package org.alfresco.an2.security;

import java.io.Serializable;
import org.alfresco.an2.server.security.ServiceCallContext;
import org.alfresco.an2.server.security.ServiceCallContextHolder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.acls.AclPermissionEvaluator;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/alfresco-an2-server-0.1.0-SNAPSHOT.jar:org/alfresco/an2/security/An2PermissionEvaluator.class */
public class An2PermissionEvaluator extends AclPermissionEvaluator {
    public static final String TARGET_TYPE_TENANT = "tenant";
    public static final String TARGET_ID_CTX_TENANT = "ctx.tenant";
    private final Log loggerGranted;
    private final boolean loggerGrantedDebug;
    private final Log loggerDenied;
    private final boolean loggerDeniedDebug;
    private final AclService aclService;

    public An2PermissionEvaluator(AclService aclService) {
        super(aclService);
        this.loggerGranted = LogFactory.getLog("" + An2PermissionEvaluator.class + ".granted");
        this.loggerGrantedDebug = this.loggerGranted.isDebugEnabled();
        this.loggerDenied = LogFactory.getLog("" + An2PermissionEvaluator.class + ".denied");
        this.loggerDeniedDebug = this.loggerDenied.isDebugEnabled();
        this.aclService = aclService;
    }

    @Override // org.springframework.security.acls.AclPermissionEvaluator, org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        throw new UnsupportedOperationException("No permission evaluation based on 'targetDomainObject'.  Specify the type and ID.");
    }

    @Override // org.springframework.security.acls.AclPermissionEvaluator, org.springframework.security.access.PermissionEvaluator
    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        ServiceCallContext serviceCallContext = ServiceCallContextHolder.get();
        if (TARGET_ID_CTX_TENANT.equals(serializable)) {
            serializable = serviceCallContext.getTenant();
        }
        boolean hasPermission = super.hasPermission(authentication, serializable, str, obj);
        if (hasPermission && this.loggerGrantedDebug) {
            this.loggerGranted.debug("Permission granted: User " + authentication.getName() + " accessing " + serializable + " (" + str + ").");
        } else if (!hasPermission && this.loggerDeniedDebug) {
            this.loggerDenied.debug("Permission denied: User " + authentication.getName() + " accessing " + serializable + " (" + str + ").");
        }
        return hasPermission;
    }
}
