package org.sakaiproject.metaobj.security.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.AuthzGroupService;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.metaobj.security.AuthorizationFacade;
import org.sakaiproject.metaobj.security.AuthorizationFailedException;
import org.sakaiproject.metaobj.shared.model.Agent;
import org.sakaiproject.metaobj.shared.model.Id;
import org.sakaiproject.thread_local.cover.ThreadLocalManager;
import org.sakaiproject.tool.cover.ToolManager;
import org.sakaiproject.user.api.UserDirectoryService;

/* loaded from: input_file:org/sakaiproject/metaobj/security/impl/AuthzShim.class */
public class AuthzShim implements AuthorizationFacade {
    protected final transient Log logger = LogFactory.getLog(getClass());
    private static final String AUTHZ_GROUPS_LIST = "org.sakaiproject.metaobj.security.impl.AuthzShim.groups";
    private AuthzGroupService realmService;
    private UserDirectoryService userDirectoryService;

    public void checkPermission(String str, Id id) throws AuthorizationFailedException {
        if (!isAuthorized(str, id)) {
            throw new AuthorizationFailedException(str, id);
        }
    }

    public void checkPermission(Agent agent, String str, Id id) throws AuthorizationFailedException {
        if (!isAuthorized(agent, str, id)) {
            throw new AuthorizationFailedException(agent, str, id);
        }
    }

    public boolean isAuthorized(String str, Id id) {
        return isAuthorized(null, str, id);
    }

    public boolean isAuthorized(Agent agent, String str, Id id) {
        String id2 = agent == null ? getUserDirectoryService().getCurrentUser().getId() : agent.getId().getValue();
        return str.equals("maintain") ? checkMaintain(id2) : getRealmService().isAllowed(id2, str, getCurrentRealm());
    }

    protected boolean checkMaintain(String str) {
        try {
            AuthzGroup authzGroup = getRealmService().getAuthzGroup(getCurrentRealm());
            return authzGroup.hasRole(str, authzGroup.getMaintainRole());
        } catch (GroupNotDefinedException e) {
            throw new RuntimeException("unkown realm", e);
        }
    }

    protected String getCurrentRealm() {
        return getAuthzGroupsList().size() == 0 ? "/site/" + ToolManager.getCurrentPlacement().getContext() : "/site/" + getAuthzGroupsList().get(0);
    }

    protected String getReference(Id id) {
        return null;
    }

    public List getAuthorizations(Agent agent, String str, Id id) {
        return new ArrayList();
    }

    public void createAuthorization(Agent agent, String str, Id id) {
    }

    public void deleteAuthorization(Agent agent, String str, Id id) {
    }

    public void deleteAuthorizations(Id id) {
    }

    public void pushAuthzGroups(Collection collection) {
        getAuthzGroupsList().addAll(collection);
    }

    public void pushAuthzGroups(String str) {
        getAuthzGroupsList().add(str);
    }

    public AuthzGroupService getRealmService() {
        return this.realmService;
    }

    public void setRealmService(AuthzGroupService authzGroupService) {
        this.realmService = authzGroupService;
    }

    public UserDirectoryService getUserDirectoryService() {
        return this.userDirectoryService;
    }

    public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
        this.userDirectoryService = userDirectoryService;
    }

    protected List getAuthzGroupsList() {
        List list = (List) ThreadLocalManager.get(AUTHZ_GROUPS_LIST);
        if (list == null) {
            list = new ArrayList();
            ThreadLocalManager.set(AUTHZ_GROUPS_LIST, list);
        }
        return list;
    }
}
