package com.atlassian.confluence.plugins.requestaccess.resource;

import com.atlassian.confluence.core.ContentPermissionManager;
import com.atlassian.confluence.pages.AbstractPage;
import com.atlassian.confluence.pages.PageManager;
import com.atlassian.confluence.plugins.requestaccess.entity.PermissionCheck;
import com.atlassian.confluence.plugins.requestaccess.entity.UserEntities;
import com.atlassian.confluence.plugins.requestaccess.entity.UserEntity;
import com.atlassian.confluence.plugins.requestaccess.events.AccessGrantedEvent;
import com.atlassian.confluence.plugins.requestaccess.events.AccessRequestedEvent;
import com.atlassian.confluence.plugins.requestaccess.service.UserNotificationService;
import com.atlassian.confluence.security.ContentPermission;
import com.atlassian.confluence.security.ContentPermissionSet;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.mail.server.MailServerManager;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Path("/page/restriction")
@Component
/* loaded from: input_file:com/atlassian/confluence/plugins/requestaccess/resource/PageRestrictionResource.class */
public class PageRestrictionResource {
    private static final Logger log = LoggerFactory.getLogger(PageRestrictionResource.class);
    private final PageManager pageManager;
    private final PermissionManager permissionManager;
    private final UserAccessor userAccessor;
    private final ContentPermissionManager contentPermissionManager;
    private final UserNotificationService recipientNotificationService;
    private final EventPublisher eventPublisher;
    private final MailServerManager mailServerManager;

    /* loaded from: input_file:com/atlassian/confluence/plugins/requestaccess/resource/PageRestrictionResource$AccessType.class */
    public enum AccessType {
        VIEW(Permission.VIEW, "View"),
        EDIT(Permission.EDIT, "Edit");

        private final Permission permission;
        private final String permissionName;

        AccessType(Permission permission, String str) {
            this.permissionName = str;
            this.permission = permission;
        }

        public Permission getPermission() {
            return this.permission;
        }

        public String getPermissionName() {
            return this.permissionName;
        }
    }

    @Autowired
    public PageRestrictionResource(@ComponentImport PageManager pageManager, @ComponentImport PermissionManager permissionManager, @ComponentImport UserAccessor userAccessor, @ComponentImport ContentPermissionManager contentPermissionManager, UserNotificationService userNotificationService, @ComponentImport EventPublisher eventPublisher, @ComponentImport MailServerManager mailServerManager) {
        this.pageManager = pageManager;
        this.permissionManager = permissionManager;
        this.userAccessor = userAccessor;
        this.contentPermissionManager = contentPermissionManager;
        this.recipientNotificationService = userNotificationService;
        this.eventPublisher = eventPublisher;
        this.mailServerManager = mailServerManager;
    }

    @GET
    @Produces({"application/json"})
    @Path("/{pageId}/check/{type:view|edit}")
    public Response checkPermission(@PathParam("pageId") long j, @PathParam("type") String str, @QueryParam("username") String str2) {
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        log.info("Check the user {} permission to the pageId {}", confluenceUser, Long.valueOf(j));
        if (!this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, PermissionManager.TARGET_APPLICATION)) {
            return Response.status(403).build();
        }
        AbstractPage abstractPage = this.pageManager.getAbstractPage(j);
        if (abstractPage == null || abstractPage.isDeleted()) {
            return Response.status(404).build();
        }
        if (!this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, abstractPage)) {
            return Response.status(403).build();
        }
        return Response.ok(new PermissionCheck(this.permissionManager.hasPermission(this.userAccessor.getUserByName(str2), AccessType.valueOf(str.toUpperCase()).getPermission(), abstractPage))).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    @POST
    @Produces({"application/json"})
    @Path("/{pageId}/request/{type:view|edit}")
    public Response request(@PathParam("pageId") long j, @PathParam("type") String str) {
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        log.info("User {} has requested access to pageId {}", confluenceUser, Long.valueOf(j));
        if (!this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, PermissionManager.TARGET_APPLICATION)) {
            return Response.status(403).build();
        }
        AbstractPage abstractPage = this.pageManager.getAbstractPage(j);
        if (abstractPage == null || abstractPage.isDeleted()) {
            return Response.status(404).build();
        }
        if (!this.mailServerManager.isDefaultSMTPMailServerDefined()) {
            return Response.status(412).build();
        }
        LinkedHashSet<ConfluenceUser> findRequestAccessRecipient = this.recipientNotificationService.findRequestAccessRecipient(abstractPage);
        if (findRequestAccessRecipient.isEmpty()) {
            log.warn("No recipient for the request access notification was found", confluenceUser, Long.valueOf(j));
            return Response.status(412).build();
        }
        AccessType valueOf = AccessType.valueOf(str.toUpperCase());
        Stream map = findRequestAccessRecipient.stream().map(confluenceUser2 -> {
            return new AccessRequestedEvent(confluenceUser, confluenceUser2, abstractPage, valueOf, abstractPage.getSpaceKey());
        });
        EventPublisher eventPublisher = this.eventPublisher;
        eventPublisher.getClass();
        map.forEach((v1) -> {
            r1.publish(v1);
        });
        return Response.ok(new UserEntities((List) findRequestAccessRecipient.stream().map((v1) -> {
            return new UserEntity(v1);
        }).collect(Collectors.toList()))).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    @Path("/{pageId}/grant/{type:view|edit}")
    @Consumes({"application/json"})
    @POST
    @Produces({"text/html"})
    public Response grant(@PathParam("pageId") long j, @PathParam("type") String str, String str2) {
        ConfluenceUser userByName;
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        log.info("User {} is requesting access for user {} to page {}", new Object[]{confluenceUser, str2, Long.valueOf(j)});
        if (StringUtils.isBlank(str2)) {
            return Response.status(400).build();
        }
        AbstractPage abstractPage = this.pageManager.getAbstractPage(j);
        if (abstractPage != null && (userByName = this.userAccessor.getUserByName(str2)) != null) {
            if (!this.permissionManager.hasPermission(confluenceUser, Permission.SET_PERMISSIONS, abstractPage)) {
                return Response.status(403).build();
            }
            AccessType valueOf = AccessType.valueOf(str.toUpperCase());
            try {
                ContentPermissionSet contentPermissionSet = abstractPage.getContentPermissionSet(valueOf.getPermissionName());
                if (contentPermissionSet != null && contentPermissionSet.isPermitted(userByName)) {
                    return Response.status(202).build();
                }
                addPageRestriction(abstractPage, userByName, valueOf);
                if (!this.mailServerManager.isDefaultSMTPMailServerDefined()) {
                    return Response.status(412).build();
                }
                this.eventPublisher.publish(new AccessGrantedEvent(confluenceUser, userByName, abstractPage, valueOf, abstractPage.getSpaceKey()));
                return Response.status(200).build();
            } catch (Exception e) {
                log.error("Error when adding permissions to user {} for page {}", new Object[]{confluenceUser, Long.valueOf(j), e});
                return Response.status(500).build();
            }
        }
        return Response.status(404).build();
    }

    private void addPageRestriction(AbstractPage abstractPage, ConfluenceUser confluenceUser, AccessType accessType) {
        this.contentPermissionManager.addContentPermission(ContentPermission.createUserPermission(accessType.getPermissionName(), confluenceUser), abstractPage);
    }
}
