package com.liferay.change.tracking.rest.internal.jaxrs.container.request.filter;

import com.liferay.change.tracking.configuration.CTPortalConfiguration;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
import com.liferay.portal.kernel.util.ArrayUtil;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Modified;

@Priority(1000)
@Component(configurationPid = {"com.liferay.change.tracking.configuration.CTPortalConfiguration"}, configurationPolicy = ConfigurationPolicy.OPTIONAL, immediate = true, property = {"osgi.jaxrs.application.select=(osgi.jaxrs.name=Liferay.Change.Tracking.REST)", "osgi.jaxrs.extension=true", "osgi.jaxrs.name=AdministratorCheckContainerRequestFilter"}, service = {ContainerRequestFilter.class})
/* loaded from: input_file:com/liferay/change/tracking/rest/internal/jaxrs/container/request/filter/AdministratorCheckContainerRequestFilter.class */
public class AdministratorCheckContainerRequestFilter implements ContainerRequestFilter {
    private CTPortalConfiguration _ctPortalConfiguration;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        try {
            checkPermissions();
        } catch (Exception e) {
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        }
    }

    @Activate
    @Modified
    protected void activate(Map<String, Object> map) {
        this._ctPortalConfiguration = (CTPortalConfiguration) ConfigurableUtil.createConfigurable(CTPortalConfiguration.class, map);
    }

    protected void checkPermissions() throws Exception {
        PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
        if (permissionChecker.isCompanyAdmin()) {
            return;
        }
        String[] administratorRoleNames = this._ctPortalConfiguration.administratorRoleNames();
        Iterator it = permissionChecker.getUserBag().getRoles().iterator();
        while (it.hasNext()) {
            if (ArrayUtil.contains(administratorRoleNames, ((Role) it.next()).getName())) {
                return;
            }
        }
        throw new PrincipalException(String.format("User %s must have administrator role", Long.valueOf(permissionChecker.getUserId())));
    }
}
