package pl.edu.icm.jupiter.services.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@PropertySource({"classpath:jupiter-security-default.properties"})
/* loaded from: input_file:pl/edu/icm/jupiter/services/config/JupiterSecurityConfig.class */
public class JupiterSecurityConfig extends GlobalMethodSecurityConfiguration {

    @Value("${jupiter.security.roles.hierarchy}")
    private String hierarhyRepresentation;

    @Bean
    public RoleHierarchy roleHierarchy() {
        RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
        roleHierarchyImpl.setHierarchy(this.hierarhyRepresentation);
        return roleHierarchyImpl;
    }

    @Bean
    public RoleHierarchyVoter getHierarchyVoter() {
        return new RoleHierarchyVoter(roleHierarchy());
    }

    protected AccessDecisionManager accessDecisionManager() {
        AbstractAccessDecisionManager accessDecisionManager = super.accessDecisionManager();
        if (accessDecisionManager instanceof AbstractAccessDecisionManager) {
            accessDecisionManager.getDecisionVoters().add(getHierarchyVoter());
        }
        return accessDecisionManager;
    }

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        DefaultMethodSecurityExpressionHandler createExpressionHandler = super.createExpressionHandler();
        createExpressionHandler.setRoleHierarchy(roleHierarchy());
        return createExpressionHandler;
    }
}
