package com.atlassian.confluence.impl.security.access;

import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.access.AccessStatus;
import com.atlassian.fugue.Either;
import com.google.common.collect.ImmutableSet;
import java.util.Set;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/impl/security/access/DefaultSpacePermissionAccessMapper.class */
public class DefaultSpacePermissionAccessMapper implements SpacePermissionAccessMapper {
    private static final Logger log = LoggerFactory.getLogger(DefaultSpacePermissionAccessMapper.class);
    private static final Set<SpacePermissionSubjectType> LICENSED_ACCESS_SUBJ_TYPES = ImmutableSet.builder().add(SpacePermissionSubjectType.GROUP).add(SpacePermissionSubjectType.USER).add(SpacePermissionSubjectType.ALL_AUTHENTICATED_USERS).add(SpacePermissionSubjectType.ANONYMOUS).build();
    private static final Set<SpacePermissionSubjectType> UNLICENSED_AUTHENTICATED_ACCESS_SUBJ_TYPES = ImmutableSet.builder().add(SpacePermissionSubjectType.ALL_AUTHENTICATED_USERS).build();
    private static final Set<SpacePermissionSubjectType> ANONYMOUS_ACCESS_SUBJ_TYPES = ImmutableSet.builder().add(SpacePermissionSubjectType.ANONYMOUS).build();
    private static final Either<AccessDenied, Set<SpacePermissionSubjectType>> NO_ACCESS_RESULT = Either.left(AccessDenied.INSTANCE);
    private static final Either<AccessDenied, Set<SpacePermissionSubjectType>> LICENSED_ACCESS_RESULT = Either.right(LICENSED_ACCESS_SUBJ_TYPES);
    private static final Either<AccessDenied, Set<SpacePermissionSubjectType>> UNLICENSED_AUTHENTICATED_ACCESS_RESULT = Either.right(UNLICENSED_AUTHENTICATED_ACCESS_SUBJ_TYPES);
    private static final Either<AccessDenied, Set<SpacePermissionSubjectType>> ANONYMOUS_ACCESS_RESULT = Either.right(ANONYMOUS_ACCESS_SUBJ_TYPES);

    private boolean canBeGrantedPermission(AccessStatus accessStatus, String str) {
        if (accessStatus.hasLicensedAccess()) {
            return true;
        }
        if (accessStatus.hasUnlicensedAuthenticatedAccess()) {
            return SpacePermission.isValidAuthenticatedUsersPermission(str);
        }
        if (accessStatus.hasAnonymousAccess()) {
            return SpacePermission.isValidAnonymousPermission(str);
        }
        return false;
    }

    @Override // com.atlassian.confluence.impl.security.access.SpacePermissionAccessMapper
    public Either<AccessDenied, Set<SpacePermissionSubjectType>> getPermissionCheckSubjectTypes(@Nonnull AccessStatus accessStatus, @Nonnull String str) {
        if (!canBeGrantedPermission(accessStatus, str)) {
            log.debug("Permission type: {} is not valid for access status: {} - ACCESS DENIED", str, accessStatus);
            return NO_ACCESS_RESULT;
        }
        if (accessStatus.hasLicensedAccess()) {
            log.debug("User has licensed access to Confluence - returning licensed space permission subject types");
            return LICENSED_ACCESS_RESULT;
        }
        if (accessStatus.hasUnlicensedAuthenticatedAccess()) {
            log.debug("User has unlicensed authenticated access to Confluence - returning unlicensed access space permission subject types");
            return UNLICENSED_AUTHENTICATED_ACCESS_RESULT;
        }
        if (accessStatus.hasAnonymousAccess()) {
            log.debug("User is anonymous and anonymous access to Confluence is enabled - returning anonymous space permission subject types");
            return ANONYMOUS_ACCESS_RESULT;
        }
        log.debug("User or anonymous does not have access to Confluence - ACCESS DENIED");
        return NO_ACCESS_RESULT;
    }
}
