package fi.vm.sade.security;

import fi.vm.sade.authentication.business.service.Authorizer;
import fi.vm.sade.generic.service.exception.NotAuthorizedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/generic-common-9.3-SNAPSHOT.jar:fi/vm/sade/security/ThreadLocalAuthorizer.class */
public class ThreadLocalAuthorizer implements Authorizer {
    private static final Logger LOGGER = LoggerFactory.getLogger(ThreadLocalAuthorizer.class);

    @Autowired
    private OrganisationHierarchyAuthorizer authorizer;

    @Override // fi.vm.sade.authentication.business.service.Authorizer
    public void checkOrganisationAccess(String str, String... strArr) throws NotAuthorizedException {
        this.authorizer.checkAccess(SecurityContextHolder.getContext().getAuthentication(), str, strArr);
    }

    @Override // fi.vm.sade.authentication.business.service.Authorizer
    public void checkUserIsNotSame(String str) throws NotAuthorizedException {
        LOGGER.info("Authorizing with thread local data.");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            LOGGER.error("Not authorized! User is null.");
            throw new NotAuthorizedException("User is not authorized for Authentication");
        }
        String name = authentication.getName();
        if (name == null) {
            LOGGER.error("Not authorized! User has no id.");
            throw new NotAuthorizedException("User is not authorized for Authentication");
        }
        if (name.equals(str)) {
            LOGGER.error("Not authorized! User can't edit his/her own data");
            throw new NotAuthorizedException("User is not authorized for Authentication");
        }
        LOGGER.info("Authorized!");
    }

    public void setAuthorizer(OrganisationHierarchyAuthorizer organisationHierarchyAuthorizer) {
        this.authorizer = organisationHierarchyAuthorizer;
    }
}
