package com.atlassian.stash.rest.user;

import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.project.ProjectService;
import com.atlassian.stash.rest.data.CommonJsonObjects;
import com.atlassian.stash.rest.data.RestPage;
import com.atlassian.stash.rest.data.RestPermitted;
import com.atlassian.stash.rest.data.RestPermittedGroup;
import com.atlassian.stash.rest.data.RestPermittedUser;
import com.atlassian.stash.rest.data.RestStashUser;
import com.atlassian.stash.rest.util.BadRequestException;
import com.atlassian.stash.rest.util.NotFoundException;
import com.atlassian.stash.rest.util.ResponseFactory;
import com.atlassian.stash.rest.util.RestResource;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionAdminService;
import com.atlassian.stash.user.PermittedGroup;
import com.atlassian.stash.user.PermittedUser;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.PageRequestImpl;
import com.google.common.base.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/atlassian/stash/rest/user/PermissionAdminManager.class */
public class PermissionAdminManager {
    private final PermissionAdminService permissionAdminService;
    private final ProjectService projectService;
    private final UserService userService;
    private final RestResource restResource;
    private final I18nService i18nService;
    private final Function<String, CommonJsonObjects.RestGroup> groupTransform = new Function<String, CommonJsonObjects.RestGroup>() { // from class: com.atlassian.stash.rest.user.PermissionAdminManager.1
        public CommonJsonObjects.RestGroup apply(String str) {
            return new CommonJsonObjects.RestGroup(str, Boolean.valueOf(PermissionAdminManager.this.userService.existsGroup(str)));
        }
    };

    public PermissionAdminManager(PermissionAdminService permissionAdminService, ProjectService projectService, UserService userService, RestResource restResource) {
        this.permissionAdminService = permissionAdminService;
        this.projectService = projectService;
        this.userService = userService;
        this.i18nService = restResource.getI18nService();
        this.restResource = restResource;
    }

    public Response getHighestGrantedPermissionsForUsers(@Nullable String str, @Nullable String str2, int i, int i2) {
        PageRequestImpl pageRequestImpl = new PageRequestImpl(i, i2, str);
        Project validateProject = validateProject(str2);
        return ResponseFactory.ok().entity(new RestPage(validateProject == null ? this.permissionAdminService.getUsersWithGlobalPermission(pageRequestImpl) : this.permissionAdminService.getUsersWithProjectPermission(validateProject, pageRequestImpl), new Function<PermittedUser, RestPermittedUser>() { // from class: com.atlassian.stash.rest.user.PermissionAdminManager.2
            public RestPermittedUser apply(@Nullable PermittedUser permittedUser) {
                return new RestPermittedUser(permittedUser);
            }
        })).build();
    }

    public Response getUsersWithoutAnyPermission(@Nullable String str, @Nullable String str2, int i, int i2) {
        PageRequestImpl pageRequestImpl = new PageRequestImpl(i, i2, str);
        Project validateProject = validateProject(str2);
        return ResponseFactory.ok().entity(new RestPage(validateProject == null ? this.permissionAdminService.getUsersWithoutGlobalPermission(pageRequestImpl) : this.permissionAdminService.getUsersWithoutProjectPermission(validateProject, pageRequestImpl), RestStashUser.USER_REST_TRANSFORM)).build();
    }

    public Response revokeAllPermissionsForUser(@Nullable String str, @Nonnull String str2) {
        StashUser validateUser = validateUser(str2, true);
        Project validateProject = validateProject(str);
        if (validateProject == null) {
            this.permissionAdminService.revokeAllGlobalPermissions(validateUser);
        } else {
            this.permissionAdminService.revokeAllProjectPermissions(validateProject, validateUser);
        }
        return ResponseFactory.noContent().build();
    }

    public Response setPermissionForUser(@Nullable String str, @Nonnull String str2, @Nonnull String str3) {
        Permission permissionFromName = getPermissionFromName(str3);
        StashUser validateUser = validateUser(str2, false);
        Project validateProjectAndPermission = validateProjectAndPermission(str, permissionFromName);
        if (validateProjectAndPermission == null) {
            this.permissionAdminService.setGlobalPermission(permissionFromName, validateUser);
        } else {
            this.permissionAdminService.setProjectPermission(validateProjectAndPermission, permissionFromName, validateUser);
        }
        return ResponseFactory.noContent().build();
    }

    public Response getHighestGrantedPermissionsForGroups(@Nullable String str, @Nullable String str2, int i, int i2) {
        PageRequestImpl pageRequestImpl = new PageRequestImpl(i, i2, str);
        Project validateProject = validateProject(str2);
        return ResponseFactory.ok().entity(new RestPage(validateProject == null ? this.permissionAdminService.getGroupsWithGlobalPermission(pageRequestImpl) : this.permissionAdminService.getGroupsWithProjectPermission(validateProject, pageRequestImpl), new Function<PermittedGroup, RestPermittedGroup>() { // from class: com.atlassian.stash.rest.user.PermissionAdminManager.3
            public RestPermittedGroup apply(@Nullable PermittedGroup permittedGroup) {
                return new RestPermittedGroup(permittedGroup);
            }
        })).build();
    }

    public Response getGroupsWithoutAnyPermission(@Nullable String str, @Nullable String str2, int i, int i2) {
        PageRequestImpl pageRequestImpl = new PageRequestImpl(i, i2, str);
        Project validateProject = validateProject(str2);
        return ResponseFactory.ok().entity(new RestPage(validateProject == null ? this.permissionAdminService.getGroupsWithoutGlobalPermission(pageRequestImpl) : this.permissionAdminService.getGroupsWithoutProjectPermission(validateProject, pageRequestImpl), this.groupTransform)).build();
    }

    public Response revokeAllPermissionsForGroup(@Nullable String str, @Nonnull String str2) {
        validateGroup(str2, false);
        Project validateProject = validateProject(str);
        if (validateProject == null) {
            this.permissionAdminService.revokeAllGlobalPermissions(str2);
        } else {
            this.permissionAdminService.revokeAllProjectPermissions(validateProject, str2);
        }
        return ResponseFactory.noContent().build();
    }

    public Response setPermissionForGroup(@Nullable String str, @Nonnull String str2, @Nonnull String str3) {
        Permission permissionFromName = getPermissionFromName(str2);
        validateGroup(str3, true);
        Project validateProjectAndPermission = validateProjectAndPermission(str, permissionFromName);
        if (validateProjectAndPermission == null) {
            this.permissionAdminService.setGlobalPermission(permissionFromName, str3);
        } else {
            this.permissionAdminService.setProjectPermission(validateProjectAndPermission, permissionFromName, str3);
        }
        return ResponseFactory.noContent().build();
    }

    public Response hasAllUserPermission(@Nullable String str, String str2) {
        Permission permissionFromName = getPermissionFromName(str2);
        Project validateProjectAndPermission = validateProjectAndPermission(str, permissionFromName);
        return ResponseFactory.ok().entity(new RestPermitted(validateProjectAndPermission == null ? this.permissionAdminService.hasAllGlobalPermission(permissionFromName) : this.permissionAdminService.hasAllProjectPermission(permissionFromName, validateProjectAndPermission))).build();
    }

    public Response modifyAllUserPermission(@Nullable String str, String str2, Boolean bool) {
        validateAllowValue(bool);
        Permission permissionFromName = getPermissionFromName(str2);
        Project validateProjectAndPermission = validateProjectAndPermission(str, permissionFromName);
        if (validateProjectAndPermission == null) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permission.admin.cannotgrant.globalall", "Global permissions cannot be granted to all users.", new Object[0]));
        }
        if (bool.booleanValue()) {
            this.permissionAdminService.grantAllProjectPermission(permissionFromName, validateProjectAndPermission);
        } else {
            this.permissionAdminService.revokeAllProjectPermission(permissionFromName, validateProjectAndPermission);
        }
        return ResponseFactory.noContent().build();
    }

    private void validateAllowValue(Boolean bool) {
        if (bool == null) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permissionadmin.invalidallow", "You must specify whether to allow or deny access using the 'allow' query string parameter.", new Object[0]));
        }
    }

    private void validateGroup(String str, boolean z) {
        if (str == null) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permissionadmin.invalidgroup", "The group name must be specified in the query string 'name' parameter.", new Object[0]));
        }
        if (z && !this.userService.existsGroup(str)) {
            throw new NotFoundException(this.i18nService.getText("stash.rest.permission.nosuchgroup", "No such group: {0}", new Object[]{str}));
        }
    }

    private StashUser validateUser(String str, boolean z) {
        if (str == null) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permissionadmin.invaliduser", "The user name must be specified in the query string 'name' parameter.", new Object[0]));
        }
        StashUser user = this.userService.getUser(str, z);
        if (user == null) {
            throw new NotFoundException(this.i18nService.getText("stash.rest.permission.nosuchuser", "No such user: {0}", new Object[]{str}));
        }
        return user;
    }

    private Project validateProjectAndPermission(@Nullable String str, Permission permission) {
        Project validateProject = validateProject(str);
        if (validateProject == null && !permission.isGlobal()) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permission.admin.projectatglobal", "You cannot use a project permission {0} at a global level.", new Object[]{permission.toString()}));
        }
        if (validateProject == null || !permission.isGlobal()) {
            return validateProject;
        }
        throw new BadRequestException(this.i18nService.getText("stash.rest.permission.admin.globalatproject", "You cannot use a global permission \"{0}\" at a project level.", new Object[]{permission.toString()}));
    }

    private Project validateProject(String str) {
        Project project = null;
        if (str != null) {
            project = this.projectService.findByKey(str);
            if (project == null) {
                throw this.restResource.noSuchProjectException(str);
            }
        }
        return project;
    }

    private Permission getPermissionFromName(String str) {
        if (str == null) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permissionadmin.missingpermission", "Permission must be specified.", new Object[0]));
        }
        try {
            return Permission.valueOf(str.toUpperCase().replace('-', '_'));
        } catch (IllegalArgumentException e) {
            throw new BadRequestException(this.i18nService.getText("stash.rest.permissionadmin.invalidpermission", "Permission {0} is not a valid permission.", new Object[]{str}));
        }
    }
}
