package com.atlassian.stash.internal.sal.permission;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.sal.api.permission.AuthorisationException;
import com.atlassian.sal.api.permission.NotAuthenticatedException;
import com.atlassian.sal.api.permission.PermissionEnforcer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;

@AvailableToPlugins(PermissionEnforcer.class)
@Component("permissionEnforcer")
/* loaded from: input_file:WEB-INF/lib/bitbucket-platform-6.0.0.jar:com/atlassian/stash/internal/sal/permission/DefaultPermissionEnforcer.class */
public class DefaultPermissionEnforcer implements PermissionEnforcer {
    private final AuthenticationContext authenticationContext;
    private final I18nService i18nService;
    private final PermissionService permissionService;

    @Autowired
    public DefaultPermissionEnforcer(AuthenticationContext authenticationContext, I18nService i18nService, PermissionService permissionService) {
        this.authenticationContext = authenticationContext;
        this.i18nService = i18nService;
        this.permissionService = permissionService;
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public void enforceAdmin() throws AuthorisationException {
        if (!isAdmin()) {
            throw throwAccessDenied();
        }
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public void enforceAuthenticated() throws NotAuthenticatedException {
        if (!isAuthenticated()) {
            throw throwAccessDenied();
        }
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public void enforceSystemAdmin() throws AuthorisationException {
        if (!isSystemAdmin()) {
            throw throwAccessDenied();
        }
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public boolean isAdmin() {
        return this.permissionService.hasGlobalPermission(Permission.ADMIN);
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public boolean isAuthenticated() {
        return this.authenticationContext.isAuthenticated();
    }

    @Override // com.atlassian.sal.api.permission.PermissionEnforcer
    public boolean isSystemAdmin() {
        return this.permissionService.hasGlobalPermission(Permission.SYS_ADMIN);
    }

    private AuthorisationException throwAccessDenied() {
        String message = this.i18nService.getMessage("bitbucket.service.accessdenied", new Object[0]);
        AccessDeniedException accessDeniedException = new AccessDeniedException(message);
        if (this.authenticationContext.isAuthenticated()) {
            throw new AuthorisationException(message, accessDeniedException);
        }
        throw new NotAuthenticatedException(message, accessDeniedException);
    }
}
