package com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.impl;

import com.atlassian.annotations.Internal;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateResult;
import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateService;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.SpacePermissionManager;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.util.i18n.I18NBeanFactory;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.google.common.annotations.VisibleForTesting;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Internal
/* loaded from: input_file:com/atlassian/confluence/plugins/confluence_kb_space_blueprint/services/impl/DefaultSpacePermissionUpdateService.class */
public class DefaultSpacePermissionUpdateService implements SpacePermissionUpdateService {
    private static final Logger log = LoggerFactory.getLogger(DefaultSpacePermissionUpdateService.class);
    private final PermissionManager permissionManager;
    private final SpacePermissionManager spacePermissionManager;
    private final I18NBeanFactory i18NBeanFactory;
    private final TransactionTemplate transactionTemplate;

    public DefaultSpacePermissionUpdateService(PermissionManager permissionManager, SpacePermissionManager spacePermissionManager, I18NBeanFactory i18NBeanFactory, TransactionTemplate transactionTemplate) {
        this.permissionManager = permissionManager;
        this.spacePermissionManager = spacePermissionManager;
        this.i18NBeanFactory = i18NBeanFactory;
        this.transactionTemplate = transactionTemplate;
    }

    @Override // com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateService
    public SpacePermissionUpdateResult setEnableAnonymousViewSpace(ConfluenceUser confluenceUser, Space space, boolean z, boolean z2) {
        SpacePermission createAnonymousSpacePermission = SpacePermission.createAnonymousSpacePermission("VIEWSPACE", space);
        if (!canModifySpacePermissions(confluenceUser, space) && !z2) {
            return SpacePermissionUpdateResult.error(this.i18NBeanFactory.getI18NBean().getText("com.atlassian.confluence.plugins.confluence-knowledge-base.not.permitted.space.permissions"));
        }
        if (z2) {
            log.debug("Skipping permission check while updating anonymous view permission for space with key: " + space.getKey());
            this.permissionManager.withExemption(() -> {
                setEnablePermission(createAnonymousSpacePermission, z);
            });
        } else {
            setEnablePermission(createAnonymousSpacePermission, z);
        }
        log.debug((z ? "Enabled" : "Disabled") + " anonymous view permission to space with key: " + space.getKey());
        return SpacePermissionUpdateResult.success();
    }

    @Override // com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateService
    public SpacePermissionUpdateResult setEnableUnlicensedViewSpace(ConfluenceUser confluenceUser, Space space, boolean z, boolean z2) {
        SpacePermission createAuthenticatedUsersSpacePermission = SpacePermission.createAuthenticatedUsersSpacePermission("VIEWSPACE", space);
        if (!canModifySpacePermissions(confluenceUser, space) && !z2) {
            return SpacePermissionUpdateResult.error(this.i18NBeanFactory.getI18NBean().getText("com.atlassian.confluence.plugins.confluence-knowledge-base.not.permitted.space.permissions"));
        }
        if (z2) {
            log.debug("Skipping permission check while updating unlicensed view permission for space with key: " + space.getKey());
            this.permissionManager.withExemption(() -> {
                setEnablePermission(createAuthenticatedUsersSpacePermission, z);
            });
        } else {
            setEnablePermission(createAuthenticatedUsersSpacePermission, z);
        }
        log.debug((z ? "Enabled" : "Disabled") + " unlicensed view permission to space with key: " + space.getKey());
        return SpacePermissionUpdateResult.success();
    }

    @Override // com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.SpacePermissionUpdateService
    public SpacePermissionUpdateResult setEnableGlobalUnlicensedAccess(ConfluenceUser confluenceUser, boolean z, boolean z2) {
        SpacePermission createAuthenticatedUsersSpacePermission = SpacePermission.createAuthenticatedUsersSpacePermission("LIMITEDUSECONFLUENCE", (Space) null);
        if (!canModifyGlobalPermissions(confluenceUser) && !z2) {
            return SpacePermissionUpdateResult.error(this.i18NBeanFactory.getI18NBean().getText("com.atlassian.confluence.plugins.confluence-knowledge-base.not.permitted.global.permissions"));
        }
        if (z2) {
            log.debug("Skipping permission check while updating global unlicensed access to Confluence.");
            this.permissionManager.withExemption(() -> {
                setEnablePermission(createAuthenticatedUsersSpacePermission, z);
            });
        } else {
            setEnablePermission(createAuthenticatedUsersSpacePermission, z);
        }
        log.debug((z ? "Enabled" : "Disabled") + " global unlicensed access to Confluence.");
        return SpacePermissionUpdateResult.success();
    }

    private boolean canModifySpacePermissions(ConfluenceUser confluenceUser, Space space) {
        return this.permissionManager.hasPermission(confluenceUser, Permission.SET_PERMISSIONS, space) || this.permissionManager.hasPermission(confluenceUser, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION);
    }

    private boolean canModifyGlobalPermissions(ConfluenceUser confluenceUser) {
        return this.permissionManager.hasPermission(confluenceUser, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION);
    }

    @VisibleForTesting
    protected void setEnablePermission(SpacePermission spacePermission, boolean z) {
        boolean permissionExists = this.spacePermissionManager.permissionExists(spacePermission);
        if (z && !permissionExists) {
            this.transactionTemplate.execute(() -> {
                this.spacePermissionManager.savePermission(spacePermission);
                return null;
            });
        } else {
            if (z || !permissionExists) {
                return;
            }
            this.transactionTemplate.execute(() -> {
                this.spacePermissionManager.removePermission(getLiveHibernatePermission(spacePermission));
                return null;
            });
        }
    }

    private SpacePermission getLiveHibernatePermission(SpacePermission spacePermission) {
        Space space = spacePermission.getSpace();
        Stream stream = (space != null ? space.getPermissions() : this.spacePermissionManager.getGlobalPermissions()).stream();
        spacePermission.getClass();
        return (SpacePermission) stream.filter((v1) -> {
            return r1.equals(v1);
        }).findFirst().orElseThrow(() -> {
            return new RuntimeException("Permission exists but could not retrieve permission object: " + spacePermission);
        });
    }
}
