package org.hspconsortium.sandboxmanagerapi.controllers;

import java.util.Iterator;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.hspconsortium.sandboxmanagerapi.model.AbstractSandboxItem;
import org.hspconsortium.sandboxmanagerapi.model.Role;
import org.hspconsortium.sandboxmanagerapi.model.Sandbox;
import org.hspconsortium.sandboxmanagerapi.model.SystemRole;
import org.hspconsortium.sandboxmanagerapi.model.User;
import org.hspconsortium.sandboxmanagerapi.model.UserRole;
import org.hspconsortium.sandboxmanagerapi.model.Visibility;
import org.hspconsortium.sandboxmanagerapi.services.OAuthService;

/* loaded from: input_file:BOOT-INF/classes/org/hspconsortium/sandboxmanagerapi/controllers/AbstractController.class */
abstract class AbstractController {
    final OAuthService oAuthService;

    @Inject
    public AbstractController(OAuthService oAuthService) {
        this.oAuthService = oAuthService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkUserAuthorization(HttpServletRequest httpServletRequest, String str) {
        if (!str.equalsIgnoreCase(this.oAuthService.getOAuthUserId(httpServletRequest))) {
            throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSystemUserId(HttpServletRequest httpServletRequest) {
        return this.oAuthService.getOAuthUserId(httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkCreatedByIsCurrentUserAuthorization(HttpServletRequest httpServletRequest, String str) {
        checkUserAuthorization(httpServletRequest, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSandboxUserReadAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox) {
        return checkSandboxMember(sandbox, this.oAuthService.getOAuthUserId(httpServletRequest));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSandboxUserCreateAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox) {
        return checkSandboxUserNotReadOnlyAuthorization(httpServletRequest, sandbox);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSandboxUserModifyAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox, AbstractSandboxItem abstractSandboxItem) {
        String checkSandboxUserReadAuthorization = checkSandboxUserReadAuthorization(httpServletRequest, sandbox);
        if (abstractSandboxItem.getVisibility() == Visibility.PRIVATE) {
            if (abstractSandboxItem.getCreatedBy().getSbmUserId().equalsIgnoreCase(checkSandboxUserReadAuthorization)) {
                return checkSandboxUserReadAuthorization;
            }
        } else {
            if (sandbox.getVisibility() == Visibility.PRIVATE) {
                return checkSandboxUserNotReadOnlyAuthorization(httpServletRequest, sandbox);
            }
            if (checkUserHasSandboxRole(httpServletRequest, sandbox, Role.ADMIN)) {
                return checkSandboxUserReadAuthorization;
            }
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSystemUserDeleteSandboxAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox, User user) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        if (checkSystemUserCanModifySandbox(oAuthUserId, sandbox, user) && sandbox.getVisibility() == Visibility.PRIVATE && sandbox.getCreatedBy().getSbmUserId().equalsIgnoreCase(oAuthUserId)) {
            return oAuthUserId;
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSystemUserCanModifySandboxAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox, User user) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        if (checkSystemUserCanModifySandbox(oAuthUserId, sandbox, user)) {
            return oAuthUserId;
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSystemUserCanManageSandboxDataAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox, User user) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        if (checkSystemUserCanModifySandbox(oAuthUserId, sandbox, user) || (sandbox.getVisibility() == Visibility.PRIVATE && checkUserHasSandboxRole(oAuthUserId, sandbox, Role.MANAGE_DATA))) {
            return oAuthUserId;
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String checkSystemUserCanManageSandboxUsersAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox, User user) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        if (checkSystemUserCanModifySandbox(oAuthUserId, sandbox, user) || (sandbox.getVisibility() == Visibility.PRIVATE && checkUserHasSandboxRole(oAuthUserId, sandbox, Role.MANAGE_USERS))) {
            return oAuthUserId;
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkUserSystemRole(User user, SystemRole systemRole) {
        if (!checkUserHasSystemRole(user, systemRole)) {
            throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
        }
    }

    void checkUserSandboxRole(HttpServletRequest httpServletRequest, Sandbox sandbox, Role role) {
        if (!checkUserHasSandboxRole(httpServletRequest, sandbox, role)) {
            throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Visibility getDefaultVisibility(User user, Sandbox sandbox) {
        return ((sandbox.getVisibility() != Visibility.PRIVATE || checkUserHasSandboxRole(user.getSbmUserId(), sandbox, Role.READONLY)) && !checkUserHasSandboxRole(user.getSbmUserId(), sandbox, Role.ADMIN)) ? Visibility.PRIVATE : Visibility.PUBLIC;
    }

    private boolean checkSystemUserCanModifySandbox(String str, Sandbox sandbox, User user) {
        return user.getSbmUserId().equalsIgnoreCase(str) && ((sandbox.getVisibility() == Visibility.PRIVATE && checkUserHasSandboxRole(str, sandbox, Role.ADMIN)) || checkUserHasSystemRole(user, SystemRole.ADMIN) || checkUserHasSystemRole(user, SystemRole.CREATE_SANDBOX));
    }

    private String checkSandboxUserNotReadOnlyAuthorization(HttpServletRequest httpServletRequest, Sandbox sandbox) {
        String oAuthUserId = this.oAuthService.getOAuthUserId(httpServletRequest);
        if (checkUserHasSandboxRole(oAuthUserId, sandbox, Role.READONLY)) {
            throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
        }
        return oAuthUserId;
    }

    private String checkSandboxMember(Sandbox sandbox, String str) {
        Iterator<UserRole> it = sandbox.getUserRoles().iterator();
        while (it.hasNext()) {
            if (it.next().getUser().getSbmUserId().equalsIgnoreCase(str)) {
                return str;
            }
        }
        throw new UnauthorizedException(String.format("Response Status : %s.\nResponse Detail : User not authorized to perform this action.", 401));
    }

    private boolean checkUserHasSystemRole(User user, SystemRole systemRole) {
        Iterator<SystemRole> it = user.getSystemRoles().iterator();
        while (it.hasNext()) {
            if (it.next() == systemRole) {
                return true;
            }
        }
        return false;
    }

    private boolean checkUserHasSandboxRole(HttpServletRequest httpServletRequest, Sandbox sandbox, Role role) {
        return checkUserHasSandboxRole(this.oAuthService.getOAuthUserId(httpServletRequest), sandbox, role);
    }

    private boolean checkUserHasSandboxRole(String str, Sandbox sandbox, Role role) {
        for (UserRole userRole : sandbox.getUserRoles()) {
            if (userRole.getUser().getSbmUserId().equalsIgnoreCase(str) && userRole.getRole() == role) {
                return true;
            }
        }
        return false;
    }
}
