package com.manydesigns.portofino.logic;

import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.portofino.dispatcher.Dispatch;
import com.manydesigns.portofino.dispatcher.PageInstance;
import com.manydesigns.portofino.modules.BaseModule;
import com.manydesigns.portofino.pages.Page;
import com.manydesigns.portofino.pages.Permissions;
import com.manydesigns.portofino.security.AccessLevel;
import com.manydesigns.portofino.security.RequiresAdministrator;
import com.manydesigns.portofino.security.RequiresPermissions;
import com.manydesigns.portofino.shiro.GroupPermission;
import com.manydesigns.portofino.shiro.PagePermission;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sourceforge.stripes.action.ActionBean;
import org.apache.commons.configuration.Configuration;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/logic/SecurityLogic.class */
public class SecurityLogic {
    public static final String copyright = "Copyright (C) 2005-2025 ManyDesigns srl";
    public static final String GROUP_ALL = "group.all";
    public static final String GROUP_ANONYMOUS = "group.anonymous";
    public static final String GROUP_REGISTERED = "group.registered";
    public static final String GROUP_ADMINISTRATORS = "group.administrators";
    public static final String GROUP_ALL_DEFAULT = "all";
    public static final String GROUP_ANONYMOUS_DEFAULT = "anonymous";
    public static final String GROUP_REGISTERED_DEFAULT = "registered";
    public static final String GROUP_ADMINISTRATORS_DEFAULT = "administrators";
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) SecurityLogic.class);

    public static boolean hasPermissions(Configuration configuration, Dispatch dispatch, Subject subject, Method method) {
        logger.debug("Checking action permissions");
        return hasPermissions(configuration, dispatch.getLastPageInstance(), subject, method);
    }

    public static boolean hasPermissions(Configuration configuration, PageInstance pageInstance, Subject subject, Method method) {
        logger.debug("Checking action permissions");
        RequiresPermissions requiresPermissionsAnnotation = getRequiresPermissionsAnnotation(method, pageInstance.getActionClass());
        if (requiresPermissionsAnnotation != null) {
            return hasPermissions(configuration, pageInstance, subject, requiresPermissionsAnnotation.level(), requiresPermissionsAnnotation.permissions());
        }
        return true;
    }

    public static boolean hasPermissions(Configuration configuration, PageInstance pageInstance, Subject subject, AccessLevel accessLevel, String... strArr) {
        return hasPermissions(configuration, calculateActualPermissions(pageInstance), subject, accessLevel, strArr);
    }

    public static Permissions calculateActualPermissions(PageInstance pageInstance) {
        ArrayList arrayList = new ArrayList();
        while (pageInstance != null) {
            arrayList.add(0, pageInstance.getPage());
            pageInstance = pageInstance.getParent();
        }
        return calculateActualPermissions(new Permissions(), arrayList);
    }

    public static Permissions calculateActualPermissions(Permissions permissions, List<Page> list) {
        Permissions permissions2 = new Permissions();
        Map<String, AccessLevel> actualLevels = permissions2.getActualLevels();
        actualLevels.putAll(permissions.getActualLevels());
        Iterator<Page> it = list.iterator();
        while (it.hasNext()) {
            for (Map.Entry<String, AccessLevel> entry : it.next().getPermissions().getActualLevels().entrySet()) {
                String key = entry.getKey();
                AccessLevel value = entry.getValue();
                if (actualLevels.get(key) != AccessLevel.DENY && value != null) {
                    actualLevels.put(key, value);
                }
            }
        }
        if (list.size() > 0) {
            permissions2.getActualPermissions().putAll(list.get(list.size() - 1).getPermissions().getActualPermissions());
        } else {
            permissions2.getActualPermissions().putAll(permissions.getActualPermissions());
        }
        return permissions2;
    }

    public static boolean hasPermissions(Configuration configuration, Permissions permissions, Subject subject, Method method, Class<?> cls) {
        logger.debug("Checking action permissions");
        RequiresPermissions requiresPermissionsAnnotation = getRequiresPermissionsAnnotation(method, cls);
        if (requiresPermissionsAnnotation != null) {
            return hasPermissions(configuration, permissions, subject, requiresPermissionsAnnotation);
        }
        return true;
    }

    public static boolean hasPermissions(Configuration configuration, Permissions permissions, Subject subject, RequiresPermissions requiresPermissions) {
        return hasPermissions(configuration, permissions, subject, requiresPermissions.level(), requiresPermissions.permissions());
    }

    public static RequiresPermissions getRequiresPermissionsAnnotation(Method method, Class<?> cls) {
        RequiresPermissions requiresPermissions = (RequiresPermissions) method.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions != null) {
            logger.debug("Action method requires specific permissions: {}", method);
        } else {
            requiresPermissions = (RequiresPermissions) cls.getAnnotation(RequiresPermissions.class);
            if (requiresPermissions != null) {
                logger.debug("Action class requires specific permissions: {}", cls);
            }
        }
        return requiresPermissions;
    }

    public static boolean hasPermissions(Configuration configuration, Permissions permissions, Subject subject, AccessLevel accessLevel, String... strArr) {
        if (subject.getPrincipal() == null) {
            return hasAnonymousPermissions(configuration, permissions, accessLevel, strArr);
        }
        if (isUserInGroup(getAdministratorsGroup(configuration))) {
            return true;
        }
        return subject.isPermitted(new PagePermission(permissions, accessLevel, strArr));
    }

    public static boolean hasPermissions(Configuration configuration, Permissions permissions, SecurityManager securityManager, PrincipalCollection principalCollection, AccessLevel accessLevel, String... strArr) {
        return principalCollection != null ? securityManager.isPermitted(principalCollection, new PagePermission(permissions, accessLevel, strArr)) : hasAnonymousPermissions(configuration, permissions, accessLevel, strArr);
    }

    public static boolean hasAnonymousPermissions(Configuration configuration, Permissions permissions, AccessLevel accessLevel, String... strArr) {
        PagePermission pagePermission = new PagePermission(permissions, accessLevel, strArr);
        ArrayList arrayList = new ArrayList();
        arrayList.add(getAllGroup(configuration));
        arrayList.add(getAnonymousGroup(configuration));
        return new GroupPermission(arrayList).implies(pagePermission);
    }

    public static boolean isUserInGroup(String str) {
        return SecurityUtils.getSubject().hasRole(str);
    }

    public static boolean isAdministrator(ServletRequest servletRequest) {
        return isAdministrator((Configuration) ElementsThreadLocals.getServletContext().getAttribute(BaseModule.PORTOFINO_CONFIGURATION));
    }

    public static boolean isAdministrator(Configuration configuration) {
        return isUserInGroup(getAdministratorsGroup(configuration));
    }

    public static boolean satisfiesRequiresAdministrator(HttpServletRequest httpServletRequest, ActionBean actionBean, Method method) {
        logger.debug("Checking if action or method required administrator");
        boolean z = false;
        if (method.isAnnotationPresent(RequiresAdministrator.class)) {
            logger.debug("Action method requires administrator: {}", method);
            z = true;
        } else {
            Class<?> cls = actionBean.getClass();
            while (true) {
                Class<?> cls2 = cls;
                if (cls2 == null) {
                    break;
                }
                if (cls2.isAnnotationPresent(RequiresAdministrator.class)) {
                    logger.debug("Action class requires administrator: {}", cls2);
                    z = true;
                    break;
                }
                cls = cls2.getSuperclass();
            }
        }
        if (!(z && (!isAdministrator((ServletRequest) httpServletRequest)))) {
            return true;
        }
        logger.info("User is not an administrator");
        return false;
    }

    public static String getAdministratorsGroup(Configuration configuration) {
        return configuration.getString(GROUP_ADMINISTRATORS, GROUP_ADMINISTRATORS_DEFAULT);
    }

    public static String getAllGroup(Configuration configuration) {
        return configuration.getString(GROUP_ALL, "all");
    }

    public static String getAnonymousGroup(Configuration configuration) {
        return configuration.getString(GROUP_ANONYMOUS, GROUP_ANONYMOUS_DEFAULT);
    }

    public static String getRegisteredGroup(Configuration configuration) {
        return configuration.getString(GROUP_REGISTERED, GROUP_REGISTERED_DEFAULT);
    }

    public static boolean isAllowed(HttpServletRequest httpServletRequest, Dispatch dispatch, ActionBean actionBean, Method method) {
        String requestURI;
        boolean hasPermissions;
        Subject subject = SecurityUtils.getSubject();
        if (!satisfiesRequiresAdministrator(httpServletRequest, actionBean, method)) {
            return false;
        }
        logger.debug("Checking page permissions");
        if (!(!isAdministrator((ServletRequest) httpServletRequest))) {
            return true;
        }
        Configuration configuration = (Configuration) httpServletRequest.getServletContext().getAttribute(BaseModule.PORTOFINO_CONFIGURATION);
        if (dispatch != null) {
            logger.debug("The protected resource is a page action");
            requestURI = dispatch.getLastPageInstance().getPath();
            hasPermissions = hasPermissions(configuration, dispatch, subject, method);
        } else {
            logger.debug("The protected resource is a plain Stripes ActionBean");
            requestURI = httpServletRequest.getRequestURI();
            hasPermissions = hasPermissions(configuration, new Permissions(), subject, method, actionBean.getClass());
        }
        if (hasPermissions) {
            return true;
        }
        logger.info("Access to {} is forbidden", requestURI);
        return false;
    }

    public static boolean hasPermissions(Configuration configuration, Method method, Class cls, PageInstance pageInstance, Subject subject) {
        RequiresPermissions requiresPermissionsAnnotation = getRequiresPermissionsAnnotation(method, cls);
        if (requiresPermissionsAnnotation != null) {
            return hasPermissions(configuration, calculateActualPermissions(pageInstance), subject, requiresPermissionsAnnotation);
        }
        return true;
    }
}
