package org.georchestra.console;

import java.io.Serializable;
import java.util.Arrays;
import org.georchestra.console.dao.AdvancedDelegationDao;
import org.georchestra.console.dao.DelegationDao;
import org.georchestra.console.dto.SimpleAccount;
import org.georchestra.console.model.DelegationEntry;
import org.georchestra.ds.orgs.Org;
import org.georchestra.ds.roles.Role;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/console/ConsolePermissionEvaluator.class */
public class ConsolePermissionEvaluator implements PermissionEvaluator {
    private static GrantedAuthority ROLE_SUPERUSER = new SimpleGrantedAuthority("ROLE_SUPERUSER");

    @Autowired
    private DelegationDao delegationDao;

    @Autowired
    private AdvancedDelegationDao advancedDelegationDao;

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        if (isSuperAdministrator(authentication)) {
            return true;
        }
        String name = authentication.getName();
        DelegationEntry findOne = this.delegationDao.findOne(name);
        if (findOne == null) {
            return false;
        }
        if (obj instanceof Role) {
            Role role = (Role) obj;
            role.getUserList().retainAll(this.advancedDelegationDao.findUsersUnderDelegation(name));
            role.setFavorite(true);
            return Arrays.asList(findOne.getRoles()).contains(role.getName());
        }
        if (obj instanceof Org) {
            return Arrays.asList(findOne.getOrgs()).contains(((Org) obj).getId());
        }
        if (obj instanceof SimpleAccount) {
            return Arrays.asList(findOne.getOrgs()).contains(((SimpleAccount) obj).getOrgId());
        }
        return false;
    }

    @Override // org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        return isSuperAdministrator(authentication);
    }

    private boolean isSuperAdministrator(Authentication authentication) {
        return authentication.getAuthorities().contains(ROLE_SUPERUSER);
    }
}
