package org.craftercms.studio.impl.v1.web.security.access;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Collection;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.permissions.StudioPermissionsConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:org/craftercms/studio/impl/v1/web/security/access/StudioContentAPIAccessDecisionVoter.class */
public class StudioContentAPIAccessDecisionVoter extends StudioAbstractAccessDecisionVoter {
    private static final Logger logger = LoggerFactory.getLogger(StudioContentAPIAccessDecisionVoter.class);
    private static final String CONTENT_API_ROOT = "/api/1/services/api/1/content/";
    private static final String WRITE_CONTENT = "/api/1/services/api/1/content/write-content.json";

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.craftercms.studio.impl.v1.web.security.access.StudioAbstractAccessDecisionVoter
    public int voteInternal(Authentication authentication, Object obj, Collection collection) {
        if (!(obj instanceof FilterInvocation)) {
            logger.trace("The request with URL '{}' has access '{}'", StudioAbstractAccessDecisionVoter.DEFAULT_PERMISSION_VOTER_PATH, 0);
            return 0;
        }
        HttpServletRequest request = ((FilterInvocation) obj).getRequest();
        String replace = request.getRequestURI().replace(request.getContextPath(), StudioAbstractAccessDecisionVoter.DEFAULT_PERMISSION_VOTER_PATH);
        if (!StringUtils.startsWith(replace, CONTENT_API_ROOT)) {
            logger.trace("The request with URL '{}' has access '{}'", replace, 0);
            return 0;
        }
        request.getParameter("username");
        String parameter = request.getParameter("site_id");
        if (StringUtils.isEmpty(parameter)) {
            parameter = request.getParameter("site");
        }
        String str = (String) StringUtils.defaultIfEmpty(request.getParameter("path"), StudioAbstractAccessDecisionVoter.DEFAULT_PERMISSION_VOTER_PATH);
        User user = (User) authentication.getPrincipal();
        if (!this.siteService.exists(parameter)) {
            logger.trace("Site '{}' does not exist. The request with URL '{}' has access '{}'", new Object[]{parameter, replace, 0});
            return 0;
        }
        if (user == null || !isSiteMember(parameter, user)) {
            logger.trace("Current user '{}' has no access to site '{}'. The request with URL '{}' has access '{}'", new Object[]{user, parameter, replace, -1});
            return -1;
        }
        String str2 = StudioPermissionsConstants.PERMISSION_CONTENT_READ;
        if (StringUtils.equals(replace, WRITE_CONTENT)) {
            str2 = StudioPermissionsConstants.PERMISSION_CONTENT_WRITE;
        }
        int i = hasPermission(parameter, str, user.getUsername(), str2) ? 1 : -1;
        logger.trace("The request with URL '{}' has access '{}'", replace, Integer.valueOf(i));
        return i;
    }

    public boolean supports(Class cls) {
        return true;
    }
}
