package org.jboss.seam.security.permission;

import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.log4j.Logger;
import org.drools.guvnor.server.ServiceImplementation;
import org.drools.guvnor.server.security.AdminType;
import org.drools.guvnor.server.security.CategoryPathType;
import org.drools.guvnor.server.security.PackageNameType;
import org.drools.guvnor.server.security.PackageUUIDType;
import org.drools.guvnor.server.security.RoleBasedPermission;
import org.drools.guvnor.server.security.RoleBasedPermissionManager;
import org.drools.guvnor.server.security.RoleTypes;
import org.drools.guvnor.server.security.WebDavPackageNameType;
import org.drools.guvnor.server.util.LoggingHelper;
import org.drools.repository.RulesRepositoryException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.intercept.BypassInterceptors;

@Name("org.jboss.seam.security.roleBasedPermissionResolver")
@Scope(ScopeType.APPLICATION)
@BypassInterceptors
@Install(precedence = 20)
@Startup
/* loaded from: input_file:WEB-INF/classes/org/jboss/seam/security/permission/RoleBasedPermissionResolver.class */
public class RoleBasedPermissionResolver implements PermissionResolver, Serializable {
    private static final Logger log = LoggingHelper.getLogger(RoleBasedPermissionResolver.class);
    private boolean enableRoleBasedAuthorization = false;

    @Create
    public void create() {
    }

    @Override // org.jboss.seam.security.permission.PermissionResolver
    public boolean hasPermission(Object obj, String str) {
        if (!(obj instanceof CategoryPathType) && !(obj instanceof PackageNameType) && !(obj instanceof WebDavPackageNameType) && !(obj instanceof AdminType) && !(obj instanceof PackageUUIDType)) {
            log.debug("Requested permission is not an instance of CategoryPathType|PackageNameType|WebDavPackageNameType|AdminType|PackageUUIDType");
            return false;
        }
        if (!this.enableRoleBasedAuthorization) {
            return true;
        }
        List<RoleBasedPermission> roleBasedPermission = ((RoleBasedPermissionManager) Component.getInstance("roleBasedPermissionManager")).getRoleBasedPermission();
        if (hasAdminPermission(roleBasedPermission)) {
            return true;
        }
        if ("admin".equals(str)) {
            return hasAdminPermission(roleBasedPermission);
        }
        if (!(obj instanceof CategoryPathType)) {
            String str2 = "";
            if (obj instanceof PackageUUIDType) {
                try {
                    str2 = ((ServiceImplementation) Component.getInstance("org.drools.guvnor.client.rpc.RepositoryService")).repository.loadPackageByUUID(((PackageUUIDType) obj).getUUID()).getName();
                } catch (RulesRepositoryException e) {
                    return false;
                }
            } else if (obj instanceof PackageNameType) {
                str2 = ((PackageNameType) obj).getPackageName();
            }
            for (RoleBasedPermission roleBasedPermission2 : roleBasedPermission) {
                if (str2.equalsIgnoreCase(roleBasedPermission2.getPackageName()) && isPermittedPackage(str, roleBasedPermission2.getRole())) {
                    log.debug("Requested permission: " + str + ", Requested object: " + str2 + " , Permission granted: Yes");
                    return true;
                }
            }
            log.debug("Requested permission: " + str + ", Requested object: " + str2 + " , Permission granted: No");
            return false;
        }
        String categoryPath = ((CategoryPathType) obj).getCategoryPath();
        String str3 = str == null ? RoleTypes.ANALYST : str;
        if (!str3.equals("navigate")) {
            for (RoleBasedPermission roleBasedPermission3 : roleBasedPermission) {
                if (roleBasedPermission3.getRole().equals(RoleTypes.ANALYST) || roleBasedPermission3.getRole().equals(RoleTypes.ANALYST_READ)) {
                    if (str3.equals(roleBasedPermission3.getRole()) || (str3.equals(RoleTypes.ANALYST_READ) && roleBasedPermission3.getRole().equals(RoleTypes.ANALYST))) {
                        if (isPermittedCategoryPath(categoryPath, roleBasedPermission3.getCategoryPath())) {
                            log.debug("Requested permission: " + str3 + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                            return true;
                        }
                    }
                }
            }
            log.debug("Requested permission: " + str3 + ", Requested object: " + categoryPath + " , Permission granted: No");
            return false;
        }
        for (RoleBasedPermission roleBasedPermission4 : roleBasedPermission) {
            if (roleBasedPermission4.getCategoryPath() != null) {
                if (roleBasedPermission4.getCategoryPath().equals(categoryPath)) {
                    return true;
                }
                if (isSubPath(categoryPath, roleBasedPermission4.getCategoryPath())) {
                    log.debug("Requested permission: " + str3 + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                    return true;
                }
                if (isSubPath(roleBasedPermission4.getCategoryPath(), categoryPath)) {
                    log.debug("Requested permission: " + str3 + ", Requested object: " + categoryPath + " , Permission granted: Yes");
                    return true;
                }
            }
        }
        log.debug("Requested permission: " + str3 + ", Requested object: " + categoryPath + " , Permission granted: No");
        return false;
    }

    private boolean hasAdminPermission(List<RoleBasedPermission> list) {
        Iterator<RoleBasedPermission> it = list.iterator();
        while (it.hasNext()) {
            if ("admin".equalsIgnoreCase(it.next().getRole())) {
                log.debug("Requested permission: unknown, Permission granted: Yes");
                return true;
            }
        }
        log.debug("Requested permission: admin, Permission granted: No");
        return false;
    }

    private boolean isPermittedCategoryPath(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        return str.equals(str2) || isSubPath(str2, str);
    }

    private boolean isPermittedPackage(String str, String str2) {
        if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(str2)) {
            return true;
        }
        if (!RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(str2)) {
            return RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(str2) && !RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(str) && !RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(str) && RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(str);
        }
        if (RoleTypes.PACKAGE_ADMIN.equalsIgnoreCase(str)) {
            return false;
        }
        return RoleTypes.PACKAGE_DEVELOPER.equalsIgnoreCase(str) || RoleTypes.PACKAGE_READONLY.equalsIgnoreCase(str);
    }

    boolean isSubPath(String str, String str2) {
        String substring = str.startsWith("/") ? str.substring(1) : str;
        String substring2 = str2.startsWith("/") ? str2.substring(1) : str2;
        String[] split = substring.split("/");
        String[] split2 = substring2.split("/");
        if (split.length > split2.length) {
            return false;
        }
        for (int i = 0; i < split.length; i++) {
            if (!split[i].equals(split2[i])) {
                return false;
            }
        }
        return true;
    }

    @Override // org.jboss.seam.security.permission.PermissionResolver
    public void filterSetByAction(Set<Object> set, String str) {
    }

    public boolean isEnableRoleBasedAuthorization() {
        return this.enableRoleBasedAuthorization;
    }

    public void setEnableRoleBasedAuthorization(boolean z) {
        this.enableRoleBasedAuthorization = z;
    }
}
