package org.molgenis.security.permission;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import org.molgenis.auth.MolgenisUser;
import org.molgenis.auth.UserAuthority;
import org.molgenis.data.DataService;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.security.core.runas.RunAsSystem;
import org.molgenis.security.core.runas.SystemSecurityToken;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/molgenis-security-1.18.0-SNAPSHOT.jar:org/molgenis/security/permission/PermissionSystemService.class */
public class PermissionSystemService {
    private final DataService dataService;

    @Autowired
    public PermissionSystemService(DataService dataService) {
        this.dataService = dataService;
    }

    @RunAsSystem
    public void giveUserEntityPermissions(SecurityContext securityContext, List<String> list) {
        MolgenisUser molgenisUser;
        Authentication authentication = securityContext.getAuthentication();
        if (authentication.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")) || authentication.getAuthorities().contains(new SimpleGrantedAuthority(SystemSecurityToken.ROLE_SYSTEM)) || (molgenisUser = (MolgenisUser) this.dataService.findOne("molgenisUser", new QueryImpl().eq("username", SecurityUtils.getUsername(authentication)), MolgenisUser.class)) == null) {
            return;
        }
        ArrayList newArrayList = Lists.newArrayList(authentication.getAuthorities());
        for (String str : list) {
            for (org.molgenis.security.core.Permission permission : org.molgenis.security.core.Permission.values()) {
                if (permission != org.molgenis.security.core.Permission.NONE) {
                    String str2 = SecurityUtils.AUTHORITY_ENTITY_PREFIX + permission.toString() + "_" + str.toUpperCase();
                    newArrayList.add(new SimpleGrantedAuthority(str2));
                    UserAuthority userAuthority = new UserAuthority();
                    userAuthority.setMolgenisUser(molgenisUser);
                    userAuthority.setRole(str2);
                    if (permission == org.molgenis.security.core.Permission.WRITEMETA) {
                        this.dataService.add("UserAuthority", userAuthority);
                    }
                }
            }
        }
        securityContext.setAuthentication(new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), null, newArrayList));
    }
}
