package com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest;

import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest.request.SetGlobalUnlicensedAccessRequest;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest.request.SetViewSpacePermissionRequest;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest.response.GlobalPermissionStateResponse;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest.response.PermissionStateResponse;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.rest.response.SpacePermissionStateResponse;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.ApplicationLinkRequestVerifier;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateResult;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateService;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.SpacePermissionManager;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.spaces.SpaceManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.util.i18n.I18NBeanFactory;
import com.atlassian.fugue.Option;
import com.atlassian.json.jsonorg.JSONObject;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.sal.api.features.DarkFeatureManager;
import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.collect.ImmutableMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json;charset=UTF-8"})
@Path("/permissions")
@Consumes({"application/json;charset=UTF-8"})
/* loaded from: input_file:com/atlassian/confluence/plugins/confluence_kb_space_blueprint/rest/PermissionsResource.class */
public class PermissionsResource {
    private static final String PERMISSIONS_DISABLED_DARK_FEATURE = "confluence.kb.permissions.resource.disabled";
    private static final Logger log = LoggerFactory.getLogger(PermissionsResource.class);
    private final SpacePermissionManager spacePermissionManager;
    private final SpaceManager spaceManager;
    private final SpacePermissionUpdateService spacePermissionUpdateService;
    private final ApplicationLinkRequestVerifier applicationLinkRequestVerifier;
    private final DarkFeatureManager darkFeatureManager;
    private final I18NBeanFactory i18NBeanFactory;

    public PermissionsResource(SpacePermissionManager spacePermissionManager, SpaceManager spaceManager, SpacePermissionUpdateService spacePermissionUpdateService, ApplicationLinkRequestVerifier applicationLinkRequestVerifier, DarkFeatureManager darkFeatureManager, I18NBeanFactory i18NBeanFactory) {
        this.spacePermissionManager = spacePermissionManager;
        this.spaceManager = spaceManager;
        this.spacePermissionUpdateService = spacePermissionUpdateService;
        this.applicationLinkRequestVerifier = applicationLinkRequestVerifier;
        this.darkFeatureManager = darkFeatureManager;
        this.i18NBeanFactory = i18NBeanFactory;
    }

    @GET
    @AnonymousAllowed
    public Response queryPermissions(@QueryParam("spaceKey") String str) {
        return this.darkFeatureManager.isFeatureEnabledForAllUsers(PERMISSIONS_DISABLED_DARK_FEATURE) ? featureDisabledResponse() : StringUtils.isNotEmpty(str) ? (Response) Option.option(this.spaceManager.getSpace(str)).fold(this::spaceNotFoundResponse, space -> {
            return Response.ok(buildSpaceStateResponse(space)).build();
        }) : Response.ok(buildSpaceStateResponse()).build();
    }

    @POST
    @AnonymousAllowed
    @Path("space/anonymousview")
    public Response setAnonymousViewSpacePermission(SetViewSpacePermissionRequest setViewSpacePermissionRequest, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (this.darkFeatureManager.isFeatureEnabledForAllUsers(PERMISSIONS_DISABLED_DARK_FEATURE)) {
            return featureDisabledResponse();
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        boolean isApplicationLinkRequest = this.applicationLinkRequestVerifier.isApplicationLinkRequest(httpServletRequest, httpServletResponse);
        if (isApplicationLinkRequest) {
            log.debug("Current request was made over Application Link, skipping permission check for updating anonymous view permission");
        }
        return updateSpacePermission(setViewSpacePermissionRequest.spaceKey, space -> {
            return this.spacePermissionUpdateService.setEnableAnonymousViewSpace(confluenceUser, space, setViewSpacePermissionRequest.enablePermission, isApplicationLinkRequest);
        });
    }

    @POST
    @AnonymousAllowed
    @Path("space/unlicensedview")
    public Response setUnlicensedViewSpacePermission(SetViewSpacePermissionRequest setViewSpacePermissionRequest, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (this.darkFeatureManager.isFeatureEnabledForAllUsers(PERMISSIONS_DISABLED_DARK_FEATURE)) {
            return featureDisabledResponse();
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        boolean isApplicationLinkRequest = this.applicationLinkRequestVerifier.isApplicationLinkRequest(httpServletRequest, httpServletResponse);
        if (isApplicationLinkRequest) {
            log.debug("Current request was made over Application Link, skipping permission check for updating unlicensed user view permission");
        }
        return updateSpacePermission(setViewSpacePermissionRequest.spaceKey, space -> {
            return this.spacePermissionUpdateService.setEnableUnlicensedViewSpace(confluenceUser, space, setViewSpacePermissionRequest.enablePermission, isApplicationLinkRequest);
        });
    }

    private Response updateSpacePermission(String str, Function<Space, SpacePermissionUpdateResult> function) {
        return (Response) Option.option(this.spaceManager.getSpace(str)).toRight(this::spaceNotFoundResponse).map(space -> {
            SpacePermissionUpdateResult spacePermissionUpdateResult = (SpacePermissionUpdateResult) function.apply(space);
            return spacePermissionUpdateResult.isSuccessful() ? Response.ok(buildSpaceStateResponse(space)).build() : toErrorResponse(spacePermissionUpdateResult);
        }).fold(Functions.identity(), Functions.identity());
    }

    @POST
    @AnonymousAllowed
    @Path("global/unlicensedaccess")
    public Response setGlobalPermission(SetGlobalUnlicensedAccessRequest setGlobalUnlicensedAccessRequest, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (this.darkFeatureManager.isFeatureEnabledForAllUsers(PERMISSIONS_DISABLED_DARK_FEATURE)) {
            return featureDisabledResponse();
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        boolean isApplicationLinkRequest = this.applicationLinkRequestVerifier.isApplicationLinkRequest(httpServletRequest, httpServletResponse);
        if (isApplicationLinkRequest) {
            log.debug("Current request was made over Application Link, skipping permission check for updating global unlicensed access");
        }
        SpacePermissionUpdateResult enableGlobalUnlicensedAccess = this.spacePermissionUpdateService.setEnableGlobalUnlicensedAccess(confluenceUser, setGlobalUnlicensedAccessRequest.enablePermission, isApplicationLinkRequest);
        return enableGlobalUnlicensedAccess.isSuccessful() ? Response.ok(buildGlobalStateResponse()).build() : toErrorResponse(enableGlobalUnlicensedAccess);
    }

    private PermissionStateResponse buildSpaceStateResponse() {
        return new PermissionStateResponse(null, buildGlobalStateResponse());
    }

    private PermissionStateResponse buildSpaceStateResponse(Space space) {
        return new PermissionStateResponse(new SpacePermissionStateResponse(space.getKey(), isSpaceUnlicensedAuthenticatedViewEnabled(space), isSpaceAnonymousViewEnabled(space)), buildGlobalStateResponse());
    }

    private GlobalPermissionStateResponse buildGlobalStateResponse() {
        return new GlobalPermissionStateResponse(isGlobalUnlicensedAccessEnabled(), isGlobalAnonymousAccessEnabled());
    }

    private boolean isGlobalUnlicensedAccessEnabled() {
        return this.spacePermissionManager.permissionExists(SpacePermission.createAuthenticatedUsersSpacePermission("LIMITEDUSECONFLUENCE", (Space) null));
    }

    private boolean isGlobalAnonymousAccessEnabled() {
        return this.spacePermissionManager.permissionExists(SpacePermission.createAnonymousSpacePermission("USECONFLUENCE", (Space) null));
    }

    private boolean isSpaceUnlicensedAuthenticatedViewEnabled(Space space) {
        return this.spacePermissionManager.permissionExists(SpacePermission.createAuthenticatedUsersSpacePermission("VIEWSPACE", space));
    }

    private boolean isSpaceAnonymousViewEnabled(Space space) {
        return this.spacePermissionManager.permissionExists(SpacePermission.createAnonymousSpacePermission("VIEWSPACE", space));
    }

    private Response spaceNotFoundResponse() {
        return Response.status(Response.Status.NOT_FOUND).entity(jsonErrorObject(this.i18NBeanFactory.getI18NBean().getText("com.atlassian.confluence.plugins.confluence-knowledge-base.space.not.found"))).build();
    }

    private Response featureDisabledResponse() {
        return Response.status(Response.Status.GONE).entity(jsonErrorObject(this.i18NBeanFactory.getI18NBean().getText("com.atlassian.confluence.plugins.confluence-knowledge-base.permissions.resource.disabled"))).build();
    }

    private static Response toErrorResponse(SpacePermissionUpdateResult spacePermissionUpdateResult) {
        return Response.status(Response.Status.FORBIDDEN).entity(jsonErrorObject((String) spacePermissionUpdateResult.getI18ErrorOpt().getOrNull())).build();
    }

    private static String jsonErrorObject(String str) {
        return new JSONObject(ImmutableMap.of("errorMessage", StringUtils.defaultIfBlank(str, ""))).toString();
    }
}
