package com.appiancorp.ag.util;

import com.appiancorp.ag.ExtendedGroupService;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/ag/util/PublicPortalSecurityHelpers.class */
public final class PublicPortalSecurityHelpers {
    public static final String PORTAL_PUBLISHERS_GROUP_UUID = "_e-0000e7a5-46dd-8000-9b06-01075c01075c_33";
    private static Long portalPublishersGroupId;
    private static final Logger LOG = LoggerFactory.getLogger(PublicPortalSecurityHelpers.class);

    private PublicPortalSecurityHelpers() {
    }

    private static Long getPortalPublishersGroupId(ExtendedGroupService extendedGroupService) throws InvalidGroupException, PrivilegeException {
        if (portalPublishersGroupId == null) {
            portalPublishersGroupId = extendedGroupService.getGroup(PORTAL_PUBLISHERS_GROUP_UUID).getId();
        }
        return portalPublishersGroupId;
    }

    public static boolean canUserAdministerPortals(ExtendedGroupService extendedGroupService, ServiceContext serviceContext) {
        try {
            return extendedGroupService.isUserMember(serviceContext.getName(), getPortalPublishersGroupId(extendedGroupService));
        } catch (Exception e) {
            LOG.error("PublicPortalSecurityHelpers.canUserAdministerPortals(..) failed", e);
            return false;
        }
    }

    public static void throwIfUserCannotAdministerPortals(ExtendedGroupService extendedGroupService, ServiceContext serviceContext) throws PrivilegeException {
        if (!canUserAdministerPortals(extendedGroupService, serviceContext)) {
            throw new PrivilegeException("Logged in user not a member of Portals deployment manager group");
        }
    }
}
