package io.milton.http.acl;

import io.milton.common.LogUtils;
import io.milton.http.Auth;
import io.milton.http.Request;
import io.milton.principal.Principal;
import io.milton.property.PropertyAuthoriser;
import io.milton.resource.AccessControlledResource;
import io.milton.resource.Resource;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/milton-server-ent-2.6.5.6.jar:io/milton/http/acl/AclAuthorisor.class */
public class AclAuthorisor implements PropertyAuthoriser {
    private static final Logger log = LoggerFactory.getLogger(AclAuthorisor.class);
    private final PrincipalFactory principalFactory;

    public AclAuthorisor(PrincipalFactory principalFactory) {
        this.principalFactory = principalFactory;
    }

    public Boolean authorise(Request request, Request.Method method, Auth auth, Resource resource) {
        Map<Principal, List<AccessControlledResource.Priviledge>> accessControlList;
        LogUtils.trace(log, "authorise", request.getAbsoluteUrl(), method.code, auth.getUser(), resource.getName());
        if (!(resource instanceof AccessControlledResource) || (accessControlList = ((AccessControlledResource) resource).getAccessControlList()) == null) {
            return null;
        }
        for (AccessControlledResource.Priviledge priviledge : accessControlList.get(this.principalFactory.fromAuth(auth))) {
            if (method.isWrite) {
                if (priviledge.equals(AccessControlledResource.Priviledge.WRITE)) {
                    log.trace("found write permission");
                    return true;
                }
            } else if (priviledge.equals(AccessControlledResource.Priviledge.READ)) {
                log.trace("found read permission");
                return true;
            }
        }
        log.trace("did not find applicable permission");
        return false;
    }

    @Override // io.milton.property.PropertyAuthoriser
    public Set<PropertyAuthoriser.CheckResult> checkPermissions(Request request, Request.Method method, PropertyAuthoriser.PropertyPermission propertyPermission, Set<QName> set, Resource resource) {
        return null;
    }
}
