package com.atlassian.confluence.security;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.confluence.content.Content;
import com.atlassian.confluence.content.ContentTypeManager;
import com.atlassian.confluence.content.CustomContentEntityObject;
import com.atlassian.confluence.internal.accessmode.AccessModeManager;
import com.atlassian.confluence.internal.security.ThreadLocalPermissionsCacheInternal;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.security.access.ConfluenceAccessManager;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sf.hibernate.Hibernate;

/* loaded from: input_file:com/atlassian/confluence/security/DefaultPermissionManager.class */
public class DefaultPermissionManager implements PermissionManager {
    private Map<String, PermissionDelegate> delegates;
    private PermissionCheckExemptions permissionCheckExemptions;
    private ContentTypeManager contentTypeManager;
    private ConfluenceAccessManager confluenceAccessManager;
    private AccessModeManager accessModeManager;

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasPermission(User user, Permission permission, Object obj) {
        if (obj == null) {
            return false;
        }
        if (isExempt(user) && permissionAllowedInReadOnlyAccessMode(permission)) {
            return true;
        }
        return hasPermissionNoExemptions(user, permission, obj);
    }

    @VisibleForTesting
    boolean permissionAllowedInReadOnlyAccessMode(Permission permission) {
        return (this.accessModeManager.shouldEnforceReadOnlyAccess() && permission.isMutative()) ? false : true;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasPermission(User user, Permission permission, Class cls) {
        if (cls == null) {
            return false;
        }
        if (!Permission.VIEW.equals(permission)) {
            throw new UnsupportedOperationException("Only Permission.VIEW is supported.");
        }
        if (isExempt(user)) {
            return true;
        }
        if (canUseConfluence(user)) {
            return findDelegateFor(cls).canView(user);
        }
        return false;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasPermissionNoExemptions(User user, Permission permission, Object obj) {
        if (permissionAllowedInReadOnlyAccessMode(permission) && canUseConfluence(user)) {
            return permission.checkAgainst(findDelegateFor(obj), user, obj);
        }
        return false;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasCreatePermission(User user, Object obj, Class<?> cls) {
        if (this.accessModeManager.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (isExempt(user)) {
            return true;
        }
        if (obj == null || !canUseConfluence(user)) {
            return false;
        }
        return findDelegateFor(cls).canCreate(user, obj);
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasCreatePermission(User user, Object obj, Object obj2) {
        if (this.accessModeManager.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (isExempt(user)) {
            return true;
        }
        if (obj == null || !canUseConfluence(user)) {
            return false;
        }
        return findDelegateFor(obj2).canCreate(user, obj);
    }

    private boolean isExempt(User user) {
        return this.permissionCheckExemptions.isExempt(user);
    }

    private boolean canUseConfluence(User user) {
        return this.confluenceAccessManager.getUserAccessStatusNoExemptions(user).canUseConfluence();
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntities(User user, Permission permission, List<? extends X> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (X x : list) {
            if (hasPermission(user, permission, x)) {
                arrayList.add(x);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntities(User user, Permission permission, Iterator<? extends X> it, int i) {
        ArrayList arrayList = new ArrayList(Math.min(100, i));
        while (it.hasNext() && arrayList.size() < i) {
            X next = it.next();
            if (hasPermission(user, permission, next)) {
                arrayList.add(next);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntities(User user, Permission permission, Iterator<X> it, int i, Collection<? extends PermissionManager.Criterion> collection) {
        ArrayList arrayList = new ArrayList();
        while (arrayList.size() <= i && it.hasNext()) {
            X next = it.next();
            if (hasPermission(user, permission, next) && checkCriteria(collection, arrayList, next)) {
                arrayList.add(next);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntitiesNoExemptions(User user, Permission permission, List<? extends X> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (X x : list) {
            if (hasPermissionNoExemptions(user, permission, x)) {
                arrayList.add(x);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntitiesNoExemptions(User user, Permission permission, Iterator<? extends X> it, int i) {
        ArrayList arrayList = new ArrayList(Math.min(100, i));
        while (it.hasNext() && arrayList.size() < i) {
            X next = it.next();
            if (hasPermissionNoExemptions(user, permission, next)) {
                arrayList.add(next);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public <X> List<X> getPermittedEntitiesNoExemptions(User user, Permission permission, Iterator<X> it, int i, Collection<? extends PermissionManager.Criterion> collection) {
        ArrayList arrayList = new ArrayList();
        while (arrayList.size() <= i && it.hasNext()) {
            X next = it.next();
            if (hasPermissionNoExemptions(user, permission, next) && checkCriteria(collection, arrayList, next)) {
                arrayList.add(next);
            }
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean isConfluenceAdministrator(User user) {
        return hasPermission(user, Permission.ADMINISTER, TARGET_APPLICATION);
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean isSystemAdministrator(User user) {
        return hasPermission(user, Permission.ADMINISTER, TARGET_SYSTEM);
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public void withExemption(Runnable runnable) {
        if (ThreadLocalPermissionsCacheInternal.hasTemporaryPermissionExemption()) {
            runnable.run();
            return;
        }
        ThreadLocalPermissionsCacheInternal.enableTemporaryPermissionExemption();
        try {
            runnable.run();
        } finally {
            ThreadLocalPermissionsCacheInternal.disableTemporaryPermissionExemption();
        }
    }

    private boolean checkCriteria(Collection<? extends PermissionManager.Criterion> collection, List<?> list, Object obj) {
        if (collection.size() == 0) {
            return true;
        }
        Iterator<? extends PermissionManager.Criterion> it = collection.iterator();
        while (it.hasNext()) {
            if (!it.next().test(list, obj)) {
                return false;
            }
        }
        return true;
    }

    private PermissionDelegate findDelegateFor(Object obj) {
        if (obj instanceof Content) {
            obj = ((Content) obj).getEntity();
        }
        PermissionDelegate permissionDelegate = obj instanceof CustomContentEntityObject ? this.contentTypeManager.getContentType(((CustomContentEntityObject) obj).getPluginModuleKey()).getPermissionDelegate() : this.delegates.get(makeDelegatesKeyFor(obj));
        if (permissionDelegate == null) {
            throw new IllegalArgumentException("Could not check permissions for " + obj + " no suitable delegate found.");
        }
        return permissionDelegate;
    }

    private String makeDelegatesKeyFor(Object obj) {
        return obj instanceof String ? (String) obj : obj instanceof Class ? getClassNameOnly((Class) obj) : getClassNameOnly(Hibernate.getClass(obj));
    }

    private String getClassNameOnly(Class<?> cls) {
        return User.class.isAssignableFrom(cls) ? "User" : Group.class.isAssignableFrom(cls) ? "Group" : cls.getSimpleName();
    }

    public void setDelegates(Map<String, PermissionDelegate> map) {
        this.delegates = map;
    }

    public void setPermissionCheckExemptions(PermissionCheckExemptions permissionCheckExemptions) {
        this.permissionCheckExemptions = permissionCheckExemptions;
    }

    public void setContentTypeManager(ContentTypeManager contentTypeManager) {
        this.contentTypeManager = contentTypeManager;
    }

    public void setConfluenceAccessManager(ConfluenceAccessManager confluenceAccessManager) {
        this.confluenceAccessManager = confluenceAccessManager;
    }

    public void setAccessModeManager(AccessModeManager accessModeManager) {
        this.accessModeManager = accessModeManager;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasMovePermission(User user, Object obj, Object obj2, String str) {
        if (this.accessModeManager.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (isExempt(user)) {
            return true;
        }
        if (canUseConfluence(user)) {
            return findDelegateFor(obj).canMove(user, obj, obj2, str);
        }
        return false;
    }

    @Override // com.atlassian.confluence.security.PermissionManager
    public boolean hasRemoveHierarchyPermission(User user, Object obj) {
        if (obj == null || this.accessModeManager.shouldEnforceReadOnlyAccess()) {
            return false;
        }
        if (isExempt(user)) {
            return true;
        }
        if (canUseConfluence(user)) {
            return findDelegateFor(obj).canRemoveHierarchy(user, obj);
        }
        return false;
    }
}
