package org.molgenis.security.permission;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.molgenis.data.DataService;
import org.molgenis.data.meta.model.EntityType;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.auth.UserAuthority;
import org.molgenis.data.security.auth.UserAuthorityFactory;
import org.molgenis.data.security.auth.UserAuthorityMetaData;
import org.molgenis.data.security.permission.PermissionSystemService;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/molgenis-security-6.1.0.jar:org/molgenis/security/permission/PermissionSystemServiceImpl.class */
public class PermissionSystemServiceImpl implements PermissionSystemService {
    private final UserService userService;
    private final UserAuthorityFactory userAuthorityFactory;
    private final RoleHierarchy roleHierarchy;
    private final DataService dataService;
    private final PrincipalSecurityContextRegistry principalSecurityContextRegistry;
    private final AuthenticationAuthoritiesUpdater authenticationAuthoritiesUpdater;

    public PermissionSystemServiceImpl(UserService userService, UserAuthorityFactory userAuthorityFactory, RoleHierarchy roleHierarchy, DataService dataService, PrincipalSecurityContextRegistry principalSecurityContextRegistry, AuthenticationAuthoritiesUpdater authenticationAuthoritiesUpdater) {
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.userAuthorityFactory = (UserAuthorityFactory) Objects.requireNonNull(userAuthorityFactory);
        this.roleHierarchy = (RoleHierarchy) Objects.requireNonNull(roleHierarchy);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.principalSecurityContextRegistry = (PrincipalSecurityContextRegistry) Objects.requireNonNull(principalSecurityContextRegistry);
        this.authenticationAuthoritiesUpdater = (AuthenticationAuthoritiesUpdater) Objects.requireNonNull(authenticationAuthoritiesUpdater);
    }

    @Override // org.molgenis.data.security.permission.PermissionSystemService
    public void giveUserWriteMetaPermissions(EntityType entityType) {
        giveUserWriteMetaPermissions(Collections.singleton(entityType));
    }

    @Override // org.molgenis.data.security.permission.PermissionSystemService
    public void giveUserWriteMetaPermissions(Collection<EntityType> collection) {
        if (SecurityUtils.currentUserIsSuOrSystem()) {
            return;
        }
        giveUserEntityPermissionsAsSystem(getGrantedAuthorities(collection));
    }

    private void giveUserEntityPermissionsAsSystem(Collection<GrantedAuthority> collection) {
        String currentUsername = SecurityUtils.getCurrentUsername();
        RunAsSystemAspect.runAsSystem(() -> {
            updatePersistedUserAuthorities(currentUsername, collection);
        });
        Stream<SecurityContext> securityContexts = this.principalSecurityContextRegistry.getSecurityContexts(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
        Collection<? extends GrantedAuthority> reachableGrantedAuthorities = this.roleHierarchy.getReachableGrantedAuthorities(collection);
        securityContexts.forEach(securityContext -> {
            updateSecurityContextAuthorities(securityContext, reachableGrantedAuthorities);
        });
    }

    private void updateSecurityContextAuthorities(SecurityContext securityContext, Collection<? extends GrantedAuthority> collection) {
        ArrayList arrayList = new ArrayList(securityContext.getAuthentication().getAuthorities());
        arrayList.addAll(collection);
        securityContext.setAuthentication(this.authenticationAuthoritiesUpdater.updateAuthentication(securityContext.getAuthentication(), arrayList));
    }

    private Collection<GrantedAuthority> getGrantedAuthorities(Collection<EntityType> collection) {
        return (Collection) collection.stream().map(this::toGrantedAuthority).collect(Collectors.toList());
    }

    private GrantedAuthority toGrantedAuthority(EntityType entityType) {
        return new SimpleGrantedAuthority(SecurityUtils.AUTHORITY_ENTITY_PREFIX + org.molgenis.security.core.Permission.WRITEMETA.toString() + '_' + entityType.getId());
    }

    private void updatePersistedUserAuthorities(String str, Collection<GrantedAuthority> collection) {
        User user = this.userService.getUser(str);
        this.dataService.add(UserAuthorityMetaData.USER_AUTHORITY, (Stream) collection.stream().map(grantedAuthority -> {
            UserAuthority create = this.userAuthorityFactory.create();
            create.setUser(user);
            create.setRole(grantedAuthority.getAuthority());
            return create;
        }));
    }
}
