package de.valtech.aecu.core.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = AccessValidationServiceConfiguration.class)
@Component(service = {AccessValidationService.class})
/* loaded from: input_file:de/valtech/aecu/core/security/AccessValidationService.class */
public class AccessValidationService {
    private static final Logger LOG = LoggerFactory.getLogger(AccessValidationService.class);
    private AccessValidationServiceConfiguration config;

    @Activate
    public void activate(AccessValidationServiceConfiguration accessValidationServiceConfiguration) {
        this.config = accessValidationServiceConfiguration;
    }

    public boolean canReadHistory(SlingHttpServletRequest slingHttpServletRequest) {
        return isAdminOrInAllowedList(slingHttpServletRequest, this.config.readers());
    }

    public boolean canExecute(SlingHttpServletRequest slingHttpServletRequest) {
        return isAdminOrInAllowedList(slingHttpServletRequest, this.config.executers());
    }

    private boolean isAdminOrInAllowedList(SlingHttpServletRequest slingHttpServletRequest, String[] strArr) {
        if (isAdmin(getUserName(slingHttpServletRequest))) {
            return true;
        }
        if (strArr == null) {
            return false;
        }
        List<String> userGroupNames = getUserGroupNames(slingHttpServletRequest);
        for (String str : strArr) {
            if (userGroupNames.contains(str)) {
                return true;
            }
        }
        return false;
    }

    private String getUserName(SlingHttpServletRequest slingHttpServletRequest) {
        return slingHttpServletRequest.getUserPrincipal().getName();
    }

    private List<String> getUserGroupNames(SlingHttpServletRequest slingHttpServletRequest) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator memberOf = ((UserManager) slingHttpServletRequest.getResourceResolver().adaptTo(UserManager.class)).getAuthorizable(slingHttpServletRequest.getUserPrincipal()).memberOf();
            while (memberOf.hasNext()) {
                arrayList.add(((Group) memberOf.next()).getID());
            }
        } catch (RepositoryException e) {
            LOG.error("Unable to get groups", e);
        }
        return arrayList;
    }

    private boolean isAdmin(String str) {
        return "admin".equals(str);
    }
}
