package com.atlassian.confluence.security;

import com.atlassian.confluence.core.InsufficientPrivilegeException;
import com.atlassian.confluence.internal.security.SpacePermissionContext;
import com.atlassian.confluence.internal.security.SpacePermissionManagerInternal;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.persistence.dao.compatibility.FindUserHelper;
import com.atlassian.user.EntityException;
import com.atlassian.user.Group;
import com.atlassian.user.GroupManager;
import com.atlassian.user.User;
import com.atlassian.user.UserManager;
import com.atlassian.user.impl.DefaultGroup;
import com.atlassian.user.search.page.Pager;
import com.atlassian.user.search.page.PagerUtils;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ParametersAreNonnullByDefault
/* loaded from: input_file:com/atlassian/confluence/security/SpacePermissionCoordinator.class */
public class SpacePermissionCoordinator implements SpacePermissionManagerInternal {
    private static final Logger log = LoggerFactory.getLogger(SpacePermissionCoordinator.class);
    private PermissionManager permissionManager;
    private UserManager userManager;
    private GroupManager groupManager;
    private SpacePermissionManagerInternal spacePermissionManager;
    private SetSpacePermissionChecker setSpacePermissionChecker;

    @Override // com.atlassian.confluence.security.SpacePermissionSaver
    @Deprecated
    public void savePermission(SpacePermission spacePermission) {
        savePermission(spacePermission, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionSaverInternal
    public void savePermission(SpacePermission spacePermission, SpacePermissionContext spacePermissionContext) {
        if (!this.setSpacePermissionChecker.canSetPermission(AuthenticatedUserThreadLocal.get(), spacePermission)) {
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername());
        }
        this.spacePermissionManager.savePermission(spacePermission, spacePermissionContext);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllPermissions(Space space) {
        removeAllPermissions(space, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllPermissions(Space space, SpacePermissionContext spacePermissionContext) {
        if (this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.SET_PERMISSIONS, space)) {
            this.spacePermissionManager.removeAllPermissions(space, spacePermissionContext);
        } else {
            logPermissionCheckFailure(space);
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername());
        }
    }

    private void logPermissionCheckFailure(Space space) {
        try {
            Pager groups = this.groupManager.getGroups(AuthenticatedUserThreadLocal.get());
            log.error("Permission check failed. User: {} is in groups {} and space permissions are {}", new Object[]{AuthenticatedUserThreadLocal.get(), groups == null ? null : PagerUtils.toList(groups), space.getPermissions()});
        } catch (EntityException e) {
            log.error("Things are even worse than we think: " + e.toString(), e);
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removePermission(SpacePermission spacePermission) {
        removePermission(spacePermission, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removePermission(SpacePermission spacePermission, SpacePermissionContext spacePermissionContext) {
        if (!this.setSpacePermissionChecker.canSetPermission(AuthenticatedUserThreadLocal.get(), spacePermission)) {
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername());
        }
        this.spacePermissionManager.removePermission(spacePermission, spacePermissionContext);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void createInitialSpacePermissions(Space space) {
        checkCanChangePermissions(space);
        this.spacePermissionManager.createInitialSpacePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void createDefaultSpacePermissions(Space space) {
        checkCanChangePermissions(space);
        this.spacePermissionManager.createDefaultSpacePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void createPrivateSpacePermissions(Space space) {
        checkCanChangePermissions(space);
        this.spacePermissionManager.createPrivateSpacePermissions(space);
    }

    private void checkCanChangePermissions(Space space) {
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        if (!(confluenceUser != null && (confluenceUser.getName().equals(space.getCreatorName()) || this.permissionManager.hasPermission(confluenceUser, Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM)))) {
            throw new InvalidOperationException("Must be the owner of the space or system administrator to create initial space permissions. User " + AuthenticatedUserThreadLocal.getUsername() + " tried to set permissions on space " + space.getKey() + " owned by " + space.getCreatorName());
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void removeAllUserPermissions(@Nonnull ConfluenceUser confluenceUser) {
        removeAllUserPermissions(confluenceUser, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllUserPermissions(ConfluenceUser confluenceUser, SpacePermissionContext spacePermissionContext) {
        if (!this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.SET_PERMISSIONS, confluenceUser)) {
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername(), "Failed to remove permissions of user with name: " + confluenceUser.getName());
        }
        this.spacePermissionManager.removeAllUserPermissions(confluenceUser, spacePermissionContext);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllUserPermissions(@Nonnull String str) {
        ConfluenceUser confluenceUserByUserName = getConfluenceUserByUserName(str);
        if (confluenceUserByUserName != null) {
            removeAllUserPermissions(confluenceUserByUserName);
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void removeGlobalPermissionForUser(ConfluenceUser confluenceUser, String str) {
        removeGlobalPermissionForUser(confluenceUser, str, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeGlobalPermissionForUser(ConfluenceUser confluenceUser, String str, SpacePermissionContext spacePermissionContext) {
        if (!this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.SET_PERMISSIONS, confluenceUser)) {
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername(), "Failed to remove permissions of user with name: " + confluenceUser.getName());
        }
        this.spacePermissionManager.removeGlobalPermissionForUser(confluenceUser, str, spacePermissionContext);
    }

    private ConfluenceUser getConfluenceUserByUserName(String str) {
        try {
            ConfluenceUser confluenceUser = (ConfluenceUser) this.userManager.getUser(str);
            if (confluenceUser == null) {
                log.warn("User '" + str + "' could not be found. Continuing to attempt removal of permissions.");
                confluenceUser = FindUserHelper.getUserByUsername(str);
            }
            return confluenceUser;
        } catch (EntityException e) {
            throw new EntityRuntimeException("Could not retrieve the user with username: " + str, e);
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void removeAllPermissionsForGroup(String str) {
        removeAllPermissionsForGroup(str, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllPermissionsForGroup(String str, SpacePermissionContext spacePermissionContext) {
        if (!this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.SET_PERMISSIONS, getGroup(str))) {
            throw new InsufficientPrivilegeException(AuthenticatedUserThreadLocal.getUsername(), "Failed to remove permissions of group with name: " + str);
        }
        this.spacePermissionManager.removeAllPermissionsForGroup(str, spacePermissionContext);
    }

    private Group getGroup(String str) {
        try {
            DefaultGroup group = this.groupManager.getGroup(str);
            if (group == null) {
                log.warn("Group '" + str + "' could not be found. Continuing to attempt removal of permissions.");
                group = new DefaultGroup(str);
            }
            return group;
        } catch (EntityException e) {
            throw new EntityRuntimeException("Could not retrieve the group with name: " + str, e);
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasPermission(String str, @Nullable Space space, @Nullable User user) {
        return this.spacePermissionManager.hasPermission(str, space, user);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasPermissionNoExemptions(String str, @Nullable Space space, @Nullable User user) {
        return this.spacePermissionManager.hasPermissionNoExemptions(str, space, user);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasPermission(List list, @Nullable Space space, @Nullable User user) {
        return this.spacePermissionManager.hasPermission(list, space, user);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasAllPermissions(List<String> list, @Nullable Space space, @Nullable User user) {
        return this.spacePermissionManager.hasAllPermissions(list, space, user);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getAllPermissionsForGroup(String str) {
        return this.spacePermissionManager.getAllPermissionsForGroup(str);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getGlobalPermissions() {
        return this.spacePermissionManager.getGlobalPermissions();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getGlobalPermissions(String str) {
        return this.spacePermissionManager.getGlobalPermissions(str);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void flushCaches() {
        this.spacePermissionManager.flushCaches();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean groupHasPermission(String str, @Nullable Space space, String str2) {
        return this.spacePermissionManager.groupHasPermission(str, space, str2);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean hasPermissionForSpace(@Nullable User user, List list, @Nullable Space space) {
        return this.spacePermissionManager.hasPermissionForSpace(user, list, space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Collection<Group> getGroupsWithPermissions(@Nullable Space space) {
        return this.spacePermissionManager.getGroupsWithPermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Map<String, Long> getGroupsForPermissionType(String str, Space space) {
        return this.spacePermissionManager.getGroupsForPermissionType(str, space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Collection<User> getUsersWithPermissions(@Nullable Space space) {
        return this.spacePermissionManager.getUsersWithPermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Map<String, Long> getUsersForPermissionType(String str, Space space) {
        return this.spacePermissionManager.getUsersForPermissionType(str, space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager, com.atlassian.confluence.security.access.DefaultConfluenceAccessManager.AccessManagerPermissionChecker
    public boolean permissionExists(SpacePermission spacePermission) {
        return this.spacePermissionManager.permissionExists(spacePermission);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Set<SpacePermission> getDefaultGlobalPermissions() {
        return this.spacePermissionManager.getDefaultGlobalPermissions();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public boolean isPermittedInReadOnlyAccessMode(String str) {
        return this.spacePermissionManager.isPermittedInReadOnlyAccessMode(str);
    }

    public void setPermissionManager(PermissionManager permissionManager) {
        this.permissionManager = permissionManager;
    }

    public void setSpacePermissionManager(SpacePermissionManagerInternal spacePermissionManagerInternal) {
        this.spacePermissionManager = spacePermissionManagerInternal;
    }

    public void setSetSpacePermissionChecker(SetSpacePermissionChecker setSpacePermissionChecker) {
        this.setSpacePermissionChecker = setSpacePermissionChecker;
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }

    public void setGroupManager(GroupManager groupManager) {
        this.groupManager = groupManager;
    }
}
