package inc.yukawa.chain.security.atomic;

import inc.yukawa.chain.base.core.domain.access.Owned;
import inc.yukawa.chain.base.core.domain.access.Owner;
import inc.yukawa.chain.base.core.error.AuthorizationError;
import inc.yukawa.chain.security.principal.ChainPrincipal;
import java.util.Arrays;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:inc/yukawa/chain/security/atomic/ChainOwnerLimit.class */
public class ChainOwnerLimit extends PrincipalAtomic {
    private static final Logger log = LoggerFactory.getLogger(ChainOwnerLimit.class);
    private Set<String> groups;

    @Override // inc.yukawa.chain.security.atomic.PrincipalAtomic, inc.yukawa.chain.security.atomic.AtomicSecurity
    public Object[] checkCall(String str, Object[] objArr, ChainPrincipal chainPrincipal) throws AuthorizationError {
        Object[] checkCall = super.checkCall(str, objArr, chainPrincipal);
        Owner owned = getOwned(chainPrincipal, objArr);
        if (owned == null) {
            log.warn("checkCall: {} is not owned {}", str, objArr);
            throw createError(chainPrincipal, str + " - is not owned " + String.valueOf(Arrays.asList(objArr)));
        }
        limitOwner(chainPrincipal, owned, this.groups);
        return checkCall;
    }

    protected Owner getOwned(ChainPrincipal chainPrincipal, Object[] objArr) throws AuthorizationError {
        Object obj = objArr[0];
        if (!(obj instanceof Owned)) {
            return null;
        }
        Owned owned = (Owned) obj;
        if (owned.getOwner() == null) {
            owned.setOwner(new Owner());
        }
        return owned.getOwner();
    }

    protected void limitOwner(ChainPrincipal chainPrincipal, Owner owner, Set<String> set) {
        owner.setUser(chainPrincipal.getUserId());
        owner.setGroups(set);
    }

    public Set<String> getGroups() {
        return this.groups;
    }

    public void setGroups(Set<String> set) {
        this.groups = set;
    }
}
