package io.graphence.security.event;

import io.graphence.core.dto.CurrentUser;
import io.graphence.core.dto.enumType.PermissionType;
import io.graphoenix.core.handler.DocumentManager;
import io.graphoenix.spi.graphql.Definition;
import io.graphoenix.spi.graphql.common.ValueWithVariable;
import io.graphoenix.spi.graphql.operation.Field;
import io.graphoenix.spi.graphql.operation.Operation;
import io.graphoenix.spi.graphql.type.FieldDefinition;
import io.graphoenix.spi.graphql.type.ObjectType;
import io.graphoenix.spi.handler.OperationBeforeHandler;
import jakarta.annotation.Priority;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.inject.Provider;
import jakarta.json.JsonValue;
import java.util.AbstractMap;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.casbin.jcasbin.main.Enforcer;
import reactor.core.publisher.Mono;

@ApplicationScoped
@Priority(RBACFilter.RBAC_FILTER_PRIORITY)
/* loaded from: input_file:io/graphence/security/event/RBACFilter.class */
public class RBACFilter implements OperationBeforeHandler {
    public static final int RBAC_FILTER_PRIORITY = 110;
    private final DocumentManager documentManager;
    private final Enforcer enforcer;
    private final Provider<Mono<CurrentUser>> currentUserMonoProvider;

    @Inject
    public RBACFilter(DocumentManager documentManager, Enforcer enforcer, Provider<Mono<CurrentUser>> provider) {
        this.documentManager = documentManager;
        this.enforcer = enforcer;
        this.currentUserMonoProvider = provider;
    }

    public Mono<Operation> handle(Operation operation, Map<String, JsonValue> map) {
        ObjectType operationTypeOrError = this.documentManager.getOperationTypeOrError(operation);
        return ((Mono) this.currentUserMonoProvider.get()).map(currentUser -> {
            return operation.setSelections((Collection) operation.getFields().stream().flatMap(field -> {
                FieldDefinition field = operationTypeOrError.getField(field.getName());
                if (field.isInvokeField()) {
                    return enforceApi(currentUser, operationTypeOrError, field, field, this.documentManager.isMutationOperationType(operation) ? PermissionType.WRITE : PermissionType.READ);
                }
                return field.getFields() != null ? enforce(currentUser, operationTypeOrError, field, field) : Stream.of(field);
            }).map(field2 -> {
                return (!this.documentManager.isMutationOperationType(operation) || field2.getArguments() == null) ? field2 : field2.setArguments(enforce(currentUser, operationTypeOrError.getField(field2.getName()), field2.getArguments().getArguments()));
            }).collect(Collectors.toList()));
        }).switchIfEmpty(Mono.defer(() -> {
            return Mono.just(operation.setSelections((Collection) operation.getFields().stream().filter(field -> {
                FieldDefinition field = operationTypeOrError.getField(field.getName());
                return !field.isDenyAll() && field.isPermitAll();
            }).collect(Collectors.toList())));
        }));
    }

    protected Stream<Field> enforceApi(CurrentUser currentUser, ObjectType objectType, FieldDefinition fieldDefinition, Field field, PermissionType permissionType) {
        return (fieldDefinition.isDenyAll() || !(fieldDefinition.isPermitAll() || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
            return String.valueOf(v0);
        }).orElse(""), objectType.getName() + "::" + fieldDefinition.getName(), permissionType.name()}))) ? Stream.empty() : Stream.of(field);
    }

    protected Stream<Field> enforce(CurrentUser currentUser, ObjectType objectType, FieldDefinition fieldDefinition, Field field) {
        Definition fieldTypeDefinition = this.documentManager.getFieldTypeDefinition(fieldDefinition);
        if (fieldDefinition.isConnectionField()) {
            if (this.documentManager.isOperationType(objectType) || (!fieldDefinition.isDenyAll() && (fieldDefinition.isPermitAll() || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + fieldDefinition.getConnectionFieldOrError(), PermissionType.WRITE.name()}) || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + fieldDefinition.getConnectionFieldOrError(), PermissionType.READ.name()})))) {
                field.setSelections((Collection) field.getFields().stream().flatMap(field2 -> {
                    if (!field2.getName().equals("edges") || field2.getField("node") == null) {
                        return Stream.of(field2);
                    }
                    Field field2 = field2.getField("node");
                    Definition fieldTypeDefinition2 = this.documentManager.getFieldTypeDefinition(objectType.getField(fieldDefinition.getConnectionFieldOrError()));
                    List list = (List) field2.getFields().stream().flatMap(field3 -> {
                        return enforce(currentUser, fieldTypeDefinition2.asObject(), fieldTypeDefinition2.asObject().getField(field3.getName()), field3);
                    }).collect(Collectors.toList());
                    if (list.isEmpty()) {
                        return Stream.empty();
                    }
                    field2.setSelections(list);
                    return Stream.of(field2);
                }).collect(Collectors.toList()));
                return field.getField("edges") != null ? Stream.of(field) : Stream.empty();
            }
        } else if (fieldTypeDefinition.isObject()) {
            String substring = fieldDefinition.isAggregateField() ? fieldDefinition.getName().substring(0, fieldDefinition.getName().lastIndexOf("Aggregate")) : fieldDefinition.getName();
            if (this.documentManager.isOperationType(objectType) || (!fieldDefinition.isDenyAll() && (fieldDefinition.isPermitAll() || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + substring, PermissionType.WRITE.name()}) || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + substring, PermissionType.READ.name()})))) {
                List list = (List) field.getFields().stream().flatMap(field3 -> {
                    return enforce(currentUser, fieldTypeDefinition.asObject(), fieldTypeDefinition.asObject().getField(field3.getName()), field3);
                }).collect(Collectors.toList());
                return list.isEmpty() ? Stream.empty() : Stream.of(field.setSelections(list));
            }
        } else {
            String functionFieldOrError = fieldDefinition.isFunctionField() ? fieldDefinition.getFunctionFieldOrError() : fieldDefinition.getName();
            if (!fieldDefinition.isDenyAll() && (fieldDefinition.isPermitAll() || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + functionFieldOrError, PermissionType.WRITE.name()}) || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                return String.valueOf(v0);
            }).orElse(""), objectType.getName() + "::" + functionFieldOrError, PermissionType.READ.name()}))) {
                return Stream.of(field);
            }
        }
        return Stream.empty();
    }

    protected Map<String, ValueWithVariable> enforce(CurrentUser currentUser, FieldDefinition fieldDefinition, Map<String, ValueWithVariable> map) {
        Definition fieldTypeDefinition = this.documentManager.getFieldTypeDefinition(fieldDefinition);
        return (!fieldTypeDefinition.isObject() || fieldTypeDefinition.asObject().isContainer()) ? map : (Map) Stream.concat(fieldTypeDefinition.asObject().getFields().stream().flatMap(fieldDefinition2 -> {
            return fieldDefinition.getArgumentOrEmpty(fieldDefinition2.getName()).flatMap(inputValue -> {
                return Optional.ofNullable((ValueWithVariable) map.get(inputValue.getName())).or(() -> {
                    return Optional.ofNullable(inputValue.getDefaultValue());
                }).flatMap(valueWithVariable -> {
                    return (fieldDefinition2.isDenyAll() || !(fieldDefinition2.isPermitAll() || this.enforcer.enforce(new Object[]{"U::" + currentUser.getId(), Optional.ofNullable(currentUser.getRealmId()).map((v0) -> {
                        return String.valueOf(v0);
                    }).orElse(""), fieldTypeDefinition.getName() + "::" + inputValue.getName(), PermissionType.WRITE.name()}))) ? Optional.empty() : (this.documentManager.getFieldTypeDefinition(fieldDefinition2).isObject() || !valueWithVariable.isNull()) ? fieldDefinition2.getType().hasList() ? Optional.of(new AbstractMap.SimpleEntry(inputValue.getName(), ValueWithVariable.of(valueWithVariable.asArray().getValueWithVariables().stream().map(valueWithVariable -> {
                        return enforce(currentUser, fieldDefinition2, valueWithVariable.asObject().getObjectValueWithVariable());
                    }).collect(Collectors.toList())))) : Optional.of(new AbstractMap.SimpleEntry(inputValue.getName(), ValueWithVariable.of(enforce(currentUser, fieldDefinition2, valueWithVariable.asObject().getObjectValueWithVariable())))) : Optional.of(new AbstractMap.SimpleEntry(inputValue.getName(), valueWithVariable));
                });
            }).stream();
        }), fieldDefinition.getArgumentOrEmpty("list").stream().flatMap(inputValue -> {
            return Optional.ofNullable((ValueWithVariable) map.get(inputValue.getName())).or(() -> {
                return Optional.ofNullable(inputValue.getDefaultValue());
            }).map(valueWithVariable -> {
                return !valueWithVariable.isNull() ? new AbstractMap.SimpleEntry(inputValue.getName(), ValueWithVariable.of(valueWithVariable.asArray().getValueWithVariables().stream().map(valueWithVariable -> {
                    return enforce(currentUser, fieldDefinition, valueWithVariable.asObject().getObjectValueWithVariable());
                }).collect(Collectors.toList()))) : new AbstractMap.SimpleEntry(inputValue.getName(), valueWithVariable);
            }).stream();
        })).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }
}
