package pl.edu.icm.jupiter.services.aspects;

import java.util.Collection;
import java.util.Iterator;
import java.util.function.Function;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;
import pl.edu.icm.jupiter.services.api.model.documents.BaseDocumentDataBean;
import pl.edu.icm.jupiter.services.api.model.documents.CurrentDocumentBean;
import pl.edu.icm.jupiter.services.api.user.JupiterUserService;
import pl.edu.icm.jupiter.services.storage.DocumentAuthorizationService;

@Aspect
@Order(Integer.MAX_VALUE)
@Component
/* loaded from: input_file:pl/edu/icm/jupiter/services/aspects/AuthorizedAspect.class */
public class AuthorizedAspect {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizedAspect.class);

    @Autowired
    private DocumentAuthorizationService authorizationService;

    @Autowired
    private JupiterUserService userService;

    @Before("@annotation(authorized)")
    public void authorize(JoinPoint joinPoint, Authorized authorized) {
        for (int i : authorized.argNum()) {
            authorize(joinPoint.getArgs()[i]);
        }
    }

    private void authorize(Object obj) {
        String identifier;
        if (obj instanceof String) {
            identifier = (String) obj;
        } else if (obj instanceof CurrentDocumentBean) {
            DocumentAuthorizationService documentAuthorizationService = this.authorizationService;
            documentAuthorizationService.getClass();
            verify((CurrentDocumentBean) obj, documentAuthorizationService::hasAccess);
            return;
        } else {
            if (!(obj instanceof BaseDocumentDataBean)) {
                if (!(obj instanceof Collection)) {
                    throw new AccessDeniedException("Invalid authorization argument: " + obj);
                }
                Iterator it = ((Collection) obj).iterator();
                while (it.hasNext()) {
                    authorize(it.next());
                }
                return;
            }
            identifier = ((BaseDocumentDataBean) obj).getIdentifier();
        }
        DocumentAuthorizationService documentAuthorizationService2 = this.authorizationService;
        documentAuthorizationService2.getClass();
        verify(identifier, documentAuthorizationService2::hasAccess);
    }

    private <T> void verify(T t, Function<T, Boolean> function) {
        if (function.apply(t).booleanValue()) {
            return;
        }
        LOGGER.warn("User: " + this.userService.getCurrentUser().getUsername() + " tried to get document: " + t + " without required authorization");
        throw new AccessDeniedException("User doesn't have access to required document");
    }
}
