package org.sakaiproject.tool.section.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.myfaces.renderkit.html.HTML;
import org.sakaiproject.api.section.facade.manager.Authn;
import org.sakaiproject.api.section.facade.manager.Authz;
import org.sakaiproject.api.section.facade.manager.Context;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/tool/section/filter/RoleFilter.class */
public class RoleFilter implements Filter {
    private static Log logger;
    private String authnBeanName;
    private String authzBeanName;
    private String contextBeanName;
    private String authorizationFilterConfigurationBeanName;
    private String selectSiteRedirect;
    private ApplicationContext ac;
    static Class class$org$sakaiproject$tool$section$filter$RoleFilter;

    public void init(FilterConfig filterConfig) throws ServletException {
        if (logger.isInfoEnabled()) {
            logger.info("Initializing sections role filter");
        }
        this.ac = (ApplicationContext) filterConfig.getServletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
        this.authnBeanName = filterConfig.getInitParameter("authnServiceBean");
        this.authzBeanName = filterConfig.getInitParameter("authzServiceBean");
        this.contextBeanName = filterConfig.getInitParameter("contextManagementServiceBean");
        this.authorizationFilterConfigurationBeanName = filterConfig.getInitParameter("authorizationFilterConfigurationBean");
        this.selectSiteRedirect = filterConfig.getInitParameter("selectSiteRedirect");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Filtering request for servletPath=").append(servletPath).toString());
        }
        String replaceFirst = servletPath.replaceFirst("^/", StringUtils.EMPTY);
        if (replaceFirst.indexOf(HTML.HREF_PATH_SEPARATOR) >= 0) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        Authn authn = (Authn) this.ac.getBean(this.authnBeanName);
        Authz authz = (Authz) this.ac.getBean(this.authzBeanName);
        Context context = (Context) this.ac.getBean(this.contextBeanName);
        AuthorizationFilterConfigurationBean authorizationFilterConfigurationBean = (AuthorizationFilterConfigurationBean) this.ac.getBean(this.authorizationFilterConfigurationBeanName);
        String userUid = authn.getUserUid(httpServletRequest);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Filtering request for user ").append(userUid).append(", pathInfo=").append(httpServletRequest.getPathInfo()).toString());
        }
        String context2 = context.getContext(httpServletRequest);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("context=").append(context2).toString());
        }
        if (context2 == null) {
            if (this.selectSiteRedirect != null) {
                ((HttpServletResponse) servletResponse).sendRedirect(this.selectSiteRedirect);
                return;
            } else {
                ((HttpServletResponse) servletResponse).sendError(401);
                return;
            }
        }
        String str = replaceFirst.split("[./]")[0];
        boolean z = false;
        if (authz.isSectionManagementAllowed(userUid, context2) && authorizationFilterConfigurationBean.getManageAllSections().contains(str)) {
            z = true;
        } else if (authz.isViewAllSectionsAllowed(userUid, context2) && authorizationFilterConfigurationBean.getViewAllSections().contains(str)) {
            z = true;
        } else if (authz.isSectionTaManagementAllowed(userUid, context2) && authorizationFilterConfigurationBean.getManageTeachingAssistants().contains(str)) {
            z = true;
        } else if (authz.isSectionEnrollmentMangementAllowed(userUid, context2) && authorizationFilterConfigurationBean.getManageEnrollments().contains(str)) {
            z = true;
        } else if (authz.isViewOwnSectionsAllowed(userUid, context2) && authorizationFilterConfigurationBean.getViewOwnSections().contains(str)) {
            z = true;
        }
        if (z) {
            filterChain.doFilter(httpServletRequest, servletResponse);
        } else {
            logger.error(new StringBuffer().append("AUTHORIZATION FAILURE: User ").append(userUid).append(" in site ").append(context2).append(" attempted to reach URL ").append((Object) httpServletRequest.getRequestURL()).toString());
            ((HttpServletResponse) servletResponse).sendError(401);
        }
    }

    public void destroy() {
        this.ac = null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$sakaiproject$tool$section$filter$RoleFilter == null) {
            cls = class$("org.sakaiproject.tool.section.filter.RoleFilter");
            class$org$sakaiproject$tool$section$filter$RoleFilter = cls;
        } else {
            cls = class$org$sakaiproject$tool$section$filter$RoleFilter;
        }
        logger = LogFactory.getLog(cls);
    }
}
