package com.openexchange.ajax;

import com.openexchange.exception.OXException;
import com.openexchange.tools.servlet.http.Tools;
import com.openexchange.tools.session.ServerSession;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/PermissionServlet.class */
public abstract class PermissionServlet extends SessionServlet {
    private static final Logger LOG = LoggerFactory.getLogger(PermissionServlet.class);
    private static final long serialVersionUID = -1496492688713194989L;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.SessionServlet, com.openexchange.ajax.AJAXServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Tools.disableCaching(httpServletResponse);
        try {
            initializeSession(httpServletRequest, httpServletResponse);
            ServerSession sessionObject = getSessionObject(httpServletRequest);
            if (null == sessionObject || hasModulePermission(sessionObject)) {
                super.service(httpServletRequest, httpServletResponse);
            } else {
                LOG.info("Status code 403 (FORBIDDEN): No permission to access module.");
                httpServletResponse.sendError(403, "No Permission");
            }
        } catch (OXException e) {
            handleOXException(e, httpServletRequest, httpServletResponse);
        }
    }

    protected abstract boolean hasModulePermission(ServerSession serverSession);
}
