package org.duracloud.account.security.vote;

import java.util.Collection;
import org.aopalliance.intercept.MethodInvocation;
import org.duracloud.account.db.model.DuracloudUser;
import org.duracloud.account.db.repo.DuracloudRepoMgr;
import org.duracloud.account.db.util.DuracloudInstanceManagerService;
import org.duracloud.account.security.domain.SecuredRule;
import org.duracloud.common.error.DuraCloudRuntimeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/duracloud/account/security/vote/InstanceManagerAccessDecisionVoter.class */
public class InstanceManagerAccessDecisionVoter extends BaseAccessDecisionVoter {
    private Logger log;
    private final int ACCT_ID_INDEX = 0;

    public InstanceManagerAccessDecisionVoter(DuracloudRepoMgr duracloudRepoMgr) {
        super(duracloudRepoMgr);
        this.log = LoggerFactory.getLogger(AccountManagerAccessDecisionVoter.class);
        this.ACCT_ID_INDEX = 0;
    }

    @Override // org.duracloud.account.security.vote.BaseAccessDecisionVoter
    protected Class<?> getTargetService() {
        return DuracloudInstanceManagerService.class;
    }

    @Override // org.duracloud.account.security.vote.BaseAccessDecisionVoter
    protected int voteImpl(Authentication authentication, MethodInvocation methodInvocation, Collection<ConfigAttribute> collection, Object[] objArr, DuracloudUser duracloudUser, SecuredRule securedRule, String str, SecuredRule.Scope scope) {
        int voteUserHasRoleOnAccount;
        if (scope.equals(SecuredRule.Scope.ANY)) {
            voteUserHasRoleOnAccount = voteHasRole(str, getUserRoles(authentication));
        } else {
            if (!scope.equals(SecuredRule.Scope.SELF_ACCT)) {
                String str2 = "Invalid scope: " + scope;
                this.log.error(str2);
                throw new DuraCloudRuntimeException(str2);
            }
            voteUserHasRoleOnAccount = voteUserHasRoleOnAccount(duracloudUser, str, getAccountIdArg(objArr));
        }
        return castVote(voteUserHasRoleOnAccount, methodInvocation);
    }

    private Long getAccountIdArg(Object[] objArr) {
        if (objArr.length != 1 && objArr.length != 2) {
            this.log.error("Illegal number of args: " + objArr.length);
        }
        return (Long) objArr[0];
    }
}
