package org.protege.owl.server.policy;

import java.io.IOException;
import java.io.InputStream;
import java.util.Collection;
import java.util.Map;
import org.antlr.runtime.ANTLRInputStream;
import org.antlr.runtime.CommonTokenStream;
import org.antlr.runtime.RecognitionException;
import org.protege.owl.server.api.AuthToken;
import org.protege.owl.server.api.ChangeHistory;
import org.protege.owl.server.api.OntologyDocumentRevision;
import org.protege.owl.server.api.RevisionPointer;
import org.protege.owl.server.api.SingletonChangeHistory;
import org.protege.owl.server.api.exception.AuthorizationFailedException;
import org.protege.owl.server.api.exception.OWLServerException;
import org.protege.owl.server.api.server.Server;
import org.protege.owl.server.api.server.ServerDirectory;
import org.protege.owl.server.api.server.ServerDocument;
import org.protege.owl.server.api.server.ServerOntologyDocument;
import org.protege.owl.server.api.server.ServerPath;
import org.protege.owl.server.policy.Authenticator;
import org.protege.owl.server.policy.generated.PolicyLexer;
import org.protege.owl.server.policy.generated.PolicyParser;
import org.protege.owl.server.util.ServerFilterAdapter;

/* loaded from: input_file:org/protege/owl/server/policy/PolicyFilter.class */
public class PolicyFilter extends ServerFilterAdapter {
    private UserDatabase userDb;
    private Policy policy;

    public static Policy parsePolicy(Server server) throws IOException, RecognitionException, OWLServerException {
        InputStream configurationInputStream = server.getConfigurationInputStream("Policy");
        try {
            PolicyParser policyParser = new PolicyParser(new CommonTokenStream(new PolicyLexer(new ANTLRInputStream(configurationInputStream))));
            policyParser.top();
            Policy policy = policyParser.getPolicy();
            configurationInputStream.close();
            return policy;
        } catch (Throwable th) {
            configurationInputStream.close();
            throw th;
        }
    }

    public PolicyFilter(Server server) throws IOException, RecognitionException, OWLServerException {
        super(server);
        this.policy = parsePolicy(server);
        this.userDb = Authenticator.parseUsersAndGroups(server, Authenticator.GetUserAndGroupOption.USE_CACHE);
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public OntologyDocumentRevision evaluateRevisionPointer(AuthToken authToken, ServerOntologyDocument serverOntologyDocument, RevisionPointer revisionPointer) throws OWLServerException {
        if (this.policy.checkPermission(this.userDb, authToken.getUserId(), serverOntologyDocument.getServerPath(), Operation.READ)) {
            return super.evaluateRevisionPointer(authToken, serverOntologyDocument, revisionPointer);
        }
        throw new AuthorizationFailedException("Attempted read operation not allowed");
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public Collection<ServerDocument> list(AuthToken authToken, ServerDirectory serverDirectory) throws OWLServerException {
        if (this.policy.checkPermission(this.userDb, authToken.getUserId(), serverDirectory.getServerPath(), Operation.READ)) {
            return super.list(authToken, serverDirectory);
        }
        throw new AuthorizationFailedException("Attempted read on directory not allowed");
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public ServerDirectory createDirectory(AuthToken authToken, ServerPath serverPath) throws OWLServerException {
        if (serverPath.isRoot() || this.policy.checkPermission(this.userDb, authToken.getUserId(), serverPath.getParent(), Operation.WRITE)) {
            return super.createDirectory(authToken, serverPath);
        }
        throw new AuthorizationFailedException("Attempted create not allowed");
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public ServerOntologyDocument createOntologyDocument(AuthToken authToken, ServerPath serverPath, Map<String, Object> map) throws OWLServerException {
        if (serverPath.isRoot() || this.policy.checkPermission(this.userDb, authToken.getUserId(), serverPath.getParent(), Operation.WRITE)) {
            return super.createOntologyDocument(authToken, serverPath, map);
        }
        throw new AuthorizationFailedException("Attempted create not allowed");
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public ChangeHistory getChanges(AuthToken authToken, ServerOntologyDocument serverOntologyDocument, OntologyDocumentRevision ontologyDocumentRevision, OntologyDocumentRevision ontologyDocumentRevision2) throws OWLServerException {
        if (this.policy.checkPermission(this.userDb, authToken.getUserId(), serverOntologyDocument.getServerPath(), Operation.READ)) {
            return super.getChanges(authToken, serverOntologyDocument, ontologyDocumentRevision, ontologyDocumentRevision2);
        }
        throw new AuthorizationFailedException("Attempted read not allowed");
    }

    @Override // org.protege.owl.server.util.ServerFilterAdapter, org.protege.owl.server.api.server.ServerExports
    public void commit(AuthToken authToken, ServerOntologyDocument serverOntologyDocument, SingletonChangeHistory singletonChangeHistory) throws OWLServerException {
        if (!this.policy.checkPermission(this.userDb, authToken.getUserId(), serverOntologyDocument.getServerPath(), Operation.WRITE)) {
            throw new AuthorizationFailedException("Attempted write not allowed");
        }
        super.commit(authToken, serverOntologyDocument, singletonChangeHistory);
    }
}
