package com.appiancorp.security.authz;

import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.persistence.ActionDao;
import com.appiancorp.security.persistence.RoleActionMappingDao;
import com.appiancorp.security.persistence.csv.ActionDaoCsvImpl;
import com.appiancorp.security.persistence.csv.RoleActionMappingDaoCsvImpl;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import org.aopalliance.intercept.MethodInvocation;

/* loaded from: input_file:com/appiancorp/security/authz/AppianAuthorizationProvider.class */
public class AppianAuthorizationProvider implements AuthorizationProvider {
    private final AuthorizationEventLogger logger;
    private final RoleActionMappingDao mappingDao;
    private final ActionDao actionDao;

    public AppianAuthorizationProvider() {
        this.mappingDao = new RoleActionMappingDaoCsvImpl();
        this.actionDao = new ActionDaoCsvImpl();
        this.logger = new AuthorizationEventLogger();
    }

    public AppianAuthorizationProvider(AuthorizationEventLogger authorizationEventLogger) {
        this.mappingDao = new RoleActionMappingDaoCsvImpl();
        this.actionDao = new ActionDaoCsvImpl();
        this.logger = authorizationEventLogger;
    }

    @Override // com.appiancorp.security.authz.AuthorizationProvider
    public void authorize(Method method, MethodInvocation methodInvocation, SecurityContext securityContext, String str, String str2) {
        try {
            this.logger.logAllowed(securityContext, str, str2, doAuthorize(securityContext, str2));
        } catch (AuthorizationException e) {
            this.logger.logDenied(securityContext, str, str2, e);
            throw new AppianRuntimeException(e);
        } catch (RuntimeException e2) {
            this.logger.logError(securityContext, str, str2, e2);
            throw e2;
        }
    }

    private Set<String> doAuthorize(SecurityContext securityContext, String str) throws AuthorizationException {
        if (isUserAlwaysAllowed(securityContext)) {
            return null;
        }
        return getAuthorizedUserRolesOrThrow(securityContext, str, securityContext.getRoles(), getRolesAllowingAction(str));
    }

    protected Set<String> getRolesAllowingAction(String str) {
        return this.mappingDao.getRolesForAction(str);
    }

    protected Set<String> getActionsAllowedByRole(String str) {
        return this.mappingDao.getActionsForRole(str);
    }

    protected Set<String> getActionsToRolesMap() {
        return new HashSet(Action.getNames(this.actionDao.getAll()));
    }
}
