package org.gridlab.gridsphere.portlet.service.spi.impl;

import org.gridlab.gridsphere.portlet.PortletGroup;
import org.gridlab.gridsphere.portlet.User;
import org.gridlab.gridsphere.portlet.service.PortletServiceAuthorizationException;
import org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer;
import org.gridlab.gridsphere.services.core.security.acl.AccessControlManagerService;
import org.gridlab.gridsphere.services.core.security.auth.AuthorizationException;

/* loaded from: input_file:org/gridlab/gridsphere/portlet/service/spi/impl/SportletServiceAuthorizer.class */
public class SportletServiceAuthorizer implements PortletServiceAuthorizer {
    public static final String SUPER_MESSAGE = "The user calling this method must have super privileges";
    public static final String ADMIN_MESSAGE = "The user calling this method must have admin privileges within this group";
    public static final String SUPER_OR_ADMIN_MESSAGE = "The user calling this method must have super privileges or admin privileges within this group";
    public static final String SUPER_OR_SAME_MESSAGE = "The user calling this method must have super privileges or be the same user given to this method";
    public static final String SUPER_ADMIN_OR_SAME_MESSAGE = "The user calling this method must have super privileges, admin privileges within this group, or be the same user given to this method";
    private User user;
    private AccessControlManagerService aclManager;

    private SportletServiceAuthorizer() {
        this.user = null;
        this.aclManager = null;
    }

    public SportletServiceAuthorizer(User user, AccessControlManagerService accessControlManagerService) {
        this.user = null;
        this.aclManager = null;
        this.user = user;
        this.aclManager = accessControlManagerService;
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public User getInternalUser() {
        return this.user;
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public void authorizeSuperUser() throws PortletServiceAuthorizationException {
        if (!this.aclManager.hasSuperRole(this.user)) {
            throw new PortletServiceAuthorizationException(SUPER_MESSAGE);
        }
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public void authorizeAdminUser(PortletGroup portletGroup) throws PortletServiceAuthorizationException {
        if (!this.aclManager.hasAdminRoleInGroup(this.user, portletGroup)) {
            throw new PortletServiceAuthorizationException(ADMIN_MESSAGE);
        }
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public void authorizeSuperOrAdminUser(PortletGroup portletGroup) throws AuthorizationException {
        if (!this.aclManager.hasSuperRole(this.user) && !this.aclManager.hasAdminRoleInGroup(this.user, portletGroup)) {
            throw new PortletServiceAuthorizationException(SUPER_OR_ADMIN_MESSAGE);
        }
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public void authorizeSuperOrSameUser(User user) throws AuthorizationException {
        if (!this.aclManager.hasSuperRole(this.user) && !this.user.equals(user)) {
            throw new PortletServiceAuthorizationException(SUPER_OR_SAME_MESSAGE);
        }
    }

    @Override // org.gridlab.gridsphere.portlet.service.spi.PortletServiceAuthorizer
    public void authorizeSuperAdminOrSameUser(User user, PortletGroup portletGroup) throws AuthorizationException {
        if (!this.aclManager.hasSuperRole(this.user) && !this.aclManager.hasAdminRoleInGroup(this.user, portletGroup) && !this.user.equals(user)) {
            throw new PortletServiceAuthorizationException(SUPER_ADMIN_OR_SAME_MESSAGE);
        }
    }
}
