package org.sakaiproject.tool.gradebook.ui;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.poi.ddf.EscherProperties;
import org.sakaiproject.tool.gradebook.facades.Authn;
import org.sakaiproject.tool.gradebook.facades.Authz;
import org.sakaiproject.tool.gradebook.facades.ContextManagement;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:WEB-INF/lib/sakai-gradebook-app-ui-dev.jar:org/sakaiproject/tool/gradebook/ui/RoleFilter.class */
public class RoleFilter implements Filter {
    private static Log logger = LogFactory.getLog(RoleFilter.class);
    private String authnServiceBeanName;
    private String authzServiceBeanName;
    private String contextManagementServiceBeanName;
    private String authorizationFilterConfigurationBeanName;
    private String selectGradebookRedirect;
    private ApplicationContext ac;

    public void init(FilterConfig filterConfig) throws ServletException {
        if (logger.isInfoEnabled()) {
            logger.info("Initializing gradebook role filter");
        }
        this.ac = (ApplicationContext) filterConfig.getServletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
        this.authnServiceBeanName = filterConfig.getInitParameter("authnServiceBean");
        this.authzServiceBeanName = filterConfig.getInitParameter("authzServiceBean");
        this.contextManagementServiceBeanName = filterConfig.getInitParameter("contextManagementServiceBean");
        this.authorizationFilterConfigurationBeanName = filterConfig.getInitParameter("authorizationFilterConfigurationBean");
        this.selectGradebookRedirect = filterConfig.getInitParameter("selectGradebookRedirect");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        if (logger.isDebugEnabled()) {
            logger.debug("Filtering request for servletPath=" + servletPath);
        }
        String replaceFirst = servletPath.replaceFirst("^/", "");
        if (replaceFirst.indexOf("/") >= 0) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        Authn authn = (Authn) this.ac.getBean(this.authnServiceBeanName);
        Authz authz = (Authz) this.ac.getBean(this.authzServiceBeanName);
        ContextManagement contextManagement = (ContextManagement) this.ac.getBean(this.contextManagementServiceBeanName);
        AuthorizationFilterConfigurationBean authorizationFilterConfigurationBean = (AuthorizationFilterConfigurationBean) this.ac.getBean(this.authorizationFilterConfigurationBeanName);
        authn.setAuthnContext(httpServletRequest);
        String userUid = authn.getUserUid();
        if (logger.isDebugEnabled()) {
            logger.debug("Filtering request for user " + userUid + ", pathInfo=" + httpServletRequest.getPathInfo());
        }
        String gradebookUid = contextManagement.getGradebookUid(httpServletRequest);
        if (logger.isDebugEnabled()) {
            logger.debug("contextManagementService.getGradebookUid=" + gradebookUid);
        }
        if (gradebookUid == null) {
            gradebookUid = GradebookBean.getGradebookUidFromRequest(httpServletRequest);
            if (logger.isDebugEnabled()) {
                logger.debug("GradebookBean.getGradebookUidFromRequest=" + gradebookUid);
            }
        }
        if (gradebookUid == null) {
            if (this.selectGradebookRedirect != null) {
                ((HttpServletResponse) servletResponse).sendRedirect(this.selectGradebookRedirect);
                return;
            } else {
                ((HttpServletResponse) servletResponse).sendError(EscherProperties.FILL__RECTLEFT);
                return;
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("gradebookUid=" + gradebookUid + ", userUid=" + userUid);
        }
        String str = replaceFirst.split("[./]")[0];
        if ((authz.isUserAbleToGrade(gradebookUid) && authorizationFilterConfigurationBean.getUserAbleToGradePages().contains(str)) ? true : (authz.isUserAbleToEditAssessments(gradebookUid) && authorizationFilterConfigurationBean.getUserAbleToEditPages().contains(str)) ? true : authz.isUserAbleToViewOwnGrades(gradebookUid) && authorizationFilterConfigurationBean.getUserAbleToViewOwnGradesPages().contains(str)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
        } else {
            logger.error("AUTHORIZATION FAILURE: User " + userUid + " in gradebook " + gradebookUid + " attempted to reach URL " + ((Object) httpServletRequest.getRequestURL()));
            ((HttpServletResponse) servletResponse).sendError(EscherProperties.FILL__RECTLEFT);
        }
    }

    public void destroy() {
    }
}
