package com.atlassian.confluence.security.actions;

import com.atlassian.confluence.event.Evented;
import com.atlassian.confluence.event.events.admin.GlobalPermissionsUpdateEvent;
import com.atlassian.confluence.security.EntityRuntimeException;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.administrators.EditGlobalPermissionsAdministrator;
import com.atlassian.confluence.setup.settings.DarkFeatures;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.user.persistence.dao.compatibility.FindUserHelper;
import java.util.Collection;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/security/actions/EditGlobalPermissionsAction.class */
public class EditGlobalPermissionsAction extends AbstractEditPermissionAction implements Evented<GlobalPermissionsUpdateEvent> {
    private static final Logger log = LoggerFactory.getLogger(EditGlobalPermissionsAction.class);
    private static final SpacePermission UNLICENSED_AUTHENTICATED_CAN_USE_PERM = SpacePermission.createAuthenticatedUsersSpacePermission(SpacePermission.LIMITED_USE_CONFLUENCE_PERMISSION, null);
    private static final SpacePermission UNLICENSED_AUTHENTICATED_CAN_BROWSE_USERS = SpacePermission.createAuthenticatedUsersSpacePermission("VIEWUSERPROFILES", null);
    private static final SpacePermission ANONYMOUS_CAN_USE_PERM = SpacePermission.createAnonymousSpacePermission(SpacePermission.USE_CONFLUENCE_PERMISSION, null);
    private static final SpacePermission ANONYMOUS_CAN_BROWSE_USERS_PERM = SpacePermission.createAnonymousSpacePermission("VIEWUSERPROFILES", null);

    @Override // com.atlassian.confluence.security.actions.AbstractEditPermissionAction, com.atlassian.confluence.validation.MessageHolderAware
    public void validate() {
        super.validate();
        if (!isAnonymousCanUseSetBeforeMoreSpecificPermissions(getRequestParams())) {
            addActionError(getText("error.anonymous.can.use.required.first"));
        }
        if (isUnlicensedAuthenticatedCanUseSetBeforeMoreSpecificPermissions(getRequestParams())) {
            return;
        }
        addActionError(getText("error.unlicensed.can.use.required.first"));
    }

    @Override // com.atlassian.confluence.security.actions.EditPermissionsAware
    public String execute() throws Exception {
        return executeAction("error.cannot.remove.all.admin.permissions");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.atlassian.confluence.event.Evented
    public GlobalPermissionsUpdateEvent getEventToPublish(String str) {
        if ("success".equals(str)) {
            return new GlobalPermissionsUpdateEvent(this);
        }
        return null;
    }

    public boolean canSetPermissionOnUser(String str, String str2) {
        try {
            return ((EditGlobalPermissionsAdministrator) this.permissionsAdministrator).canSetPermissionOnUser(str, FindUserHelper.getUserByUsername(str2));
        } catch (EntityRuntimeException e) {
            log.error("Error determining whether a permission can be set on user: " + str2, e);
            return false;
        }
    }

    public boolean canSetPermissionOnGroup(String str, String str2) {
        if (isConfluenceAdministratorsGroup(str2)) {
            return false;
        }
        try {
            return ((EditGlobalPermissionsAdministrator) this.permissionsAdministrator).canSetPermissionOnGroup(str, str2);
        } catch (EntityRuntimeException e) {
            log.error("Error determining whether a permission can be set on group: " + str2, e);
            return false;
        }
    }

    public boolean isConfluenceAdministratorsGroup(String str) {
        return UserAccessor.GROUP_CONFLUENCE_ADMINS.equals(str);
    }

    public boolean canSetSystemAdministratorPermission() {
        return ((EditGlobalPermissionsAdministrator) this.permissionsAdministrator).canSetSystemAdministratorPermission();
    }

    public boolean isAllowAnyLicensing() {
        return !DarkFeatures.isDarkFeatureEnabled("unified.usermanagement.licensing.disable");
    }

    public boolean isAllowPerGroupLicensing() {
        return isAllowAnyLicensing() && !DarkFeatures.isDarkFeatureEnabled("unified.usermanagement.licensing.groups.disable");
    }

    public boolean isAllowPerUserLicensing() {
        return isAllowAnyLicensing() && !DarkFeatures.isDarkFeatureEnabled("unified.usermanagement.licensing.users.disable");
    }

    @Override // com.atlassian.confluence.security.actions.PermissionsAware
    public String getGuardPermission() {
        return SpacePermission.USE_CONFLUENCE_PERMISSION;
    }

    @Override // com.atlassian.confluence.security.actions.PermissionsAware
    public void populateAdministrator() {
        this.permissionsAdministrator = this.permissionsAdministratorBuilder.buildEditGlobalPermissionAdministrator(getAuthenticatedUser(), getUsersToAddAsList(), getGroupsToAddAsList());
    }

    @Override // com.atlassian.confluence.core.ConfluenceActionSupport
    public boolean isPermitted() {
        return this.permissionManager.hasPermission(getAuthenticatedUser(), Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION);
    }

    private boolean isUnlicensedAuthenticatedCanUseSetBeforeMoreSpecificPermissions(Map map) {
        Collection<SpacePermission> requestedPermissionsFromForm = this.permissionsAdministrator.getRequestedPermissionsFromForm(map);
        return requestedPermissionsFromForm.contains(UNLICENSED_AUTHENTICATED_CAN_USE_PERM) || !requestedPermissionsFromForm.contains(UNLICENSED_AUTHENTICATED_CAN_BROWSE_USERS);
    }

    private boolean isAnonymousCanUseSetBeforeMoreSpecificPermissions(Map map) {
        Collection<SpacePermission> requestedPermissionsFromForm = this.permissionsAdministrator.getRequestedPermissionsFromForm(map);
        return requestedPermissionsFromForm.contains(ANONYMOUS_CAN_USE_PERM) || !requestedPermissionsFromForm.contains(ANONYMOUS_CAN_BROWSE_USERS_PERM);
    }
}
