package org.thingsboard.server.service.security.permission;

import org.springframework.stereotype.Component;
import org.thingsboard.server.common.data.DashboardInfo;
import org.thingsboard.server.common.data.HasCustomerId;
import org.thingsboard.server.common.data.HasTenantId;
import org.thingsboard.server.common.data.TbResourceInfo;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.id.DashboardId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TbResourceId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.permission.PermissionChecker;

@Component("customerUserPermissions")
/* loaded from: input_file:org/thingsboard/server/service/security/permission/CustomerUserPermissions.class */
public class CustomerUserPermissions extends AbstractPermissions {
    private static final PermissionChecker customerAlarmPermissionChecker = new PermissionChecker() { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.1
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (securityUser.getTenantId().equals(hasTenantId.getTenantId()) && (hasTenantId instanceof HasCustomerId)) {
                return securityUser.getCustomerId().equals(((HasCustomerId) hasTenantId).getCustomerId());
            }
            return false;
        }
    };
    private static final PermissionChecker customerEntityPermissionChecker = new PermissionChecker.GenericPermissionChecker(Operation.READ, Operation.READ_CREDENTIALS, Operation.READ_ATTRIBUTES, Operation.READ_TELEMETRY, Operation.RPC_CALL, Operation.CLAIM_DEVICES, Operation.WRITE, Operation.WRITE_ATTRIBUTES, Operation.WRITE_TELEMETRY) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.2
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (super.hasPermission(securityUser, operation, entityId, hasTenantId) && securityUser.getTenantId().equals(hasTenantId.getTenantId()) && (hasTenantId instanceof HasCustomerId)) {
                return operation.equals(Operation.CLAIM_DEVICES) || securityUser.getCustomerId().equals(((HasCustomerId) hasTenantId).getCustomerId());
            }
            return false;
        }
    };
    private static final PermissionChecker customerPermissionChecker = new PermissionChecker.GenericPermissionChecker(Operation.READ, Operation.READ_ATTRIBUTES, Operation.READ_TELEMETRY) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.3
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (super.hasPermission(securityUser, operation, entityId, hasTenantId)) {
                return securityUser.getCustomerId().equals(entityId);
            }
            return false;
        }
    };
    private static final PermissionChecker customerResourcePermissionChecker = new PermissionChecker<TbResourceId, TbResourceInfo>() { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.4
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, TbResourceId tbResourceId, TbResourceInfo tbResourceInfo) {
            if (operation != Operation.READ || tbResourceInfo.getResourceType() == null || !tbResourceInfo.getResourceType().isCustomerAccess()) {
                return false;
            }
            if (tbResourceInfo.getTenantId() == null || tbResourceInfo.getTenantId().isNullUid()) {
                return true;
            }
            return securityUser.getTenantId().equals(tbResourceInfo.getTenantId());
        }
    };
    private static final PermissionChecker customerDashboardPermissionChecker = new PermissionChecker.GenericPermissionChecker<DashboardId, DashboardInfo>(Operation.READ, Operation.READ_ATTRIBUTES, Operation.READ_TELEMETRY) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.5
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, DashboardId dashboardId, DashboardInfo dashboardInfo) {
            if (super.hasPermission(securityUser, operation, (Operation) dashboardId, (DashboardId) dashboardInfo) && securityUser.getTenantId().equals(dashboardInfo.getTenantId())) {
                return dashboardInfo.isAssignedToCustomer(securityUser.getCustomerId());
            }
            return false;
        }
    };
    private static final PermissionChecker userPermissionChecker = new PermissionChecker<UserId, User>() { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.6
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, UserId userId, User user) {
            if (!Authority.CUSTOMER_USER.equals(user.getAuthority()) || !securityUser.getCustomerId().equals(user.getCustomerId())) {
                return false;
            }
            if (Operation.READ.equals(operation)) {
                return true;
            }
            return securityUser.getId().equals(userId);
        }
    };
    private static final PermissionChecker widgetsPermissionChecker = new PermissionChecker.GenericPermissionChecker(Operation.READ) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.7
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (!super.hasPermission(securityUser, operation, entityId, hasTenantId)) {
                return false;
            }
            if (hasTenantId.getTenantId() == null || hasTenantId.getTenantId().isNullUid()) {
                return true;
            }
            return securityUser.getTenantId().equals(hasTenantId.getTenantId());
        }
    };
    private static final PermissionChecker rpcPermissionChecker = new PermissionChecker.GenericPermissionChecker(Operation.READ) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.8
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (!super.hasPermission(securityUser, operation, entityId, hasTenantId)) {
                return false;
            }
            if (hasTenantId.getTenantId() == null || hasTenantId.getTenantId().isNullUid()) {
                return true;
            }
            return securityUser.getTenantId().equals(hasTenantId.getTenantId());
        }
    };
    private static final PermissionChecker profilePermissionChecker = new PermissionChecker.GenericPermissionChecker(Operation.READ) { // from class: org.thingsboard.server.service.security.permission.CustomerUserPermissions.9
        @Override // org.thingsboard.server.service.security.permission.PermissionChecker.GenericPermissionChecker, org.thingsboard.server.service.security.permission.PermissionChecker
        public boolean hasPermission(SecurityUser securityUser, Operation operation, EntityId entityId, HasTenantId hasTenantId) {
            if (!super.hasPermission(securityUser, operation, entityId, hasTenantId)) {
                return false;
            }
            if (hasTenantId.getTenantId() == null || hasTenantId.getTenantId().isNullUid()) {
                return true;
            }
            return securityUser.getTenantId().equals(hasTenantId.getTenantId());
        }
    };

    public CustomerUserPermissions() {
        put(Resource.ALARM, customerAlarmPermissionChecker);
        put(Resource.ASSET, customerEntityPermissionChecker);
        put(Resource.DEVICE, customerEntityPermissionChecker);
        put(Resource.CUSTOMER, customerPermissionChecker);
        put(Resource.DASHBOARD, customerDashboardPermissionChecker);
        put(Resource.ENTITY_VIEW, customerEntityPermissionChecker);
        put(Resource.USER, userPermissionChecker);
        put(Resource.WIDGETS_BUNDLE, widgetsPermissionChecker);
        put(Resource.WIDGET_TYPE, widgetsPermissionChecker);
        put(Resource.EDGE, customerEntityPermissionChecker);
        put(Resource.RPC, rpcPermissionChecker);
        put(Resource.DEVICE_PROFILE, profilePermissionChecker);
        put(Resource.ASSET_PROFILE, profilePermissionChecker);
        put(Resource.TB_RESOURCE, customerResourcePermissionChecker);
        put(Resource.MOBILE_APP_SETTINGS, new PermissionChecker.GenericPermissionChecker(Operation.READ));
    }
}
