package org.geonode.security;

import java.util.logging.Level;
import java.util.logging.Logger;
import org.geonode.security.GeoNodeSecurityClient;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.DataAccessManager;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.impl.GeoServerRole;
import org.geotools.util.logging.Logging;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/classes/org/geonode/security/GeoNodeDataAccessManager.class */
public class GeoNodeDataAccessManager implements DataAccessManager {
    private static final Logger LOG = Logging.getLogger((Class<?>) GeoNodeDataAccessManager.class);
    boolean authenticationEnabled = true;
    private final GeoNodeSecurityClient.Provider securityClientProvider;

    public GeoNodeDataAccessManager(GeoNodeSecurityClient.Provider provider) {
        this.securityClientProvider = provider;
    }

    private static GeoServerSecurityManager securityManager() {
        return (GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class);
    }

    private static GeoServerRoleService roleService() {
        return securityManager().getActiveRoleService();
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, WorkspaceInfo workspaceInfo, AccessMode accessMode) {
        return true;
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, LayerInfo layerInfo, AccessMode accessMode) {
        return canAccess(authentication, layerInfo.getResource(), accessMode);
    }

    @Override // org.geoserver.security.DataAccessManager
    public boolean canAccess(Authentication authentication, ResourceInfo resourceInfo, AccessMode accessMode) {
        if (!this.authenticationEnabled || authentication == null) {
            return true;
        }
        if (LOG.isLoggable(Level.FINER)) {
            LOG.finer("Checking permissions for " + authentication + " with authorities " + authentication.getAuthorities() + " accessing " + resourceInfo);
        }
        if (authentication.getAuthorities().contains(GeoServerRole.ADMIN_ROLE)) {
            return true;
        }
        return this.securityClientProvider.getSecurityClient().authorize(authentication, resourceInfo, accessMode);
    }

    @Override // org.geoserver.security.DataAccessManager
    public CatalogMode getMode() {
        return CatalogMode.HIDE;
    }

    public void setAuthenticationEnabled(boolean z) {
        this.authenticationEnabled = z;
    }
}
