package com.dynfi.security;

import io.crnk.core.engine.dispatcher.RepositoryRequestSpec;
import io.crnk.core.engine.filter.RepositoryFilterBase;
import io.crnk.core.engine.filter.RepositoryFilterContext;
import io.crnk.core.engine.filter.RepositoryRequestFilterChain;
import io.crnk.core.engine.http.HttpMethod;
import io.crnk.core.exception.ForbiddenException;
import io.crnk.core.repository.response.JsonApiResponse;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.aop.PermissionAnnotationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/dynfi/security/ShiroRepositoryFilter.class */
public class ShiroRepositoryFilter extends RepositoryFilterBase {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ShiroRepositoryFilter.class);
    private PermissionAnnotationHandler handler = new PermissionAnnotationHandler();

    @Override // io.crnk.core.engine.filter.RepositoryFilterBase, io.crnk.core.engine.filter.RepositoryFilter
    public JsonApiResponse filterRequest(RepositoryFilterContext repositoryFilterContext, RepositoryRequestFilterChain repositoryRequestFilterChain) {
        RepositoryRequestSpec request = repositoryFilterContext.getRequest();
        Class<?> resourceClass = request.getQueryAdapter().getResourceInformation().getResourceClass();
        try {
            getPermissions(resourceClass, request.getMethod()).forEach(requiresPermissions -> {
                this.handler.assertAuthorized(requiresPermissions);
            });
            logger.trace("user allowed to access {}", resourceClass.getSimpleName());
            return repositoryRequestFilterChain.doFilter(repositoryFilterContext);
        } catch (AuthorizationException e) {
            throw new ForbiddenException("user not allowed to access " + resourceClass.getName());
        }
    }

    private List<RequiresPermissions> getPermissions(Class<?> cls, HttpMethod httpMethod) {
        RequiresPermissions[] patch;
        Permissions permissions = (Permissions) cls.getAnnotation(Permissions.class);
        if (permissions == null) {
            logger.error("Resource {} not configured for access over JSON API.", cls.getName());
            throw new ForbiddenException("Resource not configured to access.");
        }
        switch (httpMethod) {
            case GET:
                patch = permissions.get();
                break;
            case POST:
                patch = permissions.post();
                break;
            case DELETE:
                patch = permissions.delete();
                break;
            case PATCH:
                patch = permissions.patch();
                break;
            default:
                throw new IllegalArgumentException("Method not supported " + String.valueOf(httpMethod));
        }
        if (!ArrayUtils.isEmpty(patch)) {
            return Arrays.asList(patch);
        }
        logger.error("Resource {} not configured for access over JSON API {} via method {}", cls.getName(), httpMethod);
        throw new ForbiddenException("Resource not configured to access with method " + String.valueOf(httpMethod));
    }
}
