package pl.allegro.tech.hermes.management.api.auth;

import javax.ws.rs.container.ContainerRequestContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.allegro.tech.hermes.api.Group;
import pl.allegro.tech.hermes.api.Subscription;
import pl.allegro.tech.hermes.api.Topic;
import pl.allegro.tech.hermes.domain.topic.TopicRepository;
import pl.allegro.tech.hermes.management.api.auth.SecurityProvider;
import pl.allegro.tech.hermes.management.config.GroupProperties;

@Component
/* loaded from: input_file:pl/allegro/tech/hermes/management/api/auth/ManagementRights.class */
public class ManagementRights {
    private final TopicRepository topicRepository;
    private final GroupProperties groupProperties;

    /* loaded from: input_file:pl/allegro/tech/hermes/management/api/auth/ManagementRights$GroupCreatorRights.class */
    class GroupCreatorRights implements CreatorRights<Group> {
        private ContainerRequestContext requestContext;

        GroupCreatorRights(ContainerRequestContext containerRequestContext) {
            this.requestContext = containerRequestContext;
        }

        @Override // pl.allegro.tech.hermes.management.api.auth.CreatorRights
        public boolean allowedToManage(Group group) {
            return ManagementRights.this.isUserAllowedToManageGroup(this.requestContext);
        }

        @Override // pl.allegro.tech.hermes.management.api.auth.CreatorRights
        public boolean allowedToCreate(Group group) {
            return ManagementRights.this.isUserAllowedToCreateGroup(this.requestContext);
        }
    }

    /* loaded from: input_file:pl/allegro/tech/hermes/management/api/auth/ManagementRights$SubscriptionCreatorRights.class */
    class SubscriptionCreatorRights implements CreatorRights<Subscription> {
        private ContainerRequestContext requestContext;

        SubscriptionCreatorRights(ContainerRequestContext containerRequestContext) {
            this.requestContext = containerRequestContext;
        }

        @Override // pl.allegro.tech.hermes.management.api.auth.CreatorRights
        public boolean allowedToManage(Subscription subscription) {
            return ManagementRights.this.isUserAllowedToManageSubscription(subscription, this.requestContext);
        }

        @Override // pl.allegro.tech.hermes.management.api.auth.CreatorRights
        public boolean allowedToCreate(Subscription subscription) {
            return ManagementRights.this.isUserAllowedToCreateSubscription(subscription, this.requestContext);
        }
    }

    @Autowired
    public ManagementRights(TopicRepository topicRepository, GroupProperties groupProperties) {
        this.topicRepository = topicRepository;
        this.groupProperties = groupProperties;
    }

    public boolean isUserAllowedToManageTopic(Topic topic, ContainerRequestContext containerRequestContext) {
        return isAdmin(containerRequestContext) || getOwnershipResolver(containerRequestContext).isUserAnOwner(topic.getOwner());
    }

    public boolean isUserAllowedToCreateSubscription(Subscription subscription, ContainerRequestContext containerRequestContext) {
        return !this.topicRepository.isSubscribingRestricted(subscription.getTopicName()) || isAdmin(containerRequestContext);
    }

    public boolean isUserAllowedToCreateGroup(ContainerRequestContext containerRequestContext) {
        return isAdmin(containerRequestContext) || this.groupProperties.isNonAdminCreationEnabled();
    }

    private boolean isUserAllowedToManageGroup(ContainerRequestContext containerRequestContext) {
        return isAdmin(containerRequestContext);
    }

    public boolean isUserAllowedToManageSubscription(Subscription subscription, ContainerRequestContext containerRequestContext) {
        return isAdmin(containerRequestContext) || isSubscriptionOwner(subscription, containerRequestContext);
    }

    private boolean isSubscriptionOwner(Subscription subscription, ContainerRequestContext containerRequestContext) {
        return getOwnershipResolver(containerRequestContext).isUserAnOwner(subscription.getOwner());
    }

    private boolean isAdmin(ContainerRequestContext containerRequestContext) {
        return containerRequestContext.getSecurityContext().isUserInRole(Roles.ADMIN);
    }

    private SecurityProvider.OwnershipResolver getOwnershipResolver(ContainerRequestContext containerRequestContext) {
        return (SecurityProvider.OwnershipResolver) containerRequestContext.getProperty(AuthorizationFilter.OWNERSHIP_RESOLVER);
    }

    public CreatorRights<Subscription> getSubscriptionCreatorRights(ContainerRequestContext containerRequestContext) {
        return new SubscriptionCreatorRights(containerRequestContext);
    }

    public CreatorRights<Group> getGroupCreatorRights(ContainerRequestContext containerRequestContext) {
        return new GroupCreatorRights(containerRequestContext);
    }
}
