package io.dialob.boot.security;

import io.dialob.boot.settings.AdminApplicationSettings;
import io.dialob.common.Permissions;
import io.dialob.security.spring.AuthenticationStrategy;
import io.dialob.security.spring.tenant.TenantAccessEvaluator;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.lang.NonNull;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Profile({"ui"})
@Configuration
/* loaded from: input_file:BOOT-INF/classes/io/dialob/boot/security/AdminSecurityConfigurer.class */
public class AdminSecurityConfigurer extends WebUISecurityConfigurer {
    private final ApplicationEventPublisher applicationEventPublisher;

    public AdminSecurityConfigurer(@NonNull AdminApplicationSettings adminApplicationSettings, @NonNull ApplicationEventPublisher applicationEventPublisher, @NonNull TenantAccessEvaluator tenantAccessEvaluator, @NonNull AuthenticationStrategy authenticationStrategy) {
        super(adminApplicationSettings.getContextPath(), tenantAccessEvaluator, authenticationStrategy);
        this.applicationEventPublisher = applicationEventPublisher;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    protected HttpSecurity configurePermissions(HttpSecurity httpSecurity) throws Exception {
        String removeEnd = StringUtils.removeEnd(getContextPath(), "/");
        return (HttpSecurity) httpSecurity.securityMatcher(requestMatcher()).authorizeHttpRequests().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "/swagger/**")).permitAll().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "/swagger-resources")).permitAll().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "/swagger-resources/**")).permitAll().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "/swagger-ui/**")).permitAll().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "/webjars/**")).permitAll().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, "/_uuids")).hasAnyAuthority(Permissions.QUESTIONNAIRES_POST, Permissions.FORMS_POST).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, removeEnd + "**")).hasAuthority(Permissions.MANAGER_VIEW).anyRequest().denyAll().and();
    }

    @Bean
    @Order
    SecurityFilterChain adminFilterChain(HttpSecurity httpSecurity) throws Exception {
        return super.filterChain(httpSecurity);
    }
}
