package org.lamsfoundation.lams.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.lesson.Lesson;
import org.lamsfoundation.lams.usermanagement.Organisation;
import org.lamsfoundation.lams.usermanagement.OrganisationType;
import org.lamsfoundation.lams.usermanagement.Role;
import org.lamsfoundation.lams.util.audit.IAuditService;

/* loaded from: input_file:org/lamsfoundation/lams/security/SecurityService.class */
public class SecurityService implements ISecurityService {
    private static final String SECURITY_MODULE_NAME = "security";
    private ISecurityDAO securityDAO;
    private IAuditService auditService;
    private static Logger log = Logger.getLogger(SecurityService.class);
    private static final String[] GROUP_MONITOR_ROLES = {Role.GROUP_MANAGER, Role.MONITOR};
    private static final List<String> GROUP_SUPER_ROLES = Collections.unmodifiableList(Arrays.asList(Role.GROUP_ADMIN, Role.GROUP_MANAGER));
    private static final String[] EMPTY_STRING_ARRAY = new String[0];

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isLessonLearner(Long l, Integer num, String str, boolean z) throws SecurityException {
        if (l == null) {
            String str2 = "Missing lesson ID when checking if user " + num + " is learner and can \"" + str + "\"";
            log.error(str2);
            if (z) {
                throw new SecurityException(str2);
            }
            return false;
        }
        if (num == null) {
            String str3 = "Missing user ID when checking if is learner in lesson " + l + " and can \"" + str + "\"";
            log.error(str3);
            if (z) {
                throw new SecurityException(str3);
            }
            return false;
        }
        Lesson lesson = (Lesson) this.securityDAO.find(Lesson.class, l);
        if (lesson == null) {
            String str4 = "Could not find lesson " + l + " when checking if user " + num + " is learner and can \"" + str + "\"";
            log.error(str4);
            this.auditService.log(SECURITY_MODULE_NAME, str4);
            if (z) {
                throw new SecurityException(str4);
            }
            return false;
        }
        Integer organisationId = lesson.getOrganisation().getOrganisationId();
        boolean isSysadmin = this.securityDAO.isSysadmin(num);
        boolean hasOrgRole = this.securityDAO.hasOrgRole(organisationId, num, Role.LEARNER);
        if (isSysadmin) {
            return true;
        }
        if (hasOrgRole && this.securityDAO.isLessonLearner(l, num)) {
            return true;
        }
        String str5 = "User " + num + " is not learner in lesson " + l + " and can not \"" + str + "\"";
        log.error(str5);
        this.auditService.log(SECURITY_MODULE_NAME, str5);
        if (z) {
            throw new SecurityException(str5);
        }
        return false;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isLessonMonitor(Long l, Integer num, String str, boolean z) throws SecurityException {
        if (l == null) {
            String str2 = "Missing lesson ID when checking if user " + num + " is monitor and can \"" + str + "\"";
            log.error(str2);
            if (z) {
                throw new SecurityException(str2);
            }
            return false;
        }
        if (num == null) {
            String str3 = "Missing user ID when checking if is monitor in lesson " + l + " and can \"" + str + "\"";
            log.error(str3);
            if (z) {
                throw new SecurityException(str3);
            }
            return false;
        }
        Lesson lesson = (Lesson) this.securityDAO.find(Lesson.class, l);
        if (lesson == null) {
            String str4 = "Could not find lesson " + l + " when checking if user " + num + " is monitor and can \"" + str + "\"";
            log.error(str4);
            this.auditService.log(SECURITY_MODULE_NAME, str4);
            if (z) {
                throw new SecurityException(str4);
            }
            return false;
        }
        Integer organisationId = lesson.getOrganisation().getOrganisationId();
        boolean z2 = this.securityDAO.isSysadmin(num) || this.securityDAO.isGroupManager(organisationId, num);
        boolean z3 = z2 || this.securityDAO.hasOrgRole(organisationId, num, Role.MONITOR);
        if (z2) {
            return true;
        }
        if (z3 && this.securityDAO.isLessonMonitor(l, num, true)) {
            return true;
        }
        String str5 = "User " + num + " is not monitor in lesson " + l + " and can not \"" + str + "\"";
        log.error(str5);
        this.auditService.log(SECURITY_MODULE_NAME, str5);
        if (z) {
            throw new SecurityException(str5);
        }
        return false;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isLessonOwner(Long l, Integer num, String str, boolean z) throws SecurityException {
        if (l == null) {
            String str2 = "Missing lesson ID when checking if user " + num + " is owner and can \"" + str + "\"";
            log.error(str2);
            if (z) {
                throw new SecurityException(str2);
            }
            return false;
        }
        if (num == null) {
            String str3 = "Missing user ID when checking if is owner of lesson " + l + " and can \"" + str + "\"";
            log.error(str3);
            if (z) {
                throw new SecurityException(str3);
            }
            return false;
        }
        Lesson lesson = (Lesson) this.securityDAO.find(Lesson.class, l);
        if (lesson == null) {
            String str4 = "Could not find lesson " + l + " when checking if user " + num + " is owner and can \"" + str + "\"";
            log.error(str4);
            this.auditService.log(SECURITY_MODULE_NAME, str4);
            if (z) {
                throw new SecurityException(str4);
            }
            return false;
        }
        if (lesson.getUser().getUserId().equals(num)) {
            return true;
        }
        String str5 = "User " + num + " is not owner of lesson " + l + " and can not \"" + str + "\"";
        log.error(str5);
        this.auditService.log(SECURITY_MODULE_NAME, str5);
        if (z) {
            throw new SecurityException(str5);
        }
        return false;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isLessonParticipant(Long l, Integer num, String str, boolean z) throws SecurityException {
        if (l == null) {
            String str2 = "Missing lesson ID when checking if user " + num + " is participant and can \"" + str + "\"";
            log.error(str2);
            this.auditService.log(SECURITY_MODULE_NAME, str2);
            if (z) {
                throw new SecurityException(str2);
            }
            return false;
        }
        if (num == null) {
            String str3 = "Missing user ID when checking if is participant in lesson " + l + " and can \"" + str + "\"";
            log.error(str3);
            if (z) {
                throw new SecurityException(str3);
            }
            return false;
        }
        Lesson lesson = (Lesson) this.securityDAO.find(Lesson.class, l);
        if (lesson == null) {
            String str4 = "Could not find lesson " + l + " when checking if user " + num + " is participant and can \"" + str + "\"";
            log.error(str4);
            this.auditService.log(SECURITY_MODULE_NAME, str4);
            if (z) {
                throw new SecurityException(str4);
            }
            return false;
        }
        Integer organisationId = lesson.getOrganisation().getOrganisationId();
        boolean z2 = this.securityDAO.isSysadmin(num) || this.securityDAO.isGroupManager(organisationId, num);
        boolean z3 = z2 || this.securityDAO.hasOrgRole(organisationId, num, Role.LEARNER, Role.MONITOR);
        if (z2) {
            return true;
        }
        if (z3 && (this.securityDAO.isLessonLearner(l, num) || this.securityDAO.isLessonMonitor(l, num, true))) {
            return true;
        }
        String str5 = "User " + num + " is not participant in lesson " + l + " and can not \"" + str + "\"";
        log.error(str5);
        this.auditService.log(SECURITY_MODULE_NAME, str5);
        if (z) {
            throw new SecurityException(str5);
        }
        return false;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isSysadmin(Integer num, String str, boolean z) {
        if (num == null) {
            String str2 = "Missing user ID when checking if is sysadmin and can \"" + str + "\"";
            log.error(str2);
            throw new SecurityException(str2);
        }
        if (this.securityDAO.isSysadmin(num)) {
            return true;
        }
        String str3 = "User " + num + " is not sysadmin and can not \"" + str + "\"";
        log.error(str3);
        this.auditService.log(SECURITY_MODULE_NAME, str3);
        if (z) {
            throw new SecurityException(str3);
        }
        return false;
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean isGroupMonitor(Integer num, Integer num2, String str, boolean z) throws SecurityException {
        return hasOrgRole(num, num2, GROUP_MONITOR_ROLES, str, z);
    }

    @Override // org.lamsfoundation.lams.security.ISecurityService
    public boolean hasOrgRole(Integer num, Integer num2, String[] strArr, String str, boolean z) throws SecurityException {
        if (num == null) {
            String str2 = "Missing organisation ID when checking if user " + num2 + " has any of " + Arrays.toString(strArr) + " roles in organisation " + num + " and can \"" + str + "\"";
            log.error(str2);
            if (z) {
                throw new SecurityException(str2);
            }
            return false;
        }
        if (num2 == null) {
            String str3 = "Missing user ID when checking if has any of " + Arrays.toString(strArr) + " roles in organisation " + num + " and can \"" + str + "\"";
            log.error(str3);
            if (z) {
                throw new SecurityException(str3);
            }
            return false;
        }
        try {
        } catch (Exception e) {
            log.error("Error while checking user " + num2 + " role in organisation " + num, e);
        }
        if (this.securityDAO.isSysadmin(num2) || this.securityDAO.hasOrgRole(num, num2, strArr)) {
            return true;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        arrayList.retainAll(GROUP_SUPER_ROLES);
        if (!arrayList.isEmpty()) {
            Organisation organisation = (Organisation) this.securityDAO.find(Organisation.class, num);
            if (OrganisationType.CLASS_TYPE.equals(organisation.getOrganisationType().getOrganisationTypeId())) {
                organisation = organisation.getParentOrganisation();
            }
            if (this.securityDAO.hasOrgRole(organisation.getOrganisationId(), num2, (String[]) arrayList.toArray(EMPTY_STRING_ARRAY))) {
                return true;
            }
        }
        String str4 = "User " + num2 + " does not have any of " + Arrays.toString(strArr) + " roles in organisation " + num + " and can not \"" + str + "\"";
        log.error(str4);
        this.auditService.log(SECURITY_MODULE_NAME, str4);
        if (z) {
            throw new SecurityException(str4);
        }
        return false;
    }

    public void setSecurityDAO(ISecurityDAO iSecurityDAO) {
        this.securityDAO = iSecurityDAO;
    }

    public void setAuditService(IAuditService iAuditService) {
        this.auditService = iAuditService;
    }
}
