package org.akaza.openclinica.web.filter.rest;

import com.sun.jersey.server.impl.application.WebApplicationContext;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import java.util.ArrayList;
import java.util.ResourceBundle;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.akaza.openclinica.bean.core.Role;
import org.akaza.openclinica.bean.core.Term;
import org.akaza.openclinica.bean.login.StudyUserRoleBean;
import org.akaza.openclinica.bean.login.UserAccountBean;
import org.akaza.openclinica.bean.managestudy.StudyBean;
import org.akaza.openclinica.control.SpringServletAccess;
import org.akaza.openclinica.dao.login.UserAccountDAO;
import org.akaza.openclinica.dao.managestudy.StudyDAO;
import org.springframework.test.context.transaction.TestContextTransactionUtils;

/* loaded from: input_file:WEB-INF/classes/org/akaza/openclinica/web/filter/rest/RestODMFilter.class */
public class RestODMFilter implements ContainerRequestFilter, ResourceFilter {

    @Context
    HttpServletRequest request;

    @Context
    HttpServletResponse response;
    WebApplicationContext context;
    String studyOIDS;
    public static ResourceBundle restext;
    private static String GlOBAL_STUDY_OID = "*";

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        UserAccountBean userAccountBean = (UserAccountBean) this.request.getSession().getAttribute("userBean");
        String path = containerRequest.getPathSegments().get(3).getPath();
        if (!path.equals(GlOBAL_STUDY_OID)) {
            StudyBean studyByOID = getStudyByOID(path, getDataSource());
            if (checkAuth(studyByOID, userAccountBean).booleanValue()) {
                return containerRequest;
            }
            if (studyByOID.getParentStudyId() != 0 && checkAuth(getStudyByID(studyByOID.getParentStudyId(), getDataSource()), userAccountBean).booleanValue()) {
                return containerRequest;
            }
            this.request.setAttribute("pageMessages", "You don't have correct permission in your current Study.");
        } else if (checkAuth(userAccountBean).booleanValue()) {
            return containerRequest;
        }
        throw new WebApplicationException(Response.Status.FORBIDDEN);
    }

    private Boolean checkAuth(UserAccountBean userAccountBean) {
        Boolean bool = false;
        ArrayList<StudyUserRoleBean> roles = userAccountBean.getRoles();
        for (int i = 0; i < roles.size() && !bool.booleanValue(); i++) {
            StudyUserRoleBean studyUserRoleBean = roles.get(i);
            if (studyUserRoleBean.getRole().equals((Term) Role.ADMIN) || studyUserRoleBean.getRole().equals((Term) Role.COORDINATOR) || studyUserRoleBean.getRole().equals((Term) Role.STUDYDIRECTOR)) {
                bool = true;
            }
        }
        return bool;
    }

    private Boolean checkAuth(StudyBean studyBean, UserAccountBean userAccountBean) {
        Boolean bool = false;
        Role role = getRoleByStudy(studyBean, getDataSource(), userAccountBean).getRole();
        if (role != null) {
            if (role != null && (role.equals((Term) Role.COORDINATOR) || role.equals((Term) Role.STUDYDIRECTOR))) {
                bool = true;
            }
            if (role != null && (role.equals((Term) Role.ADMIN) || role.equals((Term) Role.COORDINATOR) || role.equals((Term) Role.STUDYDIRECTOR) || role.equals((Term) Role.INVESTIGATOR) || role.equals((Term) Role.MONITOR) || role.equals((Term) Role.RESEARCHASSISTANT) || role.equals((Term) Role.RESEARCHASSISTANT2))) {
                bool = true;
            }
        }
        return bool;
    }

    private DataSource getDataSource() {
        return (DataSource) SpringServletAccess.getApplicationContext(this.request.getSession().getServletContext()).getBean(TestContextTransactionUtils.DEFAULT_DATA_SOURCE_NAME);
    }

    private StudyBean getStudyByOID(String str, DataSource dataSource) {
        return new StudyDAO(dataSource).findByOid(str);
    }

    private StudyUserRoleBean getRoleByStudy(StudyBean studyBean, DataSource dataSource, UserAccountBean userAccountBean) {
        return new UserAccountDAO(dataSource).findRoleByUserNameAndStudyId(userAccountBean.getName(), studyBean.getId());
    }

    private StudyBean getStudyByID(int i, DataSource dataSource) {
        return new StudyDAO(dataSource).findByPK(i);
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerResponseFilter getResponseFilter() {
        return null;
    }
}
