package io.scalecube.configuration.authorization;

import io.scalecube.account.api.Role;
import io.scalecube.security.api.Authorizer;
import io.scalecube.security.api.Profile;
import java.security.AccessControlException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/scalecube/configuration/authorization/Permissions.class */
public class Permissions implements Authorizer {
    private final Map<String, Set<String>> rolesForAllResources;

    /* loaded from: input_file:io/scalecube/configuration/authorization/Permissions$Builder.class */
    public static class Builder {
        private final Map<String, Set<String>> permissions = new HashMap();

        public Builder grant(String str, Role... roleArr) {
            for (Role role : roleArr) {
                this.permissions.computeIfAbsent(str, str2 -> {
                    return new HashSet();
                }).add(role.toString());
            }
            return this;
        }

        public Authorizer build() {
            return new Permissions(this);
        }
    }

    private Permissions(Builder builder) {
        this.rolesForAllResources = new HashMap(builder.permissions.size());
        builder.permissions.forEach((str, set) -> {
            this.rolesForAllResources.put(str, new HashSet(set));
        });
    }

    public static Builder builder() {
        return new Builder();
    }

    private Set<String> rolesByResource(String str) {
        return this.rolesForAllResources.getOrDefault(str, Collections.emptySet());
    }

    private static boolean isInRole(Profile profile, Set<String> set) {
        return set.contains(profile.claim("roles"));
    }

    public Mono<Profile> authorize(Profile profile, String str) {
        return Mono.just(profile).filter(profile2 -> {
            return isInRole(profile2, rolesByResource(str));
        }).switchIfEmpty(Mono.error(() -> {
            return new AccessControlException("Permission denied");
        }));
    }
}
