package org.osivia.procedures.record.security.policy;

import java.security.Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.CoreInstance;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentException;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.model.Document;
import org.osivia.procedures.record.security.rules.SecurityRulesBuilder;

/* loaded from: input_file:org/osivia/procedures/record/security/policy/SecurityPolicyDelegator.class */
public class SecurityPolicyDelegator {
    private static final Log log = LogFactory.getLog(SecurityPolicyDelegator.class);
    public static final String RECORD_TYPE_QUERY = "select rcd:type from Record where ecm:uuid = '%s'  and ecm:isVersion = 0 and ecm:isProxy = 0 and ecm:currentLifeCycleState <> 'deleted' ";

    private SecurityPolicyDelegator() {
    }

    public static Access check(String str, Principal principal, Document document, Access access) throws DocumentException {
        CoreSession session = CoreInstance.getInstance().getSession(document.getSession().getSessionId());
        if (session == null) {
            throw new DocumentException("No CoreSession bound to document: " + document.getPath());
        }
        if (SecurityRulesBuilder.getInstance().buildSecurityRelations(session, principal).getTypes().contains((String) document.getPropertyValue("rcd:procedureModelWebId"))) {
            access = Access.GRANT;
        }
        return access;
    }
}
