package org.exist.security;

import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.NoAspectBoundException;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;

@Aspect
/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/PermissionRequiredAspect.class */
public class PermissionRequiredAspect {
    private static Throwable ajc$initFailureCause;
    public static final PermissionRequiredAspect ajc$perSingletonInstance = null;

    @Pointcut("execution(* *(@org.exist.security.PermissionRequired (*),..)) && args(o,..) && this(permission)")
    public /* synthetic */ void methodParameterWithPermissionRequired(Permission permission, Object obj) {
    }

    @Before("methodParameterWithPermissionRequired(permission, o)")
    public void enforcePermissionsOnParameter(JoinPoint joinPoint, Permission permission, Object obj) throws PermissionDeniedException {
        PermissionRequired permissionRequired = (PermissionRequired) ((MethodSignature) joinPoint.getSignature()).getMethod().getParameterAnnotations()[0][0];
        if ((permissionRequired.user() & 4) == 4 && permission.isCurrentSubjectDBA()) {
            return;
        }
        if ((permissionRequired.user() & 40) == 40 && permission.isCurrentSubjectInGroup(((Integer) obj).intValue())) {
            return;
        }
        if ((permissionRequired.mode() & 1) != 1 || !((Permission) obj).isSetGid()) {
            throw new PermissionDeniedException("You must be a member of the group you are changing the item to");
        }
    }

    @Pointcut("execution(@org.exist.security.PermissionRequired * *(..)) && this(permission) && @annotation(permissionRequired)")
    public /* synthetic */ void methodWithPermissionRequired(Permission permission, PermissionRequired permissionRequired) {
    }

    @Before("methodWithPermissionRequired(permission, permissionRequired)")
    public void enforcePermissions(JoinPoint joinPoint, Permission permission, PermissionRequired permissionRequired) throws PermissionDeniedException {
        if ((permissionRequired.user() & 4) == 4 && permission.isCurrentSubjectDBA()) {
            return;
        }
        if ((permissionRequired.user() & 2) == 2 && permission.isCurrentSubjectOwner()) {
            if (permissionRequired.group() == 0) {
                return;
            }
            if (permissionRequired.group() == 40 && permission.isCurrentSubjectInGroup()) {
                return;
            }
        }
        if (permissionRequired.user() == 0 && permissionRequired.group() != 0 && permissionRequired.group() == 40 && permission.isCurrentSubjectInGroup()) {
            return;
        }
        if (!(permission instanceof ACLPermission) || permissionRequired.mode() == 0 || (permissionRequired.mode() & 4) != 4 || !((ACLPermission) permission).isCurrentSubjectCanWriteACL()) {
            throw new PermissionDeniedException("You do not have appropriate access rights to modify permissions on this object");
        }
    }

    public static PermissionRequiredAspect aspectOf() {
        if (ajc$perSingletonInstance == null) {
            throw new NoAspectBoundException("org.exist.security.PermissionRequiredAspect", ajc$initFailureCause);
        }
        return ajc$perSingletonInstance;
    }

    public static boolean hasAspect() {
        return ajc$perSingletonInstance != null;
    }

    private static void ajc$postClinit() {
        ajc$perSingletonInstance = new PermissionRequiredAspect();
    }

    static {
        try {
            ajc$postClinit();
        } catch (Throwable th) {
            ajc$initFailureCause = th;
        }
    }
}
