package fr.in2p3.cc.storage.treqs2.service.filter;

import fr.in2p3.cc.storage.treqs2.core.entity.TreqsStatus;
import fr.in2p3.cc.storage.treqs2.core.entity.TreqsUser;
import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

@Priority(2000)
/* loaded from: input_file:fr/in2p3/cc/storage/treqs2/service/filter/AuthzFilter.class */
public class AuthzFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthzFilter.class);

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        TreqsUser userPrincipal = containerRequestContext.getSecurityContext().getUserPrincipal();
        if (userPrincipal == null) {
            return;
        }
        LOGGER.debug("Authorizing " + userPrincipal.getName());
        TreqsUser treqsUser = userPrincipal;
        if (TreqsStatus.UserStatus.ENABLED.equals(treqsUser.getUserStatus())) {
            return;
        }
        MDC.put("id", treqsUser.toString());
        LOGGER.info("Not authorized");
        MDC.remove("id");
        throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).build());
    }
}
