package org.dspace.app.util;

import java.sql.SQLException;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.core.Context;

/* loaded from: input_file:WEB-INF/lib/dspace-api-3.0.jar:org/dspace/app/util/AuthorizeUtil.class */
public class AuthorizeUtil {
    public static void authorizeManageBitstreamPolicy(Context context, Bitstream bitstream) throws AuthorizeException, SQLException {
        authorizeManageBundlePolicy(context, bitstream.getBundles()[0]);
    }

    public static void authorizeManageBundlePolicy(Context context, Bundle bundle) throws AuthorizeException, SQLException {
        authorizeManageItemPolicy(context, bundle.getItems()[0]);
    }

    public static void authorizeManageItemPolicy(Context context, Item item) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canItemAdminManagePolicies()) {
            AuthorizeManager.authorizeAction(context, item, 11);
            return;
        }
        if (AuthorizeConfiguration.canCollectionAdminManageItemPolicies()) {
            AuthorizeManager.authorizeAction(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageItemPolicies()) {
            AuthorizeManager.authorizeAction(context, item.getOwningCollection().getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage item policies");
        }
    }

    public static void authorizeManageCollectionPolicy(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) {
            AuthorizeManager.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionPolicies()) {
            AuthorizeManager.authorizeAction(context, collection.getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection policies");
        }
    }

    public static void authorizeManageCommunityPolicy(Context context, Community community) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCommunityAdminManagePolicies()) {
            AuthorizeManager.authorizeAction(context, community, 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community policies");
        }
    }

    public static void requireAdminRole(Context context) throws AuthorizeException, SQLException {
        if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to perform this action");
        }
    }

    public static void authorizeManageCCLicense(Context context, Item item) throws AuthorizeException, SQLException {
        try {
            AuthorizeManager.authorizeAction(context, item, 3);
            AuthorizeManager.authorizeAction(context, item, 4);
        } catch (AuthorizeException e) {
            if (AuthorizeConfiguration.canItemAdminManageCCLicense()) {
                AuthorizeManager.authorizeAction(context, item, 11);
                return;
            }
            if (AuthorizeConfiguration.canCollectionAdminManageCCLicense()) {
                AuthorizeManager.authorizeAction(context, item.getParentObject(), 11);
            } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) {
                AuthorizeManager.authorizeAction(context, item.getParentObject().getParentObject(), 11);
            } else {
                requireAdminRole(context);
            }
        }
    }

    public static void authorizeManageTemplateItem(Context context, Collection collection) throws AuthorizeException, SQLException {
        boolean canEditBoolean = collection.canEditBoolean(false);
        if (!canEditBoolean && AuthorizeConfiguration.canCollectionAdminManageTemplateItem()) {
            AuthorizeManager.authorizeAction(context, collection, 11);
            return;
        }
        if (!canEditBoolean && AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem()) {
            Community[] communities = collection.getCommunities();
            AuthorizeManager.authorizeAction(context, (communities == null || communities.length <= 0) ? null : communities[0], 11);
        } else if (!canEditBoolean && !AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("You are not authorized to create a template item for the collection");
        }
    }

    public static void authorizeManageSubmittersGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageSubmitters()) {
            AuthorizeManager.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters()) {
            AuthorizeManager.authorizeAction(context, collection.getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection submitters");
        }
    }

    public static void authorizeManageWorkflowsGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageWorkflows()) {
            AuthorizeManager.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows()) {
            AuthorizeManager.authorizeAction(context, collection.getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection workflow");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) {
            AuthorizeManager.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup()) {
            AuthorizeManager.authorizeAction(context, collection.getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        Community[] communities = collection.getCommunities();
        if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup() && communities != null && communities.length > 0) {
            AuthorizeManager.authorizeAction(context, collection.getCommunities()[0], 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of a collection");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Community community) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) {
            AuthorizeManager.authorizeAction(context, community, 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Community community) throws SQLException, AuthorizeException {
        Community parentCommunity = community.getParentCommunity();
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup() && parentCommunity != null) {
            AuthorizeManager.authorizeAction(context, parentCommunity, 11);
        } else if (!AuthorizeManager.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of the community");
        }
    }

    public static void authorizeManagePolicy(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException {
        switch (resourcePolicy.getResourceType()) {
            case 0:
                authorizeManageBitstreamPolicy(context, Bitstream.find(context, resourcePolicy.getResourceID()));
                return;
            case 1:
                authorizeManageBundlePolicy(context, Bundle.find(context, resourcePolicy.getResourceID()));
                return;
            case 2:
                authorizeManageItemPolicy(context, Item.find(context, resourcePolicy.getResourceID()));
                return;
            case 3:
                authorizeManageCollectionPolicy(context, Collection.find(context, resourcePolicy.getResourceID()));
                return;
            case 4:
                authorizeManageCommunityPolicy(context, Community.find(context, resourcePolicy.getResourceID()));
                return;
            default:
                requireAdminRole(context);
                return;
        }
    }

    public static void authorizeWithdrawItem(Context context, Item item) throws SQLException, AuthorizeException {
        boolean z = false;
        if (AuthorizeConfiguration.canCollectionAdminPerformItemWithdrawn()) {
            z = AuthorizeManager.authorizeActionBoolean(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminPerformItemWithdrawn()) {
            z = AuthorizeManager.authorizeActionBoolean(context, item.getOwningCollection().getCommunities()[0], 11);
        }
        if (!z) {
            z = AuthorizeManager.authorizeActionBoolean(context, item.getOwningCollection(), 4, false);
        }
        if (!z) {
            throw new AuthorizeException("To withdraw item must be COLLECTION_ADMIN or have REMOVE authorization on owning Collection");
        }
    }

    public static void authorizeReinstateItem(Context context, Item item) throws SQLException, AuthorizeException {
        Collection[] collections = item.getCollections();
        for (int i = 0; i < collections.length; i++) {
            if (AuthorizeConfiguration.canCollectionAdminPerformItemReinstatiate()) {
                AuthorizeManager.authorizeAction(context, collections[i], 3);
            } else if (!AuthorizeConfiguration.canCommunityAdminPerformItemReinstatiate() || !AuthorizeManager.authorizeActionBoolean(context, collections[i].getCommunities()[0], 11)) {
                AuthorizeManager.authorizeAction(context, collections[i], 3, false);
            }
        }
    }
}
