package pl.net.bluesoft.rnd.processtool.plugins;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.model.Role;
import com.liferay.portal.model.User;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.util.PortalUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javassist.compiler.TokenId;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/classes/pl/net/bluesoft/rnd/processtool/plugins/PermissionFilter.class */
public class PermissionFilter implements Filter {
    public static final String AUTHORIZED = "Aperte_Authorized";
    private static final Logger logger = Logger.getLogger(PermissionFilter.class.getName());
    private static final Collection<String> ROLE_NAMES = Arrays.asList("ADMINISTRATOR", "MODELER_USER");

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(AUTHORIZED) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            User user = null;
            long basicAuthUserId = PortalUtil.getBasicAuthUserId(httpServletRequest);
            if (basicAuthUserId != 0) {
                user = UserLocalServiceUtil.getUserById(basicAuthUserId);
            }
            if (user != null) {
                String screenName = user.getScreenName();
                logger.info("Successfully authorized user: " + screenName);
                boolean z = false;
                Iterator it = user.getRoles().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Role role = (Role) it.next();
                    if (!role.isTeam() && ROLE_NAMES.contains(role.getName().toUpperCase())) {
                        z = true;
                        logger.info("Matched role " + role.getName() + " for user " + screenName);
                        break;
                    }
                }
                if (z) {
                    session.setAttribute(AUTHORIZED, screenName);
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
                logger.info("User " + screenName + " has insufficient privileges.");
            } else {
                logger.warning("Failed to authorize user");
            }
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Aperte Modeler\"");
            httpServletResponse.setStatus(TokenId.CharConstant);
        } catch (SystemException e) {
            logger.log(Level.SEVERE, e.getMessage(), e);
            throw new ServletException(e);
        } catch (PortalException e2) {
            logger.log(Level.SEVERE, e2.getMessage(), e2);
            throw new ServletException(e2);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
