package org.esfinge.guardian.rbac.authorizer;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.esfinge.guardian.authorizer.Authorizer;
import org.esfinge.guardian.context.AuthorizationContext;
import org.esfinge.guardian.rbac.annotation.authorization.AllowRoles;
import org.esfinge.guardian.rbac.entity.Role;
import org.esfinge.guardian.rbac.exception.RbacMisuseException;
import org.esfinge.guardian.rbac.utils.RbacConfig;

/* loaded from: input_file:org/esfinge/guardian/rbac/authorizer/AllowRolesAuthorizer.class */
public class AllowRolesAuthorizer implements Authorizer<AllowRoles> {
    public Boolean authorize(AuthorizationContext authorizationContext, AllowRoles allowRoles) {
        Set set = (Set) authorizationContext.getSubject().get(new RbacConfig().getRolesKey(), new HashSet());
        HashSet<Role> hashSet = new HashSet();
        for (String str : allowRoles.value()) {
            hashSet.add(new Role(str));
        }
        if (hashSet.isEmpty() && !set.isEmpty()) {
            throw new RbacMisuseException("A role must be defined to access the method: " + authorizationContext.getGuardedMethod().getName());
        }
        boolean z = false;
        for (Role role : hashSet) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                z = z || role.isSubjectInRole((Role) it.next());
            }
        }
        return Boolean.valueOf(z);
    }
}
