package org.appfuse.service;

import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Iterator;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationTrustResolverImpl;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.springframework.aop.AfterReturningAdvice;
import org.springframework.aop.MethodBeforeAdvice;

/* loaded from: input_file:org/appfuse/service/UserSecurityAdvice.class */
public class UserSecurityAdvice implements MethodBeforeAdvice, AfterReturningAdvice {
    public static final String ACCESS_DENIED = "Access Denied: Only administrators are allowed to modify other users.";
    protected final Log log = LogFactory.getLog(UserSecurityAdvice.class);

    public void before(Method method, Object[] objArr, Object obj) throws Throwable {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context.getAuthentication() != null) {
            Authentication authentication = context.getAuthentication();
            boolean z = false;
            GrantedAuthority[] authorities = authentication.getAuthorities();
            int length = authorities.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (authorities[i].getAuthority().equals("ROLE_ADMIN")) {
                    z = true;
                    break;
                }
                i++;
            }
            User user = (User) objArr[0];
            String username = user.getUsername();
            String username2 = authentication.getPrincipal() instanceof UserDetails ? ((UserDetails) authentication.getPrincipal()).getUsername() : String.valueOf(authentication.getPrincipal());
            if (username != null && !username.equals(username2)) {
                if (new AuthenticationTrustResolverImpl().isAnonymous(authentication)) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Registering new user '" + username + "'");
                        return;
                    }
                    return;
                } else {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Verifying that '" + username2 + "' can modify '" + username + "'");
                    }
                    if (z) {
                        return;
                    }
                    this.log.warn("Access Denied: '" + username2 + "' tried to modify '" + username + "'!");
                    throw new AccessDeniedException(ACCESS_DENIED);
                }
            }
            if (username == null || !username.equalsIgnoreCase(username2) || z) {
                return;
            }
            HashSet hashSet = new HashSet();
            if (user.getRoles() != null) {
                Iterator it = user.getRoles().iterator();
                while (it.hasNext()) {
                    hashSet.add(((Role) it.next()).getName());
                }
            }
            HashSet hashSet2 = new HashSet();
            for (GrantedAuthority grantedAuthority : authorities) {
                hashSet2.add(grantedAuthority.getAuthority());
            }
            if (CollectionUtils.isEqualCollection(hashSet, hashSet2)) {
                return;
            }
            this.log.warn("Access Denied: '" + username2 + "' tried to change their role(s)!");
            throw new AccessDeniedException(ACCESS_DENIED);
        }
    }

    public void afterReturning(Object obj, Method method, Object[] objArr, Object obj2) throws Throwable {
        Authentication authentication;
        User user = (User) objArr[0];
        if (user.getVersion() == null || (authentication = SecurityContextHolder.getContext().getAuthentication()) == null || !(authentication.getPrincipal() instanceof UserDetails) || !((User) authentication.getPrincipal()).getId().equals(user.getId())) {
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
    }
}
