package com.dtolabs.rundeck.core.storage;

import com.dtolabs.rundeck.core.authorization.Attribute;
import com.dtolabs.rundeck.core.authorization.AuthContext;
import com.dtolabs.rundeck.core.authorization.AuthorizationUtil;
import com.dtolabs.rundeck.core.authorization.NamedAuthContext;
import com.dtolabs.rundeck.core.common.Framework;
import com.dtolabs.rundeck.core.common.FrameworkProject;
import com.dtolabs.rundeck.core.data.ScriptVarExpander;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.rundeck.storage.api.HasInputStream;
import org.rundeck.storage.api.Path;
import org.rundeck.storage.api.Resource;
import org.rundeck.storage.api.StorageException;

/* loaded from: input_file:com/dtolabs/rundeck/core/storage/AuthRundeckStorageTree.class */
public class AuthRundeckStorageTree implements AuthStorageTree {
    public static final String READ = "read";
    public static final String DELETE = "delete";
    public static final String CREATE = "create";
    public static final String UPDATE = "update";
    public static final String STORAGE_PATH_AUTH_RES_TYPE = "storage";
    public static final String PATH_RES_KEY = "path";
    public static final String NAME_RES_KEY = "name";
    public static final String PROJECT_PATH_COMPONENT = "project";
    private StorageTree storageTree;

    public AuthRundeckStorageTree(StorageTree storageTree) {
        this.storageTree = storageTree;
    }

    private boolean authorizedPath(AuthContext authContext, Path path, String str) {
        return authContext.evaluate(resourceForPath(path), str, environmentForPath(path)).isAuthorized();
    }

    private Map<String, String> resourceForPath(Path path) {
        return AuthorizationUtil.resource("storage", authResForPath(path));
    }

    private Map<String, String> authResForPath(Path path) {
        HashMap hashMap = new HashMap();
        hashMap.put("path", path.getPath());
        hashMap.put("name", path.getName());
        return hashMap;
    }

    Set<Attribute> environmentForPath(Path path) {
        String[] split = path.getPath().split(ScriptVarExpander.PROPERTY_SCRIPT_VAR_NODE_CHAR);
        return (split == null || split.length <= 2 || !split[0].equals("project")) ? Framework.RUNDECK_APP_ENV : FrameworkProject.authorizationEnvironment(split[1]);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public boolean hasPath(AuthContext authContext, Path path) {
        return authorizedPath(authContext, path, "read") && this.storageTree.hasPath(path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public boolean hasResource(AuthContext authContext, Path path) {
        return authorizedPath(authContext, path, "read") && this.storageTree.hasResource(path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public boolean hasDirectory(AuthContext authContext, Path path) {
        return authorizedPath(authContext, path, "read") && this.storageTree.hasDirectory(path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Resource<ResourceMeta> getPath(AuthContext authContext, Path path) {
        if (!authorizedPath(authContext, path, "read")) {
            throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.READ, path);
        }
        Resource<ResourceMeta> path2 = this.storageTree.getPath(path);
        return path2.isDirectory() ? path2 : path2;
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Resource<ResourceMeta> getResource(AuthContext authContext, Path path) {
        if (authorizedPath(authContext, path, "read")) {
            return this.storageTree.getResource(path);
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.READ, path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Set<Resource<ResourceMeta>> listDirectoryResources(AuthContext authContext, Path path) {
        if (authorizedPath(authContext, path, "read")) {
            return filteredResources(authContext, this.storageTree.listDirectoryResources(path), "read");
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.LIST, path);
    }

    private Set<Resource<ResourceMeta>> filteredResources(AuthContext authContext, Set<Resource<ResourceMeta>> set, String str) {
        HashSet hashSet = new HashSet();
        for (Resource<ResourceMeta> resource : set) {
            if (authorizedPath(authContext, resource.getPath(), str)) {
                hashSet.add(resource);
            }
        }
        return hashSet;
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Set<Resource<ResourceMeta>> listDirectory(AuthContext authContext, Path path) {
        if (authorizedPath(authContext, path, "read")) {
            return filteredResources(authContext, this.storageTree.listDirectory(path), "read");
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.LIST, path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Set<Resource<ResourceMeta>> listDirectorySubdirs(AuthContext authContext, Path path) {
        if (authorizedPath(authContext, path, "read")) {
            return filteredResources(authContext, this.storageTree.listDirectorySubdirs(path), "read");
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.READ, path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public boolean deleteResource(AuthContext authContext, Path path) {
        if (authorizedPath(authContext, path, "delete")) {
            return this.storageTree.deleteResource(path);
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.DELETE, path);
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Resource<ResourceMeta> createResource(AuthContext authContext, Path path, ResourceMeta resourceMeta) {
        if (authorizedPath(authContext, path, "create")) {
            return this.storageTree.createResource(path, withUsername(authContext, resourceMeta, true));
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.CREATE, path);
    }

    private ResourceMeta withUsername(AuthContext authContext, ResourceMeta resourceMeta, boolean z) {
        if (!(authContext instanceof NamedAuthContext)) {
            return resourceMeta;
        }
        NamedAuthContext namedAuthContext = (NamedAuthContext) authContext;
        ResourceMetaBuilder create = StorageUtil.create(new HashMap(resourceMeta.getMeta()));
        if (z) {
            AuthStorageUsernameMeta.createResource(namedAuthContext, create);
        } else {
            AuthStorageUsernameMeta.updateResource(namedAuthContext, create);
        }
        return StorageUtil.withStream((HasInputStream) resourceMeta, create.getResourceMeta());
    }

    @Override // com.dtolabs.rundeck.core.storage.ExtTree
    public Resource<ResourceMeta> updateResource(AuthContext authContext, Path path, ResourceMeta resourceMeta) {
        if (authorizedPath(authContext, path, "update")) {
            return this.storageTree.updateResource(path, withUsername(authContext, resourceMeta, false));
        }
        throw new StorageAuthorizationException("Unauthorized access", StorageException.Event.UPDATE, path);
    }
}
