package li.strolch.privilege.policy;

import java.text.MessageFormat;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.base.PrivilegeException;
import li.strolch.privilege.i18n.PrivilegeMessages;
import li.strolch.privilege.model.IPrivilege;
import li.strolch.privilege.model.PrivilegeContext;
import li.strolch.privilege.model.Restrictable;
import li.strolch.privilege.model.internal.User;
import li.strolch.utils.collections.Tuple;
import li.strolch.utils.dbc.DBC;
import li.strolch.utils.helper.StringHelper;

/* loaded from: input_file:WEB-INF/lib/li.strolch.privilege-1.4.3.jar:li/strolch/privilege/policy/UserAccessWithSameOrganisationPrivilege.class */
public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege {
    private static final String PARAM_ORGANISATION = "organisation";

    @Override // li.strolch.privilege.policy.UserAccessPrivilege, li.strolch.privilege.policy.PrivilegePolicy
    public void validateAction(PrivilegeContext privilegeContext, IPrivilege iPrivilege, Restrictable restrictable) {
        String preValidate = PrivilegePolicyHelper.preValidate(iPrivilege, restrictable);
        Object privilegeValue = restrictable.getPrivilegeValue();
        if (!(privilegeValue instanceof Tuple)) {
            throw new PrivilegeException(MessageFormat.format(Restrictable.class.getName() + PrivilegeMessages.getString("Privilege.illegalArgument.nontuple"), restrictable.getClass().getSimpleName()));
        }
        String property = privilegeContext.getCertificate().getProperty(PARAM_ORGANISATION);
        if (StringHelper.isEmpty(property)) {
            throw new AccessDeniedException("No organisation configured for user " + privilegeContext.getUsername());
        }
        Tuple tuple = (Tuple) privilegeValue;
        boolean z = -1;
        switch (preValidate.hashCode()) {
            case -1436538912:
                if (preValidate.equals("PrivilegeRemoveUser")) {
                    z = 3;
                    break;
                }
                break;
            case -1323721450:
                if (preValidate.equals("PrivilegeModifyUser")) {
                    z = 2;
                    break;
                }
                break;
            case -397983380:
                if (preValidate.equals("PrivilegeAddRoleToUser")) {
                    z = 4;
                    break;
                }
                break;
            case -390727616:
                if (preValidate.equals("PrivilegeRemoveRoleFromUser")) {
                    z = 5;
                    break;
                }
                break;
            case 823905339:
                if (preValidate.equals("PrivilegeAddUser")) {
                    z = true;
                    break;
                }
                break;
            case 1897365616:
                if (preValidate.equals("PrivilegeGetUser")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
                User user = (User) tuple.getFirst();
                if (user != null) {
                    String property2 = user.getProperty(PARAM_ORGANISATION);
                    if (!property.equals(property2)) {
                        throw new AccessDeniedException("User " + privilegeContext.getUsername() + " may not access users outside of their organisation: " + property + " / " + property2);
                    }
                }
                User user2 = (User) tuple.getSecond();
                DBC.INTERIM.assertNotNull("For " + preValidate + " second must not be null!", user2);
                String property3 = user2.getProperty(PARAM_ORGANISATION);
                if (!property.equals(property3)) {
                    throw new AccessDeniedException("User " + privilegeContext.getUsername() + " may not access users outside of their organisations: " + property + " / " + property3);
                }
                break;
            case true:
            case true:
                User user3 = (User) tuple.getFirst();
                DBC.INTERIM.assertNotNull("For " + preValidate + " first must not be null!", user3);
                String property4 = user3.getProperty(PARAM_ORGANISATION);
                if (!property.equals(property4)) {
                    throw new AccessDeniedException("User " + privilegeContext.getUsername() + " may not access users outside of their organisation: " + property + " / " + property4);
                }
                break;
            default:
                throw new PrivilegeException(MessageFormat.format(Restrictable.class.getName() + PrivilegeMessages.getString("Privilege.userAccessPrivilege.unknownPrivilege"), preValidate));
        }
        super.validateAction(privilegeContext, iPrivilege, restrictable);
    }
}
