package com.liferay.account.internal.security.permission.resource;

import com.liferay.account.model.AccountEntry;
import com.liferay.account.model.AccountRole;
import com.liferay.account.role.AccountRolePermissionThreadLocal;
import com.liferay.account.service.AccountEntryLocalService;
import com.liferay.account.service.AccountRoleLocalService;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission;
import com.liferay.portal.kernel.service.permission.RolePermission;
import java.util.Objects;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"model.class.name=com.liferay.account.model.AccountRole"}, service = {AccountRoleModelResourcePermission.class, ModelResourcePermission.class})
/* loaded from: input_file:com/liferay/account/internal/security/permission/resource/AccountRoleModelResourcePermission.class */
public class AccountRoleModelResourcePermission implements ModelResourcePermission<AccountRole> {

    @Reference
    private AccountEntryLocalService _accountEntryLocalService;

    @Reference(target = "(model.class.name=com.liferay.account.model.AccountEntry)")
    private ModelResourcePermission<AccountEntry> _accountEntryModelResourcePermission;

    @Reference
    private AccountRoleLocalService _accountRoleLocalService;

    @Reference(target = "(resource.name=com.liferay.account)")
    private PortletResourcePermission _portletResourcePermission;

    @Reference
    private RolePermission _rolePermission;

    public void check(PermissionChecker permissionChecker, AccountRole accountRole, String str) throws PortalException {
        if (!contains(permissionChecker, accountRole, str)) {
            throw new PrincipalException.MustHavePermission(permissionChecker, AccountRole.class.getName(), accountRole.getAccountRoleId(), new String[]{str});
        }
    }

    public void check(PermissionChecker permissionChecker, long j, String str) throws PortalException {
        if (!contains(permissionChecker, j, str)) {
            throw new PrincipalException.MustHavePermission(permissionChecker, AccountRole.class.getName(), j, new String[]{str});
        }
    }

    public boolean contains(PermissionChecker permissionChecker, AccountRole accountRole, String str) throws PortalException {
        return contains(permissionChecker, accountRole.getAccountRoleId(), str);
    }

    public boolean contains(PermissionChecker permissionChecker, long j, String str) throws PortalException {
        long accountEntryId = AccountRolePermissionThreadLocal.getAccountEntryId();
        Group accountEntryGroup = accountEntryId > 0 ? this._accountEntryLocalService.getAccountEntry(accountEntryId).getAccountEntryGroup() : null;
        AccountRole fetchAccountRole = this._accountRoleLocalService.fetchAccountRole(j);
        if (fetchAccountRole == null) {
            return permissionChecker.hasPermission(accountEntryGroup, AccountRole.class.getName(), 0L, str);
        }
        Role role = fetchAccountRole.getRole();
        if (permissionChecker.hasOwnerPermission(permissionChecker.getCompanyId(), AccountRole.class.getName(), j, role.getUserId(), str)) {
            return true;
        }
        long accountEntryId2 = fetchAccountRole.getAccountEntryId();
        if (accountEntryId2 > 0 && accountEntryId > 0 && !Objects.equals(Long.valueOf(accountEntryId2), Long.valueOf(accountEntryId))) {
            return false;
        }
        for (long j2 : new long[]{accountEntryId2, accountEntryId}) {
            if ((Objects.equals(str, "VIEW") && j2 > 0 && this._accountEntryModelResourcePermission.contains(permissionChecker, j2, "VIEW_ACCOUNT_ROLES")) || this._rolePermission.contains(permissionChecker, role.getRoleId(), "VIEW")) {
                return true;
            }
            if (Objects.equals(str, "ASSIGN_USERS") && j2 > 0 && this._accountEntryModelResourcePermission.contains(permissionChecker, j2, "MANAGE_USERS")) {
                return true;
            }
        }
        if (accountEntryGroup == null && accountEntryId2 > 0) {
            accountEntryGroup = this._accountEntryLocalService.getAccountEntry(accountEntryId2).getAccountEntryGroup();
        }
        return permissionChecker.hasPermission(accountEntryGroup, AccountRole.class.getName(), j, str);
    }

    public String getModelName() {
        return AccountRole.class.getName();
    }

    public PortletResourcePermission getPortletResourcePermission() {
        return this._portletResourcePermission;
    }
}
