package com.supermap.services.security;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/PortalViewerHttpMethodFilter.class */
public class PortalViewerHttpMethodFilter extends SecurityAuthorizationFilter {
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            return false;
        }
        Subject subject = ThreadContext.getSubject();
        if (subject == null) {
            return true;
        }
        String upperCase = ((HttpServletRequest) servletRequest).getMethod().toUpperCase();
        return !(upperCase.equals("POST") || upperCase.equals("PUT") || upperCase.equals("DELETE")) || !subject.hasRole(SecurityConstants.ROLE_PORTAL_VIEWER) || subject.hasRole("PORTAL_USER") || subject.hasRole("ADMIN");
    }
}
