package com.appiancorp.security.authz;

import com.appiancorp.security.SecurityConstants;
import com.appiancorp.security.auth.SecurityContext;
import com.google.common.collect.Sets;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Set;
import org.aopalliance.intercept.MethodInvocation;

/* loaded from: input_file:com/appiancorp/security/authz/AuthorizationProvider.class */
public interface AuthorizationProvider {
    public static final String SYS_ADMIN_ROLE = "sys-admin";

    void authorize(Method method, MethodInvocation methodInvocation, SecurityContext securityContext, String str, String str2);

    default boolean isUserAlwaysAllowed(SecurityContext securityContext) {
        return SecurityConstants.ADMIN_USERNAME.equals(securityContext.getName()) || SecurityConstants.ADMIN_USERNAME.equals(securityContext.getGrantorName());
    }

    default Set<String> getAuthorizedUserRolesOrThrow(SecurityContext securityContext, String str, Set<String> set, Set<String> set2) throws AuthorizationException {
        Sets.SetView intersection = Sets.intersection(set, set2);
        if (!set.isEmpty() && !set2.isEmpty() && !intersection.isEmpty()) {
            return intersection;
        }
        if (!securityContext.isSysAdmin() || SecurityConstants.ADMIN_USERNAME.equals(securityContext.getName()) || !set2.contains(SYS_ADMIN_ROLE)) {
            throw new AuthorizationException(securityContext.getName(), set, securityContext.getGrantorName(), securityContext.getGrantorRoles(), str, set2);
        }
        HashSet hashSet = new HashSet();
        hashSet.add(SYS_ADMIN_ROLE);
        return Sets.intersection(hashSet, set2);
    }
}
