package org.dspace.app.rest.security;

import jakarta.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.sql.SQLException;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.rest.model.patch.Patch;
import org.dspace.app.rest.repository.patch.operation.DSpaceObjectMetadataPatchUtils;
import org.dspace.app.rest.repository.patch.operation.EPersonPasswordAddOperation;
import org.dspace.app.rest.repository.patch.operation.PatchOperation;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.core.Constants;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.services.RequestService;
import org.dspace.services.model.Request;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/dspace/app/rest/security/EPersonRestPermissionEvaluatorPlugin.class */
public class EPersonRestPermissionEvaluatorPlugin extends RestObjectPermissionEvaluatorPlugin {
    private static final Logger log = LogManager.getLogger();

    @Autowired
    AuthorizeService authorizeService;

    @Autowired
    private RequestService requestService;

    @Override // org.dspace.app.rest.security.RestObjectPermissionEvaluatorPlugin
    public boolean hasDSpacePermission(Authentication authentication, Serializable serializable, String str, DSpaceRestPermission dSpaceRestPermission) {
        DSpaceRestPermission convert = DSpaceRestPermission.convert(dSpaceRestPermission);
        if ((!DSpaceRestPermission.READ.equals(convert) && !DSpaceRestPermission.WRITE.equals(convert) && !DSpaceRestPermission.DELETE.equals(convert)) || Constants.getTypeID(str) != 7 || serializable == null) {
            return false;
        }
        Context obtainContext = ContextUtil.obtainContext(this.requestService.getCurrentRequest().getHttpServletRequest());
        EPerson currentUser = obtainContext.getCurrentUser();
        UUID fromString = UUID.fromString(serializable.toString());
        if (currentUser == null) {
            return false;
        }
        try {
            if (fromString.equals(currentUser.getID())) {
                return true;
            }
            if (this.authorizeService.isCommunityAdmin(obtainContext) && AuthorizeUtil.canCommunityAdminManageAccounts()) {
                return true;
            }
            if (this.authorizeService.isCollectionAdmin(obtainContext)) {
                return AuthorizeUtil.canCollectionAdminManageAccounts();
            }
            return false;
        } catch (SQLException e) {
            Logger logger = log;
            Objects.requireNonNull(e);
            logger.error(e::getMessage, e);
            return false;
        }
    }

    @Override // org.dspace.app.rest.security.RestObjectPermissionEvaluatorPlugin
    public boolean hasPatchPermission(Authentication authentication, Serializable serializable, String str, Patch patch) {
        List<Operation> operations = patch.getOperations();
        Request currentRequest = this.requestService.getCurrentRequest();
        if (currentRequest != null) {
            HttpServletRequest httpServletRequest = currentRequest.getHttpServletRequest();
            if (!operations.isEmpty() && StringUtils.equalsIgnoreCase(operations.get(0).getOp(), PatchOperation.OPERATION_ADD) && StringUtils.equalsIgnoreCase(operations.get(0).getPath(), EPersonPasswordAddOperation.OPERATION_PASSWORD_CHANGE) && StringUtils.isNotBlank(httpServletRequest.getParameter("token"))) {
                return true;
            }
        }
        if (!hasPermission(authentication, serializable, str, "WRITE")) {
            return false;
        }
        for (Operation operation : operations) {
            if (!operation.getPath().contentEquals(EPersonPasswordAddOperation.OPERATION_PASSWORD_CHANGE) && !operation.getPath().startsWith(DSpaceObjectMetadataPatchUtils.OPERATION_METADATA_PATH)) {
                return false;
            }
        }
        return true;
    }
}
