package net.bluemind.core.container.service.internal;

import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.Container;
import net.bluemind.core.container.model.acl.AccessControlEntry;
import net.bluemind.core.container.model.acl.Verb;
import net.bluemind.core.container.persistence.AclStore;
import net.bluemind.core.container.persistence.DataSourceRouter;
import net.bluemind.core.rest.BmContext;

/* loaded from: input_file:net/bluemind/core/container/service/internal/ContainerPermissionResolver.class */
public class ContainerPermissionResolver {
    private BmContext context;
    private Container container;

    public ContainerPermissionResolver(BmContext bmContext, Container container) {
        this.context = bmContext;
        this.container = container;
    }

    public Set<Permission> resolve() {
        HashSet hashSet = new HashSet();
        if (this.container.domainUid != null && this.container.domainUid.equals(this.context.getSecurityContext().getContainerUid()) && this.container.owner.equals(this.context.getSecurityContext().getSubject())) {
            hashSet.addAll((Collection) Arrays.stream(Verb.values()).map(verb -> {
                return ContainerPermission.asPerm(verb);
            }).collect(Collectors.toList()));
            return hashSet;
        }
        if (this.container.type.equals("dir") && this.container.domainUid.equals(this.context.getSecurityContext().getContainerUid())) {
            hashSet.add(ContainerPermission.asPerm(Verb.Read));
        }
        try {
            for (AccessControlEntry accessControlEntry : new AclStore(this.context, DataSourceRouter.get(this.context, this.container.uid)).get(this.container)) {
                if (accessControlEntry.subject.equals("anonymous") && this.context.getSecurityContext().isAnonymous()) {
                    hashSet.add(ContainerPermission.asPerm(accessControlEntry.verb));
                } else if (this.container.domainUid != null && this.container.domainUid.equals(this.context.getSecurityContext().getContainerUid()) && (this.context.getSecurityContext().getSubject().equals(accessControlEntry.subject) || this.context.getSecurityContext().getMemberOf().contains(accessControlEntry.subject) || this.context.getSecurityContext().getContainerUid().equals(accessControlEntry.subject))) {
                    hashSet.add(ContainerPermission.asPerm(accessControlEntry.verb));
                } else if ("token-fake-domain".equals(this.context.getSecurityContext().getContainerUid()) && this.context.getSecurityContext().getSubject().equals(accessControlEntry.subject)) {
                    hashSet.add(ContainerPermission.asPerm(accessControlEntry.verb));
                }
            }
            return hashSet;
        } catch (SQLException e) {
            throw ServerFault.sqlFault(e);
        }
    }
}
