package com.atlassian.bitbucket.internal.accesstokens;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.event.user.UserCleanupEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.accesstokens.AccessTokenSearchRequest;
import com.atlassian.bitbucket.internal.accesstokens.event.PersonalAccessTokenCreatedEvent;
import com.atlassian.bitbucket.internal.accesstokens.event.PersonalAccessTokenDeletedEvent;
import com.atlassian.bitbucket.internal.accesstokens.event.PersonalAccessTokenModifiedEvent;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("userAccessTokenService")
/* loaded from: input_file:com/atlassian/bitbucket/internal/accesstokens/DefaultUserAccessTokenService.class */
public class DefaultUserAccessTokenService implements AccessTokenService<ApplicationUser> {
    private final AuthenticationContext authenticationContext;
    private final InternalAccessTokenService delegate;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final PermissionService permissionService;
    private final PermissionValidationService permissionValidationService;
    private final TransactionTemplate transactionTemplate;

    @Autowired
    DefaultUserAccessTokenService(AuthenticationContext authenticationContext, InternalAccessTokenService internalAccessTokenService, EventPublisher eventPublisher, I18nService i18nService, PermissionService permissionService, PermissionValidationService permissionValidationService, TransactionTemplate transactionTemplate) {
        this.authenticationContext = authenticationContext;
        this.delegate = internalAccessTokenService;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.permissionService = permissionService;
        this.permissionValidationService = permissionValidationService;
        this.transactionTemplate = transactionTemplate;
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.AccessTokenService
    @Nonnull
    public RawAccessToken create(@Nonnull AccessTokenCreateRequest<ApplicationUser> accessTokenCreateRequest) {
        ApplicationUser applicationUser = (ApplicationUser) ((AccessTokenCreateRequest) Objects.requireNonNull(accessTokenCreateRequest, "request")).getEntity();
        this.permissionValidationService.validateForUser(applicationUser, Permission.USER_ADMIN);
        if (!applicationUser.equals(this.authenticationContext.getCurrentUser())) {
            throw new AuthorisationException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.create.unauthorized", new Object[0]));
        }
        RawAccessToken create = this.delegate.create(accessTokenCreateRequest);
        this.eventPublisher.publish(new PersonalAccessTokenCreatedEvent(this, create.toAccessToken()));
        return create;
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.AccessTokenService
    @Nonnull
    public Optional<AccessToken> deleteById(@Nonnull String str) {
        Objects.requireNonNull(str, "tokenId");
        this.permissionValidationService.validateAuthenticated();
        return (Optional) this.transactionTemplate.execute(() -> {
            return this.delegate.getById(str).map(accessToken -> {
                this.permissionValidationService.validateForUser(accessToken.getUser(), Permission.USER_ADMIN);
                this.delegate.delete(accessToken);
                this.eventPublisher.publish(new PersonalAccessTokenDeletedEvent(this, accessToken));
                return accessToken;
            });
        });
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.AccessTokenService
    @Nonnull
    public Optional<AccessToken> getById(@Nonnull String str) {
        Objects.requireNonNull(str, "tokenId");
        this.permissionValidationService.validateAuthenticated();
        return this.delegate.getById(str).map(accessToken -> {
            if (!this.permissionService.hasGlobalPermission(Permission.ADMIN)) {
                this.permissionValidationService.validateForUser(accessToken.getUser(), Permission.USER_ADMIN);
            }
            return accessToken;
        });
    }

    @EventListener
    public void onUserDeleted(@Nonnull UserCleanupEvent userCleanupEvent) {
        ApplicationUser deletedUser = userCleanupEvent.getDeletedUser();
        this.transactionTemplate.execute(() -> {
            PageUtils.toStream(pageRequest -> {
                return this.delegate.search(new AccessTokenSearchRequest.Builder(deletedUser).build(), pageRequest);
            }, 100).forEach(accessToken -> {
                this.delegate.delete(accessToken);
                this.eventPublisher.publish(new PersonalAccessTokenDeletedEvent(this, accessToken));
            });
            return null;
        });
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.AccessTokenService
    @Nonnull
    public Page<AccessToken> search(@Nonnull AccessTokenSearchRequest<ApplicationUser> accessTokenSearchRequest, @Nonnull PageRequest pageRequest) {
        Objects.requireNonNull(accessTokenSearchRequest, "request");
        Objects.requireNonNull(pageRequest, "pageRequest");
        ApplicationUser entity = accessTokenSearchRequest.getEntity();
        if (!this.permissionService.hasGlobalPermission(Permission.ADMIN)) {
            this.permissionValidationService.validateForUser(entity, Permission.USER_ADMIN);
        }
        return this.delegate.search(accessTokenSearchRequest, pageRequest);
    }

    @Override // com.atlassian.bitbucket.internal.accesstokens.AccessTokenService
    @Nonnull
    public AccessToken update(@Nonnull AccessTokenUpdateRequest accessTokenUpdateRequest) {
        Objects.requireNonNull(accessTokenUpdateRequest, "request");
        this.permissionValidationService.validateAuthenticated();
        return (AccessToken) this.transactionTemplate.execute(() -> {
            AccessToken orElseThrow = this.delegate.getById(accessTokenUpdateRequest.getId()).orElseThrow(() -> {
                return new NoSuchEntityException(this.i18nService.createKeyedMessage("bitbucket.access.tokens.error.notfound", new Object[]{accessTokenUpdateRequest.getId()}));
            });
            this.permissionValidationService.validateForUser(orElseThrow.getUser(), Permission.USER_ADMIN);
            AccessToken update = this.delegate.update(orElseThrow, accessTokenUpdateRequest.getName().orElse(null), accessTokenUpdateRequest.getPermissions());
            this.eventPublisher.publish(new PersonalAccessTokenModifiedEvent(this, update, orElseThrow));
            return update;
        });
    }
}
