package pl.psnc.dl.wf4ever.accesscontrol.filters;

import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import org.apache.log4j.Logger;
import pl.psnc.dl.wf4ever.accesscontrol.dicts.Mode;
import pl.psnc.dl.wf4ever.accesscontrol.dicts.Role;
import pl.psnc.dl.wf4ever.accesscontrol.model.AccessMode;
import pl.psnc.dl.wf4ever.accesscontrol.model.Permission;
import pl.psnc.dl.wf4ever.accesscontrol.model.dao.ModeDAO;
import pl.psnc.dl.wf4ever.accesscontrol.model.dao.PermissionDAO;
import pl.psnc.dl.wf4ever.db.UserProfile;
import pl.psnc.dl.wf4ever.db.dao.UserProfileDAO;
import pl.psnc.dl.wf4ever.dl.UserMetadata;
import pl.psnc.dl.wf4ever.exceptions.ForbiddenException;
import pl.psnc.dl.wf4ever.model.Builder;

/* loaded from: input_file:WEB-INF/classes/pl/psnc/dl/wf4ever/accesscontrol/filters/AccessControlResourceFilter.class */
public class AccessControlResourceFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = Logger.getLogger(AccessControlResourceFilter.class);

    @Context
    private UriInfo uriInfo;

    @Context
    private HttpServletRequest httpRequest;
    private UserMetadata user;
    private UserProfile userProfile;
    private PermissionDAO dao = new PermissionDAO();
    private ModeDAO modeDao = new ModeDAO();

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        UserMetadata user = ((Builder) this.httpRequest.getAttribute("Builder")).getUser();
        if (user.equals(UserProfile.ADMIN)) {
            return containerRequest;
        }
        this.userProfile = new UserProfileDAO().findByLogin(user.getLogin());
        if (this.userProfile == null) {
            throw new ForbiddenException("The user isn't registered.");
        }
        if (containerRequest.getPath().contains("/permissions/")) {
            handlePermissionsRequest(containerRequest);
        } else if (containerRequest.getPath().contains("/modes/")) {
            handleROModesRequest(containerRequest);
        }
        return containerRequest;
    }

    private void handleROModesRequest(ContainerRequest containerRequest) {
        if (!containerRequest.getMethod().equals("POST") && containerRequest.getMethod().equals("GET")) {
            if (containerRequest.getQueryParameters().getFirst("ro") != null) {
                String first = containerRequest.getQueryParameters().getFirst("ro");
                if (this.modeDao.findByResearchObject(first).getMode().equals(Mode.OPEN)) {
                    return;
                }
                List<Permission> findByUserROAndPermission = this.dao.findByUserROAndPermission(this.userProfile, first, Role.OWNER);
                if (findByUserROAndPermission.size() == 1) {
                    return;
                }
                if (findByUserROAndPermission.size() == 0) {
                    throw new ForbiddenException("This resource doesn't belong to user");
                }
                LOGGER.error("Data problem - more than one owner for " + first);
                throw new WebApplicationException(500);
            }
            if (containerRequest.getPath().split("modes/").length == 2 && isInteger(containerRequest.getPath().split("modes/")[1].replace("/", "").replace(" ", ""))) {
                AccessMode findById = this.modeDao.findById(Integer.valueOf(containerRequest.getPath().split("modes/")[1].replace("/", "").replace(" ", "")));
                if (findById.getMode().equals(Mode.OPEN)) {
                    return;
                }
                List<Permission> findByUserROAndPermission2 = this.dao.findByUserROAndPermission(this.userProfile, findById.getRo().toString(), Role.OWNER);
                if (findByUserROAndPermission2.size() == 1) {
                    return;
                }
                if (findByUserROAndPermission2.size() == 0) {
                    throw new ForbiddenException("This resource doesn't belong to user");
                }
                LOGGER.error("Data problem - more than one owner for " + findById.getUri().toString());
                throw new WebApplicationException(500);
            }
        }
    }

    private void handlePermissionsRequest(ContainerRequest containerRequest) {
        if (containerRequest.getMethod().equals("POST")) {
            return;
        }
        if (!containerRequest.getMethod().equals("GET")) {
            if (containerRequest.getMethod().equals("DELETE") && containerRequest.getPath().split("permissions/").length == 2 && isInteger(containerRequest.getPath().split("permissions/")[1])) {
                Permission findById = this.dao.findById(Integer.valueOf(containerRequest.getPath().split("permissions/")[1].replace("/", "").replace(" ", "")));
                if (findById == null) {
                    return;
                }
                List<Permission> findByUserROAndPermission = this.dao.findByUserROAndPermission(this.userProfile, findById.getRo(), Role.OWNER);
                if (findByUserROAndPermission.size() == 0) {
                    throw new ForbiddenException("This resource doesn't belong to user");
                }
                if (findByUserROAndPermission.size() > 1) {
                    LOGGER.error("Data problem - more than one owner for " + findById.getRo());
                    throw new WebApplicationException(500);
                }
                return;
            }
            return;
        }
        if (containerRequest.getQueryParameters().getFirst("ro") != null) {
            Iterator<Permission> it = this.dao.findByResearchObject(containerRequest.getQueryParameters().getFirst("ro")).iterator();
            while (it.hasNext()) {
                if (it.next().getUser().equals(this.userProfile)) {
                    return;
                }
            }
            throw new ForbiddenException("User has no permission to read from this research object");
        }
        if (containerRequest.getPath().split("permissions/").length == 2 && isInteger(containerRequest.getPath().split("permissions/")[1])) {
            Permission findById2 = this.dao.findById(Integer.valueOf(containerRequest.getPath().split("permissions/")[1].replace("/", "").replace(" ", "")));
            if (findById2 == null) {
                return;
            }
            List<Permission> findByUserROAndPermission2 = this.dao.findByUserROAndPermission(this.userProfile, findById2.getRo(), Role.OWNER);
            Permission permission = null;
            if (findByUserROAndPermission2.size() == 0) {
                permission = findById2;
            } else if (findByUserROAndPermission2.size() == 1) {
                permission = findByUserROAndPermission2.get(0);
            } else if (findByUserROAndPermission2.size() > 1) {
                LOGGER.error("Data problem - more than one owner for " + findById2.getRo());
                throw new WebApplicationException(500);
            }
            if (!findById2.getUser().equals(this.userProfile) && !permission.getUser().equals(this.userProfile)) {
                throw new ForbiddenException("User has no permission to read from this research object");
            }
        }
    }

    public boolean isInteger(String str) {
        try {
            Integer.parseInt(str);
            return true;
        } catch (NumberFormatException e) {
            return false;
        }
    }
}
