package org.opennms.web.rest.support;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;

/* loaded from: input_file:org/opennms/web/rest/support/SecurityHelper.class */
public class SecurityHelper {
    public static void assertUserReadCredentials(SecurityContext securityContext) {
        String name = securityContext.getUserPrincipal().getName();
        if (!securityContext.isUserInRole("ROLE_ADMIN") && !securityContext.isUserInRole("ROLE_REST") && !securityContext.isUserInRole("ROLE_USER") && !securityContext.isUserInRole("ROLE_MOBILE")) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("User '" + name + "', is not allowed to read alarms.").type("text/plain").build());
        }
    }

    public static void assertUserEditCredentials(SecurityContext securityContext, String str) {
        String name = securityContext.getUserPrincipal().getName();
        if (securityContext.isUserInRole("ROLE_ADMIN")) {
            return;
        }
        if (securityContext.isUserInRole("ROLE_READONLY")) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("User '" + name + "', is a read-only user!").type("text/plain").build());
        }
        if ((!securityContext.isUserInRole("ROLE_REST") && !securityContext.isUserInRole("ROLE_USER") && !securityContext.isUserInRole("ROLE_MOBILE")) || !str.equals(name)) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("User '" + name + "', is not allowed to perform updates to alarms as user '" + str + "'").type("text/plain").build());
        }
    }
}
