package com.supermap.services.rest.resources.impl;

import com.supermap.services.rest.HttpException;
import com.supermap.services.rest.resources.SecurityResource;
import com.supermap.services.security.Role;
import com.supermap.services.security.SubjectType;
import com.supermap.services.util.ProductTypeUtil;
import com.supermap.services.util.ResourceManager;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.shiro.util.ThreadContext;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Status;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/rest/resources/impl/RoleResource.class */
public class RoleResource extends SecuritySubjectResourceBase {
    private static final ResourceManager a = new ResourceManager((Class<? extends Enum<?>>) SecurityResource.class);
    private String b;

    public RoleResource(Context context, Request request, Response response) {
        super(context, request, response);
        this.b = getResourceName(request, "roleName");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.supermap.services.rest.resources.impl.SecurityResourceBase
    public SubjectType a() {
        return SubjectType.ROLE;
    }

    @Override // com.supermap.services.rest.resources.impl.SecurityResourceBase, com.supermap.services.rest.resources.ResourceBase
    public final boolean isResourceExist() {
        return getSecurityManager().getRole(this.b) != null;
    }

    @Override // com.supermap.services.rest.resources.impl.SecuritySubjectResourceBase, com.supermap.services.rest.resources.ResourceBase
    public void checkRequestEntityObjectValid(Object obj) {
        super.checkRequestEntityObjectValid(obj);
        Role role = (Role) obj;
        if (!ThreadContext.getSubject().hasRole("ADMIN") && role.name != null && role.name.equals("ADMIN")) {
            throw new HttpException(Status.CLIENT_ERROR_BAD_REQUEST, a.getMessage((ResourceManager) SecurityResource.ROLERESOURCE_NONADMIN_CANNOTEDIT_ADMIN, new Object[0]));
        }
        if (ProductTypeUtil.isPortal()) {
            a(role);
        }
    }

    private void a(Role role) {
        if (role.users == null || role.users.length <= 0) {
            return;
        }
        List<String> portalRoleExcludedUsers = getPortalRoleExcludedUsers(role.name);
        if (CollectionUtils.isNotEmpty(portalRoleExcludedUsers)) {
            Role role2 = (Role) getResourceContent();
            if (role2.users != null && role2.users.length > 0) {
                portalRoleExcludedUsers.removeAll(Arrays.asList(role2.users));
            }
            portalRoleExcludedUsers.retainAll(Arrays.asList(role.users));
            if (portalRoleExcludedUsers.size() > 0) {
                throw new HttpException(Status.CLIENT_ERROR_BAD_REQUEST, a.getMessage((ResourceManager) SecurityResource.ROLERESOURCE_NOT_ALLOWED_GIVE_THIS_ROLE, portalRoleExcludedUsers));
            }
        }
    }
}
