package com.atlassian.sal.confluence.permission;

import com.atlassian.confluence.api.service.exceptions.PermissionException;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.permission.AuthorisationException;
import com.atlassian.sal.api.permission.NotAuthenticatedException;
import com.atlassian.sal.api.permission.PermissionEnforcer;

/* loaded from: input_file:confluence-sal-base-7.2.0-m39.jar:com/atlassian/sal/confluence/permission/ConfluencePermissionEnforcer.class */
public class ConfluencePermissionEnforcer implements PermissionEnforcer {
    private final I18nResolver i18nResolver;
    private final PermissionManager permissionManager;

    public ConfluencePermissionEnforcer(I18nResolver i18nResolver, PermissionManager permissionManager) {
        this.i18nResolver = i18nResolver;
        this.permissionManager = permissionManager;
    }

    public void enforceAdmin() throws AuthorisationException {
        if (!isAdmin()) {
            throw throwAccessDenied();
        }
    }

    public void enforceAuthenticated() throws NotAuthenticatedException {
        if (!isAuthenticated()) {
            throw throwAccessDenied();
        }
    }

    public void enforceSystemAdmin() throws AuthorisationException {
        if (!isSystemAdmin()) {
            throw throwAccessDenied();
        }
    }

    public boolean isAdmin() {
        ConfluenceUser currentUser = getCurrentUser();
        return currentUser != null && this.permissionManager.hasPermission(currentUser, Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION);
    }

    public boolean isAuthenticated() {
        return getCurrentUser() != null;
    }

    public boolean isSystemAdmin() {
        ConfluenceUser currentUser = getCurrentUser();
        return currentUser != null && this.permissionManager.hasPermission(currentUser, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM);
    }

    private ConfluenceUser getCurrentUser() {
        return AuthenticatedUserThreadLocal.get();
    }

    private AuthorisationException throwAccessDenied() {
        String text = this.i18nResolver.getText("confluence.service.accessdenied");
        PermissionException permissionException = new PermissionException(text);
        if (getCurrentUser() != null) {
            throw new AuthorisationException(text, permissionException);
        }
        throw new NotAuthenticatedException(text, permissionException);
    }
}
