package it.vige.rubia.wildfly.auth;

import it.vige.rubia.auth.ActionContext;
import it.vige.rubia.auth.ForumsACLProvider;
import it.vige.rubia.auth.ForumsACLResource;
import it.vige.rubia.auth.SecurityContext;
import it.vige.rubia.auth.UIContext;
import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJBContext;
import javax.ejb.Stateless;
import javax.inject.Named;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.logging.Logger;
import org.jboss.security.acl.ACLProvider;
import org.jboss.security.acl.ACLProviderImpl;
import org.jboss.security.acl.BasicACLPermission;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.identity.plugins.SimpleIdentity;

@Named("forumsACLProvider")
@SecurityDomain("rubia-domain")
@RolesAllowed({"admin", "user", "guest"})
@Stateless
/* loaded from: input_file:WEB-INF/lib/rubia-forums-ejb.jar:it/vige/rubia/wildfly/auth/JBossACLProvider.class */
public class JBossACLProvider implements ForumsACLProvider {
    private static final long serialVersionUID = -5490482161183021121L;
    private static Logger log = Logger.getLogger(JBossACLProvider.class);

    @PersistenceContext(unitName = "forums")
    private EntityManager em;

    @Resource
    private EJBContext ejbContext;
    private ACLProvider provider = new ACLProviderImpl();

    @Override // it.vige.rubia.auth.ForumsACLProvider
    public boolean hasAccess(SecurityContext securityContext) {
        return securityContext instanceof UIContext ? hasAccess((UIContext) securityContext) : hasAccess((ActionContext) securityContext);
    }

    public boolean hasAccess(UIContext uIContext) {
        String fragment = uIContext.getFragment();
        this.provider.setPersistenceStrategy(new ForumsJPAPersistenceStrategy(this.em));
        ForumsACLResource forumsACLResource = (ForumsACLResource) this.em.find(ForumsACLResource.class, fragment);
        if (forumsACLResource == null) {
            forumsACLResource = new ForumsACLResource(fragment);
        }
        String str = "";
        if (this.ejbContext.getCallerPrincipal().getName().equals("anonymous")) {
            str = "guest";
        } else {
            if (this.ejbContext.isCallerInRole("admin")) {
                return true;
            }
            if (this.ejbContext.isCallerInRole("user")) {
                str = "user";
            }
        }
        boolean z = false;
        try {
            z = this.provider.isAccessGranted(forumsACLResource, new SimpleIdentity(str), BasicACLPermission.READ);
            if (z) {
                forumsACLResource.add("runtimeInfo", uIContext.getContextData());
                forumsACLResource.add("identity", uIContext.getIdentity());
                z = forumsACLResource.evaluate();
            }
        } catch (AuthorizationException e) {
            log.error(e);
        }
        return z;
    }

    public boolean hasAccess(ActionContext actionContext) {
        String name = actionContext.getManagedBean().getClass().getName();
        String str = name.substring(0, name.indexOf("$Proxy$_$$_WeldSubclass")) + ":" + actionContext.getBusinessAction().getName();
        this.provider.setPersistenceStrategy(new ForumsJPAPersistenceStrategy(this.em));
        ForumsACLResource forumsACLResource = (ForumsACLResource) this.em.find(ForumsACLResource.class, str);
        if (forumsACLResource == null) {
            forumsACLResource = new ForumsACLResource(str);
        }
        String str2 = "";
        if (this.ejbContext.getCallerPrincipal().getName().equals("anonymous")) {
            str2 = "guest";
        } else {
            if (this.ejbContext.isCallerInRole("admin")) {
                return true;
            }
            if (this.ejbContext.isCallerInRole("user")) {
                str2 = "user";
            }
        }
        boolean z = false;
        try {
            z = this.provider.isAccessGranted(forumsACLResource, new SimpleIdentity(str2), BasicACLPermission.READ);
            if (z) {
                forumsACLResource.add("runtimeInfo", new Object[]{actionContext.getManagedBean()});
                forumsACLResource.add("identity", actionContext.getIdentity());
                z = forumsACLResource.evaluate();
            }
        } catch (AuthorizationException e) {
            log.error(e);
        }
        return z;
    }
}
