package org.openlmis.stockmanagement.service;

import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.openlmis.stockmanagement.dto.referencedata.ResultDto;
import org.openlmis.stockmanagement.exception.PermissionMessageException;
import org.openlmis.stockmanagement.i18n.MessageKeys;
import org.openlmis.stockmanagement.service.referencedata.PermissionStrings;
import org.openlmis.stockmanagement.service.referencedata.UserReferenceDataService;
import org.openlmis.stockmanagement.util.AuthenticationHelper;
import org.openlmis.stockmanagement.util.Message;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Service;
import org.springframework.web.client.HttpClientErrorException;

@Service
/* loaded from: input_file:org/openlmis/stockmanagement/service/PermissionService.class */
public class PermissionService {
    public static final String STOCK_CARD_TEMPLATES_MANAGE = "STOCK_CARD_TEMPLATES_MANAGE";
    public static final String STOCK_ORGANIZATIONS_MANAGE = "STOCK_ORGANIZATIONS_MANAGE";
    public static final String REASONS_MANAGE = "STOCK_CARD_LINE_ITEM_REASONS_MANAGE";
    public static final String STOCK_SOURCES_MANAGE = "STOCK_SOURCES_MANAGE";
    public static final String STOCK_DESTINATIONS_MANAGE = "STOCK_DESTINATIONS_MANAGE";
    public static final String STOCK_INVENTORIES_EDIT = "STOCK_INVENTORIES_EDIT";
    public static final String STOCK_ADJUST = "STOCK_ADJUST";
    public static final String STOCK_CARDS_VIEW = "STOCK_CARDS_VIEW";
    static final String SYSTEM_SETTINGS_MANAGE = "SYSTEM_SETTINGS_MANAGE";

    @Autowired
    private AuthenticationHelper authenticationHelper;

    @Autowired
    private UserReferenceDataService userReferenceDataService;

    @Autowired
    private PermissionStrings permissionStrings;

    @Value("${auth.server.clientId}")
    private String serviceTokenClientId;

    @Value("${auth.server.clientId.apiKey.prefix}")
    private String apiKeyPrefix;

    public void canCreateStockCardTemplate() {
        hasPermission(STOCK_CARD_TEMPLATES_MANAGE, null, null, null);
    }

    public void canEditPhysicalInventory(UUID uuid, UUID uuid2) {
        hasPermission(STOCK_INVENTORIES_EDIT, uuid, uuid2, null);
    }

    public void canAdjustStock(UUID uuid, UUID uuid2) {
        hasPermission(STOCK_ADJUST, uuid, uuid2, null);
    }

    public void canViewStockCard(UUID uuid, UUID uuid2) {
        hasPermission(STOCK_CARDS_VIEW, uuid, uuid2, null);
    }

    public void canManageStockSources() {
        hasPermission(STOCK_SOURCES_MANAGE, null, null, null);
    }

    public void canManageStockDestinations() {
        hasPermission(STOCK_DESTINATIONS_MANAGE, null, null, null);
    }

    public void canManageReasons() {
        hasPermission(REASONS_MANAGE, null, null, null);
    }

    public void canManageOrganizations() {
        hasPermission(STOCK_ORGANIZATIONS_MANAGE, null, null, null);
    }

    public void canManageSystemSettings() {
        hasPermission(SYSTEM_SETTINGS_MANAGE, null, null, null);
    }

    public PermissionStrings.Handler getPermissionStrings(UUID uuid) {
        return this.permissionStrings.forUser(uuid);
    }

    private void hasPermission(String str, UUID uuid, UUID uuid2, UUID uuid3) {
        ResultDto<Boolean> rightResult = getRightResult(str, uuid, uuid2, uuid3, false);
        if (null == rightResult || !rightResult.getResult().booleanValue()) {
            throw new PermissionMessageException(new Message(MessageKeys.ERROR_NO_FOLLOWING_PERMISSION, str, uuid, uuid2));
        }
    }

    private ResultDto<Boolean> getRightResult(String str, UUID uuid, UUID uuid2, UUID uuid3, boolean z) {
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
        return oAuth2Authentication.isClientOnly() ? checkServiceToken(z, oAuth2Authentication) : checkUserToken(str, uuid, uuid2, uuid3);
    }

    private ResultDto<Boolean> checkUserToken(String str, UUID uuid, UUID uuid2, UUID uuid3) {
        try {
            return this.userReferenceDataService.hasRight(this.authenticationHelper.getCurrentUser().getId(), this.authenticationHelper.getRight(str).getId(), uuid, uuid2, uuid3);
        } catch (HttpClientErrorException e) {
            throw new PermissionMessageException(new Message(MessageKeys.ERROR_PERMISSION_CHECK_FAILED, e.getMessage()), e);
        }
    }

    private ResultDto<Boolean> checkServiceToken(boolean z, OAuth2Authentication oAuth2Authentication) {
        String clientId = oAuth2Authentication.getOAuth2Request().getClientId();
        return this.serviceTokenClientId.equals(clientId) ? new ResultDto<>(true) : StringUtils.startsWith(clientId, this.apiKeyPrefix) ? new ResultDto<>(Boolean.valueOf(z)) : new ResultDto<>(false);
    }
}
