package in.priva.olympus.authz.infrastructure.services;

import in.priva.olympus.authz.domain.model.Permission;
import in.priva.olympus.authz.domain.model.Role;
import in.priva.olympus.authz.domain.model.Subject;
import in.priva.olympus.authz.domain.model.exception.AuthorizationException;
import in.priva.olympus.base.domain.model.Logical;
import in.priva.olympus.base.domain.model.Scope;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:in/priva/olympus/authz/infrastructure/services/AuthorizationService.class */
public class AuthorizationService {
    public void authorize(Subject subject, Set<Permission> set, Logical logical) {
        List<Role> roles = subject.getRoles();
        List<Scope> scopes = subject.getScopes();
        if (roles == null || scopes == null) {
            throw new AuthorizationException();
        }
        if (!(logical.equals(Logical.OR) ? set.stream().anyMatch(permission -> {
            return isPermitted(roles, scopes, permission);
        }) : set.stream().allMatch(permission2 -> {
            return isPermitted(roles, scopes, permission2);
        }))) {
            throw new AuthorizationException();
        }
    }

    private boolean isPermitted(List<Role> list, List<Scope> list2, Permission permission) {
        return list.stream().anyMatch(role -> {
            return list2.stream().anyMatch(scope -> {
                return role.isPermitted(scope, permission);
            });
        });
    }
}
