package fi.vm.sade.generic.service;

import fi.vm.sade.generic.service.exception.NotAuthorizedException;
import fi.vm.sade.generic.ui.feature.UserFeature;
import fi.vm.sade.generic.ui.portlet.security.User;
import fi.vm.sade.security.OrganisationHierarchyAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/generic-common-9.6-SNAPSHOT.jar:fi/vm/sade/generic/service/AbstractPermissionService.class */
public abstract class AbstractPermissionService implements PermissionService {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    public static final String ANY_ROLE = "*";
    public final String ROLE_CRUD;
    public final String ROLE_RU;
    public final String ROLE_R;

    @Value("${root.organisaatio.oid}")
    @Deprecated
    private String rootOrgOid;

    @Autowired(required = false)
    private OrganisationHierarchyAuthorizer authorizer;

    protected AbstractPermissionService(String str) {
        this.ROLE_CRUD = "APP_" + str + "_CRUD";
        this.ROLE_RU = "APP_" + str + "_READ_UPDATE";
        this.ROLE_R = "APP_" + str + "_READ";
    }

    public final String getReadRole() {
        return this.ROLE_R;
    }

    public final String getReadUpdateRole() {
        return this.ROLE_RU;
    }

    public final String getCreateReadUpdateDeleteRole() {
        return this.ROLE_CRUD;
    }

    public final boolean checkAccess(String[] strArr) {
        boolean z;
        if (this.authorizer == null) {
            throw new NullPointerException(getClass().getSimpleName() + ".authorizer -property is not wired, do it with spring or manually");
        }
        try {
            this.authorizer.checkAccess(SecurityContextHolder.getContext().getAuthentication(), strArr);
            z = true;
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    @Override // fi.vm.sade.generic.service.PermissionService
    public final boolean userCanRead() {
        return checkAccess(new String[]{this.ROLE_R, this.ROLE_RU, this.ROLE_CRUD});
    }

    @Override // fi.vm.sade.generic.service.PermissionService
    public final boolean userCanReadAndUpdate() {
        return checkAccess(new String[]{this.ROLE_RU, this.ROLE_CRUD});
    }

    @Override // fi.vm.sade.generic.service.PermissionService
    public final boolean userCanCreateReadUpdateAndDelete() {
        return checkAccess(new String[]{this.ROLE_CRUD});
    }

    protected final User getUser() {
        return UserFeature.get();
    }

    protected final boolean userIsMemberOfOrganisation(String str) {
        return checkAccess(str, "*");
    }

    public final boolean checkAccess(String str, String... strArr) {
        boolean z;
        if (this.authorizer == null) {
            throw new NullPointerException(getClass().getSimpleName() + ".authorizer -property is not wired, do it with spring or manuyally");
        }
        try {
            this.authorizer.checkAccess(SecurityContextHolder.getContext().getAuthentication(), str, strArr);
            z = true;
        } catch (Exception e) {
            if (!(e instanceof NotAuthorizedException)) {
                this.log.error("checkAccess failed because exception: " + e.getMessage() + ", auth: " + SecurityContextHolder.getContext().getAuthentication(), (Throwable) e);
            }
            z = false;
        }
        return z;
    }

    @Deprecated
    public String getRootOrgOid() {
        if (this.rootOrgOid == null) {
            throw new RuntimeException("rootOrgId is null!");
        }
        return this.rootOrgOid;
    }

    @Deprecated
    public boolean isOPHUser() {
        return checkAccess(getRootOrgOid(), "*");
    }

    public void setAuthorizer(OrganisationHierarchyAuthorizer organisationHierarchyAuthorizer) {
        this.authorizer = organisationHierarchyAuthorizer;
    }
}
