package com.atlassian.confluence.impl.labels;

import com.atlassian.confluence.api.service.accessmode.AccessModeService;
import com.atlassian.confluence.core.SpaceContentEntityObject;
import com.atlassian.confluence.labels.Label;
import com.atlassian.confluence.labels.LabelPermissionEnforcer;
import com.atlassian.confluence.labels.Labelable;
import com.atlassian.confluence.labels.Namespace;
import com.atlassian.confluence.labels.NamespaceLabelFilter;
import com.atlassian.confluence.labels.ParsedLabelName;
import com.atlassian.confluence.labels.PermittedLabelView;
import com.atlassian.confluence.labels.SpecialLabelFilter;
import com.atlassian.confluence.labels.VisibleLabelFilter;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.core.util.filter.FilterChain;
import com.atlassian.core.util.filter.ListFilter;
import com.atlassian.user.User;
import java.util.List;

/* loaded from: input_file:com/atlassian/confluence/impl/labels/LabelPermissionEnforcerImpl.class */
public class LabelPermissionEnforcerImpl implements LabelPermissionEnforcer {
    private final PermissionManager permissionManager;
    private final AccessModeService accessModeService;

    public LabelPermissionEnforcerImpl(PermissionManager permissionManager, AccessModeService accessModeService) {
        this.permissionManager = permissionManager;
        this.accessModeService = accessModeService;
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public boolean isLabelableByUser(Labelable labelable) {
        if (this.accessModeService.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        return this.permissionManager.hasPermission(confluenceUser, Permission.EDIT, labelable) || (confluenceUser != null && this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, labelable));
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public boolean userCanEditLabel(ParsedLabelName parsedLabelName, Labelable labelable) {
        if (this.accessModeService.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (labelable instanceof PermittedLabelView) {
            return userCanEditLabel(parsedLabelName, ((PermittedLabelView) labelable).getDelegate());
        }
        if (!userCanViewObject(labelable)) {
            return false;
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        return parsedLabelName.getOwner() == null ? this.permissionManager.hasPermission(confluenceUser, Permission.EDIT, labelable) : confluenceUser != null && this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, labelable);
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public boolean userCanEditLabel(Label label, Labelable labelable) {
        if (this.accessModeService.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (labelable instanceof PermittedLabelView) {
            return userCanEditLabel(label, ((PermittedLabelView) labelable).getDelegate());
        }
        if (!userCanViewObject(labelable)) {
            return false;
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        if (Namespace.isGlobal(label)) {
            return this.permissionManager.hasPermission(confluenceUser, Permission.EDIT, labelable);
        }
        if (Namespace.isPersonal(label)) {
            return confluenceUser != null && this.permissionManager.hasPermission(confluenceUser, Permission.VIEW, labelable);
        }
        return true;
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public boolean userCanEditLabelOrIsSpaceAdmin(Label label, SpaceContentEntityObject spaceContentEntityObject) {
        if (this.accessModeService.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        ConfluenceUser confluenceUser = AuthenticatedUserThreadLocal.get();
        return (userEquals(label.getOwnerUser(), confluenceUser) && userCanEditLabel(label, spaceContentEntityObject)) || this.permissionManager.hasPermission(confluenceUser, Permission.ADMINISTER, spaceContentEntityObject.getSpace());
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public boolean userCanViewObject(Labelable labelable) {
        if (labelable == null) {
            return false;
        }
        if (labelable instanceof PermittedLabelView) {
            return userCanViewObject(((PermittedLabelView) labelable).getDelegate());
        }
        return this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.VIEW, labelable);
    }

    private boolean userEquals(User user, User user2) {
        return user == user2 || (user != null && user.equals(user2));
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public List filterVisibleLabels(List list, User user, boolean z) {
        FilterChain filterChain = new FilterChain();
        filterChain.addFilter(user != null ? new VisibleLabelFilter(user.getName()) : new VisibleLabelFilter());
        if (z) {
            filterChain.addFilter(new SpecialLabelFilter());
        }
        return new ListFilter(filterChain).filterList(list);
    }

    @Override // com.atlassian.confluence.labels.LabelPermissionEnforcer
    public List filterLabelsByNamespace(List list, User user, Namespace namespace) {
        FilterChain filterChain = new FilterChain();
        filterChain.addFilter(user != null ? new NamespaceLabelFilter(namespace, user.getName()) : new NamespaceLabelFilter(namespace));
        return new ListFilter(filterChain).filterList(list);
    }
}
