package org.openl.rules.security;

import java.util.Collection;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/openl/rules/security/AccessVoter.class */
public class AccessVoter implements AccessDecisionVoter<Object> {
    public boolean supports(Class<?> cls) {
        return true;
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public int vote(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) {
        int i = 0;
        for (ConfigAttribute configAttribute : collection) {
            if (supports(configAttribute)) {
                i = -1;
                String attribute = configAttribute.getAttribute();
                for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
                    String authority = grantedAuthority.getAuthority();
                    if (attribute.equals(authority) || Privileges.ADMIN.name().equals(authority)) {
                        return 1;
                    }
                    if (grantedAuthority instanceof Group) {
                        Group group = (Group) grantedAuthority;
                        if (group.hasPrivilege(Privileges.ADMIN.name()) || group.hasPrivilege(attribute)) {
                            return 1;
                        }
                    }
                }
            }
        }
        return i;
    }
}
