package org.dspace.app.rest.security;

import java.io.Serializable;
import java.sql.SQLException;
import java.util.Objects;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.content.Item;
import org.dspace.content.MetadataValue;
import org.dspace.content.service.ItemService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.services.RequestService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/dspace/app/rest/security/OrcidQueueSearchRestPermissionEvaluatorPlugin.class */
public class OrcidQueueSearchRestPermissionEvaluatorPlugin extends RestObjectPermissionEvaluatorPlugin {
    private static final Logger log = LogManager.getLogger();
    public static final String ORCID_QUEUE_SEARCH = "ORCID_QUEUE_SEARCH";

    @Autowired
    private RequestService requestService;

    @Autowired
    private ItemService itemService;

    @Override // org.dspace.app.rest.security.RestObjectPermissionEvaluatorPlugin
    public boolean hasDSpacePermission(Authentication authentication, Serializable serializable, String str, DSpaceRestPermission dSpaceRestPermission) {
        if (!DSpaceRestPermission.READ.equals(DSpaceRestPermission.convert(dSpaceRestPermission)) || !str.equals(ORCID_QUEUE_SEARCH)) {
            return false;
        }
        Context obtainContext = ContextUtil.obtainContext(this.requestService.getCurrentRequest().getHttpServletRequest());
        try {
            EPerson currentUser = obtainContext.getCurrentUser();
            UUID fromString = UUID.fromString(serializable.toString());
            Item item = (Item) this.itemService.find(obtainContext, fromString);
            if (currentUser == null || item == null || StringUtils.isBlank(serializable.toString()) || fromString == null) {
                return false;
            }
            return hasAccess(currentUser, item);
        } catch (SQLException e) {
            Logger logger = log;
            Objects.requireNonNull(e);
            logger.error(e::getMessage, e);
            return false;
        }
    }

    private boolean hasAccess(EPerson ePerson, Item item) {
        return ((MetadataValue) this.itemService.getMetadata(item, "dspace", "object", "owner", "*").get(0)).getAuthority().equals(ePerson.getID().toString());
    }
}
