package org.rhq.enterprise.gui.legacy.taglib;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspTagException;
import javax.servlet.jsp.jstl.core.ConditionalTagSupport;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.enterprise.gui.util.WebUtility;
import org.rhq.enterprise.server.authz.AuthorizationManagerLocal;
import org.rhq.enterprise.server.util.LookupUtil;

/* loaded from: input_file:WEB-INF/classes/org/rhq/enterprise/gui/legacy/taglib/Authorization.class */
public class Authorization extends ConditionalTagSupport {
    private static final long serialVersionUID = 1;
    private String permission;

    /* loaded from: input_file:WEB-INF/classes/org/rhq/enterprise/gui/legacy/taglib/Authorization$Context.class */
    private enum Context {
        Group,
        Resource,
        Global
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.jsp.jstl.core.ConditionalTagSupport
    public boolean condition() throws JspTagException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) this.pageContext.getRequest();
            AuthorizationManagerLocal authorizationManager = LookupUtil.getAuthorizationManager();
            Subject subject = WebUtility.getSubject(httpServletRequest);
            if (isSuperuserCheck()) {
                return authorizationManager.isSystemSuperuser(subject);
            }
            Permission permissionEnum = getPermissionEnum();
            if (subject == null) {
                return false;
            }
            Context context = Context.Global;
            if (getResourceId(httpServletRequest) != 0) {
                context = Context.Resource;
            }
            int resourceGroupId = getResourceGroupId(httpServletRequest);
            if (resourceGroupId != 0) {
                context = Context.Group;
            }
            if (context == Context.Resource) {
                return authorizationManager.hasResourcePermission(subject, permissionEnum, resourceGroupId);
            }
            if (context == Context.Group) {
                return authorizationManager.hasGroupPermission(subject, permissionEnum, resourceGroupId);
            }
            if (context == Context.Global) {
                return authorizationManager.hasGlobalPermission(subject, permissionEnum);
            }
            throw new JspTagException("Authorization tag does not yet support the context[" + context + "]");
        } catch (Exception e) {
            throw new JspTagException(e);
        } catch (JspTagException e2) {
            throw e2;
        }
    }

    private int getResourceId(HttpServletRequest httpServletRequest) throws JspTagException {
        Integer resourceId = WebUtility.getResourceId(httpServletRequest);
        if (resourceId == null) {
            return 0;
        }
        return resourceId.intValue();
    }

    private int getResourceGroupId(HttpServletRequest httpServletRequest) throws JspTagException {
        Integer resourceGroupId = WebUtility.getResourceGroupId(httpServletRequest);
        if (resourceGroupId == null) {
            return 0;
        }
        return resourceGroupId.intValue();
    }

    private boolean isSuperuserCheck() {
        return this.permission != null && this.permission.toLowerCase().equals("superuser");
    }

    private Permission getPermissionEnum() throws JspTagException {
        String permission = getPermission();
        try {
            return Permission.valueOf(permission.toUpperCase());
        } catch (Exception e) {
            throw new JspTagException("Invalid permission[" + permission + "]");
        }
    }

    public String getPermission() {
        return this.permission;
    }

    public void setPermission(String str) {
        this.permission = str;
    }
}
