package com.atlassian.confluence.security.actions;

import com.atlassian.confluence.api.service.accessmode.AccessModeService;
import com.atlassian.confluence.core.ConfluenceActionSupport;
import com.atlassian.confluence.internal.accessmode.ThreadLocalReadOnlyAccessCacheInternal;
import com.atlassian.confluence.spaces.Spaced;
import com.atlassian.confluence.xwork.WebWorkActionHelper;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.xwork.HttpMethod;
import com.google.common.collect.ImmutableSet;
import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.Action;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.config.entities.ActionConfig;
import com.opensymphony.xwork.interceptor.Interceptor;
import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/security/actions/PermissionCheckInterceptor.class */
public class PermissionCheckInterceptor implements Interceptor {
    public static final String NOT_PERMITTED = "notpermitted";
    private static final String NOT_PERMITTED_PERSONAL_SPACE = "notpermittedpersonal";
    public static final String PAGE_NOT_PERMITTED = "pagenotpermitted";
    public static final String NOT_FOUND = "notfound";
    public static final String READ_ONLY = "readonly";
    private static final String READ_ONLY_ACCESS_ALLOWED_ANNOTATION = "ReadOnlyAccessAllowed";
    private static final String READ_ONLY_ACCESS_BLOCKED_ANNOTATION = "ReadOnlyAccessBlocked";
    private AccessModeService accessModeService;
    private static final Logger log = LoggerFactory.getLogger(PermissionCheckInterceptor.class);
    private static final Set<HttpMethod> MUTATIVE_HTTP_METHODS = ImmutableSet.of(HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE);

    public void destroy() {
    }

    public void init() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        Action action = actionInvocation.getAction();
        try {
            if (action instanceof ConfluenceActionSupport) {
                ConfluenceActionSupport confluenceActionSupport = (ConfluenceActionSupport) action;
                Class<?> cls = actionInvocation.getAction().getClass();
                Package r0 = cls.getPackage();
                if (ContainerManager.isContainerSetup() && getAccessModeService().isReadOnlyAccessModeEnabled()) {
                    if (isAnnotated(r0, READ_ONLY_ACCESS_BLOCKED_ANNOTATION) || isAnnotated(cls, READ_ONLY_ACCESS_BLOCKED_ANNOTATION)) {
                        ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
                        return READ_ONLY;
                    }
                    if (isAnnotated(getMethod(actionInvocation, cls), READ_ONLY_ACCESS_BLOCKED_ANNOTATION)) {
                        ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
                        return READ_ONLY;
                    }
                    if (isReadOnlyAccessAllowed(actionInvocation, r0, cls)) {
                        ThreadLocalReadOnlyAccessCacheInternal.enableReadOnlyAccessExemption();
                    }
                }
                if (!confluenceActionSupport.isPermitted()) {
                    log.debug("Not permitted to execute action of class {} ", confluenceActionSupport.getClass());
                    HttpServletRequest request = ServletActionContext.getRequest();
                    if (getAccessModeService().isReadOnlyAccessModeEnabled() && isMutativeHttpMethod(request.getMethod())) {
                        String invoke = ThreadLocalReadOnlyAccessCacheInternal.hasReadOnlyAccessExemption() ? actionInvocation.invoke() : READ_ONLY;
                        ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
                        return invoke;
                    }
                    if ((confluenceActionSupport instanceof Spaced) && ((Spaced) confluenceActionSupport).getSpace() != null && ((Spaced) confluenceActionSupport).getSpace().isPersonal()) {
                        ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
                        return NOT_PERMITTED_PERSONAL_SPACE;
                    }
                    ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
                    return NOT_PERMITTED;
                }
            }
            String invoke2 = actionInvocation.invoke();
            ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
            return invoke2;
        } catch (Throwable th) {
            ThreadLocalReadOnlyAccessCacheInternal.disableReadOnlyAccessExemption();
            throw th;
        }
    }

    private boolean isReadOnlyAccessAllowed(ActionInvocation actionInvocation, Package r6, Class<? extends Action> cls) {
        return StringUtils.startsWith(actionInvocation.getProxy().getNamespace(), "/admin") || isAnnotated(r6, READ_ONLY_ACCESS_ALLOWED_ANNOTATION) || isAnnotated(cls, READ_ONLY_ACCESS_ALLOWED_ANNOTATION) || isAnnotated(getMethod(actionInvocation, cls), READ_ONLY_ACCESS_ALLOWED_ANNOTATION);
    }

    private Method getMethod(ActionInvocation actionInvocation, Class<? extends Action> cls) {
        ActionConfig config = actionInvocation.getProxy().getConfig();
        try {
            return WebWorkActionHelper.getActionMethod(cls, config.getMethodName());
        } catch (NoSuchMethodException e) {
            throw new RuntimeException("action method [ " + config.getMethodName() + " ] not found on [ " + actionInvocation.getAction().getClass().getName() + " ]", e);
        }
    }

    private boolean isMutativeHttpMethod(String str) {
        Iterator<HttpMethod> it = MUTATIVE_HTTP_METHODS.iterator();
        while (it.hasNext()) {
            if (it.next().matches(str)) {
                return true;
            }
        }
        return false;
    }

    private AccessModeService getAccessModeService() {
        if (this.accessModeService == null) {
            this.accessModeService = (AccessModeService) ContainerManager.getComponent("accessModeService");
        }
        return this.accessModeService;
    }

    private boolean isAnnotated(@Nonnull AnnotatedElement annotatedElement, @Nonnull String str) {
        Annotation[] declaredAnnotations = annotatedElement.getDeclaredAnnotations();
        if (declaredAnnotations == null || declaredAnnotations.length <= 0) {
            return false;
        }
        for (Annotation annotation : declaredAnnotations) {
            if (str.equals(annotation.annotationType().getSimpleName())) {
                return true;
            }
        }
        return false;
    }
}
