package org.camunda.bpm.engine.impl.cmd;

import java.util.List;
import java.util.Objects;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.ProcessEngineLogger;
import org.camunda.bpm.engine.impl.db.EnginePersistenceLogger;
import org.camunda.bpm.engine.impl.interceptor.Command;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager;
import org.camunda.bpm.engine.impl.util.EnsureUtil;

/* loaded from: input_file:WEB-INF/lib/camunda-engine-7.15.0.jar:org/camunda/bpm/engine/impl/cmd/AuthorizationCheckCmd.class */
public class AuthorizationCheckCmd implements Command<Boolean> {
    protected static final EnginePersistenceLogger LOG = ProcessEngineLogger.PERSISTENCE_LOGGER;
    protected String userId;
    protected List<String> groupIds;
    protected Permission permission;
    protected Resource resource;
    protected String resourceId;

    public AuthorizationCheckCmd(String str, List<String> list, Permission permission, Resource resource, String str2) {
        this.userId = str;
        this.groupIds = list;
        this.permission = permission;
        this.resource = resource;
        this.resourceId = str2;
        validate(str, list, permission, resource);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.camunda.bpm.engine.impl.interceptor.Command
    public Boolean execute(CommandContext commandContext) {
        AuthorizationManager authorizationManager = commandContext.getAuthorizationManager();
        if (authorizationManager.isPermissionDisabled(this.permission)) {
            throw LOG.disabledPermissionException(this.permission.getName());
        }
        if (isHistoricInstancePermissionsDisabled(commandContext) && isHistoricInstanceResource()) {
            throw LOG.disabledHistoricInstancePermissionsException();
        }
        return Boolean.valueOf(authorizationManager.isAuthorized(this.userId, this.groupIds, this.permission, this.resource, this.resourceId));
    }

    protected void validate(String str, List<String> list, Permission permission, Resource resource) {
        EnsureUtil.ensureAtLeastOneNotNull("Authorization must have a 'userId' or/and a 'groupId'.", str, list);
        EnsureUtil.ensureNotNull("Invalid permission for an authorization", "authorization.getResource()", permission);
        EnsureUtil.ensureNotNull("Invalid resource for an authorization", "authorization.getResource()", resource);
    }

    protected boolean isHistoricInstancePermissionsDisabled(CommandContext commandContext) {
        return !commandContext.getProcessEngineConfiguration().isEnableHistoricInstancePermissions();
    }

    protected boolean isHistoricInstanceResource() {
        return Objects.equals(Resources.HISTORIC_TASK, this.resource) || Objects.equals(Resources.HISTORIC_PROCESS_INSTANCE, this.resource);
    }
}
