package org.cloudfoundry.identity.uaa.scim.security;

import javax.servlet.http.HttpServletRequest;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMember;
import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.5.7.jar:org/cloudfoundry/identity/uaa/scim/security/GroupRoleCheck.class */
public class GroupRoleCheck {
    private final ScimGroupMembershipManager manager;

    public GroupRoleCheck(ScimGroupMembershipManager scimGroupMembershipManager) {
        this.manager = scimGroupMembershipManager;
    }

    public boolean isGroupWriter(HttpServletRequest httpServletRequest, int i) {
        return isGroupRole(httpServletRequest, i, ScimGroupMember.Role.WRITER);
    }

    public boolean isGroupReader(HttpServletRequest httpServletRequest, int i) {
        return isGroupRole(httpServletRequest, i, ScimGroupMember.Role.READER);
    }

    public boolean isGroupMember(HttpServletRequest httpServletRequest, int i) {
        return isGroupRole(httpServletRequest, i, ScimGroupMember.Role.MEMBER);
    }

    public boolean isGroupRole(HttpServletRequest httpServletRequest, int i, ScimGroupMember.Role role) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !(authentication.getPrincipal() instanceof UaaPrincipal)) {
            return false;
        }
        String id = ((UaaPrincipal) authentication.getPrincipal()).getId();
        String requestPath = UaaUrlUtils.getRequestPath(httpServletRequest);
        if (StringUtils.hasText(requestPath)) {
            return this.manager.getMembers(UaaUrlUtils.extractPathVariableFromUrl(i, requestPath), role, IdentityZoneHolder.get().getId()).contains(new ScimGroupMember(id));
        }
        return false;
    }
}
