package org.webswing.server.services.security.extension.accessmapping;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.webswing.server.common.model.security.WebswingAction;
import org.webswing.server.common.service.security.AuthenticatedWebswingUser;
import org.webswing.server.services.security.extension.api.SecurityModuleExtension;
import org.webswing.server.services.security.extension.api.WebswingUserDecorator;

/* loaded from: input_file:WEB-INF/lib/webswing-server-security-20.2.2.jar:org/webswing/server/services/security/extension/accessmapping/AccessMappingSecurityExtension.class */
public class AccessMappingSecurityExtension extends SecurityModuleExtension<AccessMappingExtensionConfig> {
    private Map<WebswingAction.AccessType, AccessTypeMapping> accessMapping;

    public AccessMappingSecurityExtension(AccessMappingExtensionConfig accessMappingExtensionConfig) {
        super(accessMappingExtensionConfig);
        this.accessMapping = new HashMap();
        for (AccessTypeMapping accessTypeMapping : getConfig().getAccessMapping()) {
            this.accessMapping.put(accessTypeMapping.getAccessType(), accessTypeMapping);
        }
    }

    @Override // org.webswing.server.services.security.extension.api.SecurityModuleExtension
    public AuthenticatedWebswingUser decorateUser(final AuthenticatedWebswingUser authenticatedWebswingUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new WebswingUserDecorator(authenticatedWebswingUser) { // from class: org.webswing.server.services.security.extension.accessmapping.AccessMappingSecurityExtension.1
            private static final long serialVersionUID = -3360930503393350015L;

            @Override // org.webswing.server.services.security.extension.api.WebswingUserDecorator, org.webswing.server.common.service.security.AuthenticatedWebswingUser
            public boolean isPermitted(String str) {
                WebswingAction.AccessType[] accessTypeArr;
                try {
                    accessTypeArr = WebswingAction.valueOf(str).getAccessTypes();
                } catch (IllegalArgumentException e) {
                    accessTypeArr = new WebswingAction.AccessType[]{WebswingAction.AccessType.admin};
                }
                for (WebswingAction.AccessType accessType : accessTypeArr) {
                    AccessTypeMapping accessTypeMapping = (AccessTypeMapping) AccessMappingSecurityExtension.this.accessMapping.get(accessType);
                    if (accessTypeMapping == null) {
                        Iterator<String> it = WebswingAction.DefaultRolePermissionResolver.getRolesForAccessType(accessType).iterator();
                        while (it.hasNext()) {
                            if (authenticatedWebswingUser.hasRole(it.next())) {
                                return true;
                            }
                        }
                    } else {
                        if (accessTypeMapping.isEveryone()) {
                            return true;
                        }
                        Iterator<String> it2 = accessTypeMapping.getUsers().iterator();
                        while (it2.hasNext()) {
                            if (StringUtils.equals(authenticatedWebswingUser.getUserId(), AccessMappingSecurityExtension.this.getConfig().getContext().replaceVariables(it2.next()))) {
                                return true;
                            }
                        }
                        Iterator<String> it3 = accessTypeMapping.getRoles().iterator();
                        while (it3.hasNext()) {
                            if (authenticatedWebswingUser.hasRole(AccessMappingSecurityExtension.this.getConfig().getContext().replaceVariables(it3.next()))) {
                                return true;
                            }
                        }
                    }
                }
                return false;
            }
        };
    }
}
