package inc.yukawa.chain.modules.main.service.security;

import inc.yukawa.chain.base.core.domain.organization.Organized;
import inc.yukawa.chain.modules.main.core.domain.user.User;
import inc.yukawa.chain.modules.main.core.domain.user.UserFilter;
import inc.yukawa.chain.security.jwt.util.AuthContextHelper;
import inc.yukawa.chain.security.principal.ChainPrincipal;
import inc.yukawa.chain.security.principal.ChainSecurity;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/modules/main/service/security/MainSecurity.class */
public class MainSecurity implements ChainSecurity {
    private static final Logger log = LoggerFactory.getLogger(MainSecurity.class);

    @Deprecated
    private final AuthContextHelper authContext;
    private final String moduleReg;

    public MainSecurity() {
        this("main");
    }

    public MainSecurity(String str) {
        this.authContext = new AuthContextHelper();
        this.moduleReg = str;
    }

    public Object[] checkCall(String str, Object[] objArr, ChainPrincipal chainPrincipal) {
        log.debug("checkCall: {}:{} {} with {}", new Object[]{this.moduleReg, str, objArr, chainPrincipal});
        Object obj = (objArr == null || objArr.length <= 0) ? null : objArr[0];
        if (str.matches("findUsers|synchronizeUserGroups|exportUsers")) {
            if (obj == null) {
                throw new AccessDeniedException(str);
            }
            limitFilter(chainPrincipal, (UserFilter) obj);
        } else if (obj instanceof UserFilter) {
            limitFilter(chainPrincipal, (UserFilter) obj);
        }
        return objArr;
    }

    @Deprecated
    protected boolean hasAnyAuthority(Authentication authentication, String... strArr) {
        return matchAuthority(authentication, String.join("|", strArr));
    }

    @Deprecated
    protected boolean matchAuthority(Authentication authentication, String str) {
        return authentication.getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().matches(str);
        });
    }

    protected boolean hasAnyAuthority(ChainPrincipal chainPrincipal, String... strArr) {
        for (String str : strArr) {
            if (chainPrincipal.inRole(str)) {
                return true;
            }
        }
        return false;
    }

    protected boolean matchAuthority(ChainPrincipal chainPrincipal, String str) {
        throw new UnsupportedOperationException("MainSecurity.matchAuthority: @toDo");
    }

    protected UserFilter limitFilter(ChainPrincipal chainPrincipal, UserFilter userFilter) {
        chainPrincipal.getOrgId();
        limitOrganized(chainPrincipal, userFilter);
        if (!hasAnyAuthority(chainPrincipal, "ROLE_ADMIN", "ROLE_MAIN_ADMIN", "ROLE_GROUP_READ", "ROLE_USER_READ")) {
            if (userFilter.getUsername() == null) {
                userFilter.setUsername(chainPrincipal.getUserId());
            } else if (!userFilter.getUsername().equals(chainPrincipal.getUserId())) {
                throw new AccessDeniedException("username=" + userFilter.getUsername());
            }
        }
        log.debug("limitFilter: {}", userFilter);
        return userFilter;
    }

    protected <O extends Organized> O limitOrganized(ChainPrincipal chainPrincipal, O o) {
        String orgId = chainPrincipal.getOrgId();
        if (o.getOrgId() == null) {
            o.setOrgId(orgId);
        } else if (!o.getOrgId().equals(orgId)) {
            throw new AccessDeniedException("orgId=" + o.getOrgId() + "");
        }
        return o;
    }

    protected Mono<User> secureUser(User user) {
        return this.authContext.auth().flatMap(authentication -> {
            Stream stream = authentication.getAuthorities().stream();
            AuthContextHelper authContextHelper = this.authContext;
            authContextHelper.getClass();
            if (stream.anyMatch(authContextHelper::isAdmin)) {
            }
            log.debug("limitUser: {}", user);
            return this.authContext.withChanged(user);
        });
    }
}
