package de.unigreifswald.floradb.rs.facade;

import de.unigreifswald.botanik.floradb.error.FloradbAccessRulesViolationException;
import de.unigreifswald.botanik.floradb.facade.AccessRestrictions;
import de.unigreifswald.botanik.floradb.facade.FloradbFacade;
import de.unigreifswald.botanik.floradb.types.DataShareOption;
import de.unigreifswald.botanik.floradb.types.Survey;
import de.unigreifswald.floradb.security.FloradbAuthenticationProvider;
import de.unigreifswald.floradb.security.FloradbAuthenticationToken;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:WEB-INF/classes/de/unigreifswald/floradb/rs/facade/SecureSnapshot.class */
public class SecureSnapshot {

    @Autowired
    @Qualifier("floradbFacadeImpl")
    private FloradbFacade floradbFacade;

    @Pointcut("execution(* de.unigreifswald.floradb.rs.facade.SnapshotFacade.getSurveyDump(int)) && args(surveyId, ..)")
    private void getSnapshot(int i) {
    }

    @Before("getSnapshot(surveyId)")
    public void secureGetSnapshots(int i) {
        Survey loadSurvey = this.floradbFacade.loadSurvey(i, DataShareOption.DATA_FLOW);
        if (loadSurvey == null) {
            throw new FloradbAccessRulesViolationException("Not allowed to access survey");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (AccessRestrictions.userIsSurveyOwner(loadSurvey, ((FloradbAuthenticationToken) authentication).getUser())) {
            return;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(Integer.valueOf(i));
        Set<Integer> adminSurveyIds = getAdminSurveyIds(authentication);
        Iterator<Integer> it2 = this.floradbFacade.findParentSurveyIds(hashSet).iterator();
        while (it2.hasNext()) {
            if (adminSurveyIds.contains(Integer.valueOf(it2.next().intValue()))) {
                return;
            }
        }
        throw new FloradbAccessRulesViolationException("Not allowed to access survey");
    }

    protected Set<Integer> getAdminSurveyIds(Authentication authentication) {
        HashSet hashSet = new HashSet();
        Iterator<? extends GrantedAuthority> it2 = authentication.getAuthorities().iterator();
        while (it2.hasNext()) {
            try {
                hashSet.add(Integer.valueOf(StringUtils.removeEnd(StringUtils.removeStart(it2.next().getAuthority(), FloradbAuthenticationProvider.FLORADB_RULE_PREFIX), "_admin")));
            } catch (NumberFormatException e) {
            }
        }
        return hashSet;
    }
}
