package com.atlassian.bitbucket.internal.jwt;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.jwt.writer.JwtClaimWriter;
import com.atlassian.jwt.writer.JwtJsonBuilder;
import com.google.common.collect.ImmutableMap;
import javax.annotation.Nonnull;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-connect-support-5.16.0.jar:com/atlassian/bitbucket/internal/jwt/UserDetailsJwtClaimWriter.class */
public class UserDetailsJwtClaimWriter implements JwtClaimWriter {
    private final AuthenticationContext authenticationContext;
    private final PermissionService permissionService;

    public UserDetailsJwtClaimWriter(AuthenticationContext authenticationContext, PermissionService permissionService) {
        this.authenticationContext = authenticationContext;
        this.permissionService = permissionService;
    }

    @Override // com.atlassian.jwt.writer.JwtClaimWriter
    public void write(@Nonnull JwtJsonBuilder jwtJsonBuilder) {
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser != null) {
            ImmutableMap.Builder put = ImmutableMap.builder().put("slug", currentUser.getSlug());
            Permission highestGlobalPermission = this.permissionService.getHighestGlobalPermission(currentUser);
            if (highestGlobalPermission != null) {
                put.put("highestPermission", highestGlobalPermission.name());
            }
            jwtJsonBuilder.claim("context", ImmutableMap.of("user", put.build()));
        }
    }
}
