package org.activiti.core.common.spring.security.policies;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.activiti.api.process.model.payloads.GetProcessDefinitionsPayload;
import org.activiti.api.process.model.payloads.GetProcessInstancesPayload;
import org.activiti.api.runtime.shared.identity.UserGroupManager;
import org.activiti.api.runtime.shared.security.SecurityManager;
import org.activiti.core.common.spring.security.policies.conf.SecurityPoliciesProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/activiti/core/common/spring/security/policies/ProcessSecurityPoliciesManagerImpl.class */
public class ProcessSecurityPoliciesManagerImpl extends BaseSecurityPoliciesManagerImpl implements ProcessSecurityPoliciesManager {
    private final SecurityPoliciesProcessDefinitionRestrictionApplier processDefinitionRestrictionApplier;
    private final SecurityPoliciesProcessInstanceRestrictionApplier processInstanceRestrictionApplier;

    @Value("${spring.application.name:application}")
    private String applicationName;

    public ProcessSecurityPoliciesManagerImpl(UserGroupManager userGroupManager, SecurityManager securityManager, SecurityPoliciesProperties securityPoliciesProperties, SecurityPoliciesProcessDefinitionRestrictionApplier securityPoliciesProcessDefinitionRestrictionApplier, SecurityPoliciesProcessInstanceRestrictionApplier securityPoliciesProcessInstanceRestrictionApplier) {
        super(userGroupManager, securityManager, securityPoliciesProperties);
        this.processDefinitionRestrictionApplier = securityPoliciesProcessDefinitionRestrictionApplier;
        this.processInstanceRestrictionApplier = securityPoliciesProcessInstanceRestrictionApplier;
    }

    @Override // org.activiti.core.common.spring.security.policies.ProcessSecurityPoliciesManager
    public GetProcessDefinitionsPayload restrictProcessDefQuery(SecurityPolicyAccess securityPolicyAccess) {
        return (GetProcessDefinitionsPayload) restrictQuery(this.processDefinitionRestrictionApplier, securityPolicyAccess);
    }

    private Set<String> definitionKeysAllowedForApplicationPolicy(SecurityPolicyAccess securityPolicyAccess) {
        Map<String, Set<String>> allowedKeys = getAllowedKeys(securityPolicyAccess);
        HashSet hashSet = new HashSet();
        for (String str : allowedKeys.keySet()) {
            if (str != null && str.replace("-", "").equalsIgnoreCase(this.applicationName.replace("-", ""))) {
                hashSet.addAll(allowedKeys.get(str));
            }
        }
        return hashSet;
    }

    @Override // org.activiti.core.common.spring.security.policies.ProcessSecurityPoliciesManager
    public GetProcessInstancesPayload restrictProcessInstQuery(SecurityPolicyAccess securityPolicyAccess) {
        return (GetProcessInstancesPayload) restrictQuery(this.processInstanceRestrictionApplier, securityPolicyAccess);
    }

    private <T> T restrictQuery(SecurityPoliciesRestrictionApplier<T> securityPoliciesRestrictionApplier, SecurityPolicyAccess securityPolicyAccess) {
        if (!arePoliciesDefined()) {
            return securityPoliciesRestrictionApplier.allowAll();
        }
        Set<String> definitionKeysAllowedForApplicationPolicy = definitionKeysAllowedForApplicationPolicy(securityPolicyAccess);
        return (definitionKeysAllowedForApplicationPolicy == null || definitionKeysAllowedForApplicationPolicy.isEmpty()) ? !getSecurityPoliciesProperties().getPolicies().isEmpty() ? securityPoliciesRestrictionApplier.denyAll() : securityPoliciesRestrictionApplier.allowAll() : definitionKeysAllowedForApplicationPolicy.contains(getSecurityPoliciesProperties().getWildcard()) ? securityPoliciesRestrictionApplier.allowAll() : securityPoliciesRestrictionApplier.restrictToKeys(definitionKeysAllowedForApplicationPolicy);
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canWrite(String str) {
        return hasPermission(str, SecurityPolicyAccess.WRITE, this.applicationName) || hasPermission(str, SecurityPolicyAccess.WRITE, this.applicationName);
    }

    @Override // org.activiti.core.common.spring.security.policies.SecurityPoliciesManager
    public boolean canRead(String str) {
        return hasPermission(str, SecurityPolicyAccess.READ, this.applicationName) || hasPermission(str, SecurityPolicyAccess.WRITE, this.applicationName);
    }

    @Override // org.activiti.core.common.spring.security.policies.BaseSecurityPoliciesManagerImpl
    protected boolean anEntryInSetStartsKey(Set<String> set, String str) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (str.equalsIgnoreCase(it.next())) {
                return true;
            }
        }
        return false;
    }
}
