package org.apache.streampipes.rest.security;

import java.io.Serializable;
import java.util.List;
import java.util.function.Predicate;
import org.apache.streampipes.model.client.user.Permission;
import org.apache.streampipes.model.client.user.Role;
import org.apache.streampipes.model.pipeline.PipelineElementRecommendation;
import org.apache.streampipes.model.pipeline.PipelineElementRecommendationMessage;
import org.apache.streampipes.storage.management.StorageDispatcher;
import org.apache.streampipes.user.management.model.PrincipalUserDetails;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/streampipes-rest-0.93.0.jar:org/apache/streampipes/rest/security/SpPermissionEvaluator.class */
public class SpPermissionEvaluator implements PermissionEvaluator {
    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        PrincipalUserDetails<?> userDetails = getUserDetails(authentication);
        if (obj instanceof PipelineElementRecommendationMessage) {
            return isAdmin(userDetails) || filterRecommendation(authentication, (PipelineElementRecommendationMessage) obj);
        }
        String str = (String) obj;
        if (isAdmin(userDetails)) {
            return true;
        }
        return hasPermission(authentication, str);
    }

    private boolean filterRecommendation(Authentication authentication, PipelineElementRecommendationMessage pipelineElementRecommendationMessage) {
        Predicate<? super PipelineElementRecommendation> predicate = pipelineElementRecommendation -> {
            return !hasPermission(authentication, pipelineElementRecommendation.getElementId());
        };
        pipelineElementRecommendationMessage.getRecommendedElements().removeIf(predicate);
        pipelineElementRecommendationMessage.getPossibleElements().removeIf(predicate);
        return true;
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        if (isAdmin(getUserDetails(authentication))) {
            return true;
        }
        return hasPermission(authentication, serializable.toString());
    }

    private boolean hasPermission(Authentication authentication, String str) {
        return isPublicElement(str) || getUserDetails(authentication).getAllObjectPermissions().contains(str);
    }

    private PrincipalUserDetails<?> getUserDetails(Authentication authentication) {
        return (PrincipalUserDetails) authentication.getPrincipal();
    }

    private boolean isPublicElement(String str) {
        List<Permission> userPermissionsForObject = StorageDispatcher.INSTANCE.getNoSqlStore().getPermissionStorage().getUserPermissionsForObject(str);
        return userPermissionsForObject.size() > 0 && userPermissionsForObject.get(0).isPublicElement();
    }

    private boolean isAdmin(PrincipalUserDetails<?> principalUserDetails) {
        return principalUserDetails.getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equals(Role.Constants.ROLE_ADMIN_VALUE);
        });
    }
}
