package io.vertigo.account.impl.authorization;

import io.vertigo.account.authorization.AuthorizationManager;
import io.vertigo.account.authorization.UserAuthorizations;
import io.vertigo.account.authorization.definitions.Authorization;
import io.vertigo.account.authorization.definitions.AuthorizationName;
import io.vertigo.account.authorization.definitions.OperationName;
import io.vertigo.account.authorization.definitions.SecuredEntity;
import io.vertigo.account.authorization.definitions.rulemodel.RuleMultiExpression;
import io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator;
import io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator;
import io.vertigo.account.security.UserSession;
import io.vertigo.account.security.VSecurityManager;
import io.vertigo.core.lang.Assertion;
import io.vertigo.core.node.Node;
import io.vertigo.datamodel.criteria.Criteria;
import io.vertigo.datamodel.criteria.Criterions;
import io.vertigo.datamodel.structure.definitions.DtDefinition;
import io.vertigo.datamodel.structure.model.KeyConcept;
import io.vertigo.datamodel.structure.util.DtObjectUtil;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;

/* loaded from: input_file:io/vertigo/account/impl/authorization/AuthorizationManagerImpl.class */
public final class AuthorizationManagerImpl implements AuthorizationManager {
    private static final String USER_SESSION_ACL_KEY = "vertigo.account.authorizations";
    private final VSecurityManager securityManager;

    @Inject
    public AuthorizationManagerImpl(VSecurityManager vSecurityManager) {
        Assertion.check().isNotNull(vSecurityManager);
        this.securityManager = vSecurityManager;
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public UserAuthorizations obtainUserAuthorizations() {
        return getUserAuthorizationsOpt().orElseThrow(() -> {
            return new IllegalArgumentException("Can't getUserAuthorizations, check your have create an UserSession before.");
        });
    }

    private Optional<UserAuthorizations> getUserAuthorizationsOpt() {
        Optional currentUserSession = this.securityManager.getCurrentUserSession();
        if (currentUserSession.isEmpty()) {
            return Optional.empty();
        }
        UserAuthorizations userAuthorizations = (UserAuthorizations) ((UserSession) currentUserSession.get()).getAttribute(USER_SESSION_ACL_KEY);
        if (userAuthorizations == null) {
            userAuthorizations = new UserAuthorizations();
            ((UserSession) currentUserSession.get()).putAttribute(USER_SESSION_ACL_KEY, userAuthorizations);
        }
        return Optional.of(userAuthorizations);
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public boolean hasAuthorization(AuthorizationName... authorizationNameArr) {
        Assertion.check().isNotNull(authorizationNameArr);
        return ((Boolean) getUserAuthorizationsOpt().map(userAuthorizations -> {
            return Boolean.valueOf(userAuthorizations.hasAuthorization(authorizationNameArr));
        }).orElse(false)).booleanValue();
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public <K extends KeyConcept> boolean isAuthorized(K k, OperationName<K> operationName) {
        Assertion.check().isNotNull(k).isNotNull(operationName);
        return getAuthorizedOperations(k).contains(operationName.name());
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public <K extends KeyConcept> Criteria<K> getCriteriaSecurity(Class<K> cls, OperationName<K> operationName) {
        Assertion.check().isNotNull(cls).isNotNull(operationName);
        Optional<UserAuthorizations> userAuthorizationsOpt = getUserAuthorizationsOpt();
        if (userAuthorizationsOpt.isEmpty()) {
            return Criterions.alwaysFalse();
        }
        UserAuthorizations userAuthorizations = userAuthorizationsOpt.get();
        DtDefinition findDtDefinition = DtObjectUtil.findDtDefinition(cls);
        SecuredEntity findSecuredEntity = findSecuredEntity(findDtDefinition);
        List<Criteria<K>> list = (List) userAuthorizations.getEntityAuthorizations(findDtDefinition).stream().filter(authorization -> {
            return authorization.getOperation().get().equals(operationName.name()) || authorization.getOverrides().contains(operationName.name());
        }).flatMap(authorization2 -> {
            return authorization2.getRules().stream();
        }).map(ruleMultiExpression -> {
            return ((CriteriaSecurityRuleTranslator) new CriteriaSecurityRuleTranslator().on(findSecuredEntity)).withRule(ruleMultiExpression).withCriteria(userAuthorizations.getSecurityKeys()).toCriteria();
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return Criterions.alwaysFalse();
        }
        Criteria<K> criteria = null;
        for (Criteria<K> criteria2 : list) {
            criteria = criteria == null ? criteria2 : criteria.or(criteria2);
        }
        return criteria;
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public <K extends KeyConcept> String getSearchSecurity(Class<K> cls, OperationName<K> operationName) {
        Assertion.check().isNotNull(cls).isNotNull(operationName);
        Optional<UserAuthorizations> userAuthorizationsOpt = getUserAuthorizationsOpt();
        if (userAuthorizationsOpt.isEmpty()) {
            return "";
        }
        DtDefinition findDtDefinition = DtObjectUtil.findDtDefinition(cls);
        SecuredEntity findSecuredEntity = findSecuredEntity(findDtDefinition);
        UserAuthorizations userAuthorizations = userAuthorizationsOpt.get();
        SearchSecurityRuleTranslator withCriteria = ((SearchSecurityRuleTranslator) new SearchSecurityRuleTranslator().on(findSecuredEntity)).withCriteria(userAuthorizations.getSecurityKeys());
        Iterator it = ((List) userAuthorizations.getEntityAuthorizations(findDtDefinition).stream().filter(authorization -> {
            return authorization.getOperation().get().equals(operationName.name());
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            Iterator<RuleMultiExpression> it2 = ((Authorization) it.next()).getRules().iterator();
            while (it2.hasNext()) {
                withCriteria.withRule(it2.next());
            }
        }
        return withCriteria.toSearchQuery();
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public Set<String> getPriorAuthorizations() {
        return (Set) getUserAuthorizationsOpt().map((v0) -> {
            return v0.getPriorAuthorizationNames();
        }).orElseGet(Collections::emptySet);
    }

    @Override // io.vertigo.account.authorization.AuthorizationManager
    public <K extends KeyConcept> List<String> getAuthorizedOperations(K k) {
        Assertion.check().isNotNull(k);
        Optional<UserAuthorizations> userAuthorizationsOpt = getUserAuthorizationsOpt();
        if (userAuthorizationsOpt.isEmpty()) {
            return Collections.emptyList();
        }
        UserAuthorizations userAuthorizations = userAuthorizationsOpt.get();
        DtDefinition findDtDefinition = DtObjectUtil.findDtDefinition(k);
        SecuredEntity findSecuredEntity = findSecuredEntity(findDtDefinition);
        return (List) userAuthorizations.getEntityAuthorizations(findDtDefinition).stream().filter(authorization -> {
            return authorization.getRules().stream().anyMatch(ruleMultiExpression -> {
                return ((CriteriaSecurityRuleTranslator) new CriteriaSecurityRuleTranslator().on(findSecuredEntity)).withRule(ruleMultiExpression).withCriteria(userAuthorizations.getSecurityKeys()).toCriteria().toPredicate().test(k);
            });
        }).flatMap(authorization2 -> {
            return Stream.concat(Stream.of(authorization2.getOperation().get()), authorization2.getOverrides().stream());
        }).collect(Collectors.toList());
    }

    public static SecuredEntity findSecuredEntity(DtDefinition dtDefinition) {
        Assertion.check().isNotNull(dtDefinition);
        return Node.getNode().getDefinitionSpace().resolve("Sec" + dtDefinition.getName(), SecuredEntity.class);
    }
}
