package com.atlassian.confluence.functest.rest.admin;

import com.atlassian.confluence.api.model.people.Anonymous;
import com.atlassian.confluence.api.model.people.Group;
import com.atlassian.confluence.api.model.people.Person;
import com.atlassian.confluence.api.model.people.Subject;
import com.atlassian.confluence.api.service.exceptions.BadRequestException;
import com.atlassian.confluence.api.service.exceptions.NotFoundException;
import com.atlassian.confluence.api.service.exceptions.unchecked.NotImplementedServiceException;
import com.atlassian.confluence.functest.rest.admin.model.PermissionChange;
import com.atlassian.confluence.functest.rest.admin.model.SubjectPermissionChange;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.SpacePermissionManager;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.spaces.SpaceManager;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.plugins.rest.common.security.jersey.SysadminOnlyResourceFilter;
import com.sun.jersey.spi.container.ResourceFilters;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.support.TransactionTemplate;

@Path("/admin/permissions")
@Consumes({"application/json"})
@ResourceFilters({SysadminOnlyResourceFilter.class})
@Produces({"application/json"})
/* loaded from: input_file:com/atlassian/confluence/functest/rest/admin/PermissionsResource.class */
public class PermissionsResource {
    private final SpacePermissionManager spacePermissionManager;
    private final SpaceManager spaceManager;
    private final UserAccessor userAccessor;
    private final PlatformTransactionManager transactionManager;

    public PermissionsResource(@Qualifier("spacePermissionManager") SpacePermissionManager spacePermissionManager, SpaceManager spaceManager, UserAccessor userAccessor, @Qualifier("transactionManager") PlatformTransactionManager platformTransactionManager) {
        this.spacePermissionManager = (SpacePermissionManager) Objects.requireNonNull(spacePermissionManager);
        this.spaceManager = (SpaceManager) Objects.requireNonNull(spaceManager);
        this.userAccessor = (UserAccessor) Objects.requireNonNull(userAccessor);
        this.transactionManager = (PlatformTransactionManager) Objects.requireNonNull(platformTransactionManager);
    }

    @Path("global/subject")
    @PUT
    public void changeGlobalPermissions(List<SubjectPermissionChange> list) {
        withTransaction(() -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                SubjectPermissionChange subjectPermissionChange = (SubjectPermissionChange) it.next();
                Group subject = subjectPermissionChange.getSubject();
                if (subject instanceof Group) {
                    String name = subject.getName();
                    groupExistsOrThrowNotFound(name);
                    applyPermissionChange(SpacePermission.createGroupSpacePermission(subjectPermissionChange.getPermission(), (Space) null, name), subjectPermissionChange.shouldGrant());
                } else if (subject instanceof Anonymous) {
                    applyPermissionChange(SpacePermission.createAnonymousSpacePermission(subjectPermissionChange.getPermission(), (Space) null), subjectPermissionChange.shouldGrant());
                } else {
                    if (!(subject instanceof Person)) {
                        throw new NotImplementedServiceException("Unsupported Subject type: " + subject.getClass());
                    }
                    applyPermissionChange(SpacePermission.createUserSpacePermission(subjectPermissionChange.getPermission(), (Space) null, getConfluenceUserOrThrowNotFound((Person) subject)), subjectPermissionChange.shouldGrant());
                }
            }
        });
    }

    @Path("global/subject")
    @DELETE
    public void revokeAllGlobalPermissions(Subject subject) {
        withTransaction(() -> {
            if (subject instanceof Group) {
                String name = ((Group) subject).getName();
                groupExistsOrThrowNotFound(name);
                Stream filter = this.spacePermissionManager.getGlobalPermissions().stream().filter(spacePermission -> {
                    return spacePermission.isGroupPermission() && name.equals(spacePermission.getGroup());
                });
                SpacePermissionManager spacePermissionManager = this.spacePermissionManager;
                spacePermissionManager.getClass();
                filter.forEach(spacePermissionManager::removePermission);
                return;
            }
            if (subject instanceof Anonymous) {
                Stream filter2 = this.spacePermissionManager.getGlobalPermissions().stream().filter((v0) -> {
                    return v0.isAnonymousPermission();
                });
                SpacePermissionManager spacePermissionManager2 = this.spacePermissionManager;
                spacePermissionManager2.getClass();
                filter2.forEach(spacePermissionManager2::removePermission);
                return;
            }
            if (!(subject instanceof Person)) {
                throw new NotImplementedServiceException("Unsupported Subject type: " + subject.getClass());
            }
            ConfluenceUser confluenceUserOrThrowNotFound = getConfluenceUserOrThrowNotFound((Person) subject);
            Stream filter3 = this.spacePermissionManager.getGlobalPermissions().stream().filter(spacePermission2 -> {
                return spacePermission2.isUserPermission() && confluenceUserOrThrowNotFound.equals(spacePermission2.getUserSubject());
            });
            SpacePermissionManager spacePermissionManager3 = this.spacePermissionManager;
            spacePermissionManager3.getClass();
            filter3.forEach(spacePermissionManager3::removePermission);
        });
    }

    @Path("global/subject/unlicensed-authenticated")
    @PUT
    public void changeGlobalUnlicensedAuthenticatedPermissions(List<PermissionChange> list) {
        withTransaction(() -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                PermissionChange permissionChange = (PermissionChange) it.next();
                applyPermissionChange(SpacePermission.createAuthenticatedUsersSpacePermission(permissionChange.getPermission(), (Space) null), permissionChange.shouldGrant());
            }
        });
    }

    @Path("global/subject/unlicensed-authenticated")
    @DELETE
    public void revokeAllGlobalUnlicensedAuthenticatedPermissions() {
        withTransaction(() -> {
            Stream filter = this.spacePermissionManager.getGlobalPermissions().stream().filter((v0) -> {
                return v0.isAuthenticatedUsersPermission();
            });
            SpacePermissionManager spacePermissionManager = this.spacePermissionManager;
            spacePermissionManager.getClass();
            filter.forEach(spacePermissionManager::removePermission);
        });
    }

    @Path("space/{spaceKey}/subject")
    @PUT
    public void changeSpacePermissions(@PathParam("spaceKey") String str, List<SubjectPermissionChange> list) {
        withTransaction(() -> {
            Space spaceOrThrowNotFound = getSpaceOrThrowNotFound(str);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                SubjectPermissionChange subjectPermissionChange = (SubjectPermissionChange) it.next();
                Group subject = subjectPermissionChange.getSubject();
                if (subject instanceof Group) {
                    String name = subject.getName();
                    groupExistsOrThrowNotFound(name);
                    applyPermissionChange(SpacePermission.createGroupSpacePermission(subjectPermissionChange.getPermission(), spaceOrThrowNotFound, name), subjectPermissionChange.shouldGrant());
                } else if (subject instanceof Anonymous) {
                    applyPermissionChange(SpacePermission.createAnonymousSpacePermission(subjectPermissionChange.getPermission(), spaceOrThrowNotFound), subjectPermissionChange.shouldGrant());
                } else {
                    if (!(subject instanceof Person)) {
                        throw new NotImplementedServiceException("Unsupported Subject type: " + subject.getClass());
                    }
                    applyPermissionChange(SpacePermission.createUserSpacePermission(subjectPermissionChange.getPermission(), spaceOrThrowNotFound, getConfluenceUserOrThrowNotFound((Person) subject)), subjectPermissionChange.shouldGrant());
                }
            }
        });
    }

    @Path("space/{spaceKey}/subject")
    @DELETE
    public void revokeAllSpacePermissions(@PathParam("spaceKey") String str, Subject subject) {
        withTransaction(() -> {
            Space spaceOrThrowNotFound = getSpaceOrThrowNotFound(str);
            if (subject instanceof Group) {
                String name = ((Group) subject).getName();
                groupExistsOrThrowNotFound(name);
                Stream filter = spaceOrThrowNotFound.getPermissions().stream().filter(spacePermission -> {
                    return spacePermission.isGroupPermission() && name.equals(spacePermission.getGroup());
                });
                SpacePermissionManager spacePermissionManager = this.spacePermissionManager;
                spacePermissionManager.getClass();
                filter.forEach(spacePermissionManager::removePermission);
                return;
            }
            if (subject instanceof Anonymous) {
                Stream filter2 = spaceOrThrowNotFound.getPermissions().stream().filter((v0) -> {
                    return v0.isAnonymousPermission();
                });
                SpacePermissionManager spacePermissionManager2 = this.spacePermissionManager;
                spacePermissionManager2.getClass();
                filter2.forEach(spacePermissionManager2::removePermission);
                return;
            }
            if (!(subject instanceof Person)) {
                throw new NotImplementedServiceException("Unsupported Subject type: " + subject.getClass());
            }
            ConfluenceUser confluenceUserOrThrowNotFound = getConfluenceUserOrThrowNotFound((Person) subject);
            Stream filter3 = spaceOrThrowNotFound.getPermissions().stream().filter(spacePermission2 -> {
                return spacePermission2.isUserPermission() && confluenceUserOrThrowNotFound.equals(spacePermission2.getUserSubject());
            });
            SpacePermissionManager spacePermissionManager3 = this.spacePermissionManager;
            spacePermissionManager3.getClass();
            filter3.forEach(spacePermissionManager3::removePermission);
        });
    }

    @Path("space/{spaceKey}/subject/unlicensed-authenticated")
    @PUT
    public void changeSpaceUnlicensedAuthenticatedPermissions(@PathParam("spaceKey") String str, List<PermissionChange> list) {
        withTransaction(() -> {
            Space spaceOrThrowNotFound = getSpaceOrThrowNotFound(str);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                PermissionChange permissionChange = (PermissionChange) it.next();
                applyPermissionChange(SpacePermission.createAuthenticatedUsersSpacePermission(permissionChange.getPermission(), spaceOrThrowNotFound), permissionChange.shouldGrant());
            }
        });
    }

    @Path("space/{spaceKey}/subject/unlicensed-authenticated")
    @DELETE
    public void revokeAllSpaceUnlicensedAuthenticatedPermissions(@PathParam("spaceKey") String str) {
        withTransaction(() -> {
            Stream filter = getSpaceOrThrowNotFound(str).getPermissions().stream().filter((v0) -> {
                return v0.isAuthenticatedUsersPermission();
            });
            SpacePermissionManager spacePermissionManager = this.spacePermissionManager;
            spacePermissionManager.getClass();
            filter.forEach(spacePermissionManager::removePermission);
        });
    }

    @Path("global/subject/group/{groupName}/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeGlobalGroupPermission(@PathParam("groupName") String str, @PathParam("permission") String str2, boolean z) {
        withTransaction(() -> {
            groupExistsOrThrowNotFound(str);
            applyPermissionChange(SpacePermission.createGroupSpacePermission(str2, (Space) null, str), z);
        });
    }

    @Path("global/subject/username/{userName}/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeGlobalUserPermissionByUsername(@PathParam("userName") String str, @PathParam("permission") String str2, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createUserSpacePermission(str2, (Space) null, getConfluenceUserByNameOrThrowNotFound(str)), z);
        });
    }

    @Path("global/subject/unlicensed-authenticated/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeGlobalUnlicensedAuthenticatedPermission(@PathParam("permission") String str, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createAuthenticatedUsersSpacePermission(str, (Space) null), z);
        });
    }

    @Path("global/subject/anonymous/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeGlobalAnonymousPermission(@PathParam("permission") String str, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createAnonymousSpacePermission(str, (Space) null), z);
        });
    }

    @Path("space/{spaceKey}/subject/group/{groupName}/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeSpaceGroupPermission(@PathParam("spaceKey") String str, @PathParam("groupName") String str2, @PathParam("permission") String str3, boolean z) {
        withTransaction(() -> {
            groupExistsOrThrowNotFound(str2);
            applyPermissionChange(SpacePermission.createGroupSpacePermission(str3, getSpaceOrThrowNotFound(str), str2), z);
        });
    }

    @Path("space/{spaceKey}/subject/username/{userName}/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeSpaceUserPermissionByUsername(@PathParam("spaceKey") String str, @PathParam("userName") String str2, @PathParam("permission") String str3, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createUserSpacePermission(str3, getSpaceOrThrowNotFound(str), getConfluenceUserByNameOrThrowNotFound(str2)), z);
        });
    }

    @Path("space/{spaceKey}/subject/unlicensed-authenticated/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeSpaceUnlicensedAuthenticatedPermission(@PathParam("spaceKey") String str, @PathParam("permission") String str2, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createAuthenticatedUsersSpacePermission(str2, getSpaceOrThrowNotFound(str)), z);
        });
    }

    @Path("space/{spaceKey}/subject/anonymous/{permission}/enabled")
    @PUT
    @Deprecated
    public void deprecatedChangeSpaceAnonymousPermission(@PathParam("spaceKey") String str, @PathParam("permission") String str2, boolean z) {
        withTransaction(() -> {
            applyPermissionChange(SpacePermission.createAnonymousSpacePermission(str2, getSpaceOrThrowNotFound(str)), z);
        });
    }

    private ConfluenceUser getConfluenceUserByNameOrThrowNotFound(String str) {
        ConfluenceUser userByName = this.userAccessor.getUserByName(str);
        if (userByName == null) {
            throw new NotFoundException("User '" + str + "' does not exist");
        }
        return userByName;
    }

    private ConfluenceUser getConfluenceUserOrThrowNotFound(Person person) {
        return (ConfluenceUser) person.getUserKey().fold(() -> {
            return (ConfluenceUser) person.getOptionalUsername().fold(() -> {
                throw new BadRequestException("User has neither userKey nor username");
            }, str -> {
                ConfluenceUser userByName = this.userAccessor.getUserByName(str);
                if (userByName == null) {
                    throw new NotFoundException("Username '" + str + "' does not exist");
                }
                return userByName;
            });
        }, userKey -> {
            ConfluenceUser existingUserByKey = this.userAccessor.getExistingUserByKey(userKey);
            if (existingUserByKey == null) {
                throw new NotFoundException("User key '" + userKey + "' does not exist");
            }
            return existingUserByKey;
        });
    }

    private void groupExistsOrThrowNotFound(String str) {
        if (this.userAccessor.getGroup(str) == null) {
            throw new NotFoundException("Group '" + str + "' does not exist");
        }
    }

    private Space getSpaceOrThrowNotFound(String str) {
        Space space = this.spaceManager.getSpace(str);
        if (space == null) {
            throw new NotFoundException("Space '" + str + "' does not exist");
        }
        return space;
    }

    private void applyPermissionChange(SpacePermission spacePermission, boolean z) {
        boolean permissionExists = this.spacePermissionManager.permissionExists(spacePermission);
        if (z && !permissionExists) {
            this.spacePermissionManager.savePermission(spacePermission);
        } else {
            if (z || !permissionExists) {
                return;
            }
            this.spacePermissionManager.removePermission(getLiveHibernatePermission(spacePermission));
        }
    }

    @Nonnull
    private SpacePermission getLiveHibernatePermission(SpacePermission spacePermission) {
        Space space = spacePermission.getSpace();
        Stream stream = (space != null ? space.getPermissions() : this.spacePermissionManager.getGlobalPermissions()).stream();
        spacePermission.getClass();
        return (SpacePermission) stream.filter((v1) -> {
            return r1.equals(v1);
        }).findFirst().orElseThrow(() -> {
            return new RuntimeException("Permission exists but could not retrieve permission object: " + spacePermission);
        });
    }

    private void withTransaction(Runnable runnable) {
        TransactionTemplate transactionTemplate = new TransactionTemplate(this.transactionManager);
        transactionTemplate.setPropagationBehavior(0);
        transactionTemplate.setReadOnly(false);
        transactionTemplate.execute(transactionStatus -> {
            runnable.run();
            return null;
        });
    }
}
