package org.ametys.plugins.core.right;

import java.util.Map;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.core.right.RightManager;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.util.cocoon.AbstractCurrentUserProviderServiceableAction;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/plugins/core/right/HasRightAction.class */
public class HasRightAction extends AbstractCurrentUserProviderServiceableAction implements Configurable {
    protected RightManager _rightManager;
    protected boolean _hasRight;
    protected String _baseContext;

    public void configure(Configuration configuration) throws ConfigurationException {
        this._hasRight = "true".equals(configuration.getChild("has-right").getValue("true"));
        this._baseContext = configuration.getChild("base-context").getValue(ConnectionHelper.DATABASE_UNKNOWN);
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._rightManager = (RightManager) this.manager.lookup(RightManager.ROLE);
    }

    protected String getBaseContext(Parameters parameters, Map map) {
        return this._baseContext;
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        boolean z = false;
        String parameter = parameters.getParameter("context", (String) null);
        if (parameter == null || ConnectionHelper.DATABASE_UNKNOWN.equals(parameter)) {
            parameter = getBaseContext(parameters, map);
        }
        UserIdentity _getCurrentUser = _getCurrentUser();
        if (_getCurrentUser == null) {
            throw new AccessDeniedException("Anonymous user tried to access a privileged feature without convenient right. Should have in right between those : '" + str + "' on context '" + parameter + "'");
        }
        for (String str2 : str.split("\\|")) {
            if (this._rightManager.hasRight(_getCurrentUser, str2.trim(), parameter) == RightManager.RightResult.RIGHT_ALLOW) {
                z = true;
            }
        }
        if (z) {
            if (this._hasRight) {
                return EMPTY_MAP;
            }
            return null;
        }
        if (this._hasRight) {
            return null;
        }
        throw new AccessDeniedException("User '" + _getCurrentUser + "' tried to access a privileged feature without convenient right. Should have in right between those : '" + str + "' on context '" + parameter + "'");
    }
}
