package com.atlassian.stash.internal.repository.ref.restriction.rest;

import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.repository.ref.restriction.RefMatcher;
import com.atlassian.bitbucket.repository.ref.restriction.RefMatcherProvider;
import com.atlassian.bitbucket.repository.ref.restriction.RefMatcherProviderRegistry;
import com.atlassian.bitbucket.repository.ref.restriction.RefRestriction;
import com.atlassian.bitbucket.repository.ref.restriction.RefRestrictionService;
import com.atlassian.bitbucket.repository.ref.restriction.RefRestrictionType;
import com.atlassian.bitbucket.repository.ref.restriction.RestrictionSearchRequest;
import com.atlassian.bitbucket.repository.ref.restriction.SetRestrictionRequest;
import com.atlassian.bitbucket.rest.RestErrorMessage;
import com.atlassian.bitbucket.rest.RestErrors;
import com.atlassian.bitbucket.rest.util.ResponseFactory;
import com.atlassian.bitbucket.rest.util.RestPage;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.UserUtils;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.sun.jersey.spi.resource.Singleton;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;

@Singleton
@Path("projects/{projectKey}/repos/{repositorySlug}")
@Consumes({"application/json"})
@AnonymousAllowed
@Produces({"application/json;charset=UTF-8"})
/* loaded from: input_file:com/atlassian/stash/internal/repository/ref/restriction/rest/RefRestrictionResource.class */
public class RefRestrictionResource {

    @VisibleForTesting
    static final String MATCHER_TYPE_ID = "matcher.type.id";

    @VisibleForTesting
    static final String MATCHER_TYPE_REQUIRED = "bitbucket.rest.restricted.ref.matcher.type.required";

    @VisibleForTesting
    static final String INVALID_MATCHER_TYPE = "bitbucket.rest.restricted.ref.invalid.matcher.type";

    @VisibleForTesting
    static final String GROUP_INVALID = "bitbucket.rest.restricted.ref.group.invalid";

    @VisibleForTesting
    static final String INVALID_USER = "bitbucket.rest.restricted.ref.user.invalid";

    @VisibleForTesting
    static final String USER_UNLICENSED = "bitbucket.rest.restricted.ref.user.unlicensed";

    @VisibleForTesting
    static final String INVALID_RESTRICTION_TYPE = "bitbucket.rest.restricted.ref.type.invalid";

    @VisibleForTesting
    static final String RESTRICTION_NOTFOUND = "bitbucket.rest.restricted.ref.notfound";

    @VisibleForTesting
    static final String MATCHER_ID = "matcher.id";

    @VisibleForTesting
    static final String MATCHER_ID_REQUIRED = "bitbucket.rest.restricted.ref.matcher.id.required";

    @VisibleForTesting
    static final String MATCHER_REQUIRED = "bitbucket.rest.restricted.ref.matcher.required";

    @VisibleForTesting
    static final String MATCHER_ID_INVALID_LENGTH = "bitbucket.rest.restricted.ref.matcher.id.length";
    private static final String RESTRICTIONS = "restrictions";
    private final AuthenticationContext authenticationContext;
    private final I18nService i18nService;
    private final Predicate<ApplicationUser> isLicensed = new Predicate<ApplicationUser>() { // from class: com.atlassian.stash.internal.repository.ref.restriction.rest.RefRestrictionResource.1
        public boolean apply(ApplicationUser applicationUser) {
            return RefRestrictionResource.this.permissionService.hasGlobalPermission(applicationUser, Permission.LICENSED_USER);
        }
    };
    private final PermissionService permissionService;
    private final RefRestrictionService restrictionService;
    private final RefMatcherProviderRegistry refMatcherProviderRegistry;
    private final UserService userService;

    public RefRestrictionResource(AuthenticationContext authenticationContext, I18nService i18nService, PermissionService permissionService, RefRestrictionService refRestrictionService, RefMatcherProviderRegistry refMatcherProviderRegistry, UserService userService) {
        this.authenticationContext = authenticationContext;
        this.i18nService = i18nService;
        this.permissionService = permissionService;
        this.restrictionService = refRestrictionService;
        this.refMatcherProviderRegistry = refMatcherProviderRegistry;
        this.userService = userService;
    }

    @POST
    @Path(RESTRICTIONS)
    public Response createRestriction(@Context Repository repository, RestRestrictionRequest restRestrictionRequest) {
        ArrayList newArrayList = Lists.newArrayList();
        RefMatcher validateMatcher = validateMatcher(repository, restRestrictionRequest.getMatcher(), newArrayList);
        Set<String> validateGroups = validateGroups(restRestrictionRequest.getGroups(), newArrayList);
        Set<ApplicationUser> validateUsers = validateUsers(restRestrictionRequest.getUsers(), newArrayList);
        RefRestrictionType validateType = validateType(restRestrictionRequest.getType(), newArrayList);
        if (newArrayList.isEmpty()) {
            return ResponseFactory.ok().entity(RestRefRestriction.REST_TRANSFORM.apply(this.restrictionService.setRestriction(new SetRestrictionRequest.Builder(repository, validateMatcher, validateType).grantGroups(validateGroups).grantUsers(validateUsers).build()))).build();
        }
        return ResponseFactory.status(Response.Status.BAD_REQUEST).entity(new RestErrors(newArrayList)).build();
    }

    @Path("restrictions/{id}")
    @DELETE
    public Response deleteRestriction(@PathParam("id") int i) {
        this.restrictionService.removeRefRestriction(i);
        return ResponseFactory.noContent().build();
    }

    @GET
    @Path("restrictions/{id}")
    public Response getRestriction(@PathParam("id") int i) {
        RefRestriction byId = this.restrictionService.getById(i);
        if (byId == null) {
            throw new NoSuchEntityException(this.i18nService.createKeyedMessage(RESTRICTION_NOTFOUND, new Object[]{Integer.valueOf(i)}));
        }
        return ResponseFactory.ok().entity(RestRefRestriction.REST_TRANSFORM.apply(byId)).build();
    }

    @GET
    @Path(RESTRICTIONS)
    public Response getRestrictions(@Context Repository repository, @QueryParam("type") List<String> list, @QueryParam("matcherType") String str, @QueryParam("matcherId") String str2, @QueryParam("effective") @DefaultValue("false") boolean z, @Context PageRequest pageRequest) {
        ArrayList newArrayList = Lists.newArrayList();
        Set<RefRestrictionType> validateTypes = validateTypes(list, newArrayList);
        RefMatcher validateMatcher = StringUtils.isBlank(str) ? null : validateMatcher(repository, str, str2, newArrayList);
        if (!newArrayList.isEmpty()) {
            return ResponseFactory.status(Response.Status.BAD_REQUEST).entity(new RestErrors(newArrayList)).build();
        }
        RestrictionSearchRequest.Builder matcher = new RestrictionSearchRequest.Builder(repository).matcher(validateMatcher);
        Iterator<RefRestrictionType> it = validateTypes.iterator();
        while (it.hasNext()) {
            matcher.type(it.next(), new RefRestrictionType[0]);
        }
        if (z) {
            matcher.user(this.authenticationContext.getCurrentUser());
        }
        return ResponseFactory.ok(new RestPage(this.restrictionService.search(matcher.build(), pageRequest), RestRefRestriction.REST_TRANSFORM)).build();
    }

    private Set<String> validateGroups(Collection<String> collection, List<RestErrorMessage> list) {
        for (String str : collection) {
            if (!this.userService.existsGroup(str)) {
                list.add(new RestErrorMessage("groups", this.i18nService.getMessage(GROUP_INVALID, new Object[]{str})));
            }
        }
        return Sets.newHashSet(collection);
    }

    private RefMatcher validateMatcher(Repository repository, RestRefMatcher restRefMatcher, List<RestErrorMessage> list) {
        if (restRefMatcher != null) {
            return validateMatcher(repository, restRefMatcher.getType().getId(), restRefMatcher.getId(), list);
        }
        list.add(new RestErrorMessage(MATCHER_REQUIRED, this.i18nService.getMessage(MATCHER_REQUIRED, new Object[0])));
        return null;
    }

    private RefMatcher validateMatcher(Repository repository, String str, String str2, List<RestErrorMessage> list) {
        if (str2 == null) {
            list.add(new RestErrorMessage(MATCHER_ID, this.i18nService.getMessage(MATCHER_ID_REQUIRED, new Object[0])));
            return null;
        }
        if (str == null) {
            list.add(new RestErrorMessage(MATCHER_TYPE_ID, this.i18nService.getMessage(MATCHER_TYPE_REQUIRED, new Object[0])));
            return null;
        }
        RefMatcherProvider provider = this.refMatcherProviderRegistry.getProvider(str);
        if (provider == null || str.length() > 255) {
            list.add(new RestErrorMessage(MATCHER_TYPE_ID, this.i18nService.getMessage(INVALID_MATCHER_TYPE, new Object[]{str})));
            return null;
        }
        if (str2.length() > 255) {
            list.add(new RestErrorMessage(MATCHER_ID, this.i18nService.getMessage(MATCHER_ID_INVALID_LENGTH, new Object[]{255, Integer.valueOf(str2.length())})));
        }
        return provider.create(repository, str2);
    }

    private RefRestrictionType validateType(String str, List<RestErrorMessage> list) {
        try {
            return RefRestrictionType.forId(str);
        } catch (IllegalArgumentException e) {
            list.add(new RestErrorMessage("type", this.i18nService.getMessage(INVALID_RESTRICTION_TYPE, new Object[]{str})));
            return null;
        }
    }

    private Set<RefRestrictionType> validateTypes(Collection<String> collection, List<RestErrorMessage> list) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            RefRestrictionType validateType = validateType(it.next(), list);
            if (validateType != null) {
                hashSet.add(validateType);
            }
        }
        return hashSet;
    }

    private Set<ApplicationUser> validateUsers(Collection<String> collection, List<RestErrorMessage> list) {
        HashSet newHashSet = Sets.newHashSet(collection);
        Set<ApplicationUser> usersByName = this.userService.getUsersByName(newHashSet);
        if (usersByName.size() != newHashSet.size()) {
            Iterator it = Sets.filter(newHashSet, Predicates.not(Predicates.in(Collections2.transform(usersByName, UserUtils.TO_USERNAME)))).iterator();
            while (it.hasNext()) {
                list.add(new RestErrorMessage("users", this.i18nService.getMessage(INVALID_USER, new Object[]{(String) it.next()})));
            }
        }
        Iterator it2 = Sets.filter(usersByName, Predicates.not(this.isLicensed)).iterator();
        while (it2.hasNext()) {
            list.add(new RestErrorMessage("users", this.i18nService.getMessage(USER_UNLICENSED, new Object[]{((ApplicationUser) it2.next()).getDisplayName()})));
        }
        return usersByName;
    }
}
