package com.sap.cds.services.impl.authorization;

import com.sap.cds.services.impl.utils.CdsModelUtils;
import com.sap.cds.services.request.UserInfo;
import com.sap.cds.services.utils.model.Privilege;
import com.sap.cds.services.utils.model.Restriction;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:com/sap/cds/services/impl/authorization/RestrictionUtils.class */
public class RestrictionUtils {
    static final /* synthetic */ boolean $assertionsDisabled;

    private RestrictionUtils() {
    }

    public static boolean passesRestriction(Restriction restriction, UserInfo userInfo, String str) {
        return passingPrivilegesOfRestriction(restriction, userInfo, str).findAny().isPresent();
    }

    public static Stream<Privilege> passingPrivilegesOfRestriction(Restriction restriction, UserInfo userInfo, String str) {
        Objects.requireNonNull(restriction, "Restriction required");
        Objects.requireNonNull(userInfo, "UserInfo required");
        Objects.requireNonNull(str, "event required");
        return restriction.privileges().filter(privilege -> {
            return hasPrivilege(privilege, userInfo, str);
        });
    }

    public static boolean hasPrivilege(Privilege privilege, UserInfo userInfo, String str) {
        if (privilege == null || userInfo == null || str == null) {
            return false;
        }
        if (userInfo.isPrivileged()) {
            return true;
        }
        boolean z = false;
        for (String str2 : privilege.getGrants()) {
            if (Privilege.PredefinedGrant.ALL.is(str2) || Privilege.is(str, str2) || ((Privilege.PredefinedGrant.WRITE.is(str2) && CdsModelUtils.isWriteEvent(str)) || CdsModelUtils.eventIsGranted(str, str2))) {
                z = true;
                break;
            }
        }
        if (!z) {
            return false;
        }
        if (!$assertionsDisabled && !z) {
            throw new AssertionError();
        }
        if (privilege.getRoles().isEmpty()) {
            return true;
        }
        boolean z2 = false;
        for (String str3 : privilege.getRoles()) {
            if (Privilege.PredefinedRole.ANY_USER.is(str3)) {
                z2 = true;
            } else if (Privilege.PredefinedRole.AUTHENTICATED_USER.is(str3)) {
                z2 = userInfo.isAuthenticated();
            } else if (Privilege.PredefinedRole.SYSTEM_USER.is(str3)) {
                z2 = userInfo.isSystemUser();
            } else if (userInfo.hasRole(str3)) {
                z2 = userInfo.isAuthenticated() || userInfo.isSystemUser();
            }
            if (z2) {
                break;
            }
        }
        return z2;
    }

    static {
        $assertionsDisabled = !RestrictionUtils.class.desiredAssertionStatus();
    }
}
