package org.gluu.oxtrust.service.secure;

import java.io.Serializable;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import org.gluu.model.user.UserRole;
import org.gluu.oxtrust.model.GluuConfiguration;
import org.gluu.oxtrust.security.Identity;
import org.gluu.oxtrust.service.ConfigurationService;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
@Named
/* loaded from: input_file:org/gluu/oxtrust/service/secure/ApiPermissionService.class */
public class ApiPermissionService implements Serializable {
    private static final long serialVersionUID = 8290321709004847387L;

    @Inject
    private Logger log;

    @Inject
    private Identity identity;

    @Inject
    private ConfigurationService configurationService;
    private String[][] managerActions = {new String[]{"attribute", "access"}, new String[]{"person", "access"}, new String[]{"person", "import"}, new String[]{"group", "access"}, new String[]{"sectorIdentifier", "access"}, new String[]{"trust", "access"}, new String[]{"configuration", "access"}, new String[]{"log", "access"}, new String[]{"import", "access"}, new String[]{"profile", "access"}, new String[]{"registrationLinks", "access"}, new String[]{"scim", "access"}, new String[]{"scim_test", "access"}, new String[]{"client", "access"}, new String[]{"scope", "access"}, new String[]{"oxauth", "access"}, new String[]{"uma", "access"}, new String[]{"super-gluu", "access"}};

    public boolean hasPermission(Object obj, String str) {
        this.log.trace("Checking permissions for target '{}' an 'action'. Identity: {}", new Object[]{obj, str, this.identity});
        if (!this.identity.isLoggedIn()) {
            return false;
        }
        if ((this.identity.hasRole(UserRole.MANAGER.getValue()) || this.identity.hasRole(UserRole.USER.getValue())) && StringHelper.equalsIgnoreCase("profile_management", str)) {
            return this.configurationService.getConfiguration().isProfileManagment() && StringHelper.equals(this.configurationService.getConfiguration().getInum(), ((GluuConfiguration) obj).getInum());
        }
        if (this.identity.hasRole(UserRole.MANAGER.getValue())) {
            for (String[] strArr : this.managerActions) {
                if (StringHelper.equals(strArr[0], (String) obj) && StringHelper.equals(strArr[1], str)) {
                    return true;
                }
            }
        }
        if (!this.identity.hasRole(UserRole.USER.getValue())) {
            return false;
        }
        for (String[] strArr2 : this.managerActions) {
            String str2 = (String) obj;
            if (StringHelper.equals("profile", str2) && StringHelper.equals(strArr2[0], str2) && StringHelper.equals(strArr2[1], str)) {
                return true;
            }
        }
        return false;
    }
}
