package org.craftercms.studio.api.v2.security;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.craftercms.commons.aop.AopUtils;
import org.craftercms.commons.security.exception.PermissionException;
import org.craftercms.commons.security.permissions.Permission;
import org.craftercms.commons.security.permissions.PermissionEvaluator;
import org.craftercms.commons.security.permissions.annotations.ProtectedResource;
import org.craftercms.commons.security.permissions.annotations.ProtectedResourceId;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v2.exception.security.ActionsDeniedException;
import org.springframework.core.annotation.Order;

@Aspect
@Order(-1)
/* loaded from: input_file:org/craftercms/studio/api/v2/security/HasAnyPermissionsAnnotationHandler.class */
public class HasAnyPermissionsAnnotationHandler {
    private static final String ERROR_KEY_EVALUATOR_NOT_FOUND = "security.permission.evaluatorNotFound";
    private static final String ERROR_KEY_EVALUATION_FAILED = "security.permission.evaluationFailed";
    protected Map<Class<?>, PermissionEvaluator<?, ?>> permissionEvaluators;
    protected SecurityService securityService;

    @Around("@within(org.craftercms.studio.api.v2.security.HasAnyPermissions) || @annotation(org.craftercms.studio.api.v2.security.HasAnyPermissions)")
    public Object checkPermissions(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        boolean z = false;
        Method actualMethod = AopUtils.getActualMethod(proceedingJoinPoint);
        HasAnyPermissions hasAnyPermissionsAnnotation = getHasAnyPermissionsAnnotation(actualMethod, proceedingJoinPoint);
        Class<? extends Permission> type = hasAnyPermissionsAnnotation.type();
        String[] actions = hasAnyPermissionsAnnotation.actions();
        PermissionEvaluator<?, ?> permissionEvaluator = this.permissionEvaluators.get(type);
        Object annotatedProtectedResource = getAnnotatedProtectedResource(actualMethod, proceedingJoinPoint);
        if (annotatedProtectedResource == null) {
            annotatedProtectedResource = getAnnotatedProtectedResourceIds(actualMethod, proceedingJoinPoint);
        }
        if (permissionEvaluator == null) {
            throw new PermissionException(ERROR_KEY_EVALUATOR_NOT_FOUND, new Object[]{type});
        }
        try {
            for (String str : actions) {
                z = z || permissionEvaluator.isAllowed(annotatedProtectedResource, str);
            }
            if (z) {
                return proceedingJoinPoint.proceed();
            }
            StringBuilder sb = new StringBuilder();
            sb.append("User ").append(this.securityService.getCurrentUser()).append(" does not have any of the requested permissions ").append((String) Stream.of((Object[]) actions).collect(Collectors.joining(",", "[", "]")));
            throw new ActionsDeniedException(sb.toString());
        } catch (PermissionException e) {
            throw new PermissionException(ERROR_KEY_EVALUATION_FAILED, e, new Object[0]);
        }
    }

    protected HasAnyPermissions getHasAnyPermissionsAnnotation(Method method, ProceedingJoinPoint proceedingJoinPoint) {
        HasAnyPermissions hasAnyPermissions = (HasAnyPermissions) method.getAnnotation(HasAnyPermissions.class);
        if (hasAnyPermissions == null) {
            hasAnyPermissions = (HasAnyPermissions) proceedingJoinPoint.getTarget().getClass().getAnnotation(HasAnyPermissions.class);
        }
        return hasAnyPermissions;
    }

    protected Object getAnnotatedProtectedResource(Method method, ProceedingJoinPoint proceedingJoinPoint) {
        Annotation[][] parameterAnnotations = method.getParameterAnnotations();
        Object[] args = proceedingJoinPoint.getArgs();
        for (int i = 0; i < parameterAnnotations.length; i++) {
            for (Annotation annotation : parameterAnnotations[i]) {
                if (annotation instanceof ProtectedResource) {
                    return args[i];
                }
            }
        }
        return null;
    }

    protected Map<String, Object> getAnnotatedProtectedResourceIds(Method method, ProceedingJoinPoint proceedingJoinPoint) {
        ProtectedResourceId[][] parameterAnnotations = method.getParameterAnnotations();
        Object[] args = proceedingJoinPoint.getArgs();
        HashMap hashMap = null;
        for (int i = 0; i < parameterAnnotations.length; i++) {
            for (ProtectedResourceId protectedResourceId : parameterAnnotations[i]) {
                if (protectedResourceId instanceof ProtectedResourceId) {
                    String value = protectedResourceId.value();
                    if (hashMap == null) {
                        hashMap = new HashMap();
                    }
                    hashMap.put(value, args[i]);
                }
            }
        }
        return hashMap;
    }

    public Map<Class<?>, PermissionEvaluator<?, ?>> getPermissionEvaluators() {
        return this.permissionEvaluators;
    }

    public void setPermissionEvaluators(Map<Class<?>, PermissionEvaluator<?, ?>> map) {
        this.permissionEvaluators = map;
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }
}
