package io.continual.iam.access;

import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.Identity;

/* loaded from: input_file:io/continual/iam/access/AclChecker.class */
public class AclChecker {
    private Identity fUser = null;
    private String fOp = null;
    private AccessControlList fAcl = null;
    private String fResource = "";

    public AclChecker forUser(Identity identity) {
        this.fUser = identity;
        return this;
    }

    public AclChecker reading() {
        return performing(AccessControlList.READ);
    }

    public AclChecker updating() {
        return performing(AccessControlList.UPDATE);
    }

    public AclChecker creating() {
        return performing(AccessControlList.CREATE);
    }

    public AclChecker deleting() {
        return performing(AccessControlList.DELETE);
    }

    public AclChecker performing(String str) {
        this.fOp = str;
        return this;
    }

    public AclChecker onResource(String str) {
        this.fResource = str;
        return this;
    }

    public AclChecker controlledByAcl(AccessControlList accessControlList) {
        this.fAcl = accessControlList;
        return this;
    }

    public void check() throws AccessException, IamSvcException {
        if (this.fUser == null) {
            throw new AccessException("No user provided.");
        }
        if (this.fAcl == null) {
            throw new AccessException("No ACL provided.");
        }
        if (this.fOp == null) {
            throw new AccessException("No operation provided.");
        }
        if (!this.fAcl.canUser(this.fUser, this.fOp.toString())) {
            throw new AccessException(this.fUser.getId() + " may not " + this.fOp.toString().toLowerCase() + " " + this.fResource);
        }
    }
}
