package org.molgenis.data.security.auth;

import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Objects;
import org.molgenis.data.security.GroupIdentity;
import org.molgenis.data.security.PackageIdentity;
import org.molgenis.security.core.PermissionService;
import org.molgenis.security.core.PermissionSet;
import org.molgenis.security.core.SidUtils;
import org.molgenis.security.core.model.GroupValue;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.Sid;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:org/molgenis/data/security/auth/GroupPermissionService.class */
public class GroupPermissionService {
    private final MutableAclService aclService;
    private final PermissionService permissionService;
    private static final Map<String, PermissionSet> PERMISSION_SETS_PER_ROLE = ImmutableMap.of(GroupService.MANAGER, PermissionSet.WRITEMETA, GroupService.EDITOR, PermissionSet.WRITE, GroupService.VIEWER, PermissionSet.READ);

    public GroupPermissionService(MutableAclService mutableAclService, PermissionService permissionService) {
        this.aclService = (MutableAclService) Objects.requireNonNull(mutableAclService);
        this.permissionService = (PermissionService) Objects.requireNonNull(permissionService);
    }

    public void grantDefaultPermissions(GroupValue groupValue) {
        PackageIdentity packageIdentity = new PackageIdentity(groupValue.getRootPackage().getName());
        GroupIdentity groupIdentity = new GroupIdentity(groupValue.getName());
        this.aclService.createAcl(groupIdentity);
        groupValue.getRoles().forEach(roleValue -> {
            PermissionSet permissionSet = PERMISSION_SETS_PER_ROLE.get(roleValue.getLabel());
            Sid createRoleSid = SidUtils.createRoleSid(roleValue.getName());
            this.permissionService.grant(packageIdentity, permissionSet, createRoleSid);
            this.permissionService.grant(groupIdentity, permissionSet, createRoleSid);
        });
        if (groupValue.isPublic()) {
            this.permissionService.grant(groupIdentity, PermissionSet.READ, SidUtils.createAuthoritySid("ROLE_USER"));
        }
    }
}
