package io.imunity.scim.group;

import io.imunity.scim.config.SCIMEndpointDescription;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.engine.api.AuthorizationManagement;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.exceptions.AuthorizationException;

/* loaded from: input_file:io/imunity/scim/group/GroupAuthzService.class */
class GroupAuthzService {
    private final AuthorizationManagement authzMan;
    private final SCIMEndpointDescription configuration;

    @Component
    /* loaded from: input_file:io/imunity/scim/group/GroupAuthzService$SCIMGroupAuthzServiceFactory.class */
    static class SCIMGroupAuthzServiceFactory {
        private final AuthorizationManagement authzMan;

        @Autowired
        SCIMGroupAuthzServiceFactory(AuthorizationManagement authorizationManagement) {
            this.authzMan = authorizationManagement;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public GroupAuthzService getService(SCIMEndpointDescription sCIMEndpointDescription) {
            return new GroupAuthzService(this.authzMan, sCIMEndpointDescription);
        }
    }

    GroupAuthzService(AuthorizationManagement authorizationManagement, SCIMEndpointDescription sCIMEndpointDescription) {
        this.authzMan = authorizationManagement;
        this.configuration = sCIMEndpointDescription;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkReadGroups() throws AuthorizationException {
        if (!InvocationContext.getCurrent().getInvocationMaterial().equals(InvocationContext.InvocationMaterial.DIRECT)) {
            throw new AuthorizationException("Access is denied. Reading groups is available only via direct access");
        }
        this.authzMan.checkReadCapability(false, this.configuration.rootGroup);
    }
}
