package pl.edu.icm.unity.engine.project;

import java.util.ArrayList;
import java.util.Iterator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.project.GroupAuthorizationRole;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.store.api.AttributeDAO;
import pl.edu.icm.unity.store.api.GroupDAO;
import pl.edu.icm.unity.store.api.tx.Transactional;
import pl.edu.icm.unity.store.types.StoredAttribute;
import pl.edu.icm.unity.types.basic.Group;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/project/ProjectAuthorizationManager.class */
public class ProjectAuthorizationManager {
    private GroupDAO groupDao;
    private AttributeDAO attrDao;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/engine/project/ProjectAuthorizationManager$NotChildOfProjectGroupException.class */
    public static class NotChildOfProjectGroupException extends RuntimeException {
        public NotChildOfProjectGroupException(String str, String str2) {
            super("Group " + str2 + " is not child of main project group " + str);
        }
    }

    @Autowired
    public ProjectAuthorizationManager(GroupDAO groupDAO, AttributeDAO attributeDAO) {
        this.groupDao = groupDAO;
        this.attrDao = attributeDAO;
    }

    @Transactional
    public void checkManagerAuthorization(String str) throws AuthorizationException {
        LoginSession loginSession = InvocationContext.getCurrent().getLoginSession();
        if (loginSession == null) {
            throw new AuthorizationException("Access is denied. The client is not authenticated.");
        }
        if (loginSession.isUsedOutdatedCredential()) {
            throw new AuthorizationException("Access is denied. The client's credential is outdated and the only allowed operation is the credential update");
        }
        assertIfDelegationIsActive(str);
        assertIfClientIsProjectManager(str, loginSession.getEntityId());
    }

    @Transactional
    public void checkManagerAuthorization(String str, String str2) throws AuthorizationException {
        checkManagerAuthorization(str);
        assertGroupIsUnderProject(str, str2);
    }

    private void assertIfDelegationIsActive(String str) throws AuthorizationException {
        if (!checkIfDelegationIsActive(str)) {
            throw new AuthorizationException("Access is denied. The operation requires enabled delegation on " + str + " group");
        }
    }

    private boolean checkIfDelegationIsActive(String str) {
        try {
            return this.groupDao.get(str).getDelegationConfiguration().enabled;
        } catch (Exception e) {
            throw new InternalException("Can not get group " + str);
        }
    }

    private void assertIfClientIsProjectManager(String str, long j) throws AuthorizationException {
        if (!checkAuthManagerAttribute(str, j)) {
            throw new AuthorizationException("Access is denied. The operation requires manager capability in " + str + " group");
        }
    }

    private boolean checkAuthManagerAttribute(String str, long j) {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.addAll(this.attrDao.getAttributes(ProjectAuthorizationRoleAttributeTypeProvider.PROJECT_MANAGEMENT_AUTHORIZATION_ROLE.toString(), Long.valueOf(j), str));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                Iterator it2 = ((StoredAttribute) it.next()).getAttribute().getValues().iterator();
                while (it2.hasNext()) {
                    if (((String) it2.next()).equals(GroupAuthorizationRole.manager.toString())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            throw new InternalException("Can not get group authorization attribute of entity " + j);
        }
    }

    private void assertGroupIsUnderProject(String str, String str2) throws NotChildOfProjectGroupException {
        if (!Group.isChildOrSame(str2, str)) {
            throw new NotChildOfProjectGroupException(str, str2);
        }
    }
}
