package com.atlassian.crowd.plugin.rest.service.resource.permission;

import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.application.InternalApplicationHelper;
import com.atlassian.crowd.manager.application.InternalApplicationHelperImpl;
import com.atlassian.crowd.manager.permission.AnonymousUserPermissionException;
import com.atlassian.crowd.manager.permission.DirectoryGroup;
import com.atlassian.crowd.manager.permission.PermittedGroup;
import com.atlassian.crowd.manager.permission.UserPermissionAdminService;
import com.atlassian.crowd.manager.permission.UserPermissionDowngradeException;
import com.atlassian.crowd.manager.permission.UserPermissionException;
import com.atlassian.crowd.manager.permission.UserPermissionService;
import com.atlassian.crowd.model.permission.UserPermission;
import com.atlassian.crowd.plugin.rest.entity.GroupEntityList;
import com.atlassian.crowd.plugin.rest.entity.RestDirectoryGroup;
import com.atlassian.crowd.plugin.rest.entity.RestPermittedGroup;
import com.atlassian.crowd.plugin.rest.entity.page.RestPage;
import com.atlassian.crowd.plugin.rest.response.ResponseFactory;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;

@Path("admin")
@Consumes({"application/json"})
@Produces({"application/json"})
@AnonymousAllowed
/* loaded from: input_file:com/atlassian/crowd/plugin/rest/service/resource/permission/UserPermissionAdminResource.class */
public class UserPermissionAdminResource {
    private static final String DEFAULT_MAX_GROUPS = "30";
    private final UserPermissionService permissionService;
    private final UserPermissionAdminService permissionAdminService;
    private final InternalApplicationHelper applicationHelper;

    public UserPermissionAdminResource(UserPermissionService userPermissionService, UserPermissionAdminService userPermissionAdminService, ApplicationManager applicationManager) {
        this.permissionService = (UserPermissionService) Preconditions.checkNotNull(userPermissionService);
        this.permissionAdminService = (UserPermissionAdminService) Preconditions.checkNotNull(userPermissionAdminService);
        this.applicationHelper = new InternalApplicationHelperImpl((ApplicationManager) Preconditions.checkNotNull(applicationManager));
    }

    @GET
    @Path(GroupEntityList.GROUP_LIST_FIELD_NAME)
    public Response getDirectoryGroups(@QueryParam("prefix") String str, @QueryParam("start") int i, @QueryParam("limit") @DefaultValue("30") int i2) throws AnonymousUserPermissionException {
        Preconditions.checkArgument(i >= 0, "'start' must be greater than or equal to 0");
        Preconditions.checkArgument(i2 > 0, "'limit' must be greater than 0");
        final boolean isSingleDirectoryMapping = isSingleDirectoryMapping();
        return ResponseFactory.ok(new RestPage(StringUtils.isEmpty(str) ? this.permissionAdminService.findGroups(i, i2) : this.permissionAdminService.findGroupsByPrefix(str, i, i2), new Function<DirectoryGroup, RestDirectoryGroup>() { // from class: com.atlassian.crowd.plugin.rest.service.resource.permission.UserPermissionAdminResource.1
            public RestDirectoryGroup apply(DirectoryGroup directoryGroup) {
                return new RestDirectoryGroup(directoryGroup.getGroupName(), directoryGroup.getDirectoryId(), isSingleDirectoryMapping ? null : directoryGroup.getDirectoryName());
            }
        })).build();
    }

    @GET
    public Response getPermissions(@QueryParam("prefix") String str, @QueryParam("start") int i, @QueryParam("limit") int i2) throws UserPermissionException, AnonymousUserPermissionException {
        final boolean isSingleDirectoryMapping = isSingleDirectoryMapping();
        Function<PermittedGroup, RestPermittedGroup> function = new Function<PermittedGroup, RestPermittedGroup>() { // from class: com.atlassian.crowd.plugin.rest.service.resource.permission.UserPermissionAdminResource.2
            public RestPermittedGroup apply(PermittedGroup permittedGroup) {
                return new RestPermittedGroup(permittedGroup.getGroupName(), permittedGroup.getPermission(), permittedGroup.getDirectoryId(), isSingleDirectoryMapping ? null : permittedGroup.getDirectoryName());
            }
        };
        if (this.permissionService.currentUserHasPermission(UserPermission.ADMIN)) {
            return ResponseFactory.ok(new RestPage(StringUtils.isEmpty(str) ? this.permissionAdminService.findGroupsWithPermission(i, i2) : this.permissionAdminService.findGroupsWithPermissionByPrefix(str, i, i2), function)).build();
        }
        throw new UserPermissionException("You have insufficient permissions to view permitted groups.");
    }

    private boolean isSingleDirectoryMapping() {
        return this.applicationHelper.findCrowdConsoleApplication().getDirectoryMappings().size() == 1;
    }

    @PUT
    public Response setPermissions(@QueryParam("permission") String str, List<RestDirectoryGroup> list) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionException, UserPermissionDowngradeException, AnonymousUserPermissionException {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("A group must be provided to grant permissions.");
        }
        this.permissionAdminService.setPermissionForGroups(list, str == null ? null : UserPermission.valueOf(str));
        return ResponseFactory.noContent().build();
    }

    @POST
    @Path("revoke")
    public Response revokePermissions(RestDirectoryGroup restDirectoryGroup) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionDowngradeException, AnonymousUserPermissionException {
        if (restDirectoryGroup == null) {
            throw new IllegalArgumentException("A group must be provided to revoke permissions.");
        }
        this.permissionAdminService.revokePermissionsForGroup(restDirectoryGroup);
        return ResponseFactory.noContent().build();
    }
}
