package org.alfresco.web.scripts.bean;

import java.util.Map;
import javax.servlet.http.HttpSession;
import org.springframework.extensions.surf.UserFactory;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.connector.User;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;

/* loaded from: input_file:WEB-INF/classes/org/alfresco/web/scripts/bean/Authenticated.class */
public class Authenticated extends DeclarativeWebScript {
    @Override // org.springframework.extensions.webscripts.DeclarativeWebScript
    protected Map<String, Object> executeImpl(WebScriptRequest webScriptRequest, Status status) {
        String str;
        if (!(webScriptRequest instanceof WebScriptServletRequest)) {
            return null;
        }
        WebScriptServletRequest webScriptServletRequest = (WebScriptServletRequest) webScriptRequest;
        HttpSession session = webScriptServletRequest.getHttpServletRequest().getSession(false);
        boolean z = false;
        if (session != null && (str = (String) session.getAttribute(UserFactory.SESSION_ATTRIBUTE_KEY_USER_ID)) != null && !UserFactory.USER_GUEST.equals(str)) {
            User user = (User) session.getAttribute(UserFactory.SESSION_ATTRIBUTE_KEY_USER_OBJECT);
            String parameter = webScriptServletRequest.getHttpServletRequest().getParameter("a");
            if (user != null) {
                z = (parameter == null || !parameter.equals("admin")) ? true : user.isAdmin();
            }
        }
        if (z) {
            return null;
        }
        status.setCode(401);
        status.setMessage("There is no user ID in session or user is not permitted to view the page");
        status.setRedirect(true);
        return null;
    }
}
