package org.craftercms.studio.api.v2.security.publish;

import java.beans.ConstructorProperties;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Iterator;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.craftercms.commons.aop.AopUtils;
import org.craftercms.studio.api.v1.service.configuration.ServicesConfig;
import org.craftercms.studio.api.v2.annotation.SiteId;
import org.craftercms.studio.api.v2.annotation.StudioAnnotationUtils;
import org.craftercms.studio.api.v2.annotation.publish.PackageId;
import org.craftercms.studio.api.v2.annotation.publish.PackageIds;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.dal.publish.PublishDAO;
import org.craftercms.studio.api.v2.exception.security.PeerReviewCheckException;
import org.craftercms.studio.impl.v2.utils.security.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;

@Aspect
@Order(-20)
/* loaded from: input_file:org/craftercms/studio/api/v2/security/publish/PeerReviewCapableAnnotationHandler.class */
public class PeerReviewCapableAnnotationHandler {
    private static final Logger logger = LoggerFactory.getLogger(PeerReviewCapableAnnotationHandler.class);
    private final ServicesConfig servicesConfig;
    private final PublishDAO publishDao;

    @ConstructorProperties({"servicesConfig", "publishDao"})
    public PeerReviewCapableAnnotationHandler(ServicesConfig servicesConfig, PublishDAO publishDAO) {
        this.servicesConfig = servicesConfig;
        this.publishDao = publishDAO;
    }

    @Around("@within(PeerReviewCapable) || @annotation(PeerReviewCapable)")
    public Object checkPeerReview(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Method actualMethod = AopUtils.getActualMethod(proceedingJoinPoint);
        String str = (String) StudioAnnotationUtils.getAnnotationValue(proceedingJoinPoint, actualMethod, SiteId.class, String.class);
        User user = (User) SecurityUtils.getAuthentication().getPrincipal();
        if (!this.servicesConfig.isRequirePeerReview(str)) {
            logger.debug("Peer review is not required for site '{}'", str);
            return proceedingJoinPoint.proceed();
        }
        Collection collection = (Collection) StudioAnnotationUtils.getAnnotationValue(proceedingJoinPoint, actualMethod, PackageIds.class, Collection.class);
        if (collection == null) {
            checkPeerReview(str, ((Long) StudioAnnotationUtils.getAnnotationValue(proceedingJoinPoint, actualMethod, PackageId.class, Long.class)).longValue(), user);
            logger.debug("Peer review is enabled for site '{}'. Users cannot publish directly. Method '{}.{}' is annotated with @PeerReviewCapable but does not have a @PackageId parameter. ", new Object[]{str, actualMethod.getDeclaringClass().getName(), actualMethod.getName()});
            throw new PeerReviewCheckException("Peer review is enabled for site '%s''. Users cannot publish directly.".formatted(str));
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            checkPeerReview(str, ((Long) it.next()).longValue(), user);
        }
        return proceedingJoinPoint.proceed();
    }

    private void checkPeerReview(String str, long j, User user) {
        if (user.getId() == this.publishDao.getByStringSiteId(str, j).getSubmitterId()) {
            String formatted = "User '%s' is the submitter of the package '%s'. Users are not allowed to approve their own packages when peer-review is enabled".formatted(Long.valueOf(user.getId()), Long.valueOf(j));
            logger.debug(formatted);
            throw new PeerReviewCheckException(formatted);
        }
    }
}
