package org.ofbiz.security.authz;

import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javolution.util.FastList;
import javolution.util.FastMap;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilValidate;
import org.ofbiz.base.util.string.FlexibleStringExpander;

/* loaded from: input_file:org/ofbiz/security/authz/AbstractAuthorization.class */
public abstract class AbstractAuthorization implements Authorization {
    private static final String module = AbstractAuthorization.class.getName();
    private static ThreadLocal<List<String>> autoGrant = new ThreadLocal<>();
    private static ThreadLocal<String> origPermission = new ThreadLocal<>();
    private static ThreadLocal<String> uid = new ThreadLocal<>();
    private static final String[] basePermissions = {"access", "create", "read", "update", "delete"};

    public abstract boolean hasStaticPermission(String str, String str2, Map<String, ? extends Object> map);

    public abstract boolean hasDynamicPermission(String str, String str2, Map<String, ? extends Object> map);

    public abstract List<String> getAutoGrantPermissions(String str, String str2, Map<String, ? extends Object> map);

    @Override // org.ofbiz.security.authz.Authorization
    public Map<String, Boolean> findMatchingPermission(String str, String str2, Map<String, ? extends Object> map) {
        FastMap newInstance = FastMap.newInstance();
        String substring = str2.substring(0, str2.indexOf(":"));
        String substring2 = str2.substring(str2.indexOf(":"));
        Pattern compile = Pattern.compile("^" + substring + ":.*$");
        for (String str3 : basePermissions) {
            Matcher matcher = compile.matcher(str3 + substring2);
            if (matcher.find()) {
                String group = matcher.group();
                newInstance.put(group, Boolean.valueOf(hasPermission(str, group, map)));
            }
        }
        return newInstance;
    }

    @Override // org.ofbiz.security.authz.Authorization
    public boolean hasPermission(String str, String str2, Map<String, ? extends Object> map) {
        String expandString = FlexibleStringExpander.expandString(str2, map);
        String str3 = uid.get();
        if (str3 != null && !str.equals(str3)) {
            origPermission.remove();
            autoGrant.remove();
            uid.remove();
            str3 = null;
        }
        boolean z = false;
        if (UtilValidate.isEmpty(str3)) {
            origPermission.set(str2);
            uid.set(str);
            z = true;
        }
        String[] split = expandString.split(":");
        StringBuilder sb = new StringBuilder();
        int i = 1;
        if (split == null || split.length <= 1) {
            Debug.logVerbose("Legacy permission detected; falling back to static permission check", module);
            return hasStaticPermission(str, expandString, map);
        }
        if (Debug.verboseOn()) {
            Debug.logVerbose("Security 2.0 schema found -- walking tree : " + expandString, module);
        }
        for (String str4 : split) {
            if (split.length >= i) {
                if (sb.length() > 0) {
                    sb.append(":");
                }
                sb.append(str4);
                List<String> list = autoGrant.get();
                if (UtilValidate.isNotEmpty(list)) {
                    Debug.logVerbose("Auto-Grant permissions found; looking for a match", module);
                    for (String str5 : list) {
                        if (Debug.verboseOn()) {
                            Debug.logVerbose("Testing - " + str5 + " - with - " + sb.toString(), module);
                        }
                        if (sb.toString().equals(str5)) {
                            handleAutoGrantPermissions(str, expandString, map);
                            return true;
                        }
                    }
                }
                if (hasStaticPermission(str, sb.toString(), map)) {
                    handleAutoGrantPermissions(str, expandString, map);
                    return true;
                }
            }
            i++;
        }
        String str6 = origPermission.get();
        if (!z && str2.equals(str6)) {
            Debug.logWarning("Recursive permission check detected; do not call hasPermission() from a dynamic access implementation!", module);
            return false;
        }
        if (!hasDynamicPermission(str, expandString, map)) {
            return false;
        }
        handleAutoGrantPermissions(str, expandString, map);
        return true;
    }

    protected void handleAutoGrantPermissions(String str, String str2, Map<String, ? extends Object> map) {
        List<String> autoGrantPermissions = getAutoGrantPermissions(str, str2, map);
        if (UtilValidate.isNotEmpty(autoGrantPermissions)) {
            FastList fastList = (List) autoGrant.get();
            if (fastList == null) {
                fastList = FastList.newInstance();
            }
            for (String str3 : autoGrantPermissions) {
                if (UtilValidate.isNotEmpty(str3)) {
                    String expandString = FlexibleStringExpander.expandString(str3, map);
                    if (Debug.verboseOn()) {
                        Debug.logVerbose("Adding auto-grant permission -- " + expandString, module);
                    }
                    fastList.add(expandString);
                }
            }
            autoGrant.set(autoGrantPermissions);
        }
    }

    public static void clearThreadLocal() {
        origPermission.remove();
        autoGrant.remove();
        uid.remove();
    }
}
