package org.dspace.app.rest.authorization.impl;

import java.sql.SQLException;
import org.apache.commons.lang3.StringUtils;
import org.dspace.app.rest.authorization.AuthorizationFeature;
import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
import org.dspace.app.rest.model.BaseObjectRest;
import org.dspace.app.rest.model.EPersonRest;
import org.dspace.app.rest.model.SiteRest;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.core.Context;
import org.dspace.eperson.service.EPersonService;
import org.dspace.services.ConfigurationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@AuthorizationFeatureDocumentation(name = LoginOnBehalfOfFeature.NAME, description = "It can be used by administrators to login on behalf of a different user")
@Component
/* loaded from: input_file:org/dspace/app/rest/authorization/impl/LoginOnBehalfOfFeature.class */
public class LoginOnBehalfOfFeature implements AuthorizationFeature {
    public static final String NAME = "loginOnBehalfOf";

    @Autowired
    private AuthorizeService authorizeService;

    @Autowired
    private ConfigurationService configurationService;

    @Autowired
    private EPersonService ePersonService;

    @Override // org.dspace.app.rest.authorization.AuthorizationFeature
    public boolean isAuthorized(Context context, BaseObjectRest baseObjectRest) throws SQLException {
        if ((!StringUtils.equals(baseObjectRest.getType(), SiteRest.NAME) && !StringUtils.equals(baseObjectRest.getType(), "eperson")) || !this.authorizeService.isAdmin(context) || !this.configurationService.getBooleanProperty("webui.user.assumelogin")) {
            return false;
        }
        if (!StringUtils.equals(baseObjectRest.getType(), "eperson")) {
            return true;
        }
        EPersonRest ePersonRest = (EPersonRest) baseObjectRest;
        if (StringUtils.equalsIgnoreCase(context.getCurrentUser().getEmail(), ePersonRest.getEmail())) {
            return false;
        }
        return !this.authorizeService.isAdmin(context, this.ePersonService.findByEmail(context, ePersonRest.getEmail()));
    }

    @Override // org.dspace.app.rest.authorization.AuthorizationFeature
    public String[] getSupportedTypes() {
        return new String[]{"core.site", "eperson.eperson"};
    }
}
