package io.agrest.runtime.entity;

import io.agrest.AgException;
import io.agrest.access.CreateAuthorizer;
import io.agrest.access.DeleteAuthorizer;
import io.agrest.access.UpdateAuthorizer;
import io.agrest.runtime.processor.update.ChangeOperation;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;

/* loaded from: input_file:io/agrest/runtime/entity/ChangeAuthorizer.class */
public class ChangeAuthorizer implements IChangeAuthorizer {
    @Override // io.agrest.runtime.entity.IChangeAuthorizer
    public <T> void checkCreate(List<ChangeOperation<T>> list, CreateAuthorizer<T> createAuthorizer) {
        if (createAuthorizer.allowsAll()) {
            return;
        }
        checkRules(list, changeOperation -> {
            return createAuthorizer.isAllowed(changeOperation.getUpdate());
        });
    }

    @Override // io.agrest.runtime.entity.IChangeAuthorizer
    public <T> void checkUpdate(List<ChangeOperation<T>> list, UpdateAuthorizer<T> updateAuthorizer) {
        if (updateAuthorizer.allowsAll()) {
            return;
        }
        checkRules(list, changeOperation -> {
            return updateAuthorizer.isAllowed(changeOperation.getObject(), changeOperation.getUpdate());
        });
    }

    @Override // io.agrest.runtime.entity.IChangeAuthorizer
    public <T> void checkDelete(List<ChangeOperation<T>> list, DeleteAuthorizer<T> deleteAuthorizer) {
        if (deleteAuthorizer.allowsAll()) {
            return;
        }
        checkRules(list, changeOperation -> {
            return deleteAuthorizer.isAllowed(changeOperation.getObject());
        });
    }

    protected <T> void checkRules(List<ChangeOperation<T>> list, Predicate<ChangeOperation<T>> predicate) {
        for (ChangeOperation<T> changeOperation : list) {
            if (!predicate.test(changeOperation)) {
                Object idForErrorReport = idForErrorReport(changeOperation);
                Object[] objArr = new Object[3];
                objArr[0] = changeOperation.getType();
                objArr[1] = changeOperation.getEntity().getName();
                objArr[2] = idForErrorReport == null ? "" : " with id of " + idForErrorReport;
                throw AgException.forbidden("%s of %s%s was blocked by authorization rules", objArr);
            }
        }
    }

    protected <T> Object idForErrorReport(ChangeOperation<T> changeOperation) {
        Map<String, Object> id;
        if (changeOperation.getUpdate() != null && (id = changeOperation.getUpdate().getId()) != null) {
            return id.size() == 1 ? id.values().iterator().next() : id;
        }
        if (changeOperation.getObject() == null) {
            return null;
        }
        Object read = changeOperation.getEntity().getIdReader().read(changeOperation.getObject());
        return ((read instanceof Map) && ((Map) read).size() == 1) ? ((Map) read).values().iterator().next() : read;
    }
}
