package org.graylog.security.rest;

import jakarta.ws.rs.ForbiddenException;
import org.graylog.grn.GRN;
import org.graylog.security.permissions.GRNPermission;
import org.graylog2.plugin.rest.PluginRestResource;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/rest/RestResourceWithOwnerCheck.class */
public abstract class RestResourceWithOwnerCheck extends RestResource implements PluginRestResource {
    private static final Logger LOG = LoggerFactory.getLogger(RestResource.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkOwnership(GRN grn) {
        if (isOwner(grn)) {
            return;
        }
        LOG.info("Not authorized to access entity <{}>. User <{}> is missing permission <{}:{}>", new Object[]{grn, getSubject().getPrincipal(), RestPermissions.ENTITY_OWN, grn});
        throw new ForbiddenException("Not authorized to access entity <" + grn + ">");
    }

    protected boolean isOwner(GRN grn) {
        return isPermitted(RestPermissions.ENTITY_OWN, grn);
    }

    protected boolean isPermitted(String str, GRN grn) {
        return getSubject().isPermitted(GRNPermission.create(str, grn));
    }
}
