package org.geoserver.web;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.geoserver.security.AccessMode;
import org.geoserver.security.impl.DataAccessRule;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/web/WorkspaceAdminComponentAuthorizer.class */
public class WorkspaceAdminComponentAuthorizer extends AdminComponentAuthorizer {
    @Override // org.geoserver.web.AdminComponentAuthorizer, org.geoserver.web.ComponentAuthorizer
    public boolean isAccessAllowed(Class cls, Authentication authentication) {
        if (super.isAccessAllowed(cls, authentication)) {
            return true;
        }
        if (authentication == null || !authentication.isAuthenticated()) {
            return false;
        }
        List<String> lookupWorkspaceAdminRoles = lookupWorkspaceAdminRoles();
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (lookupWorkspaceAdminRoles.contains(((GrantedAuthority) it.next()).getAuthority())) {
                return true;
            }
        }
        return false;
    }

    List<String> lookupWorkspaceAdminRoles() {
        ArrayList arrayList = new ArrayList();
        for (DataAccessRule dataAccessRule : DataAccessRuleDAO.get().getRules()) {
            if (dataAccessRule.getAccessMode() == AccessMode.ADMIN) {
                arrayList.addAll(dataAccessRule.getRoles());
            }
        }
        return arrayList;
    }
}
