package org.apache.isis.security.shiro.authorization;

import javax.inject.Named;
import org.apache.isis.applib.Identifier;
import org.apache.isis.core.security.authentication.Authentication;
import org.apache.isis.core.security.authorization.Authorizor;
import org.apache.isis.security.shiro.context.ShiroSecurityContext;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Service;

@Service
@Named("isis.security.AuthorizorShiro")
@Order(-1073741824)
@Qualifier("Shiro")
/* loaded from: input_file:org/apache/isis/security/shiro/authorization/AuthorizorShiro.class */
public class AuthorizorShiro implements Authorizor {
    public boolean isVisible(Authentication authentication, Identifier identifier) {
        return isPermitted(authentication.getUserName(), identifier, "r");
    }

    public boolean isUsable(Authentication authentication, Identifier identifier) {
        return isPermitted(authentication.getUserName(), identifier, "w");
    }

    private boolean isPermitted(String str, Identifier identifier, String str2) {
        if (getSecurityManager() == null) {
            return true;
        }
        try {
            boolean isPermitted = SecurityUtils.getSubject().isPermitted(asPermissionsString(identifier) + ":" + str2);
            IsisPermission.resetVetoedPermissions();
            return isPermitted;
        } catch (Throwable th) {
            IsisPermission.resetVetoedPermissions();
            throw th;
        }
    }

    private String asPermissionsString(Identifier identifier) {
        return identifier.getLogicalType().getLogicalTypeNameFormatted(":", ":") + ":" + identifier.getMemberName();
    }

    protected RealmSecurityManager getSecurityManager() {
        return ShiroSecurityContext.getSecurityManager();
    }
}
