package com.atlassian.upm.core.permission;

import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.event.events.PluginDisabledEvent;
import com.atlassian.plugin.event.events.PluginEnabledEvent;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.upm.SysCommon;
import com.atlassian.upm.UpmPluginAccessor;
import com.atlassian.upm.api.util.Option;
import com.atlassian.upm.core.Plugin;
import com.atlassian.upm.core.PluginMetadataAccessor;
import com.atlassian.upm.core.permission.PermissionService;
import com.google.common.collect.ImmutableSet;
import java.net.URI;
import java.util.Objects;
import java.util.Set;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:com/atlassian/upm/core/permission/DefaultPermissionService.class */
public class DefaultPermissionService implements PermissionService, InitializingBean, DisposableBean {
    private final PluginMetadataAccessor metadata;
    private final ApplicationProperties applicationProperties;
    private final EventPublisher eventPublisher;
    private final UpmPluginAccessor pluginAccessor;
    private boolean connectPluginAvailable = false;

    @Deprecated
    static final String CONFLUENCE_MACROS_HTML = "confluence.macros.html:html";

    @Deprecated
    static final String CONFLUENCE_MACROS_HTML_INCLUDE = "confluence.macros.html:html-include";
    private static Set<String> SYSADMIN_ONLY_MODULES = ImmutableSet.of(CONFLUENCE_MACROS_HTML, "confluence.macros.html:html-xhtml", CONFLUENCE_MACROS_HTML_INCLUDE, "confluence.macros.html:html-include-xhtml");

    public DefaultPermissionService(PluginMetadataAccessor pluginMetadataAccessor, ApplicationProperties applicationProperties, EventPublisher eventPublisher, UpmPluginAccessor upmPluginAccessor) {
        this.metadata = (PluginMetadataAccessor) Objects.requireNonNull(pluginMetadataAccessor, "metadata");
        this.applicationProperties = (ApplicationProperties) Objects.requireNonNull(applicationProperties, "applicationProperties");
        this.eventPublisher = (EventPublisher) Objects.requireNonNull(eventPublisher, "eventPublisher");
        this.pluginAccessor = (UpmPluginAccessor) Objects.requireNonNull(upmPluginAccessor, "pluginAccessor");
    }

    @Override // com.atlassian.upm.core.permission.PermissionService
    public Option<PermissionService.PermissionError> getPermissionError(UserAttributes userAttributes, Permission permission) {
        if (userAttributes == null) {
            return Option.some(PermissionService.PermissionError.UNAUTHORIZED);
        }
        switch (permission) {
            case GET_PLUGIN_MODULES:
            case GET_INSTALLED_PLUGINS:
            case GET_AUDIT_LOG:
                return adminOrSysadmin(userAttributes);
            case MANAGE_PLUGIN_ENABLEMENT:
            case MANAGE_PLUGIN_MODULE_ENABLEMENT:
                return adminOrSysadmin(userAttributes);
            case MANAGE_IN_PROCESS_PLUGIN_INSTALL_FROM_FILE:
                return sysadminOnly(userAttributes);
            case MANAGE_IN_PROCESS_PLUGIN_INSTALL_FROM_URI:
                return sysadminOnly(userAttributes);
            case MANAGE_PLUGIN_UNINSTALL:
            case MANAGE_AUDIT_LOG:
                return sysadminOnly(userAttributes);
            case MANAGE_PLUGIN_LICENSE:
                return adminOrSysadmin(userAttributes);
            case GET_APPLICATIONS:
            case MANAGE_APPLICATION_CONFIG:
            case MANAGE_APPLICATION_LICENSES:
                return sysadminOnly(userAttributes);
            case SCAN_PLUGIN_DIRECTORY:
                return sysadminOnly(userAttributes);
            default:
                throw new IllegalArgumentException("Unhandled permission: " + permission);
        }
    }

    @Override // com.atlassian.upm.core.permission.PermissionService
    public Option<PermissionService.PermissionError> getPermissionError(UserAttributes userAttributes, Permission permission, Plugin plugin) {
        return getPermissionError(userAttributes, permission);
    }

    @Override // com.atlassian.upm.core.permission.PermissionService
    public Option<PermissionService.PermissionError> getPermissionError(UserAttributes userAttributes, Permission permission, Plugin.Module module) {
        switch (permission) {
            case MANAGE_PLUGIN_ENABLEMENT:
                return getPermissionError(userAttributes, permission, module.getPlugin());
            case MANAGE_PLUGIN_MODULE_ENABLEMENT:
                return (!module.getPlugin().isEnabled() || module.getPlugin().isUpmPlugin()) ? Option.some(PermissionService.PermissionError.CONFLICT) : SYSADMIN_ONLY_MODULES.contains(module.getCompleteKey()) ? sysadminOnly(userAttributes) : getPermissionError(userAttributes, permission, module.getPlugin());
            default:
                return getPermissionError(userAttributes, permission);
        }
    }

    @Override // com.atlassian.upm.core.permission.PermissionService
    public Option<PermissionService.PermissionError> getInProcessInstallationFromUriPermissionError(UserAttributes userAttributes, URI uri) {
        return sysadminOnly(userAttributes);
    }

    protected Option<PermissionService.PermissionError> adminOrSysadmin(UserAttributes userAttributes) {
        return (userAttributes.isSystemAdmin() || userAttributes.isAdmin()) ? Option.none(PermissionService.PermissionError.class) : Option.some(PermissionService.PermissionError.UNAUTHORIZED);
    }

    protected Option<PermissionService.PermissionError> sysadminOnly(UserAttributes userAttributes) {
        return userAttributes.isSystemAdmin() ? Option.none(PermissionService.PermissionError.class) : Option.some(PermissionService.PermissionError.UNAUTHORIZED);
    }

    protected Option<PermissionService.PermissionError> nonSysadminOnly(UserAttributes userAttributes) {
        return userAttributes.isSystemAdmin() ? Option.some(PermissionService.PermissionError.UNAUTHORIZED) : Option.none(PermissionService.PermissionError.class);
    }

    protected Option<PermissionService.PermissionError> inApplication(String... strArr) {
        String displayName = this.applicationProperties.getDisplayName();
        for (String str : strArr) {
            if (displayName.equalsIgnoreCase(str)) {
                return Option.none(PermissionService.PermissionError.class);
            }
        }
        return Option.some(PermissionService.PermissionError.FORBIDDEN);
    }

    public void afterPropertiesSet() throws Exception {
        this.eventPublisher.register(this);
        this.connectPluginAvailable = this.pluginAccessor.isPluginEnabled(SysCommon.ATLASSIAN_CONNECT_PLUGIN_KEY);
    }

    public void destroy() throws Exception {
        this.eventPublisher.unregister(this);
    }

    @EventListener
    public void onPluginEnabled(PluginEnabledEvent pluginEnabledEvent) {
        if (SysCommon.ATLASSIAN_CONNECT_PLUGIN_KEY.equals(pluginEnabledEvent.getPlugin().getKey())) {
            this.connectPluginAvailable = true;
        }
    }

    @EventListener
    public void onPluginDisabled(PluginDisabledEvent pluginDisabledEvent) {
        if (SysCommon.ATLASSIAN_CONNECT_PLUGIN_KEY.equals(pluginDisabledEvent.getPlugin().getKey())) {
            this.connectPluginAvailable = false;
        }
    }
}
