package org.rapidoid.security;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.rapidoid.RapidoidThing;
import org.rapidoid.beany.Beany;
import org.rapidoid.beany.Metadata;
import org.rapidoid.beany.Prop;
import org.rapidoid.cls.Cls;
import org.rapidoid.security.annotation.Administrator;
import org.rapidoid.security.annotation.CanChange;
import org.rapidoid.security.annotation.CanDelete;
import org.rapidoid.security.annotation.CanInsert;
import org.rapidoid.security.annotation.CanManage;
import org.rapidoid.security.annotation.CanRead;
import org.rapidoid.security.annotation.HasRole;
import org.rapidoid.security.annotation.LoggedIn;
import org.rapidoid.security.annotation.Manager;
import org.rapidoid.security.annotation.Moderator;
import org.rapidoid.security.annotation.Role;
import org.rapidoid.u.U;
import org.rapidoid.util.Constants;

/* loaded from: input_file:org/rapidoid/security/Secure.class */
public class Secure extends RapidoidThing implements Constants {
    public static boolean hasRoleForClass(String str, Set<String> set, String str2, Class<?> cls) {
        return hasRole(str, set, str2, Cls.unproxy(cls), null);
    }

    public static boolean hasRoleForRecord(String str, Set<String> set, String str2, Object obj) {
        return hasRole(str, set, str2, Cls.unproxy(obj.getClass()), obj);
    }

    public static boolean isOwnerOf(String str, Set<String> set, Object obj) {
        return isOwnerOf(str, obj);
    }

    public static boolean isSharedWith(String str, Set<String> set, Object obj) {
        return isSharedWith(str, obj);
    }

    public static boolean canAccessClass(String str, Set<String> set, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        Class<?> unproxy = Cls.unproxy(cls);
        return hasRoleBasedClassAccess(str, set, unproxy) && canAccessClass(str, unproxy);
    }

    public static boolean canAccessMethod(String str, Set<String> set, Method method) {
        U.notNull(method, "method", new Object[0]);
        return canAccessClass(str, set, method.getDeclaringClass()) && hasRoleBasedMethodAccess(str, set, method);
    }

    public static boolean hasRoleBasedClassAccess(String str, Set<String> set, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        return hasRoleBasedAccess(str, set, Cls.unproxy(cls), null);
    }

    public static boolean hasRoleBasedObjectAccess(String str, Set<String> set, Object obj) {
        U.notNull(obj, "target", new Object[0]);
        return hasRoleBasedAccess(str, set, Cls.unproxy(obj.getClass()), obj);
    }

    private static boolean hasRoleBasedAccess(String str, Set<String> set, Class<?> cls, Object obj) {
        Class<?> unproxy = Cls.unproxy(cls);
        Set<String> rolesAllowed = getRolesAllowed(unproxy);
        return U.isEmpty(rolesAllowed) || hasAnyRole(str, set, rolesAllowed, unproxy, obj);
    }

    public static boolean hasRoleBasedMethodAccess(String str, Set<String> set, Method method) {
        U.notNull(method, "method", new Object[0]);
        Set<String> rolesAllowed = getRolesAllowed(method);
        return U.isEmpty(rolesAllowed) || hasAnyRole(str, set, rolesAllowed);
    }

    public static boolean hasAnyRole(String str, Set<String> set, Set<String> set2, Class<?> cls, Object obj) {
        Class<?> unproxy = Cls.unproxy(cls);
        Iterator<String> it = set2.iterator();
        while (it.hasNext()) {
            if (hasRole(str, set, it.next(), unproxy, obj)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnyRole(String str, Set<String> set, Set<String> set2) {
        Iterator<String> it = set2.iterator();
        while (it.hasNext()) {
            if (hasRole(str, set, it.next())) {
                return true;
            }
        }
        return false;
    }

    public static DataPermissions getPropertyPermissions(String str, Set<String> set, Class<?> cls, Object obj, String str2) {
        U.notNull(cls, "class", new Object[0]);
        Class<?> unproxy = Cls.unproxy(cls);
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, set, unproxy, obj)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.propAnnotation(unproxy, str2, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.propAnnotation(unproxy, str2, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.propAnnotation(unproxy, str2, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.propAnnotation(unproxy, str2, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.propAnnotation(unproxy, str2, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, set, roles(canRead.value()), unproxy, obj);
        boolean z2 = canInsert != null && hasAnyRole(str, set, roles(canInsert.value()), unproxy, obj);
        boolean z3 = canChange != null && hasAnyRole(str, set, roles(canChange.value()), unproxy, obj);
        boolean z4 = canDelete != null && hasAnyRole(str, set, roles(canDelete.value()), unproxy, obj);
        boolean z5 = canManage != null && hasAnyRole(str, set, roles(canManage.value()), unproxy, obj);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    private static Set<String> roles(String[] strArr) {
        return U.set(strArr);
    }

    public static DataPermissions getClassPermissions(String str, Set<String> set, Class<?> cls) {
        U.notNull(cls, "class", new Object[0]);
        Class<?> unproxy = Cls.unproxy(cls);
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, set, unproxy, null)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.classAnnotation(unproxy, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.classAnnotation(unproxy, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.classAnnotation(unproxy, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.classAnnotation(unproxy, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.classAnnotation(unproxy, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, set, roles(canRead.value()), unproxy, null);
        boolean z2 = canInsert != null && hasAnyRole(str, set, roles(canInsert.value()), unproxy, null);
        boolean z3 = canChange != null && hasAnyRole(str, set, roles(canChange.value()), unproxy, null);
        boolean z4 = canDelete != null && hasAnyRole(str, set, roles(canDelete.value()), unproxy, null);
        boolean z5 = canManage != null && hasAnyRole(str, set, roles(canManage.value()), unproxy, null);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    public static DataPermissions getObjectPermissions(String str, Set<String> set, Object obj) {
        U.notNull(obj, "target", new Object[0]);
        Class<?> unproxy = Cls.unproxy(obj.getClass());
        if (Collection.class.isAssignableFrom(unproxy) || Map.class.isAssignableFrom(unproxy) || Object[].class.isAssignableFrom(unproxy)) {
            return DataPermissions.ALL;
        }
        if (!hasRoleBasedAccess(str, set, unproxy, null)) {
            return DataPermissions.NONE;
        }
        CanRead canRead = (CanRead) Metadata.classAnnotation(unproxy, CanRead.class);
        CanInsert canInsert = (CanInsert) Metadata.classAnnotation(unproxy, CanInsert.class);
        CanChange canChange = (CanChange) Metadata.classAnnotation(unproxy, CanChange.class);
        CanDelete canDelete = (CanDelete) Metadata.classAnnotation(unproxy, CanDelete.class);
        CanManage canManage = (CanManage) Metadata.classAnnotation(unproxy, CanManage.class);
        if (canRead == null && canInsert == null && canChange == null && canDelete == null && canManage == null) {
            return DataPermissions.ALL;
        }
        boolean z = canRead == null || hasAnyRole(str, set, roles(canRead.value()), unproxy, obj);
        boolean z2 = canInsert != null && hasAnyRole(str, set, roles(canInsert.value()), unproxy, obj);
        boolean z3 = canChange != null && hasAnyRole(str, set, roles(canChange.value()), unproxy, obj);
        boolean z4 = canDelete != null && hasAnyRole(str, set, roles(canDelete.value()), unproxy, obj);
        boolean z5 = canManage != null && hasAnyRole(str, set, roles(canManage.value()), unproxy, obj);
        return DataPermissions.from(z, z2 | z5, z3 | z5, z4 | z5);
    }

    public static boolean canRead(String str, Set<String> set, Object obj) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).read;
    }

    public static boolean canInsert(String str, Set<String> set, Object obj) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).insert;
    }

    public static boolean canUpdate(String str, Set<String> set, Object obj) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).change;
    }

    public static boolean canDelete(String str, Set<String> set, Object obj) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).delete;
    }

    public static boolean canReadProperty(String str, Set<String> set, Object obj, String str2) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).read && getPropertyPermissions(str, set, obj.getClass(), obj, str2).read;
    }

    public static boolean canUpdateProperty(String str, Set<String> set, Object obj, String str2) {
        return hasRoleBasedObjectAccess(str, set, obj) && getObjectPermissions(str, set, obj).change && getPropertyPermissions(str, set, obj.getClass(), obj, str2).change;
    }

    public static void resetInvisibleProperties(String str, Set<String> set, Object obj) {
        Iterator<Prop> it = Beany.propertiesOf(obj).iterator();
        while (it.hasNext()) {
            Prop next = it.next();
            if (!getPropertyPermissions(str, set, obj.getClass(), obj, next.getName()).read) {
                next.reset(obj);
            }
        }
    }

    public static Set<String> getRolesAllowed(Map<Class<?>, Annotation> map) {
        Set<String> set = U.set();
        Iterator<Map.Entry<Class<?>, Annotation>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Annotation value = it.next().getValue();
            Class<? extends Annotation> annotationType = value.annotationType();
            if (annotationType.equals(Administrator.class)) {
                set.add(Roles.ADMINISTRATOR);
            } else if (annotationType.equals(Manager.class)) {
                set.add(Roles.MANAGER);
            } else if (annotationType.equals(Moderator.class)) {
                set.add(Roles.MODERATOR);
            } else if (annotationType.equals(LoggedIn.class)) {
                set.add(Roles.LOGGED_IN);
            } else if (annotationType.equals(HasRole.class)) {
                Role[] value2 = ((HasRole) value).value();
                U.must(value2.length > 0, "At least one role must be specified in @Roles annotation!");
                for (Role role : value2) {
                    set.add(role.value().toLowerCase());
                }
            }
        }
        return set;
    }

    public static Set<String> getRolesAllowed(Class<?> cls) {
        return getRolesAllowed(Metadata.classAnnotations(cls));
    }

    public static Set<String> getRolesAllowed(Method method) {
        return getRolesAllowed(Metadata.methodAnnotations(method));
    }

    public static boolean canAccessClass(String str, Class<?> cls) {
        return true;
    }

    public static boolean hasRole(String str, Set<String> set, String str2, Class<?> cls, Object obj) {
        if (Roles.ANYBODY.equalsIgnoreCase(str2)) {
            return true;
        }
        if (U.isEmpty(str) || U.isEmpty(str2)) {
            return false;
        }
        if (obj != null) {
            if (str2.equalsIgnoreCase(Roles.OWNER)) {
                return isOwnerOf(str, obj);
            }
            if (str2.equalsIgnoreCase(Roles.SHARED_WITH)) {
                return isSharedWith(str, obj);
            }
        }
        return hasRole(str, set, str2);
    }

    protected static boolean hasSpecialRoleInDevMode(String str, String str2) {
        return false;
    }

    protected static boolean hasRole(String str, Set<String> set, String str2) {
        if (hasSpecialRoleInDevMode(str, str2)) {
            return true;
        }
        if (str2.equalsIgnoreCase(Roles.LOGGED_IN)) {
            return !U.isEmpty(str);
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isAdministrator(String str, Set<String> set) {
        return hasRole(str, set, Roles.ADMINISTRATOR, null, null);
    }

    public static boolean isManager(String str, Set<String> set) {
        return hasRole(str, set, Roles.MANAGER, null, null);
    }

    public static boolean isModerator(String str, Set<String> set) {
        return hasRole(str, set, Roles.MODERATOR, null, null);
    }

    public static DataPermissions classPermissions(String str, Class<?> cls) {
        return DataPermissions.ALL;
    }

    public static DataPermissions recordPermissions(String str, Object obj) {
        return DataPermissions.ALL;
    }

    public static DataPermissions propertyPermissions(String str, Object obj, String str2) {
        return DataPermissions.ALL;
    }

    public static boolean isOwnerOf(String str, Object obj) {
        if (U.isEmpty(str) || obj == null) {
            return false;
        }
        Object propValue = Beany.getPropValue(obj, "createdBy", null);
        return (propValue instanceof String) && str.equalsIgnoreCase((String) propValue);
    }

    public static boolean isSharedWith(String str, Object obj) {
        Object propValue;
        if (U.isEmpty(str) || obj == null || (propValue = Beany.getPropValue(obj, "sharedWith", null)) == null || !(propValue instanceof Collection)) {
            return false;
        }
        Iterator it = ((Collection) propValue).iterator();
        while (it.hasNext()) {
            if (str.equalsIgnoreCase((String) Beany.getPropValue(it.next(), "username", ""))) {
                return true;
            }
        }
        return false;
    }
}
