package org.jbpm.kie.services.impl.security;

import java.util.List;
import org.jbpm.process.core.async.AsyncExecutionMarker;
import org.kie.internal.identity.IdentityProvider;
import org.kie.internal.runtime.manager.SecurityManager;

/* loaded from: input_file:WEB-INF/lib/jbpm-kie-services-7.45.0.t20201014.jar:org/jbpm/kie/services/impl/security/IdentityRolesSecurityManager.class */
public class IdentityRolesSecurityManager implements SecurityManager {
    private IdentityProvider identityProvider;
    private List<String> requiredRoles;

    public IdentityRolesSecurityManager(IdentityProvider identityProvider, List<String> list) {
        this.identityProvider = identityProvider;
        this.requiredRoles = list;
    }

    @Override // org.kie.internal.runtime.manager.SecurityManager
    public void checkPermission() throws SecurityException {
        if (this.requiredRoles == null || this.requiredRoles.isEmpty()) {
            return;
        }
        try {
            List<String> roles = this.identityProvider.getRoles();
            if (roles != null) {
                for (String str : this.requiredRoles) {
                    if (roles.contains(str) || this.identityProvider.hasRole(str)) {
                        return;
                    }
                }
            }
            if (!AsyncExecutionMarker.isAsync()) {
                throw new SecurityException("User " + this.identityProvider.getName() + " does not have permission to access this asset");
            }
        } catch (Exception e) {
        }
    }
}
