buildFromName != null) {
                return Arrays.asList(buildFromName);
            }
        }
        throw new IllegalArgumentException("Unsupported permission: " + obj);
    }

    @Override // org.springframework.security.acls.AclPermissionEvaluator, org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        ExternalAclProvider externalAclProvider = ExternalAclProvider.getInstance();
        return externalAclProvider == null ? super.hasPermission(authentication, serializable, str, obj) : checkExternalPermission(externalAclProvider, authentication, str, serializable.toString(), obj);
    }
}
