package com.vertexinc.oseries.security.evaluator;

import com.vertexinc.common.fw.rba.domain.AccessType;
import com.vertexinc.common.fw.rba.domain.AppUser;
import com.vertexinc.common.fw.rba.domain.VertexPermission;
import com.vertexinc.common.fw.rba.ipersist.AppUserPersister;
import com.vertexinc.common.fw.rba.ipersist.AppUserPersisterException;
import com.vertexinc.util.error.VertexApplicationException;
import java.util.HashSet;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Authentication;

/* loaded from: input_file:patchedFiles.zip:web/vertex-ws.war:WEB-INF/lib/vertex-oseries-security-lib.jar:com/vertexinc/oseries/security/evaluator/PartitionPermissionEvaluator.class */
public class PartitionPermissionEvaluator implements IPermissionEvaluator {
    long principalSourceId;
    Set<Long> requestedSourceIds;
    Set<Long> principalsSourceIds;
    long principalUserId;
    long requestedUserId;
    protected AppUserPersister appUserPersister;
    protected boolean anyPartition;

    public PartitionPermissionEvaluator() throws AppUserPersisterException {
        this.principalSourceId = -1L;
        this.requestedSourceIds = new HashSet();
        this.principalsSourceIds = new HashSet();
        this.principalUserId = -1L;
        this.requestedUserId = -1L;
        this.anyPartition = false;
        this.appUserPersister = AppUserPersister.getInstance();
        AppUser contextAppUser = VertexPermission.getContextAppUser();
        if (contextAppUser != null) {
            this.principalSourceId = contextAppUser.getSourceId().longValue();
            this.principalUserId = contextAppUser.getId();
            this.principalsSourceIds.addAll(VertexPermission.getPartitionsMAorPSAOrUsersResource(contextAppUser.getPartitionRoles()));
        }
    }

    public PartitionPermissionEvaluator(Authentication authentication, long j) throws AppUserPersisterException {
        this();
        this.principalsSourceIds.addAll(this.appUserPersister.findByName(authentication instanceof OAuth2Authentication ? ((OAuth2Authentication) authentication).getUserAuthentication().getName() : authentication.getName()).getPartitionRoles().getPartitions());
        AppUser findByPK = this.appUserPersister.findByPK(j);
        if (findByPK != null) {
            this.requestedSourceIds.addAll(findByPK.getPartitionRoles().getPartitions());
            this.requestedSourceIds.add(findByPK.getSourceId());
            this.requestedUserId = findByPK.getId();
        }
    }

    @Override // com.vertexinc.oseries.security.evaluator.IPermissionEvaluator
    public boolean run() throws VertexApplicationException {
        return VertexPermission.hadMasterAdminRoleAccess() || ((VertexPermission.check("partitionsystemadministrator", AccessType.MODIFY, this.anyPartition) || VertexPermission.check(IPermissionEvaluator.USERS, AccessType.MODIFY, this.anyPartition)) && this.requestedSourceIds.stream().allMatch(l -> {
            return this.principalsSourceIds.contains(l);
        }));
    }

    public void addRequestedSourceId(Long l) {
        this.requestedSourceIds.add(l);
    }

    public long getRequestedUserId() {
        return this.requestedUserId;
    }

    public void setRequestedUserId(long j) {
        this.requestedUserId = j;
    }
}
