package eu.freme.common.security.voter;

import eu.freme.common.persistence.model.OwnedResource;
import eu.freme.common.persistence.model.User;
import eu.freme.common.persistence.tools.AccessLevelHelper;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:eu/freme/common/security/voter/OwnedResourceAccessDecisionVoter.class */
public class OwnedResourceAccessDecisionVoter implements AccessDecisionVoter<Object> {

    @Autowired
    AccessLevelHelper accessLevelHelper;

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class<?> cls) {
        return cls == OwnedResource.class;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public int vote(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) {
        if (!(obj instanceof OwnedResource)) {
            return 0;
        }
        OwnedResource ownedResource = (OwnedResource) obj;
        if (authentication instanceof AnonymousAuthenticationToken) {
            return (ownedResource.getVisibility().equals(OwnedResource.Visibility.PUBLIC) && this.accessLevelHelper.hasRead(collection) && !this.accessLevelHelper.hasWrite(collection)) ? 1 : -1;
        }
        User user = (User) authentication.getPrincipal();
        if (user.getRole().equals(User.roleAdmin)) {
            return 1;
        }
        return ((ownedResource.getVisibility().equals(OwnedResource.Visibility.PUBLIC) && this.accessLevelHelper.hasRead(collection) && !this.accessLevelHelper.hasWrite(collection)) || user.getName().equals(ownedResource.getOwner().getName())) ? 1 : -1;
    }
}
