package it.geosolutions.geostore.services;

import it.geosolutions.geostore.core.model.Resource;
import it.geosolutions.geostore.core.model.SecurityRule;
import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.Role;
import java.util.List;
import java.util.function.BiFunction;

/* loaded from: input_file:it/geosolutions/geostore/services/ResourcePermissionServiceImpl.class */
public class ResourcePermissionServiceImpl implements ResourcePermissionService {
    private final BiFunction<SecurityRule, User, Boolean> resourceUserOwnership = (securityRule, user) -> {
        return Boolean.valueOf(user.getId().equals(securityRule.getUser().getId()));
    };
    private final BiFunction<SecurityRule, UserGroup, Boolean> resourceGroupOwnership = (securityRule, userGroup) -> {
        return Boolean.valueOf(userGroup.getId().equals(securityRule.getGroup().getId()));
    };
    private final BiFunction<SecurityRule, User, Boolean> resourceUserOwnershipWithReadPermission = (securityRule, user) -> {
        return Boolean.valueOf(securityRule.getUser() != null && this.resourceUserOwnership.apply(securityRule, user).booleanValue() && securityRule.isCanRead());
    };
    private final BiFunction<SecurityRule, UserGroup, Boolean> resourceGroupOwnershipWithReadPermission = (securityRule, userGroup) -> {
        return Boolean.valueOf(securityRule.getGroup() != null && this.resourceGroupOwnership.apply(securityRule, userGroup).booleanValue() && securityRule.isCanRead());
    };
    private final BiFunction<SecurityRule, User, Boolean> resourceUserOwnershipWithWritePermission = (securityRule, user) -> {
        return Boolean.valueOf(securityRule.getUser() != null && this.resourceUserOwnership.apply(securityRule, user).booleanValue() && securityRule.isCanWrite());
    };
    private final BiFunction<SecurityRule, UserGroup, Boolean> resourceGroupOwnershipWithWritePermission = (securityRule, userGroup) -> {
        return Boolean.valueOf(securityRule.getGroup() != null && this.resourceGroupOwnership.apply(securityRule, userGroup).booleanValue() && securityRule.isCanWrite());
    };

    public boolean canResourceBeReadByUser(Resource resource, User user) {
        return user.getRole().equals(Role.ADMIN) || isUserOwnerWithReadPermission(user, resource) || haveUserGroupsOwnershipWithReadPermission(user, resource);
    }

    private boolean isUserOwnerWithReadPermission(User user, Resource resource) {
        checkResourceSecurityRules(resource);
        return checkSecurityRulesAgainstUser(resource.getSecurity(), user, this.resourceUserOwnershipWithReadPermission);
    }

    private boolean haveUserGroupsOwnershipWithReadPermission(User user, Resource resource) {
        return checkResourceSecurityRulesAgainstUserGroup(user, resource, this.resourceGroupOwnershipWithReadPermission);
    }

    public boolean canResourceBeWrittenByUser(Resource resource, User user) {
        return !user.getRole().equals(Role.GUEST) && (user.getRole().equals(Role.ADMIN) || isUserOwnerWithWritePermission(user, resource) || haveUserGroupsOwnershipWithWritePermission(user, resource));
    }

    private boolean isUserOwnerWithWritePermission(User user, Resource resource) {
        checkResourceSecurityRules(resource);
        return checkSecurityRulesAgainstUser(resource.getSecurity(), user, this.resourceUserOwnershipWithWritePermission);
    }

    private void checkResourceSecurityRules(Resource resource) {
        if (resource.getSecurity() == null) {
            throw new IllegalArgumentException("set resource security rules prior checking for permissions");
        }
    }

    private boolean haveUserGroupsOwnershipWithWritePermission(User user, Resource resource) {
        return checkResourceSecurityRulesAgainstUserGroup(user, resource, this.resourceGroupOwnershipWithWritePermission);
    }

    private boolean checkResourceSecurityRulesAgainstUserGroup(User user, Resource resource, BiFunction<SecurityRule, UserGroup, Boolean> biFunction) {
        return user.getGroups().stream().anyMatch(userGroup -> {
            return checkSecurityRulesAgainstUserGroup(resource.getSecurity(), userGroup, biFunction);
        });
    }

    private boolean checkSecurityRulesAgainstUser(List<SecurityRule> list, User user, BiFunction<SecurityRule, User, Boolean> biFunction) {
        return list.stream().anyMatch(securityRule -> {
            return ((Boolean) biFunction.apply(securityRule, user)).booleanValue();
        });
    }

    private boolean checkSecurityRulesAgainstUserGroup(List<SecurityRule> list, UserGroup userGroup, BiFunction<SecurityRule, UserGroup, Boolean> biFunction) {
        return list.stream().anyMatch(securityRule -> {
            return ((Boolean) biFunction.apply(securityRule, userGroup)).booleanValue();
        });
    }
}
