package it.geosolutions.geostore.services;

import it.geosolutions.geostore.core.model.Resource;
import it.geosolutions.geostore.core.model.SecurityRule;
import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.enums.Role;
import java.util.List;
import java.util.function.BiFunction;

/* loaded from: input_file:it/geosolutions/geostore/services/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionService {
    private final BiFunction<SecurityRule, Resource, Boolean> resourceOwnership = (securityRule, resource) -> {
        return Boolean.valueOf(resource.getId().equals(securityRule.getResource().getId()));
    };
    private final BiFunction<SecurityRule, Resource, Boolean> resourceOwnershipWithReadPermission = (securityRule, resource) -> {
        return Boolean.valueOf(this.resourceOwnership.apply(securityRule, resource).booleanValue() && securityRule.isCanRead());
    };
    private final BiFunction<SecurityRule, Resource, Boolean> resourceOwnershipWithWritePermission = (securityRule, resource) -> {
        return Boolean.valueOf(this.resourceOwnership.apply(securityRule, resource).booleanValue() && securityRule.isCanWrite());
    };
    private final BiFunction<SecurityRule, Resource, Boolean> resourceOwnershipWithReadAndWritePermission = (securityRule, resource) -> {
        return Boolean.valueOf(this.resourceOwnershipWithWritePermission.apply(securityRule, resource).booleanValue() && this.resourceOwnershipWithReadPermission.apply(securityRule, resource).booleanValue());
    };

    public boolean isResourceAvailableForUser(Resource resource, User user) {
        return resource.isAdvertised().booleanValue() || user.getRole().equals(Role.ADMIN) || isUserOwner(user, resource);
    }

    public boolean isUserOwner(User user, Resource resource) {
        checkUserSecurityRules(user);
        return user.getSecurity().stream().anyMatch(securityRule -> {
            return this.resourceOwnership.apply(securityRule, resource).booleanValue();
        });
    }

    public boolean canUserReadResource(User user, Long l) {
        Resource resource = new Resource();
        resource.setId(l);
        return user.getRole().equals(Role.ADMIN) || isUserOwnerWithReadPermission(user, resource) || haveUserGroupsOwnershipWithReadPermission(user, resource);
    }

    private boolean isUserOwnerWithReadPermission(User user, Resource resource) {
        checkUserSecurityRules(user);
        return checkSecurityRulesAgainstResource(user.getSecurity(), resource, this.resourceOwnershipWithReadPermission);
    }

    private boolean haveUserGroupsOwnershipWithReadPermission(User user, Resource resource) {
        return checkUserGroupsSecurityRulesAgainstResource(user, resource, this.resourceOwnershipWithReadPermission);
    }

    public boolean canUserWriteResource(User user, Resource resource) {
        return !user.getRole().equals(Role.GUEST) && (user.getRole().equals(Role.ADMIN) || isUserOwnerWithWritePermission(user, resource) || haveUserGroupsOwnershipWithWritePermission(user, resource));
    }

    private boolean isUserOwnerWithWritePermission(User user, Resource resource) {
        checkUserSecurityRules(user);
        return checkSecurityRulesAgainstResource(user.getSecurity(), resource, this.resourceOwnershipWithWritePermission);
    }

    private boolean haveUserGroupsOwnershipWithWritePermission(User user, Resource resource) {
        return checkUserGroupsSecurityRulesAgainstResource(user, resource, this.resourceOwnershipWithWritePermission);
    }

    public boolean canUserReadAndWriteResource(User user, Resource resource) {
        return user.getRole().equals(Role.ADMIN) || isUserOwnerWithReadAndWritePermission(user, resource) || haveUserGroupOwnershipWithReadAndWritePermission(user, resource);
    }

    private boolean isUserOwnerWithReadAndWritePermission(User user, Resource resource) {
        checkUserSecurityRules(user);
        return checkSecurityRulesAgainstResource(user.getSecurity(), resource, this.resourceOwnershipWithReadAndWritePermission);
    }

    private void checkUserSecurityRules(User user) {
        if (user.getSecurity() == null) {
            throw new IllegalArgumentException("set user security rules prior checking for permissions");
        }
    }

    private boolean haveUserGroupOwnershipWithReadAndWritePermission(User user, Resource resource) {
        return checkUserGroupsSecurityRulesAgainstResource(user, resource, this.resourceOwnershipWithReadAndWritePermission);
    }

    private boolean checkUserGroupsSecurityRulesAgainstResource(User user, Resource resource, BiFunction<SecurityRule, Resource, Boolean> biFunction) {
        return user.getGroups().stream().anyMatch(userGroup -> {
            return checkSecurityRulesAgainstResource(userGroup.getSecurity(), resource, biFunction);
        });
    }

    private boolean checkSecurityRulesAgainstResource(List<SecurityRule> list, Resource resource, BiFunction<SecurityRule, Resource, Boolean> biFunction) {
        return list.stream().anyMatch(securityRule -> {
            return ((Boolean) biFunction.apply(securityRule, resource)).booleanValue();
        });
    }
}
