package com.appiancorp.security.user.service;

import com.appiancorp.security.SecurityConstants;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.core.Ordered;

@Aspect
/* loaded from: input_file:com/appiancorp/security/user/service/EnsureCurrentUserIsSysAdminAspect.class */
public class EnsureCurrentUserIsSysAdminAspect implements Ordered {
    private final SecurityContextProvider securityContextProvider;

    @Target({ElementType.METHOD})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:com/appiancorp/security/user/service/EnsureCurrentUserIsSysAdminAspect$RequiresCurrentUserToBeSysAdmin.class */
    public @interface RequiresCurrentUserToBeSysAdmin {
        boolean allowDefaultAdministrator() default false;
    }

    public EnsureCurrentUserIsSysAdminAspect(SecurityContextProvider securityContextProvider) {
        this.securityContextProvider = securityContextProvider;
    }

    @Before("@annotation(annotArg)")
    public void ensureCurrentUserIsSysAdmin(RequiresCurrentUserToBeSysAdmin requiresCurrentUserToBeSysAdmin) {
        SecurityContext securityContext = this.securityContextProvider.get();
        if (!securityContext.isSysAdmin() || (!requiresCurrentUserToBeSysAdmin.allowDefaultAdministrator() && SecurityConstants.ADMIN_USERNAME.equals(securityContext.getName()))) {
            throw new AppianRuntimeException(ErrorCode.ADMIN_CONSOLE_INSUFFICIENT_PRIVILEGES_SERVICE, new Object[0]);
        }
    }

    public int getOrder() {
        return -1;
    }
}
