package io.jenkins.blueocean.service.embedded.rest;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.ExtensionList;
import hudson.model.Item;
import hudson.model.User;
import hudson.security.AccessControlled;
import hudson.tasks.Mailer;
import hudson.tasks.UserAvatarResolver;
import io.jenkins.blueocean.commons.MapsHelper;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.rest.ApiHead;
import io.jenkins.blueocean.rest.Reachable;
import io.jenkins.blueocean.rest.UserRoute;
import io.jenkins.blueocean.rest.factory.organization.AbstractOrganization;
import io.jenkins.blueocean.rest.hal.Link;
import io.jenkins.blueocean.rest.model.BlueFavoriteContainer;
import io.jenkins.blueocean.rest.model.BlueOrganization;
import io.jenkins.blueocean.rest.model.BlueUser;
import io.jenkins.blueocean.rest.model.BlueUserPermission;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import jenkins.model.Jenkins;
import jenkins.model.ModifiableTopLevelItemGroup;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:io/jenkins/blueocean/service/embedded/rest/UserImpl.class */
public class UserImpl extends BlueUser {
    private static final String CREDENTIAL_CREATE_PERMISSION = CredentialsProvider.CREATE.name.toLowerCase();
    private static final String CREDENTIAL_VIEW_PERMISSION = CredentialsProvider.VIEW.name.toLowerCase();
    private static final String CREDENTIAL_DELETE_PERMISSION = CredentialsProvider.DELETE.name.toLowerCase();
    private static final String CREDENTIAL_UPDATE_PERMISSION = CredentialsProvider.UPDATE.name.toLowerCase();
    private static final String CREDENTIAL_MANAGE_DOMAINS_PERMISSION = StringUtils.uncapitalize(CredentialsProvider.MANAGE_DOMAINS.name);
    protected final User user;
    private final BlueOrganization organization;
    private final AccessControlled organizationBase;
    private final Reachable parent;

    public UserImpl(@NonNull BlueOrganization blueOrganization, @NonNull User user, Reachable reachable) {
        this.parent = reachable;
        this.user = user;
        this.organization = blueOrganization;
        this.organizationBase = getAccessControllerOrganization();
    }

    public UserImpl(@NonNull BlueOrganization blueOrganization, @NonNull User user) {
        this(blueOrganization, user, null);
    }

    public String getId() {
        return this.user.getId();
    }

    public String getFullName() {
        return this.user.getFullName();
    }

    public String getEmail() {
        User user;
        Mailer.UserProperty property;
        String name = Jenkins.getAuthentication().getName();
        if (isAnonymous(name) || (user = User.get(name, false, Collections.EMPTY_MAP)) == null || !user.hasPermission(Jenkins.ADMINISTER) || (property = this.user.getProperty(Mailer.UserProperty.class)) == null) {
            return null;
        }
        return property.getAddress();
    }

    public String getAvatar() {
        return UserAvatarResolver.resolveOrNull(this.user, "48x48");
    }

    public BlueFavoriteContainer getFavorites() {
        User current = User.current();
        String id = current != null ? current.getId() : Jenkins.ANONYMOUS.getName();
        if (this.user.getId().equals(id)) {
            return new FavoriteContainerImpl(this, this);
        }
        throw new ServiceException.ForbiddenException("This user '" + id + "' cannot access resource owned by '" + this.user.getId() + "'");
    }

    public BlueUserPermission getPermission() {
        User user;
        String name = Jenkins.getAuthentication().getName();
        if (isAnonymous(name) || (user = User.get(name, false, Collections.EMPTY_MAP)) == null || !user.getId().equals(this.user.getId())) {
            return null;
        }
        return new BlueUserPermission() { // from class: io.jenkins.blueocean.service.embedded.rest.UserImpl.1
            public boolean isAdministration() {
                return UserImpl.this.isAdmin();
            }

            public Map<String, Boolean> getPipelinePermission() {
                return UserImpl.this.getPipelinePermissions();
            }

            public Map<String, Boolean> getCredentialPermission() {
                return UserImpl.this.getCredentialPermissions();
            }
        };
    }

    public Link getLink() {
        return this.parent != null ? this.parent.getLink().rel(getId()) : ApiHead.INSTANCE().getLink().rel("users/" + getId());
    }

    public Object getDynamic(String str) {
        Iterator it = ExtensionList.lookup(UserRoute.class).iterator();
        while (it.hasNext()) {
            UserRoute userRoute = (UserRoute) it.next();
            if (userRoute.getUrlName() != null && userRoute.getUrlName().equals(str)) {
                return userRoute.get(this);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAdmin() {
        return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Boolean> getPipelinePermissions() {
        return MapsHelper.of("create", Boolean.valueOf(this.organizationBase.hasPermission(Item.CREATE)), "read", Boolean.valueOf(this.organizationBase.hasPermission(Item.READ)), "start", Boolean.valueOf(this.organizationBase.hasPermission(Item.BUILD)), "stop", Boolean.valueOf(this.organizationBase.hasPermission(Item.CANCEL)), "configure", Boolean.valueOf(this.organizationBase.hasPermission(Item.CONFIGURE)));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, Boolean> getCredentialPermissions() {
        return MapsHelper.of(CREDENTIAL_CREATE_PERMISSION, Boolean.valueOf(this.organizationBase.hasPermission(CredentialsProvider.CREATE)), CREDENTIAL_VIEW_PERMISSION, Boolean.valueOf(this.organizationBase.hasPermission(CredentialsProvider.VIEW)), CREDENTIAL_DELETE_PERMISSION, Boolean.valueOf(this.organizationBase.hasPermission(CredentialsProvider.DELETE)), CREDENTIAL_UPDATE_PERMISSION, Boolean.valueOf(this.organizationBase.hasPermission(CredentialsProvider.UPDATE)), CREDENTIAL_MANAGE_DOMAINS_PERMISSION, Boolean.valueOf(this.organizationBase.hasPermission(CredentialsProvider.MANAGE_DOMAINS)));
    }

    private boolean isAnonymous(String str) {
        return str.equals("anonymous") || this.user.getId().equals("anonymous");
    }

    private AccessControlled getAccessControllerOrganization() {
        AccessControlled accessControlled = Jenkins.get();
        if (this.organization instanceof AbstractOrganization) {
            ModifiableTopLevelItemGroup group = this.organization.getGroup();
            if (group instanceof AccessControlled) {
                accessControlled = (AccessControlled) group;
            }
        }
        return accessControlled;
    }
}
