package org.rapidoid.security;

import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import org.rapidoid.beany.Beany;
import org.rapidoid.beany.Metadata;
import org.rapidoid.beany.Prop;
import org.rapidoid.cls.Cls;
import org.rapidoid.security.annotation.CanChange;
import org.rapidoid.security.annotation.CanDelete;
import org.rapidoid.security.annotation.CanInsert;
import org.rapidoid.security.annotation.CanManage;
import org.rapidoid.security.annotation.CanRead;
import org.rapidoid.u.U;
import org.rapidoid.util.Constants;

/* loaded from: input_file:org/rapidoid/security/Secure.class */
public class Secure implements Constants {
    private static AppSecurity security = (AppSecurity) Cls.customizable(AppSecurity.class, new Object[0]);

    public static boolean hasRole(String str, String str2) {
        return security.hasRole(str, str2, null, null);
    }

    public static boolean hasRoleForClass(String str, String str2, Class<?> cls) {
        return security.hasRole(str, str2, Cls.unproxy(cls), null);
    }

    public static boolean hasRoleForRecord(String str, String str2, Object obj) {
        return security.hasRole(str, str2, Cls.unproxy(obj.getClass()), obj);
    }

    public static boolean isAdmin(String str) {
        return security.isAdmin(str);
    }

    public static boolean isManager(String str) {
        return security.isManager(str);
    }

    public static boolean isModerator(String str) {
        return security.isModerator(str);
    }

    public static boolean isOwnerOf(String str, Object obj) {
        return security.isOwnerOf(str, obj);
    }

    public static boolean isSharedWith(String str, Object obj) {
        return security.isSharedWith(str, obj);
    }

    public static boolean canAccessClass(String str, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        Class<?> unproxy = Cls.unproxy(cls);
        return hasRoleBasedClassAccess(str, unproxy) && security.canAccessClass(str, unproxy);
    }

    public static boolean canAccessMethod(String str, Method method) {
        U.notNull(method, "method", new Object[0]);
        return canAccessClass(str, method.getDeclaringClass()) && hasRoleBasedMethodAccess(str, method);
    }

    public static boolean hasRoleBasedClassAccess(String str, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        return hasRoleBasedAccess(str, Cls.unproxy(cls), null);
    }

    public static boolean hasRoleBasedObjectAccess(String str, Object obj) {
        U.notNull(obj, "target", new Object[0]);
        return hasRoleBasedAccess(str, Cls.unproxy(obj.getClass()), obj);
    }

    private static boolean hasRoleBasedAccess(String str, Class<?> cls, Object obj) {
        Class<?> unproxy = Cls.unproxy(cls);
        String[] rolesAllowed = security.getRolesAllowed(unproxy);
        return rolesAllowed.length == 0 || hasAnyRole(str, rolesAllowed, unproxy, obj);
    }

    public static boolean hasRoleBasedMethodAccess(String str, Method method) {
        U.notNull(method, "method", new Object[0]);
        String[] rolesAllowed = security.getRolesAllowed(method);
        return rolesAllowed.length == 0 || hasAnyRole(str, rolesAllowed);
    }

    public static boolean hasAnyRole(String str, String[] strArr, Class<?> cls, Object obj) {
        Class<?> unproxy = Cls.unproxy(cls);
        for (String str2 : strArr) {
            if (security.hasRole(str, str2, unproxy, obj)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnyRole(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (security.hasRole(str, str2)) {
                return true;
            }
        }
        return false;
    }

    public static DataPermissions getPropertyPermissions(String str, Class<?> cls, Object obj, String str2) {
        U.notNull(cls, "class", new Object[0]);
        Class unproxy = Cls.unproxy(cls);
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, unproxy, obj)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.propAnnotation(unproxy, str2, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.propAnnotation(unproxy, str2, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.propAnnotation(unproxy, str2, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.propAnnotation(unproxy, str2, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.propAnnotation(unproxy, str2, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, canRead.value(), unproxy, obj);
        boolean z2 = canInsert != null && hasAnyRole(str, canInsert.value(), unproxy, obj);
        boolean z3 = canChange != null && hasAnyRole(str, canChange.value(), unproxy, obj);
        boolean z4 = canDelete != null && hasAnyRole(str, canDelete.value(), unproxy, obj);
        boolean z5 = canManage != null && hasAnyRole(str, canManage.value(), unproxy, obj);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    public static DataPermissions getClassPermissions(String str, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        Class unproxy = Cls.unproxy(cls);
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, unproxy, null)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.classAnnotation(unproxy, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.classAnnotation(unproxy, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.classAnnotation(unproxy, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.classAnnotation(unproxy, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.classAnnotation(unproxy, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, canRead.value(), unproxy, null);
        boolean z2 = canInsert != null && hasAnyRole(str, canInsert.value(), unproxy, null);
        boolean z3 = canChange != null && hasAnyRole(str, canChange.value(), unproxy, null);
        boolean z4 = canDelete != null && hasAnyRole(str, canDelete.value(), unproxy, null);
        boolean z5 = canManage != null && hasAnyRole(str, canManage.value(), unproxy, null);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    public static DataPermissions getObjectPermissions(String str, Object obj) {
        U.notNull(obj, "target", new Object[0]);
        Class unproxy = Cls.unproxy(obj.getClass());
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, unproxy, null)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.classAnnotation(unproxy, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.classAnnotation(unproxy, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.classAnnotation(unproxy, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.classAnnotation(unproxy, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.classAnnotation(unproxy, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, canRead.value(), unproxy, obj);
        boolean z2 = canInsert != null && hasAnyRole(str, canInsert.value(), unproxy, obj);
        boolean z3 = canChange != null && hasAnyRole(str, canChange.value(), unproxy, obj);
        boolean z4 = canDelete != null && hasAnyRole(str, canDelete.value(), unproxy, obj);
        boolean z5 = canManage != null && hasAnyRole(str, canManage.value(), unproxy, obj);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    public static boolean canRead(String str, Object obj) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).read;
    }

    public static boolean canInsert(String str, Object obj) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).insert;
    }

    public static boolean canUpdate(String str, Object obj) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).change;
    }

    public static boolean canDelete(String str, Object obj) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).delete;
    }

    public static boolean canReadProperty(String str, Object obj, String str2) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).read && getPropertyPermissions(str, obj.getClass(), obj, str2).read;
    }

    public static boolean canUpdateProperty(String str, Object obj, String str2) {
        return hasRoleBasedObjectAccess(str, obj) && getObjectPermissions(str, obj).change && getPropertyPermissions(str, obj.getClass(), obj, str2).change;
    }

    public static void resetInvisibleProperties(String str, Object obj) {
        Iterator it = Beany.propertiesOf(obj).iterator();
        while (it.hasNext()) {
            Prop prop = (Prop) it.next();
            if (!getPropertyPermissions(str, obj.getClass(), obj, prop.getName()).read) {
                prop.reset(obj);
            }
        }
    }
}
