package com.atlassian.confluence.security.access;

import com.atlassian.confluence.impl.security.recovery.RecoveryUtil;
import com.atlassian.confluence.security.PermissionCheckExemptions;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.user.persistence.dao.compatibility.FindUserHelper;
import com.atlassian.user.User;
import com.google.common.base.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/security/access/DefaultConfluenceAccessManager.class */
public class DefaultConfluenceAccessManager extends AbstractConfluenceAccessManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultConfluenceAccessManager.class);
    private final Supplier<UserAccessor> userAccessor;
    private final Supplier<AccessManagerPermissionChecker> globalPermissionChecker;

    /* loaded from: input_file:com/atlassian/confluence/security/access/DefaultConfluenceAccessManager$AccessManagerPermissionChecker.class */
    public interface AccessManagerPermissionChecker {
        boolean permissionExists(SpacePermission spacePermission);

        boolean hasGlobalPermissionViaGroups(@Nonnull User user, String str);
    }

    public DefaultConfluenceAccessManager(Supplier<UserAccessor> supplier, PermissionCheckExemptions permissionCheckExemptions, Supplier<AccessManagerPermissionChecker> supplier2) {
        super(permissionCheckExemptions);
        this.userAccessor = supplier;
        this.globalPermissionChecker = supplier2;
    }

    @Override // com.atlassian.confluence.security.access.ConfluenceAccessManager
    @Nonnull
    public AccessStatus getUserAccessStatusNoExemptions(@Nullable User user) {
        return getUserAccessor().isDeactivated(user) ? AccessStatusImpl.NOT_PERMITTED : user == null ? getAccessStatusForAnonymous() : getAccessStatusForLoggedInUser(user);
    }

    private AccessStatus getAccessStatusForAnonymous() {
        if (anonymousCanUseConfluence()) {
            log.debug("Anonymous user has USE permission because anonymous users have been granted this permission - ANONYMOUS_ACCESS");
            return AccessStatusImpl.ANONYMOUS_ACCESS;
        }
        log.debug("User is anonymous and USE Confluence permission not granted to anonymous users - NOT_PERMITTED");
        return AccessStatusImpl.NOT_PERMITTED;
    }

    private AccessStatus getAccessStatusForLoggedInUser(@Nonnull User user) {
        if (RecoveryUtil.isRecoveryAdmin(user)) {
            return AccessStatusImpl.LICENSED_ACCESS;
        }
        if (getGlobalPermissionChecker().hasGlobalPermissionViaGroups(user, SpacePermission.USE_CONFLUENCE_PERMISSION)) {
            log.debug("User {} has USE permission via group - LICENSED_ACCESS", user.getName());
            return AccessStatusImpl.LICENSED_ACCESS;
        }
        ConfluenceUser user2 = FindUserHelper.getUser(user);
        if (user2 == null) {
            log.debug("User {} was not found in ConfluenceUserDao - NOT_PERMITTED", user.getName());
            return AccessStatusImpl.NOT_PERMITTED;
        }
        if (hasGlobalPermissionAsUser(user2, SpacePermission.USE_CONFLUENCE_PERMISSION)) {
            log.debug("User {} has USE permission directly as individual - LICENSED_ACCESS", user.getName());
            return AccessStatusImpl.LICENSED_ACCESS;
        }
        if (hasAuthenticatedUnlicensedConfluenceAccess(user)) {
            return AccessStatusImpl.UNLICENSED_AUTHENTICATED_ACCESS;
        }
        log.debug("User {} does not have access via groups or as individual user - NOT_PERMITTED", user.getName());
        return AccessStatusImpl.NOT_PERMITTED;
    }

    private boolean anonymousCanUseConfluence() {
        return hasGlobalPermissionAsUser(null, SpacePermission.USE_CONFLUENCE_PERMISSION);
    }

    private boolean hasAuthenticatedUnlicensedConfluenceAccess(@Nonnull User user) {
        if (!getGlobalPermissionChecker().permissionExists(SpacePermission.createAuthenticatedUsersSpacePermission(SpacePermission.LIMITED_USE_CONFLUENCE_PERMISSION, null))) {
            return false;
        }
        log.debug("User {} has limited access to Confluence because all authenticated users have been granted LIMITED_USE_CONFLUENCE_PERMISSION - UNLICENSED_AUTHENTICATED_ACCESS", user.getName());
        return true;
    }

    private boolean hasGlobalPermissionAsUser(@Nullable ConfluenceUser confluenceUser, @Nonnull String str) {
        return getGlobalPermissionChecker().permissionExists(confluenceUser == null ? SpacePermission.createAnonymousSpacePermission(str, null) : SpacePermission.createUserSpacePermission(str, (Space) null, confluenceUser));
    }

    private UserAccessor getUserAccessor() {
        return (UserAccessor) this.userAccessor.get();
    }

    private AccessManagerPermissionChecker getGlobalPermissionChecker() {
        return (AccessManagerPermissionChecker) this.globalPermissionChecker.get();
    }
}
