package org.omilab.psm.conf;

import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
import org.omilab.psm.model.db.AbstractProject;
import org.omilab.psm.model.db.MainNavigationItemProject;
import org.omilab.psm.repo.GenericProjectRepository;
import org.omilab.psm.service.role.RoleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/org/omilab/psm/conf/OmilabPermissionEvaluator.class */
public class OmilabPermissionEvaluator implements PermissionEvaluator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OmilabPermissionEvaluator.class);
    private final RoleService roles;
    private final GenericProjectRepository projectRepo;

    @Autowired
    public OmilabPermissionEvaluator(RoleService roleService, GenericProjectRepository genericProjectRepository) {
        this.roles = roleService;
        this.projectRepo = genericProjectRepository;
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        logger.debug("--------------------------------------------------");
        logger.debug("Started permission evaluation ...");
        if ((obj2 instanceof String) && (obj instanceof String) && obj2.equals("visitor")) {
            if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
                return true;
            }
            Boolean bool = true;
            Iterator<MainNavigationItemProject> it = this.projectRepo.findByUrlidentifier((String) obj).getNavigation().iterator();
            while (it.hasNext()) {
                if (it.next().getAuthentication().booleanValue()) {
                    bool = false;
                }
            }
            return bool.booleanValue();
        }
        if (!(authentication instanceof CasAuthenticationToken)) {
            logger.debug("Disable permission evaluation, as user is NOT logged in");
            return false;
        }
        String username = ((UserDetails) authentication.getPrincipal()).getUsername();
        logger.debug("Found user: " + username);
        if (this.roles.isFranchiseAdmin(username).booleanValue()) {
            logger.debug(username + " is franchise administrator. Disabled further permission processing and granted all rights!");
            return true;
        }
        if ((obj instanceof String) && obj.equals("franchise")) {
            return false;
        }
        if ((obj instanceof AbstractProject) && (obj2 instanceof String)) {
            logger.debug("Evaluating project: " + ((AbstractProject) obj).getUrlidentifier());
            List<String> roles = this.roles.getRoles(((AbstractProject) obj).getUrlidentifier(), username);
            logger.debug("Roles of user: " + roles.toString());
            if (obj2.equals("projectadmin") && roles.contains("PROJECT_OWNER")) {
                logger.debug("User is project administrator! Authorizing ...");
                return true;
            }
        }
        if ((obj2 instanceof String) && (obj instanceof String)) {
            logger.debug("Evaluating project: " + ((String) obj));
            List<String> roles2 = this.roles.getRoles((String) obj, username);
            logger.debug("Roles of user: " + roles2.toString());
            if (obj2.equals("projectadmin") && roles2.contains("PROJECT_OWNER")) {
                logger.debug("User is project administrator! Authorizing ...");
                return true;
            }
        }
        logger.info("No suitable authorization found for: " + username);
        logger.debug("End of permission evaluation ...");
        logger.debug("--------------------------------------------------");
        return false;
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        throw new UnsupportedOperationException("ID based permission evaluation currently not supported.");
    }
}
