package org.fcrepo.auth.roles.basic;

import java.security.Principal;
import java.util.Set;
import org.fcrepo.auth.roles.common.AbstractRolesPEP;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/auth/roles/basic/BasicRolesPEP.class */
public class BasicRolesPEP extends AbstractRolesPEP {
    private static final Logger LOGGER = LoggerFactory.getLogger(BasicRolesPEP.class);

    public boolean rolesHaveModeShapePermission(String str, String[] strArr, Set<Principal> set, Principal principal, Set<String> set2) {
        if (set2.isEmpty()) {
            LOGGER.debug("A caller without content roles can do nothing in the repository.");
            return false;
        }
        if (set2.contains("admin")) {
            LOGGER.debug("Granting an admin role permission to perform any action.");
            return true;
        }
        if (set2.contains("writer")) {
            if (str.contains("/{http://fedora.info/definitions/v4/authorization#}")) {
                LOGGER.debug("Denying writer role permission to perform an action on an ACL node.");
                return false;
            }
            LOGGER.debug("Granting writer role permission to perform any action on a non-ACL nodes.");
            return true;
        }
        if (!set2.contains("reader")) {
            LOGGER.error("There are roles in session that aren't recognized by this PEP: {}", set2);
            return false;
        }
        if (strArr.length == 1 && "read".equals(strArr[0])) {
            LOGGER.debug("Granting reader role permission to perform a read action.");
            return true;
        }
        LOGGER.debug("Denying reader role permission to perform a non-read action.");
        return false;
    }
}
