package com.greenhat.server.container.server.security;

import com.greenhat.server.authorization.UnauthorizedException;
import com.greenhat.server.container.server.security.role.RoleService;
import com.greenhat.server.container.server.security.util.SecurityEnablementService;
import com.greenhat.server.container.shared.datamodel.DomainId;
import com.greenhat.server.container.shared.datamodel.SecurityToken;
import com.greenhat.server.container.shared.security.HasSecurityContext;

/* loaded from: input_file:com/greenhat/server/container/server/security/PermissionsServiceFactory.class */
public class PermissionsServiceFactory {
    public static final DomainId NA_DOMAIN = new DomainId(-1337);
    private final AuthenticationService authenticationService;
    private final SecurityEnablementService securityEnablementService;
    private final RoleService roleService;

    public PermissionsServiceFactory(AuthenticationService authenticationService, SecurityEnablementService securityEnablementService, RoleService roleService) {
        this.authenticationService = authenticationService;
        this.securityEnablementService = securityEnablementService;
        this.roleService = roleService;
    }

    public PermissionsService getPermissionService(HasSecurityContext hasSecurityContext) {
        SecurityToken securityToken = hasSecurityContext.getSecurityToken();
        DomainId domainId = hasSecurityContext.getDomainId();
        if (!this.authenticationService.isUserSecurityEnabled()) {
            return new NoSecurityPermissionsService();
        }
        boolean canAlterUsers = this.authenticationService.canAlterUsers();
        AuthenticationResponse isAuthenticated = this.authenticationService.isAuthenticated(securityToken, false);
        if (!this.securityEnablementService.isDomainSecurityEnabled()) {
            return new PermissionsServiceNoDomainSecurity(isAuthenticated.getUser(), canAlterUsers);
        }
        if (isAuthenticated.isAuthenticated()) {
            return new PermissionsServiceWithDomainSecurity(isAuthenticated.getUser(), domainId, this.roleService, canAlterUsers);
        }
        throw new UnauthorizedException();
    }
}
