package com.atlassian.upm.core.rest.resources.permission;

import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.upm.core.Plugin;
import com.atlassian.upm.core.permission.Permission;
import com.atlassian.upm.core.permission.PermissionService;
import com.atlassian.upm.core.permission.UserAttributes;
import java.net.URI;
import java.util.Iterator;
import java.util.Objects;

/* loaded from: input_file:com/atlassian/upm/core/rest/resources/permission/PermissionEnforcer.class */
public class PermissionEnforcer {
    private final UserManager userManager;
    private final PermissionService permissionService;

    public PermissionEnforcer(UserManager userManager, PermissionService permissionService) {
        this.userManager = (UserManager) Objects.requireNonNull(userManager, "userManager");
        this.permissionService = (PermissionService) Objects.requireNonNull(permissionService, "permissionService");
    }

    public void enforcePermission(Permission permission) {
        Iterator<PermissionService.PermissionError> it = this.permissionService.getPermissionError(getUserAttributes(), permission).iterator();
        while (it.hasNext()) {
            handleError(it.next());
        }
    }

    public void enforcePermission(Permission permission, Plugin plugin) {
        Iterator<PermissionService.PermissionError> it = this.permissionService.getPermissionError(getUserAttributes(), permission, plugin).iterator();
        while (it.hasNext()) {
            handleError(it.next());
        }
    }

    public void enforcePermission(Permission permission, Plugin.Module module) {
        Iterator<PermissionService.PermissionError> it = this.permissionService.getPermissionError(getUserAttributes(), permission, module).iterator();
        while (it.hasNext()) {
            handleError(it.next());
        }
    }

    public boolean hasPermission(Permission permission) {
        return !this.permissionService.getPermissionError(getUserAttributes(), permission).isDefined();
    }

    public boolean hasPermission(Permission permission, Plugin plugin) {
        return !this.permissionService.getPermissionError(getUserAttributes(), permission, plugin).isDefined();
    }

    public boolean hasPermission(Permission permission, Plugin.Module module) {
        return !this.permissionService.getPermissionError(getUserAttributes(), permission, module).isDefined();
    }

    public boolean hasVendorFeedbackPermission(Plugin plugin) {
        return (hasPermission(Permission.MANAGE_PLUGIN_UNINSTALL, plugin) || hasPermission(Permission.MANAGE_PLUGIN_ENABLEMENT, plugin)) && hasPermission(Permission.ADD_ANALYTICS_ACTIVITY);
    }

    public boolean hasInProcessInstallationFromUriPermission(URI uri) {
        return hasInProcessInstallationFromUriPermission(this.userManager.getRemoteUserKey(), uri);
    }

    public boolean hasInProcessInstallationFromUriPermission(UserKey userKey, URI uri) {
        return !this.permissionService.getInProcessInstallationFromUriPermissionError(UserAttributes.fromUserKey(userKey, this.userManager), uri).isDefined();
    }

    public void enforceInProcessInstallationFromUriPermission(URI uri) {
        Iterator<PermissionService.PermissionError> it = this.permissionService.getInProcessInstallationFromUriPermissionError(getUserAttributes(), uri).iterator();
        while (it.hasNext()) {
            handleError(it.next());
        }
    }

    public void handleError(PermissionService.PermissionError permissionError) {
        switch (permissionError) {
            case UNAUTHORIZED:
                throw PermissionException.unauthorized();
            case FORBIDDEN:
                throw PermissionException.forbidden();
            case CONFLICT:
                throw PermissionException.conflict();
            default:
                return;
        }
    }

    public boolean isAdmin() {
        return isLoggedIn() && (isSystemAdmin() || this.userManager.isAdmin(this.userManager.getRemoteUserKey()));
    }

    public void enforceAdmin() {
        if (!isAdmin()) {
            throw PermissionException.forbidden();
        }
    }

    public boolean isSystemAdmin() {
        return isLoggedIn() && this.userManager.isSystemAdmin(this.userManager.getRemoteUserKey());
    }

    public void enforceSystemAdmin() {
        if (!isSystemAdmin()) {
            throw PermissionException.forbidden();
        }
    }

    public boolean isLoggedIn() {
        return this.userManager.getRemoteUserKey() != null;
    }

    private UserAttributes getUserAttributes() {
        return UserAttributes.fromCurrentUser(this.userManager);
    }
}
