package com.atlassian.jira.dashboard.permission;

import com.atlassian.fugue.Option;
import com.atlassian.gadgets.DashboardItemState;
import com.atlassian.gadgets.DashboardItemStateVisitor;
import com.atlassian.gadgets.GadgetState;
import com.atlassian.gadgets.LocalDashboardItemState;
import com.atlassian.gadgets.Vote;
import com.atlassian.gadgets.dashboard.DashboardState;
import com.atlassian.gadgets.dashboard.spi.DashboardPermissionService;
import com.atlassian.gadgets.plugins.GadgetLocationTranslator;
import com.atlassian.gadgets.plugins.PluginGadgetSpec;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.plugin.webfragment.DefaultWebFragmentContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.plugin.ModuleDescriptor;
import com.atlassian.plugin.PluginAccessor;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.net.URI;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/dashboard/permission/JiraGadgetPermissionManager.class */
public class JiraGadgetPermissionManager implements GadgetPermissionManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JiraGadgetPermissionManager.class);
    private static final Pattern PLUGIN_KEY_PATTERN = Pattern.compile(".*rest\\/gadgets\\/.*\\/g\\/([^\\/]+):([^\\/]+).*", 2);
    private final PermissionManager permissionManager;
    private final PluginAccessor pluginAccessor;
    private final DashboardPermissionService permissionService;

    public JiraGadgetPermissionManager(PermissionManager permissionManager, PluginAccessor pluginAccessor, DashboardPermissionService dashboardPermissionService) {
        this.permissionManager = permissionManager;
        this.pluginAccessor = pluginAccessor;
        this.permissionService = dashboardPermissionService;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(PluginGadgetSpec pluginGadgetSpec, ApplicationUser applicationUser) {
        Assertions.notNull("pluginGadgetSpec", pluginGadgetSpec);
        if (!evaluateConditions(pluginGadgetSpec)) {
            return Vote.DENY;
        }
        String parameter = pluginGadgetSpec.getParameter("roles-required");
        if (!StringUtils.isBlank(parameter) && !this.permissionManager.hasPermission(0, applicationUser)) {
            for (String str : StringUtils.split(parameter)) {
                int type = Permissions.getType(str);
                if (type == -1) {
                    log.warn("Invalid role-required specified for gadget '" + pluginGadgetSpec.getKey() + "': '" + str + "'");
                    return Vote.PASS;
                }
                if (Permissions.isGlobalPermission(type)) {
                    if (!this.permissionManager.hasPermission(type, applicationUser)) {
                        return Vote.DENY;
                    }
                } else if (!hasProjectsPermission(type, applicationUser)) {
                    return Vote.DENY;
                }
            }
            return Vote.ALLOW;
        }
        return Vote.ALLOW;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public DashboardState filterGadgets(DashboardState dashboardState, ApplicationUser applicationUser) {
        Assertions.notNull("dashboardState", dashboardState);
        if (this.permissionService.isWritableBy(dashboardState.getId(), applicationUser == null ? null : applicationUser.getName())) {
            return dashboardState;
        }
        return DashboardState.dashboard(dashboardState).dashboardColumns(filterGadgetsThatUserCanNotSee(dashboardState, applicationUser)).build();
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Option<PluginGadgetSpec> getPluginGadgetSpec(URI uri) {
        String extractModuleKey;
        if (uri != null && (extractModuleKey = extractModuleKey(getGadgetLocationTranslator().translate(uri).toASCIIString())) != null) {
            return getPluginGadgetSpecFromModuleKey(extractModuleKey);
        }
        return Option.none();
    }

    @VisibleForTesting
    String extractModuleKey(String str) {
        Matcher matcher = PLUGIN_KEY_PATTERN.matcher(str);
        if (matcher.matches() && matcher.groupCount() == 2) {
            return matcher.group(1) + ":" + matcher.group(2);
        }
        return null;
    }

    private Option<PluginGadgetSpec> getPluginGadgetSpecFromModuleKey(String str) {
        ModuleDescriptor<?> enabledPluginModule = this.pluginAccessor.getEnabledPluginModule(str);
        if (enabledPluginModule == null) {
            return Option.none();
        }
        Object module2 = enabledPluginModule.getModule2();
        return module2 instanceof PluginGadgetSpec ? Option.some((PluginGadgetSpec) module2) : Option.none();
    }

    private boolean evaluateConditions(PluginGadgetSpec pluginGadgetSpec) {
        Map<String, Object> map = DefaultWebFragmentContext.get();
        return pluginGadgetSpec.getEnabledCondition().shouldDisplay(map) && pluginGadgetSpec.getLocalCondition().shouldDisplay(map);
    }

    private boolean hasProjectsPermission(int i, ApplicationUser applicationUser) {
        try {
            return this.permissionManager.hasProjects(new ProjectPermissionKey(i), applicationUser);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private GadgetLocationTranslator getGadgetLocationTranslator() {
        return (GadgetLocationTranslator) ComponentAccessor.getOSGiComponentInstanceOfType(GadgetLocationTranslator.class);
    }

    private Iterable<Iterable<DashboardItemState>> filterGadgetsThatUserCanNotSee(DashboardState dashboardState, final ApplicationUser applicationUser) {
        final Predicate<DashboardItemState> predicate = new Predicate<DashboardItemState>() { // from class: com.atlassian.jira.dashboard.permission.JiraGadgetPermissionManager.1
            @Override // com.google.common.base.Predicate
            public boolean apply(DashboardItemState dashboardItemState) {
                return ((Boolean) dashboardItemState.accept(new DashboardItemStateVisitor<Boolean>() { // from class: com.atlassian.jira.dashboard.permission.JiraGadgetPermissionManager.1.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.atlassian.gadgets.DashboardItemStateVisitor
                    public Boolean visit(GadgetState gadgetState) {
                        Option<PluginGadgetSpec> pluginGadgetSpec = JiraGadgetPermissionManager.this.getPluginGadgetSpec(gadgetState.getGadgetSpecUri());
                        return Boolean.valueOf((pluginGadgetSpec.isDefined() && Vote.DENY.equals(JiraGadgetPermissionManager.this.voteOn(pluginGadgetSpec.get(), applicationUser))) ? false : true);
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.atlassian.gadgets.DashboardItemStateVisitor
                    public Boolean visit(LocalDashboardItemState localDashboardItemState) {
                        return true;
                    }
                })).booleanValue();
            }
        };
        return Iterables.transform(dashboardState.getDashboardColumns().getColumns(), new Function<Iterable<DashboardItemState>, Iterable<DashboardItemState>>() { // from class: com.atlassian.jira.dashboard.permission.JiraGadgetPermissionManager.2
            @Override // com.google.common.base.Function
            public Iterable<DashboardItemState> apply(Iterable<DashboardItemState> iterable) {
                return Iterables.filter(iterable, predicate);
            }
        });
    }
}
