package com.inet.plugin.webapi.server;

import com.inet.authentication.base.LoginManager;
import com.inet.http.servlet.NopHttpServletResponse;
import com.inet.permissions.AccessDeniedException;
import com.inet.permissions.Permission;
import com.inet.permissions.SystemPermissionChecker;
import com.inet.plugin.webapi.WebAPICoreServerPlugin;
import com.inet.plugin.webapi.api.ResponseWriter;
import com.inet.plugin.webapi.api.WebAPIAccessProvider;
import com.inet.plugin.webapi.api.WebAPIExtension;
import com.inet.usersandgroups.api.user.UserManager;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/inet/plugin/webapi/server/a.class */
public class a implements WebAPIAccessProvider {
    private final String q = "checkForPublicAccess";
    private final Object r = new Object();

    @Override // com.inet.plugin.webapi.api.WebAPIAccessProvider
    public boolean isWebApiAccessGranted(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (a(httpServletRequest)) {
            return true;
        }
        if (UserManager.getInstance().getCurrentUserAccountID() == null) {
            if (!LoginManager.forceLogin(httpServletRequest, httpServletResponse)) {
                return false;
            }
            if (UserManager.getInstance().getCurrentUserAccountID() == null) {
                WebAPICoreServerPlugin.LOGGER.debug("There is no user authenticated for this request.");
                ResponseWriter.forbidden(httpServletResponse);
                throw new AccessDeniedException("A user could not be authenticated for this request.");
            }
        }
        if (SystemPermissionChecker.checkAccess(WebAPICoreServerPlugin.PERMISSION_WEBAPI)) {
            return true;
        }
        WebAPICoreServerPlugin.LOGGER.debug("Web API access denied for user with ID: " + String.valueOf(UserManager.getInstance().getCurrentUserAccountID()));
        ResponseWriter.forbidden(httpServletResponse, WebAPICoreServerPlugin.PERMISSION_WEBAPI);
        return false;
    }

    private boolean a(HttpServletRequest httpServletRequest) {
        d e = d.e();
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        try {
            httpServletRequest.setAttribute("checkForPublicAccess", this.r);
            e.a(httpServletRequest, new NopHttpServletResponse(), false, () -> {
            }, webAPIExtension -> {
                atomicBoolean.set(webAPIExtension.isAllowedWithoutAuthentication());
                return Boolean.TRUE;
            }, (requestHandlerBase, obj, list, webAPIAccessProvider) -> {
                atomicBoolean.set(requestHandlerBase.isAllowedWithoutAuthentication());
            }, false);
        } catch (Throwable th) {
        }
        if (!atomicBoolean.get()) {
            httpServletRequest.removeAttribute("checkForPublicAccess");
        }
        return atomicBoolean.get();
    }

    @Override // com.inet.plugin.webapi.api.WebAPIAccessProvider
    public boolean isAccessToExtensionGranted(WebAPIExtension webAPIExtension, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<String> list) {
        Permission requiredPermission = webAPIExtension.getRequiredPermission(httpServletRequest, list);
        if (requiredPermission == null) {
            return true;
        }
        if (SystemPermissionChecker.checkAccess(WebAPICoreServerPlugin.PERMISSION_WEBAPI) && SystemPermissionChecker.checkAccess(requiredPermission)) {
            return true;
        }
        return httpServletRequest != null && this.r.equals(httpServletRequest.getAttribute("checkForPublicAccess"));
    }

    @Nonnull
    public String getExtensionName() {
        return a.class.getName();
    }
}
