package org.dspace.app.util;

import java.sql.SQLException;
import java.util.List;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.authorize.factory.AuthorizeServiceFactory;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CollectionService;
import org.dspace.content.service.ItemService;
import org.dspace.core.Context;

/* loaded from: input_file:org/dspace/app/util/AuthorizeUtil.class */
public class AuthorizeUtil {
    private static final AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
    private static final ItemService itemService = ContentServiceFactory.getInstance().getItemService();
    private static final CollectionService collectionService = ContentServiceFactory.getInstance().getCollectionService();

    public static void authorizeManageBitstreamPolicy(Context context, Bitstream bitstream) throws AuthorizeException, SQLException {
        authorizeManageBundlePolicy(context, bitstream.getBundles().get(0));
    }

    public static void authorizeManageBundlePolicy(Context context, Bundle bundle) throws AuthorizeException, SQLException {
        authorizeManageItemPolicy(context, bundle.getItems().get(0));
    }

    public static void authorizeManageItemPolicy(Context context, Item item) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canItemAdminManagePolicies()) {
            authorizeService.authorizeAction(context, item, 11);
            return;
        }
        if (AuthorizeConfiguration.canCollectionAdminManageItemPolicies()) {
            authorizeService.authorizeAction(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageItemPolicies()) {
            authorizeService.authorizeAction(context, item.getOwningCollection().getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage item policies");
        }
    }

    public static void authorizeManageCollectionPolicy(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionPolicies()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection policies");
        }
    }

    public static void authorizeManageCommunityPolicy(Context context, Community community) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCommunityAdminManagePolicies()) {
            authorizeService.authorizeAction(context, community, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community policies");
        }
    }

    public static void requireAdminRole(Context context) throws AuthorizeException, SQLException {
        if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to perform this action");
        }
    }

    public static void authorizeManageCCLicense(Context context, Item item) throws AuthorizeException, SQLException {
        try {
            authorizeService.authorizeAction(context, item, 3);
            authorizeService.authorizeAction(context, item, 4);
        } catch (AuthorizeException e) {
            if (AuthorizeConfiguration.canItemAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, item, 11);
                return;
            }
            if (AuthorizeConfiguration.canCollectionAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, itemService.getParentObject(context, item), 11);
            } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) {
                authorizeService.authorizeAction(context, itemService.getParentObject(context, item), 11);
            } else {
                requireAdminRole(context);
            }
        }
    }

    public static void authorizeManageTemplateItem(Context context, Collection collection) throws AuthorizeException, SQLException {
        boolean canEditBoolean = collectionService.canEditBoolean(context, collection, false);
        if (!canEditBoolean && AuthorizeConfiguration.canCollectionAdminManageTemplateItem()) {
            authorizeService.authorizeAction(context, collection, 11);
            return;
        }
        if (!canEditBoolean && AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem()) {
            List<Community> communities = collection.getCommunities();
            authorizeService.authorizeAction(context, (communities == null || communities.size() <= 0) ? null : communities.get(0), 11);
        } else if (!canEditBoolean && !authorizeService.isAdmin(context)) {
            throw new AuthorizeException("You are not authorized to create a template item for the collection");
        }
    }

    public static void authorizeManageSubmittersGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageSubmitters()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection submitters");
        }
    }

    public static void authorizeManageWorkflowsGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageWorkflows()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection workflow");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) {
            authorizeService.authorizeAction(context, collection, 11);
        } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup()) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage collection admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException {
        List<Community> communities = collection.getCommunities();
        if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup() && communities != null && communities.size() > 0) {
            authorizeService.authorizeAction(context, collection.getCommunities().get(0), 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of a collection");
        }
    }

    public static void authorizeManageAdminGroup(Context context, Community community) throws AuthorizeException, SQLException {
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) {
            authorizeService.authorizeAction(context, community, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin are allowed to manage community admin");
        }
    }

    public static void authorizeRemoveAdminGroup(Context context, Community community) throws SQLException, AuthorizeException {
        List<Community> parentCommunities = community.getParentCommunities();
        Community community2 = null;
        if (0 < parentCommunities.size()) {
            community2 = parentCommunities.get(0);
        }
        if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup() && community2 != null) {
            authorizeService.authorizeAction(context, community2, 11);
        } else if (!authorizeService.isAdmin(context)) {
            throw new AuthorizeException("Only system admin can remove the admin group of the community");
        }
    }

    public static void authorizeManagePolicy(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException {
        switch (resourcePolicy.getdSpaceObject().getType()) {
            case 0:
                authorizeManageBitstreamPolicy(context, (Bitstream) resourcePolicy.getdSpaceObject());
                return;
            case 1:
                authorizeManageBundlePolicy(context, (Bundle) resourcePolicy.getdSpaceObject());
                return;
            case 2:
                authorizeManageItemPolicy(context, (Item) resourcePolicy.getdSpaceObject());
                return;
            case 3:
                authorizeManageCollectionPolicy(context, (Collection) resourcePolicy.getdSpaceObject());
                return;
            case 4:
                authorizeManageCommunityPolicy(context, (Community) resourcePolicy.getdSpaceObject());
                return;
            default:
                requireAdminRole(context);
                return;
        }
    }

    public static void authorizeWithdrawItem(Context context, Item item) throws SQLException, AuthorizeException {
        boolean z = false;
        if (AuthorizeConfiguration.canCollectionAdminPerformItemWithdrawn()) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection(), 11);
        } else if (AuthorizeConfiguration.canCommunityAdminPerformItemWithdrawn()) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection().getCommunities().get(0), 11);
        }
        if (!z) {
            z = authorizeService.authorizeActionBoolean(context, item.getOwningCollection(), 4, false);
        }
        if (!z) {
            throw new AuthorizeException("To withdraw item must be COLLECTION_ADMIN or have REMOVE authorization on owning Collection");
        }
    }

    public static void authorizeReinstateItem(Context context, Item item) throws SQLException, AuthorizeException {
        for (Collection collection : item.getCollections()) {
            if (AuthorizeConfiguration.canCollectionAdminPerformItemReinstatiate()) {
                authorizeService.authorizeAction(context, collection, 3);
            } else if (!AuthorizeConfiguration.canCommunityAdminPerformItemReinstatiate() || !authorizeService.authorizeActionBoolean(context, collection.getCommunities().get(0), 11)) {
                authorizeService.authorizeAction(context, collection, 3, false);
            }
        }
    }
}
