package org.molgenis.data.security.owned;

import java.util.Objects;
import org.molgenis.data.Entity;
import org.molgenis.data.EntityAlreadyExistsException;
import org.molgenis.data.Repository;
import org.molgenis.data.security.EntityIdentity;
import org.molgenis.data.security.EntityPermission;
import org.molgenis.data.security.exception.EntityPermissionDeniedException;
import org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator;
import org.molgenis.security.core.PermissionSet;
import org.molgenis.security.core.SidUtils;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.molgenis.util.UnexpectedEnumException;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.ObjectIdentity;

/* loaded from: input_file:org/molgenis/data/security/owned/RowLevelSecurityRepositoryDecorator.class */
public class RowLevelSecurityRepositoryDecorator extends AbstractRowLevelSecurityRepositoryDecorator<Entity> {
    private final UserPermissionEvaluator userPermissionEvaluator;
    private final MutableAclService mutableAclService;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RowLevelSecurityRepositoryDecorator(Repository<Entity> repository, UserPermissionEvaluator userPermissionEvaluator, MutableAclService mutableAclService) {
        super(repository, mutableAclService);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
        this.mutableAclService = (MutableAclService) Objects.requireNonNull(mutableAclService);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(Entity entity, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        return isActionPermitted(toEntityIdentity(entity), action);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public boolean isActionPermitted(Object obj, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        return isActionPermitted(toEntityIdentity(obj), action);
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void throwPermissionException(Entity entity, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        throw new EntityPermissionDeniedException(getPermission(action), entity);
    }

    private boolean isActionPermitted(EntityIdentity entityIdentity, AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        if (action == AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE) {
            return true;
        }
        return this.userPermissionEvaluator.hasPermission(entityIdentity, getPermission(action));
    }

    private EntityPermission getPermission(AbstractRowLevelSecurityRepositoryDecorator.Action action) {
        EntityPermission entityPermission;
        switch (action) {
            case COUNT:
            case READ:
                entityPermission = EntityPermission.READ;
                break;
            case UPDATE:
                entityPermission = EntityPermission.UPDATE;
                break;
            case DELETE:
                entityPermission = EntityPermission.DELETE;
                break;
            case CREATE:
                throw new UnexpectedEnumException(AbstractRowLevelSecurityRepositoryDecorator.Action.CREATE);
            default:
                throw new IllegalArgumentException("Illegal operation");
        }
        return entityPermission;
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void createAcl(Entity entity) {
        try {
            MutableAcl createAcl = this.mutableAclService.createAcl(new EntityIdentity(entity));
            createAcl.insertAce(createAcl.getEntries().size(), PermissionSet.WRITE, SidUtils.createSecurityContextSid(), true);
            this.mutableAclService.updateAcl(createAcl);
        } catch (AlreadyExistsException e) {
            throw new EntityAlreadyExistsException(entity, e);
        }
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(Entity entity) {
        deleteAcl((ObjectIdentity) new EntityIdentity(entity));
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void deleteAcl(Object obj) {
        deleteAcl((ObjectIdentity) toEntityIdentity(obj));
    }

    @Override // org.molgenis.data.security.owned.AbstractRowLevelSecurityRepositoryDecorator
    public void updateAcl(Entity entity) {
    }

    private EntityIdentity toEntityIdentity(Object obj) {
        return new EntityIdentity(getEntityType().getId(), obj);
    }

    private EntityIdentity toEntityIdentity(Entity entity) {
        return new EntityIdentity(entity.getEntityType().getId(), entity.getIdValue());
    }
}
