package com.alibaba.nacos.plugin.auth.impl.roles;

import com.alibaba.nacos.api.model.v2.Result;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.plugin.auth.api.Permission;
import com.alibaba.nacos.plugin.auth.api.Resource;
import com.alibaba.nacos.plugin.auth.impl.configuration.AuthConfigs;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUser;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;

/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/roles/AbstractCheckedRoleService.class */
public abstract class AbstractCheckedRoleService extends AbstractCachedRoleService implements NacosRoleService {
    private final AuthConfigs authConfigs;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCheckedRoleService(AuthConfigs authConfigs) {
        this.authConfigs = authConfigs;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public boolean hasPermission(NacosUser nacosUser, Permission permission) {
        if (isUpdatePasswordPermission(permission)) {
            return true;
        }
        List<RoleInfo> roles = getRoles(nacosUser.getUserName());
        if (CollectionUtils.isEmpty(roles)) {
            return false;
        }
        Iterator<RoleInfo> it = roles.iterator();
        while (it.hasNext()) {
            if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(it.next().getRole())) {
                nacosUser.setGlobalAdmin(true);
                return true;
            }
        }
        if (permission.getResource().getName().startsWith(AuthConstants.CONSOLE_RESOURCE_NAME_PREFIX)) {
            return false;
        }
        Iterator<RoleInfo> it2 = roles.iterator();
        while (it2.hasNext()) {
            List<PermissionInfo> permissions = getPermissions(it2.next().getRole());
            if (!CollectionUtils.isEmpty(permissions)) {
                for (PermissionInfo permissionInfo : permissions) {
                    String replaceAll = permissionInfo.getResource().replaceAll("\\*", ".*");
                    if (replaceAll.startsWith(":")) {
                        replaceAll = "public" + replaceAll;
                    }
                    if (permissionInfo.getAction().contains(permission.getAction()) && Pattern.matches(replaceAll, joinResource(permission.getResource()))) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Result<Boolean> isDuplicatePermission(String str, String str2, String str3) {
        List<PermissionInfo> permissions = getPermissions(str);
        if (CollectionUtils.isEmpty(permissions)) {
            return Result.success(Boolean.FALSE);
        }
        for (PermissionInfo permissionInfo : permissions) {
            boolean equals = StringUtils.equals(str2, permissionInfo.getResource());
            boolean z = StringUtils.equals(str3, permissionInfo.getAction()) || "rw".equals(permissionInfo.getAction());
            if (equals && z) {
                return Result.success(Boolean.TRUE);
            }
        }
        return Result.success(Boolean.FALSE);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public boolean hasGlobalAdminRole(String str) {
        return getRoles(str).stream().anyMatch(roleInfo -> {
            return AuthConstants.GLOBAL_ADMIN_ROLE.equals(roleInfo.getRole());
        });
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public boolean hasGlobalAdminRole() {
        if (this.authConfigs.isHasGlobalAdminRole()) {
            return true;
        }
        List<RoleInfo> allRoles = getAllRoles();
        boolean z = CollectionUtils.isNotEmpty(allRoles) && allRoles.stream().anyMatch(roleInfo -> {
            return AuthConstants.GLOBAL_ADMIN_ROLE.equals(roleInfo.getRole());
        });
        this.authConfigs.setHasGlobalAdminRole(z);
        return z;
    }

    private boolean isUpdatePasswordPermission(Permission permission) {
        Properties properties = permission.getResource().getProperties();
        return null != properties && properties.contains(AuthConstants.UPDATE_PASSWORD_ENTRY_POINT);
    }

    private String joinResource(Resource resource) {
        if ("specified".equals(resource.getType())) {
            return resource.getName();
        }
        StringBuilder sb = new StringBuilder();
        String namespaceId = resource.getNamespaceId();
        if (StringUtils.isBlank(namespaceId)) {
            namespaceId = "public";
        }
        sb.append(namespaceId);
        String group = resource.getGroup();
        if (StringUtils.isBlank(group)) {
            sb.append(":").append('*');
        } else {
            sb.append(":").append(group);
        }
        String name = resource.getName();
        if (StringUtils.isBlank(name)) {
            sb.append(":").append(resource.getType().toLowerCase()).append("/*");
        } else {
            sb.append(":").append(resource.getType().toLowerCase()).append('/').append(name);
        }
        return sb.toString();
    }
}
