package org.phenotips.data.internal;

import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.slf4j.Logger;
import org.xwiki.bridge.DocumentAccessBridge;
import org.xwiki.bridge.DocumentModelBridge;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceResolver;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;

@Singleton
@Component
@Named("secure")
/* loaded from: input_file:org/phenotips/data/internal/SecurePatientRepository.class */
public class SecurePatientRepository implements PatientRepository {

    @Inject
    private Logger logger;

    @Inject
    private AuthorizationManager access;

    @Inject
    private DocumentAccessBridge bridge;

    @Inject
    private PatientRepository internalService;

    @Inject
    @Named("current")
    private EntityReferenceResolver<EntityReference> currentResolver;

    public Patient getPatientById(String str) {
        return checkAccess(this.internalService.getPatientById(str), this.bridge.getCurrentUserReference());
    }

    public Patient getPatientByExternalId(String str) {
        return checkAccess(this.internalService.getPatientByExternalId(str), this.bridge.getCurrentUserReference());
    }

    public Patient loadPatientFromDocument(DocumentModelBridge documentModelBridge) {
        return this.internalService.loadPatientFromDocument(documentModelBridge);
    }

    public Patient createNewPatient(DocumentReference documentReference) {
        if (this.access.hasAccess(Right.EDIT, documentReference, this.currentResolver.resolve(Patient.DEFAULT_DATA_SPACE, EntityType.SPACE, new Object[0]))) {
            return this.internalService.createNewPatient();
        }
        throw new SecurityException("User not authorized to create new patients");
    }

    public synchronized Patient createNewPatient() {
        return createNewPatient(this.bridge.getCurrentUserReference());
    }

    private Patient checkAccess(Patient patient, DocumentReference documentReference) {
        if (patient != null && this.access.hasAccess(Right.VIEW, documentReference, patient.getDocument())) {
            return patient;
        }
        if (patient == null) {
            return null;
        }
        this.logger.warn("Illegal access requested for patient [{}] by user [{}]", patient.getId(), documentReference);
        throw new SecurityException("Unauthorized access");
    }
}
