package org.gbif.ipt.struts2;

import com.google.inject.Inject;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.apache.struts2.dispatcher.Parameter;
import org.gbif.ipt.action.BaseAction;
import org.gbif.ipt.config.Constants;
import org.gbif.ipt.model.Resource;
import org.gbif.ipt.model.User;
import org.gbif.ipt.service.manage.ResourceManager;

/* loaded from: input_file:WEB-INF/classes/org/gbif/ipt/struts2/RequireManagerInterceptor.class */
public class RequireManagerInterceptor extends AbstractInterceptor {
    private static final long serialVersionUID = -7688584369470756187L;

    @Inject
    private ResourceManager resourceManager;

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getResourceParam(ActionInvocation actionInvocation) {
        String str = null;
        Parameter parameter = actionInvocation.getInvocationContext().getParameters().get(Constants.REQ_PARAM_RESOURCE);
        if (parameter.isDefined()) {
            str = StringUtils.trimToNull(parameter.getValue());
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean hasResourceParam(ActionInvocation actionInvocation) {
        return actionInvocation.getInvocationContext().getParameters().containsKey(Constants.REQ_PARAM_RESOURCE);
    }

    public static boolean isAuthorized(User user, Resource resource) {
        if (user.hasAdminRights()) {
            return true;
        }
        if (resource == null || !user.hasManagerRights()) {
            return false;
        }
        if (resource.getCreator().equals(user)) {
            return true;
        }
        Iterator<User> it = resource.getManagers().iterator();
        while (it.hasNext()) {
            if (user.equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        User user = (User) actionInvocation.getInvocationContext().getSession().get(Constants.SESSION_USER);
        if (user == null || !user.hasManagerRights()) {
            return BaseAction.NOT_ALLOWED_MANAGER;
        }
        String resourceParam = getResourceParam(actionInvocation);
        if (resourceParam != null) {
            Resource resource = this.resourceManager.get(resourceParam);
            if (resource == null) {
                return BaseAction.NOT_FOUND;
            }
            if (!isAuthorized(user, resource)) {
                return BaseAction.NOT_ALLOWED;
            }
            if (this.resourceManager.isLocked(resourceParam)) {
                return "locked";
            }
        }
        return actionInvocation.invoke();
    }
}
