package org.graylog.security;

import com.google.common.base.Preconditions;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog2.plugin.database.users.User;

/* loaded from: input_file:org/graylog/security/GranteeAuthorizer.class */
public class GranteeAuthorizer {
    private final Subject subject;

    /* loaded from: input_file:org/graylog/security/GranteeAuthorizer$Factory.class */
    public interface Factory {
        GranteeAuthorizer create(GRN grn);

        GranteeAuthorizer create(User user);
    }

    @AssistedInject
    public GranteeAuthorizer(DefaultSecurityManager defaultSecurityManager, GRNRegistry gRNRegistry, @Assisted User user) {
        this(defaultSecurityManager, gRNRegistry.ofUser(user));
    }

    @AssistedInject
    public GranteeAuthorizer(DefaultSecurityManager defaultSecurityManager, @Assisted GRN grn) {
        this.subject = new Subject.Builder(defaultSecurityManager).principals(new SimplePrincipalCollection(grn, "GranteeAuthorizer")).authenticated(true).sessionCreationEnabled(false).buildSubject();
    }

    public boolean isPermitted(String str, GRN grn) {
        return isPermitted(str, grn.entity());
    }

    public boolean isPermitted(String str) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "permission cannot be null or empty");
        return this.subject.isPermitted(str);
    }

    public boolean isPermitted(String str, String str2) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "permission cannot be null or empty");
        Preconditions.checkArgument(StringUtils.isNotBlank(str2), "id cannot be null or empty");
        return this.subject.isPermitted(str + ":" + str2);
    }
}
