package com.atlassian.stash.hooks.permissions.internal.rest;

import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.stash.exception.NoSuchEntityException;
import com.atlassian.stash.hooks.permissions.BranchPermissionService;
import com.atlassian.stash.hooks.permissions.RestrictedRef;
import com.atlassian.stash.hooks.permissions.internal.dao.AoRestrictedRef;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.rest.data.RestErrorMessage;
import com.atlassian.stash.rest.data.RestErrors;
import com.atlassian.stash.rest.data.RestPage;
import com.atlassian.stash.rest.util.ResponseFactory;
import com.atlassian.stash.rest.util.RestResource;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.UserUtils;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.sun.jersey.spi.resource.Singleton;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;

@Singleton
@Path("projects/{projectKey}/repos/{repositorySlug}/restricted")
@Consumes({"application/json"})
@AnonymousAllowed
@Produces({"application/json;charset=UTF-8"})
/* loaded from: input_file:com/atlassian/stash/hooks/permissions/internal/rest/RestrictedRefResource.class */
public class RestrictedRefResource extends RestResource {
    private static final Function<RestrictedRef, RestRestrictedRef> REST_TRANSFORM = new Function<RestrictedRef, RestRestrictedRef>() { // from class: com.atlassian.stash.hooks.permissions.internal.rest.RestrictedRefResource.1
        public RestRestrictedRef apply(RestrictedRef restrictedRef) {
            return new RestRestrictedRef(restrictedRef, null, null);
        }
    };
    private final BranchPermissionService branchPermissionService;
    private final PermissionService permissionService;
    private final UserService userService;
    private final Predicate<StashUser> isLicensed;

    public RestrictedRefResource(I18nService i18nService, BranchPermissionService branchPermissionService, PermissionService permissionService, UserService userService) {
        super(i18nService);
        this.isLicensed = new Predicate<StashUser>() { // from class: com.atlassian.stash.hooks.permissions.internal.rest.RestrictedRefResource.2
            public boolean apply(StashUser stashUser) {
                return RestrictedRefResource.this.permissionService.hasGlobalPermission(stashUser, Permission.LICENSED_USER);
            }
        };
        this.branchPermissionService = branchPermissionService;
        this.permissionService = permissionService;
        this.userService = userService;
    }

    @GET
    public Response findRestrictedRefs(@Context Repository repository) {
        return ResponseFactory.ok().entity(new RestPage(this.branchPermissionService.findRestrictedRefs(repository), REST_TRANSFORM)).build();
    }

    @GET
    @Path("{id}")
    public Response findRestrictedRef(@PathParam("id") Integer num) {
        RestrictedRef restrictedRef = this.branchPermissionService.getRestrictedRef(num.intValue());
        if (restrictedRef == null) {
            throw new NoSuchEntityException(this.i18nService.createKeyedMessage("stash.rest.restricted.ref.notfound", new Object[]{num}));
        }
        return ResponseFactory.ok().entity(REST_TRANSFORM.apply(restrictedRef)).build();
    }

    @POST
    public Response restrictRef(@Context Repository repository, RestRestrictedRef restRestrictedRef) {
        RestrictedRef restrictPattern;
        ArrayList newArrayList = Lists.newArrayList();
        validateTypeAndValue(restRestrictedRef, newArrayList);
        validateGroups(restRestrictedRef, newArrayList);
        Set<? extends StashUser> validateUsers = validateUsers(restRestrictedRef, newArrayList);
        validateAtLeastOnePermittedEntity(restRestrictedRef.getGroups(), validateUsers, newArrayList);
        if (!newArrayList.isEmpty()) {
            return ResponseFactory.status(Response.Status.BAD_REQUEST).entity(new RestErrors(newArrayList)).build();
        }
        switch (restRestrictedRef.getType()) {
            case BRANCH:
                restrictPattern = this.branchPermissionService.restrictBranch(repository, restRestrictedRef.getValue(), validateUsers, restRestrictedRef.getGroups());
                break;
            case PATTERN:
                restrictPattern = this.branchPermissionService.restrictPattern(repository, restRestrictedRef.getValue(), validateUsers, restRestrictedRef.getGroups());
                break;
            default:
                throw new IllegalStateException("Unrecognised type: " + restRestrictedRef.getType());
        }
        return ResponseFactory.ok(REST_TRANSFORM.apply(restrictPattern)).build();
    }

    private void validateGroups(RestRestrictedRef restRestrictedRef, List<RestErrorMessage> list) {
        for (String str : restRestrictedRef.getGroups()) {
            if (!this.userService.existsGroup(str)) {
                list.add(new RestErrorMessage("groups", this.i18nService.getMessage("stash.rest.restricted.ref.group.invalid", new Object[]{str})));
            }
        }
    }

    @Path("{id}")
    @PUT
    public Response updateRestrictedRef(@PathParam("id") Integer num, RestRestrictedRef restRestrictedRef) {
        if (num == null) {
            return ResponseFactory.status(Response.Status.BAD_REQUEST).entity("An id is required to update a restricted ref").build();
        }
        ArrayList newArrayList = Lists.newArrayList();
        validateTypeAndValue(restRestrictedRef, newArrayList);
        validateGroups(restRestrictedRef, newArrayList);
        Set<? extends StashUser> validateUsers = validateUsers(restRestrictedRef, newArrayList);
        validateAtLeastOnePermittedEntity(restRestrictedRef.getGroups(), validateUsers, newArrayList);
        if (newArrayList.isEmpty()) {
            return ResponseFactory.ok(REST_TRANSFORM.apply(this.branchPermissionService.updateRestrictedRef(num.intValue(), restRestrictedRef.getValue(), validateUsers, restRestrictedRef.getGroups()))).build();
        }
        return ResponseFactory.status(Response.Status.BAD_REQUEST).entity(new RestErrors(newArrayList)).build();
    }

    @Path("{id}")
    @DELETE
    public Response removeRestrictedRef(@PathParam("id") Integer num) {
        this.branchPermissionService.removeRestrictedRef(num.intValue());
        return ResponseFactory.noContent().build();
    }

    private Set<? extends StashUser> validateUsers(RestRestrictedRef restRestrictedRef, List<RestErrorMessage> list) {
        HashSet newHashSet = Sets.newHashSet(restRestrictedRef.getUsers());
        Set<? extends StashUser> usersByName = this.userService.getUsersByName(newHashSet);
        if (usersByName.size() != newHashSet.size()) {
            Iterator it = Sets.filter(newHashSet, Predicates.not(Predicates.in(Collections2.transform(usersByName, UserUtils.TO_USERNAME)))).iterator();
            while (it.hasNext()) {
                list.add(new RestErrorMessage("users", this.i18nService.getMessage("stash.rest.restricted.ref.user.invalid", new Object[]{(String) it.next()})));
            }
        }
        Iterator it2 = Sets.filter(usersByName, Predicates.not(this.isLicensed)).iterator();
        while (it2.hasNext()) {
            list.add(new RestErrorMessage("users", this.i18nService.getMessage("stash.rest.restricted.ref.user.unlicensed", new Object[]{((StashUser) it2.next()).getDisplayName()})));
        }
        return usersByName;
    }

    private void validateTypeAndValue(RestRestrictedRef restRestrictedRef, List<RestErrorMessage> list) {
        if (restRestrictedRef.getType() == null) {
            list.add(new RestErrorMessage("type", this.i18nService.getMessage("stash.rest.restricted.ref.type.required", new Object[0])));
            return;
        }
        switch (restRestrictedRef.getType()) {
            case BRANCH:
                if (StringUtils.isBlank(restRestrictedRef.getValue())) {
                    list.add(new RestErrorMessage("value", this.i18nService.getMessage("stash.rest.restricted.ref.branch.required", new Object[0])));
                    return;
                }
                return;
            case PATTERN:
                if (StringUtils.isBlank(restRestrictedRef.getValue())) {
                    list.add(new RestErrorMessage("value", this.i18nService.getMessage("stash.rest.restricted.ref.pattern.required", new Object[0])));
                    return;
                } else {
                    if (restRestrictedRef.getValue().length() > 767) {
                        list.add(new RestErrorMessage("value", this.i18nService.getMessage("stash.rest.restricted.ref.pattern.too.large", new Object[]{Integer.valueOf(AoRestrictedRef.MAX_REF_VALUE_LENGTH), Integer.valueOf(restRestrictedRef.getValue().length())})));
                        return;
                    }
                    return;
                }
            default:
                return;
        }
    }

    private void validateAtLeastOnePermittedEntity(Collection<String> collection, Collection<? extends StashUser> collection2, List<RestErrorMessage> list) {
        if (collection2.isEmpty() && collection.isEmpty()) {
            list.add(new RestErrorMessage("permitted", this.i18nService.getMessage("stash.rest.restricted.ref.permitted.required", new Object[0])));
        }
    }
}
