package org.romaframework.module.security.users;

import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import org.romaframework.aspect.authentication.AuthenticationAspect;
import org.romaframework.aspect.security.Secure;
import org.romaframework.aspect.security.SecurityAspectAbstract;
import org.romaframework.aspect.security.exception.SecurityException;
import org.romaframework.aspect.security.feature.SecurityActionFeatures;
import org.romaframework.aspect.security.feature.SecurityClassFeatures;
import org.romaframework.aspect.security.feature.SecurityEventFeatures;
import org.romaframework.aspect.security.feature.SecurityFieldFeatures;
import org.romaframework.aspect.view.feature.ViewFieldFeatures;
import org.romaframework.core.Roma;
import org.romaframework.core.schema.SchemaAction;
import org.romaframework.core.schema.SchemaClass;
import org.romaframework.core.schema.SchemaClassElement;
import org.romaframework.core.schema.SchemaEvent;
import org.romaframework.core.schema.SchemaField;
import org.romaframework.module.users.domain.AbstractAccount;
import org.romaframework.module.users.domain.BaseAccount;
import org.romaframework.module.users.domain.BaseGroup;
import org.romaframework.module.users.install.UsersApplicationInstaller;

/* loaded from: input_file:org/romaframework/module/security/users/UsersSecurityAspect.class */
public class UsersSecurityAspect extends SecurityAspectAbstract {
    public String aspectName() {
        return "security";
    }

    public void startup() {
        super.startup();
    }

    public Object getUnderlyingComponent() {
        return null;
    }

    public void configEvent(SchemaEvent schemaEvent) {
    }

    private BaseAccount getAccount() {
        return (BaseAccount) ((AuthenticationAspect) Roma.aspect(AuthenticationAspect.class)).getCurrentAccount();
    }

    public boolean canRead(Object obj, SchemaField schemaField) {
        if (!(obj instanceof Secure) || ((Secure) obj).canRead()) {
            return canRead(obj, schemaField, getAccount());
        }
        return false;
    }

    public boolean canWrite(Object obj, SchemaField schemaField) {
        if (!(obj instanceof Secure) || ((Secure) obj).canWrite()) {
            return canWrite(obj, schemaField, getAccount());
        }
        return false;
    }

    public boolean canExecute(Object obj, SchemaClassElement schemaClassElement) {
        return canExecute(obj, schemaClassElement, getAccount());
    }

    public boolean canRead(Object obj, SchemaField schemaField, AbstractAccount abstractAccount) {
        String[] strArr = (String[]) schemaField.getFeature(SecurityFieldFeatures.READ_ROLES);
        if (strArr == null || strArr.equals("")) {
            strArr = (String[]) schemaField.getEntity().getFeature(SecurityClassFeatures.READ_ROLES);
        }
        return matchesRule(schemaField.toString(), abstractAccount, strArr);
    }

    public boolean canWrite(Object obj, SchemaField schemaField, AbstractAccount abstractAccount) {
        String[] strArr = (String[]) schemaField.getFeature(SecurityFieldFeatures.WRITE_ROLES);
        if (strArr == null || strArr.equals("")) {
            strArr = (String[]) schemaField.getEntity().getFeature(SecurityClassFeatures.WRITE_ROLES);
        }
        return matchesRule(schemaField.toString(), abstractAccount, strArr);
    }

    public boolean canExecute(Object obj, SchemaClassElement schemaClassElement, AbstractAccount abstractAccount) {
        String[] strArr = (String[]) schemaClassElement.getFeature(SecurityActionFeatures.ROLES);
        if (strArr == null || strArr.equals("")) {
            strArr = (String[]) schemaClassElement.getEntity().getFeature(SecurityClassFeatures.EXECUTE_ROLES);
        }
        return matchesRule(schemaClassElement.toString(), abstractAccount, strArr);
    }

    public boolean matchesRule(String str, AbstractAccount abstractAccount, String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        if (abstractAccount == null) {
            throw new SecurityException("The resource requested '" + str + "' is protected and need an authenticated account to access in");
        }
        for (String str2 : strArr) {
            String trim = str2.trim();
            if (trim.isEmpty()) {
                throw new IllegalArgumentException("Found an empty rule for the resource: " + str);
            }
            int indexOf = trim.indexOf(58);
            if (indexOf == -1) {
                throw new IllegalArgumentException("Found wrong rule: '" + trim + "' for the resource: " + str);
            }
            String substring = trim.substring(0, indexOf);
            String substring2 = trim.substring(indexOf + 1);
            if (UsersApplicationInstaller.ACCOUNT_USER.equalsIgnoreCase(substring) && Pattern.matches(substring2, abstractAccount.getName())) {
                return true;
            }
            if (abstractAccount instanceof BaseAccount) {
                BaseAccount baseAccount = (BaseAccount) abstractAccount;
                if ("profile".equalsIgnoreCase(substring) && baseAccount.m4getProfile() != null && baseAccount.m4getProfile().getName() != null && Pattern.matches(substring2, baseAccount.m4getProfile().getName())) {
                    return true;
                }
                if ("group".equalsIgnoreCase(substring)) {
                    Iterator<BaseGroup> it = baseAccount.getGroups().iterator();
                    while (it.hasNext()) {
                        if (matchesRule(str, it.next(), strArr)) {
                            return true;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    public Object decrypt(Object obj, String str) {
        throw new UnsupportedOperationException();
    }

    public Object encrypt(Object obj, String str) {
        throw new UnsupportedOperationException();
    }

    public Object onAfterFieldRead(Object obj, SchemaField schemaField, Object obj2) {
        if (obj2 instanceof Collection) {
            Iterator it = ((Collection) obj2).iterator();
            while (it.hasNext()) {
                if (hasToRemoveValue(it.next())) {
                    it.remove();
                }
            }
        }
        if (obj2 instanceof Map) {
            Iterator it2 = ((Map) obj2).entrySet().iterator();
            while (it2.hasNext()) {
                Map.Entry entry = (Map.Entry) it2.next();
                Object key = entry.getKey();
                if (key != null && !allowClass(Roma.schema().getSchemaClass(key.getClass()))) {
                    it2.remove();
                } else if (entry.getValue() != null && !allowClass(Roma.schema().getSchemaClass(entry.getValue().getClass()))) {
                    it2.remove();
                }
            }
        }
        return obj2;
    }

    public Object onAfterFieldWrite(Object obj, SchemaField schemaField, Object obj2) {
        return obj2;
    }

    public void onAfterAction(Object obj, SchemaAction schemaAction, Object obj2) {
    }

    public boolean onBeforeAction(Object obj, SchemaAction schemaAction) {
        if (canExecute(obj, schemaAction)) {
            return true;
        }
        throw new SecurityException("Current account can't execute the action '" + schemaAction + "' because has no privileges");
    }

    public void onExceptionAction(Object obj, SchemaAction schemaAction, Exception exc) {
    }

    public Object onBeforeFieldRead(Object obj, SchemaField schemaField, Object obj2) {
        Boolean bool;
        if (canRead(obj, schemaField)) {
            if (!canWrite(obj, schemaField) && ((bool = (Boolean) schemaField.getFeature(ViewFieldFeatures.ENABLED)) == null || bool.booleanValue())) {
                Roma.setFeature(obj, schemaField.getName(), ViewFieldFeatures.ENABLED, false);
            }
            return IGNORED;
        }
        Boolean bool2 = (Boolean) schemaField.getFeature(ViewFieldFeatures.ENABLED);
        if (bool2 != null && !bool2.booleanValue()) {
            return null;
        }
        Roma.setFeature(obj, schemaField.getName(), ViewFieldFeatures.ENABLED, false);
        return null;
    }

    public Object onBeforeFieldWrite(Object obj, SchemaField schemaField, Object obj2) {
        if (canWrite(obj, schemaField)) {
            return IGNORED;
        }
        Object value = schemaField.getValue(obj);
        Boolean bool = (Boolean) schemaField.getFeature(ViewFieldFeatures.ENABLED);
        if (bool == null || bool.booleanValue()) {
            Roma.setFeature(obj, schemaField.getName(), ViewFieldFeatures.ENABLED, false);
        }
        return value;
    }

    public boolean allowAction(SchemaAction schemaAction) {
        if (schemaAction == null) {
            return true;
        }
        String[] strArr = (String[]) schemaAction.getFeature(SecurityActionFeatures.ROLES);
        if (strArr == null) {
            strArr = (String[]) schemaAction.getEntity().getFeature(SecurityClassFeatures.EXECUTE_ROLES);
        }
        if (strArr == null) {
            return true;
        }
        return matchesRule(schemaAction.toString(), getAccount(), strArr);
    }

    public boolean allowClass(SchemaClass schemaClass) {
        String[] strArr;
        if (schemaClass == null || (strArr = (String[]) schemaClass.getFeature(SecurityClassFeatures.READ_ROLES)) == null) {
            return true;
        }
        return matchesRule(schemaClass.toString(), getAccount(), strArr);
    }

    public boolean allowEvent(SchemaEvent schemaEvent) {
        if (schemaEvent == null) {
            return true;
        }
        String[] strArr = (String[]) schemaEvent.getFeature(SecurityEventFeatures.ROLES);
        if (strArr == null) {
            strArr = (String[]) schemaEvent.getEntity().getFeature(SecurityClassFeatures.EXECUTE_ROLES);
        }
        if (strArr == null) {
            return true;
        }
        return matchesRule(schemaEvent.toString(), getAccount(), strArr);
    }

    public boolean allowField(SchemaField schemaField) {
        if (schemaField == null) {
            return true;
        }
        String[] strArr = (String[]) schemaField.getFeature(SecurityFieldFeatures.READ_ROLES);
        if (strArr == null) {
            strArr = (String[]) schemaField.getEntity().getFeature(SecurityClassFeatures.READ_ROLES);
        }
        if (strArr == null) {
            return true;
        }
        return matchesRule(schemaField.toString(), getAccount(), strArr);
    }

    private boolean hasToRemoveValue(Object obj) {
        if (!(obj instanceof Secure) || ((Secure) obj).canRead()) {
            return (obj == null || allowClass(Roma.schema().getSchemaClassIfExist(obj.getClass()))) ? false : true;
        }
        return true;
    }
}
