package org.apereo.portal.spring.security.evaluator;

import java.io.Serializable;
import org.apereo.portal.layout.dlm.remoting.IGroupListHelper;
import org.apereo.portal.layout.dlm.remoting.JsonEntityBean;
import org.apereo.portal.portlets.groupselector.EntityEnum;
import org.apereo.portal.security.IAuthorizationPrincipal;
import org.apereo.portal.security.IPerson;
import org.apereo.portal.security.IPersonManager;
import org.apereo.portal.services.AuthorizationServiceFacade;
import org.apereo.portal.url.IPortalRequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/apereo/portal/spring/security/evaluator/PortalPermissionEvaluator.class */
public class PortalPermissionEvaluator implements PermissionEvaluator {
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private IPortalRequestUtils portalRequestUtils;

    @Autowired
    private IPersonManager personManager;
    private IGroupListHelper groupListHelper;
    private AuthorizationServiceFacade authorizationServiceFacade;

    @Autowired
    public void setGroupListHelper(IGroupListHelper iGroupListHelper) {
        this.groupListHelper = iGroupListHelper;
    }

    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        AuthorizableActivity viewActivity;
        if (this.authorizationServiceFacade == null) {
            this.authorizationServiceFacade = AuthorizationServiceFacade.instance();
        }
        IAuthorizationPrincipal authorizationPrincipal = getAuthorizationPrincipal(authentication);
        String str = null;
        if (obj instanceof String) {
            str = (String) obj;
        } else if (obj instanceof JsonEntityBean) {
            str = ((JsonEntityBean) obj).getTargetString();
        }
        if (obj2 instanceof AuthorizableActivity) {
            viewActivity = (AuthorizableActivity) obj2;
        } else {
            if (!(obj2 instanceof String)) {
                throw new RuntimeException("Unable to determine permission target id for type " + obj.getClass());
            }
            viewActivity = getViewActivity((String) obj2, (JsonEntityBean) obj);
        }
        this.logger.trace("In hasPermission() - principal=[{}], owner=[{}], activity=[{}], targetId=[{}] ", new Object[]{authorizationPrincipal, viewActivity.getOwnerFname(), viewActivity.getActivityFname(), str});
        if (viewActivity != null) {
            return authorizationPrincipal.hasPermission(viewActivity.getOwnerFname(), viewActivity.getActivityFname(), str);
        }
        return false;
    }

    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        if (this.authorizationServiceFacade == null) {
            this.authorizationServiceFacade = AuthorizationServiceFacade.instance();
        }
        IAuthorizationPrincipal authorizationPrincipal = getAuthorizationPrincipal(authentication);
        AuthorizableActivity authorizableActivity = null;
        if (obj instanceof AuthorizableActivity) {
            authorizableActivity = (AuthorizableActivity) obj;
        } else if ((obj instanceof String) && (serializable instanceof String)) {
            authorizableActivity = getViewActivity((String) obj, (String) serializable);
        }
        if (authorizableActivity != null) {
            return authorizationPrincipal.hasPermission(authorizableActivity.getOwnerFname(), authorizableActivity.getActivityFname(), serializable.toString());
        }
        return false;
    }

    private IAuthorizationPrincipal getAuthorizationPrincipal(Authentication authentication) {
        String userName;
        Object principal = authentication.getPrincipal();
        this.logger.trace("getAuthorizationPrincipal -- authPrincipal=[{}]", principal);
        if (principal instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) principal;
            this.logger.trace("getAuthorizationPrincipal -- AUTHENTICATED, userDetails=[{}]", userDetails);
            userName = userDetails.getUsername();
        } else {
            IPerson person = this.personManager.getPerson(this.portalRequestUtils.getCurrentPortalRequest());
            this.logger.trace("getAuthorizationPrincipal -- UNAUTHENTICATED, person=[{}]", person);
            userName = person.getUserName();
        }
        return this.authorizationServiceFacade.newPrincipal(userName, IPerson.class);
    }

    private AuthorizableActivity getViewActivity(String str, JsonEntityBean jsonEntityBean) {
        if (jsonEntityBean == null || !str.equals("VIEW")) {
            return null;
        }
        EntityEnum entityType = jsonEntityBean.getEntityType();
        if (entityType.isGroup()) {
            return new AuthorizableActivity("UP_GROUPS", "VIEW_GROUP");
        }
        if (entityType.equals(EntityEnum.PERSON)) {
            return new AuthorizableActivity("UP_USERS", "VIEW_USER");
        }
        if (entityType.equals(EntityEnum.PORTLET)) {
            return new AuthorizableActivity("UP_PORTLET_SUBSCRIBE", "SUBSCRIBE");
        }
        return null;
    }

    private AuthorizableActivity getViewActivity(String str, String str2) {
        return getViewActivity(str, this.groupListHelper.getEntityForPrincipal(str2));
    }
}
