package org.duracloud.durastore.aop;

import java.lang.reflect.Method;
import java.util.Map;
import org.duracloud.error.UnauthorizedException;
import org.duracloud.s3storageprovider.dto.GetUrlTaskParameters;
import org.duracloud.security.util.AuthorizationHelper;
import org.duracloud.storage.provider.TaskProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.MethodBeforeAdvice;
import org.springframework.core.Ordered;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/duracloud/durastore/aop/StreamingAccessAdvice.class */
public class StreamingAccessAdvice implements MethodBeforeAdvice, Ordered {
    private Logger log = LoggerFactory.getLogger(StreamingAccessAdvice.class);
    private int order = 0;
    private AuthorizationHelper authHelper;

    public StreamingAccessAdvice(AuthorizationHelper authorizationHelper) {
        this.authHelper = authorizationHelper;
    }

    public void setOrder(int i) {
        this.order = i;
    }

    public int getOrder() {
        return this.order;
    }

    public void before(Method method, Object[] objArr, Object obj) throws Throwable {
        String str = (String) objArr[0];
        if (str.matches("get-url-hls") || str.matches("get-signed-cookies-url")) {
            String storeId = ((TaskProvider) obj).getStoreId();
            Authentication authentication = SecurityContextHolder.getContextHolderStrategy().getContext().getAuthentication();
            if (this.authHelper.hasAdmin(authentication)) {
                return;
            }
            String spaceId = GetUrlTaskParameters.deserialize((String) objArr[1]).getSpaceId();
            Map spaceACLs = this.authHelper.getSpaceACLs(storeId, spaceId);
            if (this.authHelper.hasReadAccess(authentication.getName(), spaceACLs) || this.authHelper.groupsHaveReadAccess(authentication, spaceACLs)) {
                this.log.debug("successfully authorized {} to view {}", authentication.getName(), spaceId);
            } else {
                this.log.error(authentication.getName() + " is not authorized to view content in " + spaceId);
                throw new UnauthorizedException("You are not authorized to access space " + spaceId + ".");
            }
        }
    }
}
