package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;

import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException;
import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceAccessAuthorizationAdminService;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;

@Produces({"application/json"})
@Path("/admin/authorization")
@Consumes({"application/json"})
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceAccessAuthorizationAdminServiceImpl.class */
public class DeviceAccessAuthorizationAdminServiceImpl implements DeviceAccessAuthorizationAdminService {
    private static final Log log = LogFactory.getLog(DeviceAccessAuthorizationAdminServiceImpl.class);

    @Override // org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceAccessAuthorizationAdminService
    @POST
    public Response isAuthorized(AuthorizationRequest authorizationRequest) {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (authorizationRequest.getTenantDomain() == null) {
            authorizationRequest.setTenantDomain(tenantDomain);
        } else if (!tenantDomain.equals(authorizationRequest.getTenantDomain()) && -1234 != tenantId) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(new ErrorResponse.ErrorResponseBuilder().setMessage("Current logged in user is not authorized to perform this operation").build()).build();
        }
        if (authorizationRequest.getTenantDomain() == null || authorizationRequest.getTenantDomain().isEmpty()) {
            authorizationRequest.setTenantDomain(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        }
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(authorizationRequest.getTenantDomain(), true);
                String[] strArr = null;
                if (authorizationRequest.getPermissions() != null && authorizationRequest.getPermissions().size() > 0) {
                    strArr = (String[]) authorizationRequest.getPermissions().toArray(new String[authorizationRequest.getPermissions().size()]);
                }
                Response build = Response.status(Response.Status.OK).entity(DeviceMgtAPIUtils.getDeviceAccessAuthorizationService().isUserAuthorized(authorizationRequest.getDeviceIdentifiers(), authorizationRequest.getUsername(), strArr)).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build;
            } catch (DeviceAccessAuthorizationException e) {
                log.error("Error occurred at server side while fetching authorization information.", e);
                Response build2 = Response.serverError().entity(new ErrorResponse.ErrorResponseBuilder().setMessage("Error occurred at server side while fetching authorization information.").build()).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build2;
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }
}
