package io.vertigo.account.impl.authorization;

import io.vertigo.account.authorization.AuthorizationManager;
import io.vertigo.account.authorization.UserAuthorizations;
import io.vertigo.account.authorization.metamodel.Authorization;
import io.vertigo.account.authorization.metamodel.AuthorizationName;
import io.vertigo.account.authorization.metamodel.OperationName;
import io.vertigo.account.authorization.metamodel.SecuredEntity;
import io.vertigo.account.authorization.metamodel.rulemodel.RuleMultiExpression;
import io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator;
import io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator;
import io.vertigo.app.Home;
import io.vertigo.core.definition.DefinitionUtil;
import io.vertigo.dynamo.criteria.Criteria;
import io.vertigo.dynamo.criteria.Criterions;
import io.vertigo.dynamo.domain.metamodel.DtDefinition;
import io.vertigo.dynamo.domain.model.KeyConcept;
import io.vertigo.dynamo.domain.util.DtObjectUtil;
import io.vertigo.lang.Assertion;
import io.vertigo.persona.security.UserSession;
import io.vertigo.persona.security.VSecurityManager;
import java.io.Serializable;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Inject;

/* loaded from: input_file:io/vertigo/account/impl/authorization/AuthorizationManagerImpl.class */
public final class AuthorizationManagerImpl implements AuthorizationManager {
    private static final String USER_SESSION_ACL_KEY = "vertigo.account.authorizations";
    private final VSecurityManager securityManager;

    @Inject
    public AuthorizationManagerImpl(VSecurityManager vSecurityManager) {
        Assertion.checkNotNull(vSecurityManager);
        this.securityManager = vSecurityManager;
    }

    public UserAuthorizations obtainUserAuthorizations() {
        return getUserPermissionsOpt().orElseThrow(() -> {
            return new IllegalArgumentException("Can't getUserPermissions, check your have create an UserSession before.");
        });
    }

    private Optional<UserAuthorizations> getUserPermissionsOpt() {
        Optional currentUserSession = this.securityManager.getCurrentUserSession();
        if (!currentUserSession.isPresent()) {
            return Optional.empty();
        }
        Serializable serializable = (UserAuthorizations) ((UserSession) currentUserSession.get()).getAttribute(USER_SESSION_ACL_KEY);
        if (serializable == null) {
            serializable = new UserAuthorizations();
            ((UserSession) currentUserSession.get()).putAttribute(USER_SESSION_ACL_KEY, serializable);
        }
        return Optional.of(serializable);
    }

    public boolean hasAuthorization(AuthorizationName authorizationName) {
        Assertion.checkNotNull(authorizationName);
        return ((Boolean) getUserPermissionsOpt().map(userAuthorizations -> {
            return Boolean.valueOf(userAuthorizations.hasAuthorization(authorizationName));
        }).orElse(false)).booleanValue();
    }

    public <K extends KeyConcept> boolean isAuthorized(K k, OperationName<K> operationName) {
        Assertion.checkNotNull(k);
        Assertion.checkNotNull(operationName);
        Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
        if (!userPermissionsOpt.isPresent()) {
            return false;
        }
        UserAuthorizations userAuthorizations = userPermissionsOpt.get();
        DtDefinition findDtDefinition = DtObjectUtil.findDtDefinition(k);
        SecuredEntity findSecuredEntity = findSecuredEntity(findDtDefinition);
        return userAuthorizations.getEntityAuthorizations(findDtDefinition).stream().filter(authorization -> {
            return ((String) authorization.getOperation().get()).equals(operationName.name()) || authorization.getOverrides().contains(operationName.name());
        }).flatMap(authorization2 -> {
            return authorization2.getRules().stream();
        }).anyMatch(ruleMultiExpression -> {
            return new CriteriaSecurityRuleTranslator().on(findSecuredEntity).withRule(ruleMultiExpression).withCriteria(userAuthorizations.getSecurityKeys()).toCriteria().toPredicate().test(k);
        });
    }

    public <K extends KeyConcept> Criteria<K> getCriteriaSecurity(Class<K> cls, OperationName<K> operationName) {
        Assertion.checkNotNull(cls);
        Assertion.checkNotNull(operationName);
        Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
        if (!userPermissionsOpt.isPresent()) {
            return Criterions.alwaysFalse();
        }
        UserAuthorizations userAuthorizations = userPermissionsOpt.get();
        DtDefinition findDtDefinition = DtObjectUtil.findDtDefinition(cls);
        SecuredEntity findSecuredEntity = findSecuredEntity(findDtDefinition);
        List<Criteria<K>> list = (List) userAuthorizations.getEntityAuthorizations(findDtDefinition).stream().filter(authorization -> {
            return ((String) authorization.getOperation().get()).equals(operationName.name()) || authorization.getOverrides().contains(operationName.name());
        }).flatMap(authorization2 -> {
            return authorization2.getRules().stream();
        }).map(ruleMultiExpression -> {
            return new CriteriaSecurityRuleTranslator().on(findSecuredEntity).withRule(ruleMultiExpression).withCriteria(userAuthorizations.getSecurityKeys()).toCriteria();
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return Criterions.alwaysFalse();
        }
        Criteria<K> criteria = null;
        for (Criteria<K> criteria2 : list) {
            criteria = criteria == null ? criteria2 : criteria.or(criteria2);
        }
        return criteria;
    }

    public <K extends KeyConcept> String getSearchSecurity(Class<K> cls, OperationName<K> operationName) {
        Assertion.checkNotNull(cls);
        Assertion.checkNotNull(operationName);
        Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
        if (!userPermissionsOpt.isPresent()) {
            return "";
        }
        UserAuthorizations userAuthorizations = userPermissionsOpt.get();
        SearchSecurityRuleTranslator searchSecurityRuleTranslator = new SearchSecurityRuleTranslator();
        searchSecurityRuleTranslator.withCriteria(userAuthorizations.getSecurityKeys());
        Iterator it = ((List) userAuthorizations.getEntityAuthorizations(DtObjectUtil.findDtDefinition(cls)).stream().filter(authorization -> {
            return ((String) authorization.getOperation().get()).equals(operationName.name());
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            Iterator it2 = ((Authorization) it.next()).getRules().iterator();
            while (it2.hasNext()) {
                searchSecurityRuleTranslator.withRule((RuleMultiExpression) it2.next());
            }
        }
        return searchSecurityRuleTranslator.toSearchQuery();
    }

    public <K extends KeyConcept> List<String> getAuthorizedOperations(K k) {
        Assertion.checkNotNull(k);
        Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
        if (!userPermissionsOpt.isPresent()) {
            return Collections.emptyList();
        }
        return (List) userPermissionsOpt.get().getEntityAuthorizations(DtObjectUtil.findDtDefinition(k)).stream().map(authorization -> {
            return (String) authorization.getOperation().get();
        }).collect(Collectors.toList());
    }

    public static SecuredEntity findSecuredEntity(DtDefinition dtDefinition) {
        Assertion.checkNotNull(dtDefinition);
        return Home.getApp().getDefinitionSpace().resolve(DefinitionUtil.getPrefix(SecuredEntity.class) + dtDefinition.getName(), SecuredEntity.class);
    }
}
