package org.dspace.app.util;

import java.sql.SQLException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.authorize.factory.AuthorizeServiceFactory;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Item;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CollectionService;
import org.dspace.content.service.ItemService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.GroupService;
import org.dspace.services.factory.DSpaceServicesFactory;
import org.dspace.utils.DSpace;
import org.dspace.xmlworkflow.factory.XmlWorkflowServiceFactory;
import org.dspace.xmlworkflow.storedcomponents.CollectionRole;
import org.dspace.xmlworkflow.storedcomponents.service.CollectionRoleService;

/* loaded from: input_file:org/dspace/app/util/AuthorizeUtil.class */
public class AuthorizeUtil {
    private static final Logger log = LogManager.getLogger(AuthorizeUtil.class);

    private AuthorizeUtil() {
    }

    public static void authorizeManageBitstreamPolicy(Context context, Bitstream bitstream) throws AuthorizeException, SQLException {
        authorizeManageBundlePolicy(context, bitstream.getBundles().get(0));
    }

    public static void authorizeManageBundlePolicy(Context context, Bundle bundle) throws AuthorizeException, SQLException {
        authorizeManageItemPolicy(context, bundle.getItems().get(0));
    }

    public static void authorizeManageItemPolicy(Context context, Item item) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canItemAdminManagePolicies()) {
            AuthorizeServiceFactory.getInstance().getAuthorizeService().authorizeAction(context, item, 11);
            return;
        }
        if (AuthorizeConfiguration.canCollectionAdminManageItemPolicies()) {
            authorizeService.authorizeAction(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageItemPolicies()) {
            authorizeService.authorizeAction(context, item.getOwningCollection().getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage item policies");
        }
    }

    public static void authorizeManageCollectionPolicy(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionPolicies()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection policies");
        }
    }

    public static void authorizeManageCommunityPolicy(Context context, Community community) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCommunityAdminManagePolicies()) {
            authorizeService.authorizeAction(context, community, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community policies");
        }
    }

    public static void requireAdminRole(Context context) throws AuthorizeException, SQLException {
        if (!AuthorizeServiceFactory.getInstance().getAuthorizeService().isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to perform this action");
        }
    }

    public static void authorizeManageCCLicense(Context context, Item item) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        CollectionService collectionService = ContentServiceFactory.getInstance().getCollectionService();
        ItemService itemService = ContentServiceFactory.getInstance().getItemService();
        try {
            authorizeService.authorizeAction(context, item, 3, false);
            authorizeService.authorizeAction(context, item, 4, false);
        } catch (AuthorizeException e) {
            if (AuthorizeConfiguration.canItemAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, item, 11);
                return;
            }
            if (AuthorizeConfiguration.canCollectionAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, itemService.getParentObject(context, item), 11);
            } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, collectionService.getParentObject(context, (Collection) itemService.getParentObject(context, item)), 11);
            } else {
                requireAdminRole(context);
            }
        }
    }

    public static void authorizeManageTemplateItem(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        boolean canEditBoolean = ContentServiceFactory.getInstance().getCollectionService().canEditBoolean(context, collection, false);
        if (!canEditBoolean && AuthorizeConfiguration.canCollectionAdminManageTemplateItem()) {
            authorizeService.authorizeAction(context, collection, 11);
            return;
        }
        if (!canEditBoolean && AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem()) {
            List<Community> communities = collection.getCommunities();
            authorizeService.authorizeAction(context, (communities == null || communities.size() <= 0) ? null : communities.get(0), 11);
        } else if (!canEditBoolean && !authorizeService.isAdmin(context)) {
            throw new AuthorizeException("You are not authorized to create a template item for the collection");
        }
    }

    public static void authorizeManageSubmittersGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCollectionAdminManageSubmitters()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection submitters");
        }
    }

    public static void authorizeManageWorkflowsGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCollectionAdminManageWorkflows()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection workflow");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        List<Community> communities = collection.getCommunities();
        if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup() && communities != null && communities.size() > 0) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of a collection");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Community community) throws AuthorizeException, SQLException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) {
            authorizeService.authorizeAction(context, community, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Community community) throws SQLException, AuthorizeException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        List<Community> parentCommunities = community.getParentCommunities();
        Community community2 = null;
        if (0 < parentCommunities.size()) {
            community2 = parentCommunities.get(0);
        }
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup() && community2 != null) {
            authorizeService.authorizeAction(context, community2, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of the community");
        }
    }

    public static void authorizeManagePolicy(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException {
        switch (resourcePolicy.getdSpaceObject().getType()) {
            case 0:
                authorizeManageBitstreamPolicy(context, (Bitstream) resourcePolicy.getdSpaceObject());
                return;
            case 1:
                authorizeManageBundlePolicy(context, (Bundle) resourcePolicy.getdSpaceObject());
                return;
            case 2:
                authorizeManageItemPolicy(context, (Item) resourcePolicy.getdSpaceObject());
                return;
            case 3:
                authorizeManageCollectionPolicy(context, (Collection) resourcePolicy.getdSpaceObject());
                return;
            case 4:
                authorizeManageCommunityPolicy(context, (Community) resourcePolicy.getdSpaceObject());
                return;
            default:
                requireAdminRole(context);
                return;
        }
    }

    public static void authorizeWithdrawItem(Context context, Item item) throws SQLException, AuthorizeException {
        boolean z = false;
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        if (AuthorizeConfiguration.canCollectionAdminPerformItemWithdrawn()) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminPerformItemWithdrawn()) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection().getCommunities().get(0), 11);
        }
        if (!z) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection(), 4, false);
        }
        if (!z) {
            throw new AuthorizeException("To withdraw item must be COLLECTION_ADMIN or have REMOVE authorization on owning Collection");
        }
    }

    public static void authorizeReinstateItem(Context context, Item item) throws SQLException, AuthorizeException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        for (Collection collection : item.getCollections()) {
            if (AuthorizeConfiguration.canCollectionAdminPerformItemReinstatiate()) {
                authorizeService.authorizeAction(context, collection, 3);
            } else if (!AuthorizeConfiguration.canCommunityAdminPerformItemReinstatiate() || !authorizeService.authorizeActionBoolean(context, collection.getCommunities().get(0), 11)) {
                authorizeService.authorizeAction(context, collection, 3, false);
            }
        }
    }

    public static void authorizeManageDefaultReadGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        AuthorizeServiceFactory.getInstance().getAuthorizeService().authorizeAction(context, collection, 11);
    }

    public static void authorizeManageGroup(Context context, Group group) throws SQLException, AuthorizeException {
        AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
        GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
        CollectionRoleService collectionRoleService = XmlWorkflowServiceFactory.getInstance().getCollectionRoleService();
        if (authorizeService.isAdmin(context)) {
            return;
        }
        DSpaceObject parentObject = groupService.getParentObject(context, group);
        if (parentObject == null) {
            throw new AuthorizeException("not authorized to manage this group");
        }
        if (parentObject.getType() != 3) {
            if (parentObject.getType() != 4) {
                throw new AuthorizeException("not authorized to manage this group");
            }
            authorizeManageAdminGroup(context, (Community) parentObject);
            return;
        }
        Collection collection = (Collection) parentObject;
        if (group.equals(collection.getSubmitters())) {
            authorizeManageSubmittersGroup(context, collection);
            return;
        }
        Iterator<CollectionRole> it = collectionRoleService.findByCollection(context, collection).iterator();
        while (it.hasNext()) {
            if (group.equals(it.next().getGroup())) {
                authorizeManageWorkflowsGroup(context, collection);
                return;
            }
        }
        if (group.equals(collection.getAdministrators())) {
            authorizeManageAdminGroup(context, collection);
        } else {
            authorizeManageDefaultReadGroup(context, collection);
        }
    }

    public static boolean authorizeNewAccountRegistration(Context context, HttpServletRequest httpServletRequest) throws SQLException {
        if (DSpaceServicesFactory.getInstance().getConfigurationService().getBooleanProperty("user.registration", true)) {
            return AuthenticateServiceFactory.getInstance().getAuthenticationService().allowSetPassword(context, httpServletRequest, null);
        }
        return false;
    }

    public static boolean authorizeUpdatePassword(Context context, String str) {
        try {
            EPerson findByEmail = EPersonServiceFactory.getInstance().getEPersonService().findByEmail(context, str);
            if (findByEmail == null || !findByEmail.canLogIn()) {
                return false;
            }
            return AuthenticateServiceFactory.getInstance().getAuthenticationService().allowSetPassword(context, new DSpace().getRequestService().getCurrentRequest().getHttpServletRequest(), null);
        } catch (SQLException e) {
            log.error("Something went wrong trying to retrieve EPerson for email: " + str, e);
            return false;
        }
    }

    public static boolean canCommunityAdminManageAccounts() {
        boolean z = false;
        if (AuthorizeConfiguration.canCommunityAdminManagePolicies() || AuthorizeConfiguration.canCommunityAdminManageAdminGroup() || AuthorizeConfiguration.canCommunityAdminManageCollectionPolicies() || AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters() || AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows() || AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup()) {
            z = true;
        }
        return z;
    }

    public static boolean canCollectionAdminManageAccounts() {
        boolean z = false;
        if (AuthorizeConfiguration.canCollectionAdminManagePolicies() || AuthorizeConfiguration.canCollectionAdminManageSubmitters() || AuthorizeConfiguration.canCollectionAdminManageWorkflows() || AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) {
            z = true;
        }
        return z;
    }
}
