package blackboard.platform.gradebook2;

import blackboard.data.course.CourseMembership;
import blackboard.persist.Id;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.course.CourseMembershipDbLoader;
import blackboard.persist.course.impl.GroupDAO;
import blackboard.persist.user.UserDbLoader;
import blackboard.platform.context.Context;
import blackboard.platform.context.ContextManagerFactory;
import blackboard.platform.gradebook2.impl.AttemptDAO;
import blackboard.platform.gradebook2.impl.GradeDAO;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.Entitlement;
import blackboard.platform.security.SecurityUtil;
import blackboard.platform.security.authentication.BbSecurityException;
import com.google.common.base.Preconditions;
import javax.annotation.Nullable;

/* loaded from: input_file:blackboard/platform/gradebook2/GradebookSecurityUtil.class */
public final class GradebookSecurityUtil {
    public static final String COURSE_GRADEBOOK_MODIFY_ENTITLEMENT = "course.gradebook.MODIFY";
    public static final String DEANONYMIZE_COLUMN_ENTITLEMENT = "course.gradebook-deanonymize.EXECUTE";
    public static final String RECONCILE_GRADES_ENTITLEMENT = "course.gradebook-reconcile.EXECUTE";
    public static final String COURSE_USER_GRADES_VIEW = "course.user.grades.VIEW";
    public static final String CONFIGURE_DELEGATED_GRADING_ENTITLEMENT = "course.gradebook-delegate-config.MODIFY";

    private GradebookSecurityUtil() {
    }

    public static void checkCanModifyItem(GradableItem gradableItem) throws BbSecurityException {
        SecurityUtil.checkEntitlement(COURSE_GRADEBOOK_MODIFY_ENTITLEMENT);
        if (!gradableItem.getCourseId().equals(ContextManagerFactory.getInstance().getContext().getCourseId())) {
            throw new BbSecurityException("Attempting to alter grades from another course");
        }
    }

    public static void checkCanModifyGrade(Id id, Id id2) throws BbSecurityException {
        SecurityUtil.checkEntitlement(COURSE_GRADEBOOK_MODIFY_ENTITLEMENT);
        if (!GradeDAO.get().isValidCombination(ContextManagerFactory.getInstance().getContext().getCourseId(), id, id2)) {
            throw new BbSecurityException("Attempting to alter grades from another course");
        }
    }

    public static boolean isValidCombination(Id id, Id id2, Id id3) {
        return GradeDAO.get().isValidCombination(id, id2, id3);
    }

    public static boolean userHasFullGradebookAccess() {
        return SecurityUtil.userHasEntitlement(COURSE_GRADEBOOK_MODIFY_ENTITLEMENT);
    }

    public static boolean userCanDeAnonymizeColumns() {
        return SecurityUtil.userHasEntitlement(DEANONYMIZE_COLUMN_ENTITLEMENT);
    }

    public static boolean userCanConfigureDelegatedGrading() {
        return SecurityUtil.userHasEntitlement(CONFIGURE_DELEGATED_GRADING_ENTITLEMENT);
    }

    public static boolean userCanReconcileGrades() {
        return SecurityUtil.userHasEntitlement(RECONCILE_GRADES_ENTITLEMENT);
    }

    private static void conditionallyCheckEntitlement(boolean z, String str) throws BbSecurityException {
        if (z && !SecurityUtil.userHasEntitlement(str)) {
            throw new BbSecurityException();
        }
    }

    public static void checkFullGradebookAccess(boolean z) throws BbSecurityException {
        conditionallyCheckEntitlement(z, COURSE_GRADEBOOK_MODIFY_ENTITLEMENT);
    }

    public static void checkDeAnonymizeAccess(boolean z) throws BbSecurityException {
        conditionallyCheckEntitlement(z, DEANONYMIZE_COLUMN_ENTITLEMENT);
    }

    public static void checkReconcileGradesAccess(boolean z) throws BbSecurityException {
        conditionallyCheckEntitlement(z, RECONCILE_GRADES_ENTITLEMENT);
    }

    public static void checkCanConfigureDelegatedGrading(boolean z) throws BbSecurityException {
        conditionallyCheckEntitlement(z, CONFIGURE_DELEGATED_GRADING_ENTITLEMENT);
    }

    public static void checkCanViewUsersGrades(boolean z) throws BbSecurityException {
        if (z && !userHasFullGradebookAccess() && !SecurityUtil.userHasEntitlement(COURSE_USER_GRADES_VIEW)) {
            throw new BbSecurityException();
        }
    }

    public static boolean userCanReconcileGrades(Id id, Id id2) {
        Preconditions.checkNotNull(id, "graderId must not be null");
        Preconditions.checkNotNull(id2, "courseId must not be null");
        String str = "GradebookSecurityUtil" + id.toExternalString() + id2.toExternalString();
        Context context = ContextManagerFactory.getInstance().getContext();
        Boolean bool = (Boolean) context.getAttribute(str);
        if (bool != null) {
            return bool.booleanValue();
        }
        try {
            boolean userHasEntitlement = SecurityUtil.userHasEntitlement(UserDbLoader.Default.getInstance().loadById(id), CourseMembershipDbLoader.Default.getInstance().loadByCourseAndUserId(id2, id), new Entitlement(RECONCILE_GRADES_ENTITLEMENT));
            context.setAttribute(str, Boolean.valueOf(userHasEntitlement));
            return userHasEntitlement;
        } catch (PersistenceException e) {
            LogServiceFactory.getInstance().logError("Failed to load user/membership for " + id.toExternalString() + " in " + id2.toExternalString(), e);
            return false;
        }
    }

    public static boolean userCanReviewAttempt(Id id, CourseMembership courseMembership) {
        try {
            GradeDetail superLightGradeDetailByAttempt = GradebookManagerFactory.getInstanceWithoutSecurityCheck().getSuperLightGradeDetailByAttempt(id);
            if (null != courseMembership && null != superLightGradeDetailByAttempt) {
                if (CourseUserInformation.fixDataType(courseMembership.getId()).equals(superLightGradeDetailByAttempt.getCourseUserId())) {
                    return true;
                }
            }
            return false;
        } catch (BbSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean userCanReviewGroupAttempt(@Nullable GroupAttempt groupAttempt, @Nullable CourseMembership courseMembership) {
        if (null == groupAttempt || null == courseMembership) {
            return false;
        }
        return userCanReviewGroupAttempt(GroupDAO.get().belongsToCourseGroup(groupAttempt.getGroupId(), courseMembership.getId()), groupAttempt, courseMembership);
    }

    public static boolean userCanReviewGroupAttempt(boolean z, @Nullable GroupAttempt groupAttempt, @Nullable CourseMembership courseMembership) {
        if (null == groupAttempt || null == courseMembership) {
            return false;
        }
        return z || GroupAttemptManagerFactory.getInstance().isUserMemberOfGroupAttempt(groupAttempt.getId(), courseMembership.getUserId());
    }

    public static void confirmThatCourseMatchesContext(Id id) throws BbSecurityException {
        try {
            confirmThatCourseMatchesContext(AttemptDAO.get().loadById(id));
        } catch (KeyNotFoundException e) {
            throw new BbSecurityException();
        }
    }

    public static void confirmThatCourseMatchesContext(AttemptDetail attemptDetail) throws BbSecurityException {
        confirmThatCourseMatchesContext(attemptDetail == null ? null : attemptDetail.getGradebookItem());
    }

    public static void confirmThatCourseMatchesContext(GradableItem gradableItem) throws BbSecurityException {
        doConfirmThatCourseMatchesContext(gradableItem == null ? null : gradableItem.getCourseId());
    }

    private static void doConfirmThatCourseMatchesContext(Id id) throws BbSecurityException {
        Context context = ContextManagerFactory.getInstance().getContext();
        if (!Id.isValid(id) || !id.equals(context.getCourseId())) {
            throw new BbSecurityException("Course in context does not match course for item being modified");
        }
    }
}
