package io.imunity.scim.group;

import io.imunity.scim.SCIMSystemScopeProvider;
import io.imunity.scim.config.SCIMEndpointDescription;
import java.util.Map;
import java.util.function.Predicate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.engine.api.AuthorizationManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.types.basic.EntityParam;

/* loaded from: input_file:io/imunity/scim/group/GroupAuthzService.class */
class GroupAuthzService {
    private final AuthorizationManagement authzMan;
    private final SCIMEndpointDescription configuration;
    private final EntityManagement entityManagement;

    @Component
    /* loaded from: input_file:io/imunity/scim/group/GroupAuthzService$SCIMGroupAuthzServiceFactory.class */
    static class SCIMGroupAuthzServiceFactory {
        private final AuthorizationManagement authzMan;
        private final EntityManagement entityManagement;

        @Autowired
        SCIMGroupAuthzServiceFactory(AuthorizationManagement authorizationManagement, EntityManagement entityManagement) {
            this.authzMan = authorizationManagement;
            this.entityManagement = entityManagement;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public GroupAuthzService getService(SCIMEndpointDescription sCIMEndpointDescription) {
            return new GroupAuthzService(this.authzMan, this.entityManagement, sCIMEndpointDescription);
        }
    }

    GroupAuthzService(AuthorizationManagement authorizationManagement, EntityManagement entityManagement, SCIMEndpointDescription sCIMEndpointDescription) {
        this.authzMan = authorizationManagement;
        this.configuration = sCIMEndpointDescription;
        this.entityManagement = entityManagement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkReadGroups() throws AuthorizationException {
        InvocationContext current = InvocationContext.getCurrent();
        if (!current.getInvocationMaterial().equals(InvocationContext.InvocationMaterial.OAUTH_DELEGATION)) {
            this.authzMan.checkReadCapability(false, this.configuration.rootGroup);
        } else if (!current.getScopes().contains(SCIMSystemScopeProvider.READ_SELF_GROUP_SCOPE)) {
            throw new AuthorizationException("Access is denied. Reading groups over OAuth is available only with scope sys:scim:read_self_group");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Predicate<String> getFilter() throws EngineException {
        InvocationContext current = InvocationContext.getCurrent();
        if (current.getInvocationMaterial().equals(InvocationContext.InvocationMaterial.DIRECT)) {
            return str -> {
                return true;
            };
        }
        Map groups = this.entityManagement.getGroups(new EntityParam(Long.valueOf(current.getLoginSession().getEntityId())));
        return str2 -> {
            return groups.keySet().contains(str2);
        };
    }
}
