package com.netflix.spinnaker.clouddriver.security;

import com.netflix.spinnaker.fiat.model.Authorization;
import com.netflix.spinnaker.fiat.model.UserPermission;
import com.netflix.spinnaker.fiat.model.resources.ResourceType;
import com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator;
import com.netflix.spinnaker.kork.annotations.NonnullByDefault;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import lombok.Generated;

@NonnullByDefault
/* loaded from: input_file:com/netflix/spinnaker/clouddriver/security/DefaultAccountSecurityPolicy.class */
public class DefaultAccountSecurityPolicy implements AccountSecurityPolicy {
    private final FiatPermissionEvaluator permissionEvaluator;

    @Override // com.netflix.spinnaker.clouddriver.security.AccountSecurityPolicy
    public boolean isAdmin(String str) {
        return Optional.ofNullable(this.permissionEvaluator.getPermission(str)).filter((v0) -> {
            return v0.isAdmin();
        }).isPresent();
    }

    @Override // com.netflix.spinnaker.clouddriver.security.AccountSecurityPolicy
    public boolean isAccountManager(String str) {
        return Optional.ofNullable(this.permissionEvaluator.getPermission(str)).filter(view -> {
            return isAccountManager(view) || view.isAdmin();
        }).isPresent();
    }

    @Override // com.netflix.spinnaker.clouddriver.security.AccountSecurityPolicy
    public Set<String> getRoles(String str) {
        return (Set) Optional.ofNullable(this.permissionEvaluator.getPermission(str)).stream().flatMap(view -> {
            return view.getRoles().stream().map((v0) -> {
                return v0.getName();
            });
        }).collect(Collectors.toSet());
    }

    @Override // com.netflix.spinnaker.clouddriver.security.AccountSecurityPolicy
    public boolean canUseAccount(@Nonnull String str, @Nonnull String str2) {
        return Optional.ofNullable(this.permissionEvaluator.getPermission(str)).filter(view -> {
            return view.isAdmin() || this.permissionEvaluator.hasPermission(str, str2, ResourceType.ACCOUNT.getName(), Authorization.WRITE);
        }).isPresent();
    }

    @Override // com.netflix.spinnaker.clouddriver.security.AccountSecurityPolicy
    public boolean canModifyAccount(@Nonnull String str, @Nonnull String str2) {
        return Optional.ofNullable(this.permissionEvaluator.getPermission(str)).filter(view -> {
            return view.isAdmin() || (isAccountManager(view) && this.permissionEvaluator.hasPermission(str, str2, ResourceType.ACCOUNT.getName(), Authorization.WRITE));
        }).isPresent();
    }

    private static boolean isAccountManager(UserPermission.View view) {
        return view.isAccountManager();
    }

    @Generated
    public DefaultAccountSecurityPolicy(FiatPermissionEvaluator fiatPermissionEvaluator) {
        this.permissionEvaluator = fiatPermissionEvaluator;
    }
}
