package org.camunda.optimize.service.security;

import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.camunda.optimize.dto.engine.AuthorizationDto;
import org.camunda.optimize.dto.engine.GroupDto;
import org.camunda.optimize.dto.optimize.query.security.CredentialsDto;
import org.camunda.optimize.rest.engine.EngineContext;
import org.camunda.optimize.service.util.configuration.EngineConstantsUtil;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/camunda/optimize/service/security/ApplicationAuthorizationService.class */
public class ApplicationAuthorizationService {
    public boolean isAuthorized(CredentialsDto credentialsDto, EngineContext engineContext) {
        return performAuthorizationCheck(credentialsDto.getUsername(), engineContext);
    }

    private boolean performAuthorizationCheck(String str, EngineContext engineContext) {
        List<GroupDto> allGroupsOfUser = engineContext.getAllGroupsOfUser(str);
        List<AuthorizationDto> allApplicationAuthorizations = engineContext.getAllApplicationAuthorizations();
        List<AuthorizationDto> extractGroupAuthorizations = extractGroupAuthorizations(allGroupsOfUser, allApplicationAuthorizations);
        List<AuthorizationDto> extractUserAuthorizations = extractUserAuthorizations(str, allApplicationAuthorizations);
        return (((((((checkIfGlobalUsageOfOptimizeIsGranted(allApplicationAuthorizations) & (!doesAnyGroupRevokeAuthorizationForAllResources(extractGroupAuthorizations))) | doesAnyGroupGrantAuthorizationForAllResources(extractGroupAuthorizations)) & (!doesAnyGroupRevokeAuthorizationForOptimize(extractGroupAuthorizations))) | doesAnyGroupGrantAuthorizationForOptimize(extractGroupAuthorizations)) & (!isUserAuthorizationForAllResourcesRevoked(extractUserAuthorizations))) | isUserAuthorizationForAllResourcesGranted(extractUserAuthorizations)) & (!isUserAuthorizationForOptimizeRevoked(extractUserAuthorizations))) | isUserAuthorizationForOptimizeGranted(extractUserAuthorizations);
    }

    private List<AuthorizationDto> extractGroupAuthorizations(List<GroupDto> list, List<AuthorizationDto> list2) {
        Set set = (Set) list.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        return (List) list2.stream().filter(authorizationDto -> {
            return set.contains(authorizationDto.getGroupId());
        }).collect(Collectors.toList());
    }

    private List<AuthorizationDto> extractUserAuthorizations(String str, List<AuthorizationDto> list) {
        return (List) list.stream().filter(authorizationDto -> {
            return str.equals(authorizationDto.getUserId());
        }).collect(Collectors.toList());
    }

    private boolean checkIfGlobalUsageOfOptimizeIsGranted(List<AuthorizationDto> list) {
        return list.stream().anyMatch(this::grantsGloballyToUseOptimize);
    }

    private boolean isUserAuthorizationForAllResourcesGranted(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return grantsToUseOptimize(authorizationDto, "*");
        });
    }

    private boolean isUserAuthorizationForOptimizeGranted(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return grantsToUseOptimize(authorizationDto, EngineConstantsUtil.OPTIMIZE_APPLICATION_RESOURCE_ID);
        });
    }

    private boolean isUserAuthorizationForAllResourcesRevoked(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return revokesToUseOptimize(authorizationDto, "*");
        });
    }

    private boolean isUserAuthorizationForOptimizeRevoked(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return revokesToUseOptimize(authorizationDto, EngineConstantsUtil.OPTIMIZE_APPLICATION_RESOURCE_ID);
        });
    }

    private boolean doesAnyGroupGrantAuthorizationForOptimize(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return grantsToUseOptimize(authorizationDto, EngineConstantsUtil.OPTIMIZE_APPLICATION_RESOURCE_ID);
        });
    }

    private boolean doesAnyGroupGrantAuthorizationForAllResources(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return grantsToUseOptimize(authorizationDto, "*");
        });
    }

    private boolean doesAnyGroupRevokeAuthorizationForOptimize(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return revokesToUseOptimize(authorizationDto, EngineConstantsUtil.OPTIMIZE_APPLICATION_RESOURCE_ID);
        });
    }

    private boolean doesAnyGroupRevokeAuthorizationForAllResources(List<AuthorizationDto> list) {
        return list.stream().anyMatch(authorizationDto -> {
            return revokesToUseOptimize(authorizationDto, "*");
        });
    }

    private boolean grantsToUseOptimize(AuthorizationDto authorizationDto, String str) {
        return authorizationDto.getPermissions().stream().anyMatch(str2 -> {
            return str2.equals("ALL") || str2.equals(EngineConstantsUtil.ACCESS_PERMISSION);
        }) && (authorizationDto.getType().intValue() == 1) && authorizationDto.getResourceId().toLowerCase().trim().equals(str);
    }

    private boolean revokesToUseOptimize(AuthorizationDto authorizationDto, String str) {
        return authorizationDto.getPermissions().stream().anyMatch(str2 -> {
            return str2.equals("ALL") || str2.equals(EngineConstantsUtil.ACCESS_PERMISSION);
        }) && (authorizationDto.getType().intValue() == 2) && authorizationDto.getResourceId().toLowerCase().trim().equals(str);
    }

    private boolean grantsGloballyToUseOptimize(AuthorizationDto authorizationDto) {
        return authorizationDto.getPermissions().stream().anyMatch(str -> {
            return str.equals("ALL") || str.equals(EngineConstantsUtil.ACCESS_PERMISSION);
        }) && (authorizationDto.getType().intValue() == 0) && (authorizationDto.getResourceId().toLowerCase().equals(EngineConstantsUtil.OPTIMIZE_APPLICATION_RESOURCE_ID) || authorizationDto.getResourceId().trim().equals("*"));
    }
}
