package com.atlassian.confluence.plugins.rest.jackson2.filter;

import com.atlassian.annotations.security.UnrestrictedAccess;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.core.filters.AbstractHttpFilter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@UnrestrictedAccess
/* loaded from: input_file:com/atlassian/confluence/plugins/rest/jackson2/filter/CanUseFilter.class */
public class CanUseFilter extends AbstractHttpFilter {
    private final PermissionManager permissionManager;

    public CanUseFilter(PermissionManager permissionManager) {
        this.permissionManager = permissionManager;
    }

    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        if (canUseConfluenceCheck(confluenceUser)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (confluenceUser == null) {
            httpServletResponse.sendError(401);
        } else {
            httpServletResponse.sendError(403);
        }
    }

    protected boolean canUseConfluenceCheck(ConfluenceUser confluenceUser) {
        return this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, PermissionManager.TARGET_APPLICATION);
    }
}
