package com.sequenceiq.cloudbreak.auth.security;

import com.sequenceiq.cloudbreak.auth.security.authentication.AuthenticationService;
import com.sequenceiq.cloudbreak.common.user.CloudbreakUser;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.Optional;
import javax.inject.Inject;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Lazy
@Component
/* loaded from: input_file:com/sequenceiq/cloudbreak/auth/security/AccountIdBasedPermissionEvaluator.class */
public class AccountIdBasedPermissionEvaluator implements PermissionEvaluator {

    @Inject
    private AuthenticationService authService;

    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        if (obj instanceof Optional) {
            obj = ((Optional) obj).orElse(null);
        }
        if (obj == null || authentication == null) {
            return false;
        }
        CloudbreakUser cloudbreakUser = this.authService.getCloudbreakUser(authentication);
        return (obj instanceof Collection ? (Collection) obj : Collections.singleton(obj)).stream().allMatch(obj3 -> {
            return hasPermission(cloudbreakUser, obj3);
        });
    }

    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        return false;
    }

    private boolean hasPermission(CloudbreakUser cloudbreakUser, Object obj) {
        Optional<String> accountId = getAccountId(obj);
        return accountId.isPresent() && accountId.get().contentEquals(cloudbreakUser.getTenant());
    }

    private Optional<String> getAccountId(Object obj) {
        return obj instanceof AuthResource ? Optional.of(((AuthResource) obj).getAccountId()) : Optional.empty();
    }
}
