package org.ametys.plugins.workflow.support;

import com.opensymphony.workflow.loader.WorkflowDescriptor;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;

/* loaded from: input_file:org/ametys/plugins/workflow/support/WorflowRightHelper.class */
public class WorflowRightHelper implements Component, Serviceable {
    public static final String ROLE = WorflowRightHelper.class.getName();
    private static final String __WORKFLOW_RIGHT_READ_SYSTEM = "Workflow_Right_Read";
    private static final String __WORKFLOW_RIGHT_READ_USER = "Workflow_Right_Read_User";
    private static final String __WORKFLOW_RIGHT_EDIT_SYSTEM = "Workflow_Right_Edit";
    private static final String __WORKFLOW_RIGHT_EDIT_USER = "Workflow_Right_Edit_User";
    protected RightManager _rightManager;
    protected Context _context;
    protected CurrentUserProvider _userProvider;

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
        this._userProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
    }

    public void checkReadRight(WorkflowDescriptor workflowDescriptor) {
        UserIdentity user = this._userProvider.getUser();
        if (!canRead(workflowDescriptor)) {
            throw new IllegalAccessError("User '" + String.valueOf(user) + "' tried to handle workflows without convenient right ['Workflow_Right_Read_User' or 'Workflow_Right_Read' or 'Workflow_Right_Edit_User' or 'Workflow_Right_Edit']");
        }
    }

    public void checkEditRight() {
        UserIdentity user = this._userProvider.getUser();
        if (!hasEditUserRight()) {
            throw new IllegalAccessError("User '" + String.valueOf(user) + "' tried to handle workflows without convenient right ['Workflow_Right_Edit']");
        }
    }

    public void checkEditRight(WorkflowDescriptor workflowDescriptor) {
        UserIdentity user = this._userProvider.getUser();
        if (!canWrite(workflowDescriptor)) {
            throw new IllegalAccessError("User '" + String.valueOf(user) + "' tried to handle workflow " + workflowDescriptor.getName() + " without convenient right ['Workflow_Right_Edit']");
        }
    }

    public boolean canWrite(WorkflowDescriptor workflowDescriptor) {
        return workflowDescriptor.getMetaAttributes().containsKey("user") ? hasEditUserRight() : hasEditSystemRight();
    }

    public boolean canRead(WorkflowDescriptor workflowDescriptor) {
        return workflowDescriptor.getMetaAttributes().containsKey("user") ? _hasReadUserRight() : _hasReadSystemRight();
    }

    public boolean hasEditUserRight() {
        UserIdentity user = this._userProvider.getUser();
        return this._rightManager.hasRight(user, __WORKFLOW_RIGHT_EDIT_USER, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW || this._rightManager.hasRight(user, __WORKFLOW_RIGHT_EDIT_SYSTEM, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW;
    }

    public boolean hasEditSystemRight() {
        return this._rightManager.hasRight(this._userProvider.getUser(), __WORKFLOW_RIGHT_EDIT_SYSTEM, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW;
    }

    private boolean _hasReadUserRight() {
        UserIdentity user = this._userProvider.getUser();
        return this._rightManager.hasRight(user, __WORKFLOW_RIGHT_READ_USER, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW || this._rightManager.hasRight(user, __WORKFLOW_RIGHT_READ_SYSTEM, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW || hasEditUserRight();
    }

    private boolean _hasReadSystemRight() {
        return this._rightManager.hasRight(this._userProvider.getUser(), __WORKFLOW_RIGHT_READ_SYSTEM, "/${WorkspaceName}") == RightManager.RightResult.RIGHT_ALLOW || hasEditSystemRight();
    }
}
