package de.resolution.reconfigure;

import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserProfile;
import com.atlassian.sal.api.websudo.WebSudoManager;
import de.resolution.reconfigure.PrivilegeChecker;
import java.util.List;
import java.util.Objects;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ExportAsService
@Named("privilegeChecker")
/* loaded from: input_file:de/resolution/reconfigure/PrivilegeCheckerImpl.class */
public class PrivilegeCheckerImpl implements PrivilegeChecker {
    private static final Logger logger = LoggerFactory.getLogger(PrivilegeCheckerImpl.class);
    private final UserManager userManager;
    private final WebSudoManager webSudoManager;

    /* loaded from: input_file:de/resolution/reconfigure/PrivilegeCheckerImpl$PrivilegeFactoryImpl.class */
    public static class PrivilegeFactoryImpl implements PrivilegeChecker.PrivilegeFactory {
        private final PrivilegeChecker.Privilege isSysadmin;
        private final PrivilegeChecker.Privilege isAdmin;
        private final PrivilegeChecker.Privilege isUser;
        private final PrivilegeChecker.Privilege isAnonymous;
        private final UserManager userManager;

        PrivilegeFactoryImpl(UserManager userManager) {
            this.isSysadmin = new PrivilegeImpl(Role.SYSADMIN, userManager);
            this.isAdmin = new PrivilegeImpl(Role.ADMIN, userManager);
            this.isUser = new PrivilegeImpl(Role.USER, userManager);
            this.isAnonymous = new PrivilegeImpl(Role.ANONYMOUS, userManager);
            this.userManager = userManager;
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege deny() {
            return userProfile -> {
                return false;
            };
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege isSysadmin() {
            return this.isSysadmin;
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege isAdmin() {
            return this.isAdmin;
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege isUser() {
            return this.isUser;
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege isInGroup(List<String> list) {
            return new PrivilegeImpl(Role.GROUP_MEMBER, list, this.userManager);
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege hasUserKey(List<String> list) {
            return new PrivilegeImpl(Role.HAS_USER_KEY, list, this.userManager);
        }

        @Override // de.resolution.reconfigure.PrivilegeChecker.PrivilegeFactory
        public PrivilegeChecker.Privilege isAnonymous() {
            return this.isAnonymous;
        }
    }

    /* loaded from: input_file:de/resolution/reconfigure/PrivilegeCheckerImpl$PrivilegeImpl.class */
    public static class PrivilegeImpl implements PrivilegeChecker.Privilege {

        @Nonnull
        private final Role role;
        private final List<String> args;
        private final UserManager userManager;

        PrivilegeImpl(Role role, UserManager userManager) {
            this.role = role;
            this.args = null;
            this.userManager = userManager;
        }

        PrivilegeImpl(Role role, List<String> list, UserManager userManager) {
            this.role = role;
            this.args = list;
            this.userManager = userManager;
        }

        @Override // java.util.function.Predicate
        public boolean test(UserProfile userProfile) {
            if (userProfile == null) {
                return this.role == Role.ANONYMOUS;
            }
            switch (this.role) {
                case ANONYMOUS:
                case USER:
                    return true;
                case ADMIN:
                    return this.userManager.isAdmin(userProfile.getUserKey());
                case SYSADMIN:
                    return this.userManager.isSystemAdmin(userProfile.getUserKey());
                case GROUP_MEMBER:
                    if (this.args == null) {
                        throw new IllegalArgumentException("Args must not be null if GROUP_MEMBER role is being used");
                    }
                    return this.args.stream().anyMatch(str -> {
                        return this.userManager.isUserInGroup(userProfile.getUserKey(), str);
                    });
                case HAS_USER_KEY:
                    if (this.args == null) {
                        throw new IllegalArgumentException("Args must not be null if HAS_USER_KEY role is being used");
                    }
                    return this.args.contains(userProfile.getUserKey().getStringValue());
                default:
                    throw new IllegalArgumentException("Role was of an unknown value");
            }
        }

        public String toString() {
            return "Privilege{role=" + this.role + ", args=" + this.args + '}';
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PrivilegeImpl privilegeImpl = (PrivilegeImpl) obj;
            return this.role == privilegeImpl.role && Objects.equals(this.args, privilegeImpl.args);
        }

        public int hashCode() {
            return Objects.hash(this.role, this.args);
        }
    }

    /* loaded from: input_file:de/resolution/reconfigure/PrivilegeCheckerImpl$Role.class */
    public enum Role {
        SYSADMIN,
        ADMIN,
        USER,
        GROUP_MEMBER,
        HAS_USER_KEY,
        ANONYMOUS
    }

    @Inject
    public PrivilegeCheckerImpl(@ComponentImport UserManager userManager, @ComponentImport WebSudoManager webSudoManager) {
        this.userManager = userManager;
        this.webSudoManager = webSudoManager;
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public UserProfile checkPrivileges(HttpServletRequest httpServletRequest, Predicate<UserProfile> predicate) throws InsufficientUserPrivilegeException {
        logger.debug("Checking request for privilege {}", predicate);
        UserProfile remoteUser = this.userManager.getRemoteUser(httpServletRequest);
        if (remoteUser == null) {
            throw InsufficientUserPrivilegeException.noUserid();
        }
        if (predicate.test(remoteUser)) {
            return remoteUser;
        }
        logger.debug("User {} has insufficient privilege for this request", remoteUser.getUsername());
        throw new InsufficientUserPrivilegeException(remoteUser.getUsername(), predicate);
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public void requireWebSudo(boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WebSudoRequiredException {
        if (z && !this.webSudoManager.canExecuteRequest(httpServletRequest)) {
            if (httpServletResponse != null) {
                logger.debug("Websudo required and session was not found. Sending redirect to Websudo permission screen");
                this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
            } else {
                logger.debug("Websudo required and session was not found. Sending error as REST response");
            }
            throw new WebSudoRequiredException();
        }
        if (logger.isDebugEnabled()) {
            if (z) {
                logger.debug("Websudo required and session is already elevated.");
            } else {
                logger.debug("Websudo not required for this resource");
            }
        }
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public void checkAdmin(HttpServletRequest httpServletRequest) throws InsufficientUserPrivilegeException {
        checkPrivileges(httpServletRequest, getPrivilegeFactory().isAdmin());
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public void checkSysAdmin(HttpServletRequest httpServletRequest) throws InsufficientUserPrivilegeException {
        checkPrivileges(httpServletRequest, getPrivilegeFactory().isSysadmin());
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public void checkUser(HttpServletRequest httpServletRequest) throws InsufficientUserPrivilegeException {
        checkPrivileges(httpServletRequest, getPrivilegeFactory().isUser());
    }

    @Override // de.resolution.reconfigure.PrivilegeChecker
    public PrivilegeChecker.PrivilegeFactory getPrivilegeFactory() {
        return new PrivilegeFactoryImpl(this.userManager);
    }
}
