package io.gravitee.management.service.impl;

import io.gravitee.management.model.ApiEntity;
import io.gravitee.management.model.ApplicationEntity;
import io.gravitee.management.model.MemberEntity;
import io.gravitee.management.model.MembershipType;
import io.gravitee.management.model.UserEntity;
import io.gravitee.management.model.Visibility;
import io.gravitee.management.service.ApiService;
import io.gravitee.management.service.ApplicationService;
import io.gravitee.management.service.PermissionService;
import io.gravitee.management.service.PermissionType;
import io.gravitee.management.service.UserService;
import io.gravitee.management.service.exceptions.ForbiddenAccessException;
import java.security.Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/management/service/impl/PermissionServiceImpl.class */
public class PermissionServiceImpl extends TransactionalService implements PermissionService {
    private final Logger LOGGER = LoggerFactory.getLogger(PermissionServiceImpl.class);

    @Autowired
    private UserService userService;

    @Autowired
    private ApiService apiService;

    @Autowired
    private ApplicationService applicationService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.gravitee.management.service.impl.PermissionServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/gravitee/management/service/impl/PermissionServiceImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$gravitee$management$model$Visibility = new int[Visibility.values().length];

        static {
            try {
                $SwitchMap$io$gravitee$management$model$Visibility[Visibility.PRIVATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$gravitee$management$model$Visibility[Visibility.RESTRICTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Override // io.gravitee.management.service.PermissionService
    public void hasPermission(Principal principal, String str, PermissionType permissionType) {
        UserEntity findByName;
        if (principal != null && (findByName = this.userService.findByName(principal.getName())) != null && findByName.getRoles().contains("ROLE_ADMIN")) {
            this.LOGGER.debug("User {} has full access because of admin role", principal.getName());
            return;
        }
        if (permissionType == PermissionType.VIEW_API || permissionType == PermissionType.EDIT_API) {
            validateApi(principal, str, permissionType);
        } else if (permissionType == PermissionType.VIEW_APPLICATION || permissionType == PermissionType.EDIT_APPLICATION) {
            validateApplication(principal, str, permissionType);
        }
    }

    private void validateApi(Principal principal, String str, PermissionType permissionType) {
        this.LOGGER.debug("Validate user rights for API: {}", str);
        ApiEntity findById = this.apiService.findById(str);
        if (permissionType == PermissionType.VIEW_API) {
            switch (AnonymousClass1.$SwitchMap$io$gravitee$management$model$Visibility[findById.getVisibility().ordinal()]) {
                case 1:
                case 2:
                    if (principal == null) {
                        this.LOGGER.error("Anonymous user does not have rights to view API {}", findById);
                        throw new ForbiddenAccessException();
                    }
                    if (this.apiService.getMember(str, principal.getName()) == null) {
                        this.LOGGER.error("User {} does not have rights to view API {}", principal.getName(), findById);
                        throw new ForbiddenAccessException();
                    }
                    return;
                default:
                    return;
            }
        }
        if (permissionType == PermissionType.EDIT_API) {
            if (principal == null) {
                this.LOGGER.error("Anonymous user does not have rights to edit API {}", findById);
                throw new ForbiddenAccessException();
            }
            MemberEntity member = this.apiService.getMember(str, principal.getName());
            if (member == null || member.getType() == MembershipType.USER) {
                this.LOGGER.error("User {} does not have rights to view API {}", principal.getName(), findById);
                throw new ForbiddenAccessException();
            }
        }
    }

    private void validateApplication(Principal principal, String str, PermissionType permissionType) {
        this.LOGGER.debug("Validate user rights for application: {}", str);
        if (principal == null) {
            this.LOGGER.error("Anonymous user does not have rights to view application {}", str);
            throw new ForbiddenAccessException();
        }
        ApplicationEntity findById = this.applicationService.findById(str);
        MemberEntity member = this.applicationService.getMember(str, principal.getName());
        if (member == null) {
            this.LOGGER.error("User {} does not have correct rights to view application {}", principal.getName(), findById);
            throw new ForbiddenAccessException();
        }
        if (permissionType == PermissionType.EDIT_APPLICATION && member.getType() == MembershipType.USER) {
            this.LOGGER.error("User {} does not have correct rights to edit application {}", principal.getName(), findById);
            throw new ForbiddenAccessException();
        }
    }
}
