package org.nuxeo.ecm.automation.server.jaxrs.usermanager;

import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.core.Response;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webengine.WebException;
import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
import org.nuxeo.ecm.webengine.model.impl.DefaultObject;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/automation/server/jaxrs/usermanager/AbstractUMObject.class */
public abstract class AbstractUMObject<T> extends DefaultObject {
    protected T currentArtifact;
    protected UserManager um;

    protected void initialize(Object... objArr) {
        if (objArr.length < 1) {
            throw new IllegalArgumentException("UserObject takes at least one parameter");
        }
        this.um = (UserManager) Framework.getLocalService(UserManager.class);
        this.currentArtifact = (T) objArr[0];
    }

    @GET
    public T doGetArtifact() {
        return this.currentArtifact;
    }

    @PUT
    public T doUpdateArtifact(T t) {
        try {
            checkUpdateGuardPreconditions();
            return updateArtifact(t);
        } catch (ClientException e) {
            throw WebException.wrap(e);
        }
    }

    @DELETE
    public Response doDeleteArtifact() {
        try {
            checkUpdateGuardPreconditions();
            deleteArtifact();
            return Response.status(Response.Status.NO_CONTENT).build();
        } catch (ClientException e) {
            throw WebException.wrap(e);
        }
    }

    protected void checkUpdateGuardPreconditions() throws ClientException {
        NuxeoPrincipal principal = getContext().getCoreSession().getPrincipal();
        if (principal.isAdministrator()) {
            return;
        }
        if (!principal.isMemberOf("powerusers") || !isAPowerUserEditableArtifact()) {
            throw new WebSecurityException("User is not allowed to edit users");
        }
    }

    protected abstract boolean isAPowerUserEditableArtifact();

    protected abstract T updateArtifact(T t) throws ClientException;

    protected abstract void deleteArtifact() throws ClientException;
}
