package org.jbpm.formbuilder.server;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.jboss.resteasy.annotations.providers.jaxb.DoNotUseJAXBProvider;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

@Path("/user")
/* loaded from: input_file:WEB-INF/classes/org/jbpm/formbuilder/server/RESTUserService.class */
public class RESTUserService extends RESTBaseService {
    private static final String[] AVAILABLE_ROLES = {SecurityConstants.ADMIN_ID, "webdesigner", "functionalanalyst"};

    @GET
    @Path("/current/roles")
    @DoNotUseJAXBProvider
    @Consumes({MediaType.WILDCARD})
    @Produces({"text/plain"})
    public Response getCurrentRoles(@Context HttpServletRequest httpServletRequest) {
        List<String> roles = getRoles(httpServletRequest);
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = roles.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            if (it.hasNext()) {
                sb.append(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
            }
        }
        return Response.ok(sb.toString()).build();
    }

    @POST
    @Path("/current/logout")
    public Response logout(@Context HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().invalidate();
        return Response.ok().build();
    }

    public static List<String> getRoles(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        for (String str : AVAILABLE_ROLES) {
            if (httpServletRequest.isUserInRole(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public static boolean hasDesignerPrivileges(HttpServletRequest httpServletRequest) {
        List<String> roles = getRoles(httpServletRequest);
        return roles.contains(SecurityConstants.ADMIN_ID) || roles.contains("webdesigner");
    }
}
