package org.wso2.identity.apps.common.listner;

import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.listener.AbstractRoleManagementListener;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.identity.apps.common.internal.AppsCommonDataHolder;
import org.wso2.identity.apps.common.util.AppPortalConstants;

/* loaded from: input_file:org/wso2/identity/apps/common/listner/AppPortalRoleManagementListener.class */
public class AppPortalRoleManagementListener extends AbstractRoleManagementListener {
    private boolean isEnable;

    public AppPortalRoleManagementListener(boolean z) {
        this.isEnable = z;
    }

    public int getExecutionOrderId() {
        return 50;
    }

    public int getDefaultOrderId() {
        return 50;
    }

    public boolean isEnable() {
        return this.isEnable;
    }

    public void preUpdateRoleName(String str, String str2, String str3) throws IdentityRoleManagementException {
        if (isAdministratorRole(str, str3)) {
            throw new IdentityRoleManagementException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Updating name of the 'Administrator' role belongs to the 'Console' application is not allowed.");
        }
    }

    public void preDeleteRole(String str, String str2) throws IdentityRoleManagementException {
        if (isAdministratorRole(str, str2)) {
            throw new IdentityRoleManagementException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Deleting the 'Administrator' role belongs to the 'Console' application is not allowed.");
        }
    }

    public void preUpdateUserListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        if (list2 == null || !isAdministratorRole(str, str2)) {
            return;
        }
        try {
            UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (list2.contains(userRealm.getUserStoreManager().getUserIDFromUserName(userRealm.getRealmConfiguration().getAdminUserName()))) {
                throw new IdentityRoleManagementException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Deleting the tenant admin from 'Administrator' role belongs to the 'Console' application is not allowed.");
            }
        } catch (UserStoreException e) {
            throw new IdentityRoleManagementException("Failed to retrieve user id of the tenant admin.", e);
        }
    }

    public void preUpdatePermissionsForRole(String str, List<Permission> list, List<Permission> list2, String str2, String str3, String str4) throws IdentityRoleManagementException {
        if (isAdministratorRole(str, str4)) {
            throw new IdentityRoleManagementException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Updating permissions of the 'Administrator' role belongs to the 'Console' application is not allowed.");
        }
    }

    private boolean isAdministratorRole(String str, String str2) throws IdentityRoleManagementException {
        Role role = AppsCommonDataHolder.getInstance().getRoleManagementServiceV2().getRole(str, str2);
        return role != null && StringUtils.equalsIgnoreCase("Administrator", role.getName()) && StringUtils.equalsIgnoreCase("application", role.getAudience()) && StringUtils.equalsIgnoreCase(AppPortalConstants.CONSOLE_APP, role.getAudienceName());
    }
}
