package org.phenotips.data.internal;

import java.util.Iterator;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.xpath.compiler.Keywords;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.phenotips.entities.PrimaryEntityManager;
import org.phenotips.security.authorization.AuthorizationService;
import org.xwiki.bridge.DocumentModelBridge;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceResolver;
import org.xwiki.model.reference.EntityReferenceSerializer;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

@Singleton
@Named("Patient/secure")
@Component(roles = {PrimaryEntityManager.class})
/* loaded from: input_file:WEB-INF/lib/patient-data-default-impl-1.4-rc-2.jar:org/phenotips/data/internal/SecurePatientEntityManager.class */
public class SecurePatientEntityManager extends PatientEntityManager {

    @Inject
    private UserManager userManager;

    @Inject
    private AuthorizationService access;

    @Inject
    private PatientRepository internalService;

    @Inject
    @Named(Keywords.FUNC_CURRENT_STRING)
    private EntityReferenceResolver<EntityReference> currentResolver;

    @Inject
    private EntityReferenceSerializer<String> serializer;

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient create() {
        return create(this.userManager.getCurrentUser());
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient create(DocumentReference documentReference) {
        return create(this.userManager.getUser(this.serializer.serialize(documentReference, new Object[0])));
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient get(String str) {
        return checkAccess(this.internalService.get(str), this.userManager.getCurrentUser());
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient get(DocumentReference documentReference) {
        return checkAccess(this.internalService.get(documentReference), this.userManager.getCurrentUser());
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient getByName(String str) {
        return checkAccess(this.internalService.getByName(str), this.userManager.getCurrentUser());
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Iterator<Patient> getAll() {
        return new SecurePatientIterator(this.internalService.getAll(), this.access, this.userManager.getCurrentUser());
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public boolean delete(Patient patient) {
        if (checkAccess(Right.DELETE, patient, this.userManager.getCurrentUser()) == null) {
            return false;
        }
        this.internalService.delete(patient);
        return false;
    }

    @Override // org.phenotips.entities.spi.AbstractPrimaryEntityManager, org.phenotips.entities.PrimaryEntityManager
    public Patient load(DocumentModelBridge documentModelBridge) throws IllegalArgumentException {
        return createSecurePatient(this.internalService.load(documentModelBridge));
    }

    private Patient create(User user) {
        if (this.access.hasAccess(user, Right.EDIT, this.currentResolver.resolve(Patient.DEFAULT_DATA_SPACE, EntityType.SPACE, new Object[0]))) {
            return createSecurePatient(this.internalService.create(user != null ? user.getProfileDocument() : null));
        }
        throw new SecurityException("User not authorized to create new patients");
    }

    private Patient checkAccess(Patient patient, User user) {
        return checkAccess(Right.VIEW, patient, user);
    }

    private Patient checkAccess(Right right, Patient patient, User user) {
        if (patient != null && this.access.hasAccess(user, right, patient.getDocumentReference())) {
            return createSecurePatient(patient);
        }
        if (patient == null) {
            return null;
        }
        this.logger.warn("Illegal access requested for patient [{}] by user [{}]", patient.getId(), user);
        throw new SecurityException("Unauthorized access");
    }

    protected SecurePatient createSecurePatient(Patient patient) {
        if (patient == null) {
            return null;
        }
        return new SecurePatient(patient);
    }
}
