package org.cerberus.util.security;

import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.cerberus.crud.entity.UserSystem;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:WEB-INF/classes/org/cerberus/util/security/UserSecurity.class */
public class UserSecurity {
    private static final Logger LOG = LogManager.getLogger((Class<?>) UserSecurity.class);

    public static boolean systemIsAllow(String str) {
        return systemIsAllow((List<String>) Stream.of(str).collect(Collectors.toList()));
    }

    public static boolean systemIsAllow(List<String> list) {
        List<String> systemAllow = getSystemAllow();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (!systemAllow.contains(it.next())) {
                return false;
            }
        }
        return true;
    }

    public static List<String> getSystemAllow() {
        LOG.debug("Get Allowed system for : " + getCurrentHttpRequest().getRemoteUser());
        if (getCurrentHttpRequest().isUserInRole("Administrator")) {
            LOG.debug("Administrator user : " + getCurrentHttpRequest().getRemoteUser());
            return null;
        }
        List list = (List) getSession().getAttribute("MySystemsAllow");
        if (list == null || ((Boolean) getSession().getAttribute("MySystemsIsAdministrator")).booleanValue()) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            linkedList.add(((UserSystem) it.next()).getSystem());
        }
        return linkedList;
    }

    public static String getSystemAllowForSQL(String str) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        List<String> systemAllow = getSystemAllow();
        LOG.debug("Allowed system : " + systemAllow);
        if (systemAllow == null) {
            return " 1=1 ";
        }
        Iterator<String> it = getSystemAllow().iterator();
        while (it.hasNext()) {
            sb.append(!z ? "," : "").append("'").append(StringEscapeUtils.escapeHtml4(escapeSql(it.next()))).append("'");
            z = false;
        }
        return str + " in (''," + sb.toString() + ")";
    }

    public static boolean isAdministrator() {
        return getCurrentHttpRequest().isUserInRole("Administrator");
    }

    private static HttpSession getSession() {
        return ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest().getSession(true);
    }

    private static HttpServletRequest getCurrentHttpRequest() {
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            return ((ServletRequestAttributes) requestAttributes).getRequest();
        }
        return null;
    }

    private static String escapeSql(String str) {
        if (str == null) {
            return null;
        }
        return StringUtils.replace(str, "'", "''");
    }

    private UserSecurity() {
    }
}
