package com.atlassian.jira.rest.v2.issue;

import com.atlassian.annotations.ExperimentalApi;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Either;
import com.atlassian.fugue.Eithers;
import com.atlassian.jira.application.ApplicationKeys;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.avatar.Avatar;
import com.atlassian.jira.avatar.AvatarManager;
import com.atlassian.jira.avatar.AvatarPickerHelper;
import com.atlassian.jira.avatar.AvatarService;
import com.atlassian.jira.avatar.JiraAvatarSupport;
import com.atlassian.jira.bc.ServiceOutcome;
import com.atlassian.jira.bc.ServiceResult;
import com.atlassian.jira.bc.issue.IssueService;
import com.atlassian.jira.bc.issue.fields.ColumnService;
import com.atlassian.jira.bc.project.ProjectAction;
import com.atlassian.jira.bc.project.ProjectService;
import com.atlassian.jira.bc.user.UserService;
import com.atlassian.jira.bc.user.search.AssigneeService;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.event.user.UserAvatarUpdatedEvent;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.issue.IssueManager;
import com.atlassian.jira.issue.fields.layout.column.ColumnLayout;
import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.plugin.user.PasswordPolicyManager;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.exception.BadRequestWebException;
import com.atlassian.jira.rest.exception.ForbiddenWebException;
import com.atlassian.jira.rest.exception.NotAuthorisedWebException;
import com.atlassian.jira.rest.exception.NotFoundWebException;
import com.atlassian.jira.rest.exception.ServerErrorWebException;
import com.atlassian.jira.rest.util.AttachmentHelper;
import com.atlassian.jira.rest.util.ResponseFactory;
import com.atlassian.jira.rest.util.UpdateUserApplicationHelper;
import com.atlassian.jira.rest.v2.admin.applicationrole.ApplicationRoleBeanConverter;
import com.atlassian.jira.rest.v2.issue.users.UserPickerResourceHelper;
import com.atlassian.jira.rest.v2.search.ColumnOptions;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.xsrf.XsrfCheckResult;
import com.atlassian.jira.security.xsrf.XsrfInvocationChecker;
import com.atlassian.jira.timezone.TimeZoneManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import com.atlassian.jira.user.DelegatingApplicationUser;
import com.atlassian.jira.user.UserPropertyManager;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.EmailFormatter;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.JiraUtils;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.jira.web.ExecutingHttpRequest;
import com.atlassian.jira.web.action.user.ConfigurePortalPages;
import com.atlassian.jira.workflow.WorkflowTransitionUtil;
import com.atlassian.jira.workflow.WorkflowTransitionUtilImpl;
import com.atlassian.plugins.rest.common.multipart.FilePart;
import com.atlassian.plugins.rest.common.multipart.MultipartFormParam;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.opensymphony.module.propertyset.PropertySet;
import com.opensymphony.util.TextUtils;
import com.opensymphony.workflow.loader.ActionDescriptor;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang.StringUtils;

@Path("user")
@Consumes({"application/json"})
@Produces({"application/json"})
@AnonymousAllowed
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-rest-plugin-7.0.0-QR20150729161340.jar:com/atlassian/jira/rest/v2/issue/UserResource.class */
public class UserResource {
    public static final int DEFAULT_USERS_RETURNED = 50;
    public static final int MAX_USERS_RETURNED = 1000;
    private static final int MAX_LENGTH = 255;
    private final UserService userService;
    private final UserUtil userUtil;
    private final PasswordPolicyManager passwordPolicyManager;
    private final I18nHelper i18n;
    private final EmailFormatter emailFormatter;
    private final JiraAuthenticationContext authContext;
    private final TimeZoneManager timeZoneManager;
    private final AvatarService avatarService;
    private final AvatarResourceHelper avatarResourceHelper;
    private final UserPropertyManager userPropertyManager;
    private final PermissionManager permissionManager;
    private final ProjectService projectService;
    private final IssueService issueService;
    private final ProjectManager projectManager;
    private final AvatarManager avatarManager;
    private final EventPublisher eventPublisher;
    private final AssigneeService assigneeService;
    private final IssueManager issueManager;
    private final UserPickerResourceHelper userPickerHelper;
    private final JiraBaseUrls jiraBaseUrls;
    private final ColumnService columnService;
    private final XsrfInvocationChecker xsrfChecker;
    private final I18nHelper.BeanFactory beanFactory;
    private final ApplicationRoleManager applicationRoleManager;
    private final ApplicationRoleBeanConverter applicationRoleBeanConverter;
    private final JiraAvatarSupport jiraAvatarSupport;
    private final UpdateUserApplicationHelper updateUserApplicationHelper;
    private final ResponseFactory responseFactory;
    private final FeatureManager featureManager;

    public UserResource(UserService userService, UserUtil userUtil, PasswordPolicyManager passwordPolicyManager, I18nHelper i18nHelper, EmailFormatter emailFormatter, JiraAuthenticationContext jiraAuthenticationContext, TimeZoneManager timeZoneManager, AvatarPickerHelper avatarPickerHelper, AvatarManager avatarManager, AvatarService avatarService, AttachmentHelper attachmentHelper, UserPropertyManager userPropertyManager, PermissionManager permissionManager, ProjectService projectService, IssueService issueService, ProjectManager projectManager, EventPublisher eventPublisher, AssigneeService assigneeService, IssueManager issueManager, UserPickerResourceHelper userPickerResourceHelper, JiraBaseUrls jiraBaseUrls, ColumnService columnService, XsrfInvocationChecker xsrfInvocationChecker, UserManager userManager, I18nHelper.BeanFactory beanFactory, JiraAvatarSupport jiraAvatarSupport, ApplicationRoleManager applicationRoleManager, ApplicationRoleBeanConverter applicationRoleBeanConverter, UpdateUserApplicationHelper updateUserApplicationHelper, ResponseFactory responseFactory, FeatureManager featureManager) {
        this.userService = userService;
        this.passwordPolicyManager = passwordPolicyManager;
        this.userPropertyManager = userPropertyManager;
        this.permissionManager = permissionManager;
        this.projectService = projectService;
        this.issueService = issueService;
        this.projectManager = projectManager;
        this.avatarManager = avatarManager;
        this.eventPublisher = eventPublisher;
        this.assigneeService = assigneeService;
        this.issueManager = issueManager;
        this.userPickerHelper = userPickerResourceHelper;
        this.jiraBaseUrls = jiraBaseUrls;
        this.columnService = columnService;
        this.beanFactory = beanFactory;
        this.jiraAvatarSupport = jiraAvatarSupport;
        this.updateUserApplicationHelper = updateUserApplicationHelper;
        this.responseFactory = responseFactory;
        this.avatarResourceHelper = new AvatarResourceHelper(jiraAuthenticationContext, avatarManager, avatarPickerHelper, attachmentHelper, userManager, jiraAvatarSupport);
        this.userUtil = userUtil;
        this.i18n = i18nHelper;
        this.emailFormatter = emailFormatter;
        this.authContext = jiraAuthenticationContext;
        this.timeZoneManager = timeZoneManager;
        this.avatarService = avatarService;
        this.xsrfChecker = xsrfInvocationChecker;
        this.applicationRoleManager = applicationRoleManager;
        this.applicationRoleBeanConverter = applicationRoleBeanConverter;
        this.featureManager = featureManager;
    }

    @GET
    public Response getUser(@QueryParam("username") String str, @QueryParam("key") String str2) {
        if (this.authContext.getUser() == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        return Response.ok(buildUserBean(str, str2)).cacheControl(CacheControl.never()).build();
    }

    @GET
    @Path(ConfigurePortalPages.Tab.SEARCH)
    public Response findUsers(@QueryParam("username") String str, @QueryParam("startAt") Integer num, @QueryParam("maxResults") Integer num2, @QueryParam("includeActive") Boolean bool, @QueryParam("includeInactive") Boolean bool2, @Context UriInfo uriInfo) {
        return Response.ok(makeUserBeans(this.userPickerHelper.limitUserSearch(num, num2, this.userPickerHelper.findUsers(str, bool, bool2), null))).cacheControl(CacheControl.never()).build();
    }

    @GET
    @Path("picker")
    public Response findUsersForPicker(@QueryParam("query") String str, @QueryParam("maxResults") Integer num, @QueryParam("showAvatar") Boolean bool, @QueryParam("exclude") List<String> list) {
        return Response.ok(this.userPickerHelper.findUsersAsBean(str, num, bool, list)).cacheControl(CacheControl.never()).build();
    }

    @GET
    @Path("assignable/search")
    public Response findAssignableUsers(@QueryParam("username") String str, @QueryParam("project") String str2, @QueryParam("issueKey") String str3, @QueryParam("startAt") Integer num, @QueryParam("maxResults") Integer num2, @QueryParam("actionDescriptorId") Integer num3, @Context UriInfo uriInfo) {
        ActionDescriptor actionDescriptor = null;
        if (num3 != null) {
            actionDescriptor = getActionDescriptorById(str3, num3);
        }
        return Response.ok(makeUserBeans(findAssignableUsers(str, str2, str3, actionDescriptor, num, num2))).cacheControl(CacheControl.never()).build();
    }

    @POST
    @WebSudoRequired
    @ExperimentalApi
    public Response createUser(UserWriteBean userWriteBean) {
        ApplicationUser user = this.authContext.getUser();
        mustBeAdmin(user);
        UserService.CreateUserRequest sendNotification = UserService.CreateUserRequest.withUserDetails(user, userWriteBean.getName(), userWriteBean.getPassword(), userWriteBean.getEmailAddress(), userWriteBean.getDisplayName()).confirmPassword(userWriteBean.getPassword()).sendNotification(userWriteBean.getNotification() != null && Boolean.parseBoolean(userWriteBean.getNotification()));
        if (userWriteBean.getApplicationKeys() != null) {
            if (this.featureManager.isOnDemand()) {
                return Response.status(Response.Status.BAD_REQUEST).entity(ErrorCollection.of(this.i18n.getText("application.role.rest.error.cloud"))).cacheControl(CacheControl.never()).build();
            }
            ImmutableList copyOf = ImmutableList.copyOf(Iterables.transform(userWriteBean.getApplicationKeys(), ApplicationKeys.TO_APPLICATION_KEY));
            ImmutableList copyOf2 = ImmutableList.copyOf(Iterables.transform(Eithers.filterLeft(copyOf), new Function<String, String>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.1
                @Override // com.google.common.base.Function
                public String apply(@Nullable String str) {
                    return UserResource.this.i18n.getText("application.role.rest.bad.key", str);
                }
            }));
            if (!copyOf2.isEmpty()) {
                throw new BadRequestWebException(ErrorCollection.of(copyOf2));
            }
            sendNotification = sendNotification.withApplicationAccess(ImmutableSet.copyOf(Eithers.filterRight(copyOf)));
        }
        UserService.CreateUserValidationResult validateCreateUser = this.userService.validateCreateUser(sendNotification);
        if (!validateCreateUser.isValid()) {
            throw new BadRequestWebException(ErrorCollection.of(validateCreateUser.getErrorCollection()));
        }
        try {
            this.userService.createUser(validateCreateUser);
            UserBean buildUserBean = buildUserBean(userWriteBean.getName(), null);
            return Response.status(Response.Status.CREATED).location(buildUserBean.getSelf()).entity(buildUserBean).cacheControl(CacheControl.never()).build();
        } catch (CreateException e) {
            throw new ServerErrorWebException(ErrorCollection.of(e.getLocalizedMessage()));
        } catch (PermissionException e2) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
    }

    @WebSudoRequired
    @PUT
    @ExperimentalApi
    public Response updateUser(@QueryParam("username") String str, @QueryParam("key") String str2, UserWriteBean userWriteBean) {
        mustBeAdmin(this.authContext.getUser());
        if (StringUtils.isBlank(userWriteBean.getName()) && StringUtils.isBlank(userWriteBean.getEmailAddress()) && StringUtils.isBlank(userWriteBean.getDisplayName())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.no.value.found.to.be.changed")));
        }
        if (StringUtils.length(userWriteBean.getDisplayName()) > 255) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.field.too.long", "displayName", Integer.toString(255))));
        }
        if (StringUtils.length(userWriteBean.getEmailAddress()) > 255) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.field.too.long", "emailAddress", Integer.toString(255))));
        }
        if (StringUtils.isNotBlank(userWriteBean.getEmailAddress()) && !TextUtils.verifyEmail(userWriteBean.getEmailAddress())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("admin.errors.invalid.email")));
        }
        ApplicationUser userByUsernameOrKey = getUserByUsernameOrKey(str, str2);
        ImmutableUser.Builder newUser = ImmutableUser.newUser(userByUsernameOrKey.getDirectoryUser());
        newUser.name(StringUtils.defaultIfBlank(userWriteBean.getName(), userByUsernameOrKey.getName()));
        newUser.emailAddress(StringUtils.defaultIfBlank(userWriteBean.getEmailAddress(), userByUsernameOrKey.getEmailAddress()));
        newUser.displayName(StringUtils.defaultIfBlank(userWriteBean.getDisplayName(), userByUsernameOrKey.getDisplayName()));
        UserService.UpdateUserValidationResult validateUpdateUser = this.userService.validateUpdateUser(new DelegatingApplicationUser(userByUsernameOrKey.getId(), userByUsernameOrKey.getKey(), newUser.toUser()));
        if (!validateUpdateUser.isValid()) {
            throw new BadRequestWebException(ErrorCollection.of(validateUpdateUser.getErrorCollection()));
        }
        this.userService.updateUser(validateUpdateUser);
        return Response.ok(buildUserBean(null, userByUsernameOrKey.getKey())).cacheControl(CacheControl.never()).build();
    }

    @Path("password")
    @WebSudoRequired
    @PUT
    @ExperimentalApi
    public Response changeUserPassword(@QueryParam("username") String str, @QueryParam("key") String str2, PasswordBean passwordBean) {
        ApplicationUser user = this.authContext.getUser();
        mustBeAdmin(user);
        ApplicationUser userByUsernameOrKey = getUserByUsernameOrKey(str, str2);
        nonSysAdminCannotModifySysAdmin(user, userByUsernameOrKey);
        String password = passwordBean.getPassword();
        if (StringUtils.isBlank(password)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.required")));
        }
        if (!this.passwordPolicyManager.checkPolicy(userByUsernameOrKey, null, password).isEmpty()) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.rejected")));
        }
        try {
            this.userUtil.changePassword(userByUsernameOrKey, password);
            return Response.noContent().cacheControl(CacheControl.never()).build();
        } catch (InvalidCredentialException e) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.rejected")));
        } catch (OperationNotPermittedException e2) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("admin.errors.cannot.edit.user.directory.read.only")));
        } catch (UserNotFoundException e3) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.could.not.find.user")));
        } catch (PermissionException e4) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("admin.errors.cannot.edit.user.directory.read.only")));
        }
    }

    @WebSudoRequired
    @DELETE
    @ExperimentalApi
    public Response removeUser(@QueryParam("username") String str, @QueryParam("key") String str2) {
        ApplicationUser user = this.authContext.getUser();
        mustBeAdmin(user);
        UserService.DeleteUserValidationResult validateDeleteUser = this.userService.validateDeleteUser(user, getUserByUsernameOrKey(str, str2));
        if (!validateDeleteUser.isValid()) {
            throw new BadRequestWebException(ErrorCollection.of(validateDeleteUser.getErrorCollection()));
        }
        try {
            this.userService.removeUser(user, validateDeleteUser);
            return Response.noContent().cacheControl(CacheControl.never()).build();
        } catch (Exception e) {
            throw new BadRequestWebException(ErrorCollection.of(validateDeleteUser.getErrorCollection()));
        }
    }

    private void mustBeAdmin(ApplicationUser applicationUser) {
        if (applicationUser == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        if (!this.permissionManager.hasPermission(0, applicationUser)) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("rest.authorization.admin.required")));
        }
    }

    private void nonSysAdminCannotModifySysAdmin(ApplicationUser applicationUser, ApplicationUser applicationUser2) {
        boolean hasPermission = this.permissionManager.hasPermission(44, applicationUser);
        if (this.permissionManager.hasPermission(44, applicationUser2) && !hasPermission) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
    }

    protected ActionDescriptor getActionDescriptorById(String str, Integer num) {
        WorkflowTransitionUtil workflowTransitionUtil = (WorkflowTransitionUtil) JiraUtils.loadComponent(WorkflowTransitionUtilImpl.class);
        workflowTransitionUtil.setIssue(this.issueManager.getIssueObject(str));
        workflowTransitionUtil.setAction(num.intValue());
        return workflowTransitionUtil.getActionDescriptor();
    }

    private List<ApplicationUser> findAssignableUsers(String str, String str2, String str3, final ActionDescriptor actionDescriptor, Integer num, Integer num2) {
        if (num == null) {
            num = 0;
        }
        Predicate<User> predicate = null;
        ApplicationUser loggedInUser = this.authContext.getLoggedInUser();
        if (StringUtils.isNotBlank(str3)) {
            final IssueService.IssueResult issue = this.issueService.getIssue(loggedInUser, str3);
            if (!issue.isValid()) {
                throw new RESTException(Response.Status.NOT_FOUND, ErrorCollection.of(issue.getErrorCollection()));
            }
            if (!this.permissionManager.hasPermission(ProjectPermissions.ASSIGN_ISSUES, issue.getIssue(), loggedInUser)) {
                throw new NotAuthorisedWebException();
            }
            predicate = new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.2
                @Override // com.google.common.base.Predicate
                public boolean apply(@Nullable User user) {
                    return UserResource.this.assigneeService.isAssignable(issue.getIssue(), ApplicationUsers.from(user), actionDescriptor);
                }
            };
        } else if (StringUtils.isNotBlank(str2)) {
            final Project projectObjByKey = this.projectManager.getProjectObjByKey(str2);
            if (projectObjByKey == null) {
                throw new RESTException(Response.Status.NOT_FOUND, ErrorCollection.of(this.authContext.getI18nHelper().getText("rest.must.provide.valid.project")));
            }
            if (!this.permissionManager.hasPermission(ProjectPermissions.ASSIGN_ISSUES, projectObjByKey, loggedInUser)) {
                throw new NotAuthorisedWebException();
            }
            predicate = new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.3
                @Override // com.google.common.base.Predicate
                public boolean apply(@Nullable User user) {
                    return UserResource.this.assigneeService.isAssignable(projectObjByKey, ApplicationUsers.from(user));
                }
            };
        } else {
            throwWebException(this.authContext.getI18nHelper().getText("rest.must.provide.project.or.issue"), ErrorCollection.Reason.VALIDATION_FAILED);
        }
        return new ArrayList(this.userPickerHelper.limitUserSearch(num, num2, this.userPickerHelper.findUsers(str, true, false, true, predicate, num2 == null ? null : Integer.valueOf(num.intValue() + num2.intValue())), null));
    }

    @GET
    @Path("viewissue/search")
    public Response findUsersWithBrowsePermission(@QueryParam("username") String str, @QueryParam("issueKey") String str2, @QueryParam("projectKey") String str3, @QueryParam("startAt") Integer num, @QueryParam("maxResults") Integer num2, @Context UriInfo uriInfo) {
        Either<Project, Issue> issueOrProject = getIssueOrProject(str2, str3);
        Integer verifyAndAdjustMaxResults = verifyAndAdjustMaxResults(num2);
        if (num == null) {
            num = 0;
        }
        if (num.intValue() < 0) {
            throw new RESTException(Response.Status.BAD_REQUEST, this.authContext.getI18nHelper().getText("rest.negative.startat", num));
        }
        return num.intValue() == 0 ? Response.ok(makeUserBeans(ImmutableList.copyOf(findUsersWithPermission(ImmutableList.of(10), str, issueOrProject, false, verifyAndAdjustMaxResults)))).cacheControl(CacheControl.never()).build() : Response.ok(makeUserBeans(this.userPickerHelper.limitUserSearch(num, verifyAndAdjustMaxResults, findUsersWithPermission(ImmutableList.of(10), str, issueOrProject, false, Integer.valueOf(num.intValue() + verifyAndAdjustMaxResults.intValue())), null))).cacheControl(CacheControl.never()).build();
    }

    @VisibleForTesting
    Iterable<ApplicationUser> findUsersWithPermission(final Iterable<Integer> iterable, String str, Either<Project, Issue> either, boolean z, Integer num) {
        return this.userPickerHelper.findUsers(str, true, false, z, (Predicate) Either.merge(either.left().map(new Function<Project, Predicate<User>>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.5
            @Override // com.google.common.base.Function
            public Predicate<User> apply(Project project) {
                return UserResource.this.createProjectPredicate(iterable, project);
            }
        }).right().map(new Function<Issue, Predicate<User>>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.4
            @Override // com.google.common.base.Function
            public Predicate<User> apply(Issue issue) {
                return UserResource.this.createIssuePredicate(iterable, issue);
            }
        })), num);
    }

    @VisibleForTesting
    Either<Project, Issue> getIssueOrProject(String str, String str2) {
        if (StringUtils.isNotBlank(str)) {
            IssueService.IssueResult issue = this.issueService.getIssue(this.authContext.getUser(), str);
            if (issue.isValid()) {
                return Either.right(issue.getIssue());
            }
            throw new RESTException(Response.Status.NOT_FOUND, com.atlassian.jira.rest.api.util.ErrorCollection.of(issue.getErrorCollection()));
        }
        if (!StringUtils.isNotBlank(str2)) {
            throw createWebException(this.authContext.getI18nHelper().getText("rest.must.provide.project.or.issue"), ErrorCollection.Reason.VALIDATION_FAILED);
        }
        Project projectObjByKey = this.projectManager.getProjectObjByKey(str2);
        if (projectObjByKey == null) {
            throw new RESTException(Response.Status.NOT_FOUND, com.atlassian.jira.rest.api.util.ErrorCollection.of(this.authContext.getI18nHelper().getText("rest.must.provide.valid.project")));
        }
        return Either.left(projectObjByKey);
    }

    @VisibleForTesting
    Predicate<User> createProjectPredicate(final Iterable<Integer> iterable, final Project project) {
        return new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.6
            @Override // com.google.common.base.Predicate
            public boolean apply(User user) {
                Iterator it2 = iterable.iterator();
                while (it2.hasNext()) {
                    if (!UserResource.this.permissionManager.hasPermission(new ProjectPermissionKey(((Integer) it2.next()).intValue()), project, ApplicationUsers.from(user), true)) {
                        return false;
                    }
                }
                return true;
            }
        };
    }

    @VisibleForTesting
    Predicate<User> createIssuePredicate(final Iterable<Integer> iterable, final Issue issue) {
        return new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.7
            @Override // com.google.common.base.Predicate
            public boolean apply(User user) {
                Iterator it2 = iterable.iterator();
                while (it2.hasNext()) {
                    if (!UserResource.this.permissionManager.hasPermission(((Integer) it2.next()).intValue(), issue, ApplicationUsers.from(user))) {
                        return false;
                    }
                }
                return true;
            }
        };
    }

    private Integer verifyAndAdjustMaxResults(Integer num) {
        if (num == null) {
            num = 50;
        }
        if (num.intValue() > 1000) {
            num = 1000;
        }
        if (num.intValue() < 0) {
            throw new RESTException(Response.Status.BAD_REQUEST, this.authContext.getI18nHelper().getText("rest.negative.maxresults", num));
        }
        return num;
    }

    @GET
    @Path("permission/search")
    public Response findUsersWithAllPermissions(@QueryParam("username") String str, @QueryParam("permissions") String str2, @QueryParam("issueKey") String str3, @QueryParam("projectKey") String str4, @QueryParam("startAt") Integer num, @QueryParam("maxResults") Integer num2) {
        if (StringUtils.isBlank(str2)) {
            throw new RESTException(Response.Status.BAD_REQUEST, this.authContext.getI18nHelper().getText("rest.missing.permission.string"));
        }
        Integer verifyAndAdjustMaxResults = verifyAndAdjustMaxResults(num2);
        if (num == null) {
            num = 0;
        }
        if (num.intValue() < 0) {
            throw new RESTException(Response.Status.BAD_REQUEST, this.authContext.getI18nHelper().getText("rest.negative.startat", num));
        }
        Either<Project, Issue> issueOrProject = getIssueOrProject(str3, str4);
        Project on = issueOrProject.left().on(new Function<Issue, Project>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.8
            @Override // com.google.common.base.Function
            public Project apply(Issue issue) {
                return issue.getProjectObject();
            }
        });
        ApplicationUser user = this.authContext.getUser();
        if (this.permissionManager.hasPermission(44, user) || this.permissionManager.hasPermission(0, user) || this.permissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, on, user)) {
            return Response.ok(makeUserBeans(this.userPickerHelper.limitUserSearch(num, verifyAndAdjustMaxResults, findUsersWithPermission(parsePermissions(str2), str, issueOrProject, true, Integer.valueOf(num.intValue() + verifyAndAdjustMaxResults.intValue())), null))).cacheControl(CacheControl.never()).build();
        }
        throw new ForbiddenWebException();
    }

    @VisibleForTesting
    ImmutableList<Integer> parsePermissions(String str) {
        return ImmutableList.copyOf(Iterables.transform(ImmutableList.copyOf(StringUtils.split(str, ",")), new Function<String, Integer>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.9
            @Override // com.google.common.base.Function
            public Integer apply(String str2) {
                try {
                    return Integer.valueOf(Permissions.Permission.valueOf(str2).getId());
                } catch (IllegalArgumentException e) {
                    throw new RESTException(Response.Status.BAD_REQUEST, UserResource.this.authContext.getI18nHelper().getText("rest.invalid.permission.string", str2));
                }
            }
        }));
    }

    @GET
    @Path("assignable/multiProjectSearch")
    public Response findBulkAssignableUsers(@QueryParam("username") String str, @QueryParam("projectKeys") String str2, @QueryParam("startAt") Integer num, @QueryParam("maxResults") Integer num2, @Context UriInfo uriInfo) {
        if (StringUtils.isBlank(str2)) {
            throw new RESTException(Response.Status.BAD_REQUEST, this.authContext.getI18nHelper().getText("rest.missing.field", "projectKeys"));
        }
        String[] split = str2.split(",");
        final ArrayList arrayList = new ArrayList(split.length);
        for (String str3 : split) {
            ProjectService.GetProjectResult projectByKeyForAction = this.projectService.getProjectByKeyForAction(this.authContext.getUser(), str3, ProjectAction.VIEW_PROJECT);
            if (projectByKeyForAction.getErrorCollection().hasAnyErrors()) {
                return Response.status(Response.Status.NOT_FOUND).entity(com.atlassian.jira.rest.api.util.ErrorCollection.of(projectByKeyForAction.getErrorCollection())).cacheControl(CacheControl.never()).build();
            }
            arrayList.add(projectByKeyForAction.getProject());
        }
        List<ApplicationUser> findUsers = this.userPickerHelper.findUsers(str, null, null, true, new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.UserResource.10
            @Override // com.google.common.base.Predicate
            public boolean apply(@Nullable User user) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    if (!UserResource.this.assigneeService.isAssignable((Project) it2.next(), ApplicationUsers.from(user))) {
                        return false;
                    }
                }
                return true;
            }
        }, (num == null || num2 == null) ? num2 : Integer.valueOf(num.intValue() + num2.intValue()));
        if (num != null) {
            findUsers = findUsers.subList(num.intValue(), findUsers.size());
        }
        return Response.ok(makeUserBeans(findUsers)).cacheControl(CacheControl.never()).build();
    }

    @GET
    @Path("avatars")
    public Map<String, List<AvatarBean>> getAllAvatars(@QueryParam("username") String str) {
        ApplicationUser applicationUser = getApplicationUser(str);
        Long l = null;
        Avatar avatar = this.avatarService.getAvatar(this.authContext.getUser(), applicationUser);
        if (avatar != null) {
            l = avatar.getId();
        }
        return this.avatarResourceHelper.getAllAvatars(Avatar.Type.USER, applicationUser.getKey(), l);
    }

    @POST
    @Path("avatar")
    public Response createAvatarFromTemporary(@QueryParam("username") String str, AvatarCroppingBean avatarCroppingBean) {
        XsrfCheckResult checkWebRequestInvocation = this.xsrfChecker.checkWebRequestInvocation(ExecutingHttpRequest.get());
        if (checkWebRequestInvocation.isRequired() && !checkWebRequestInvocation.isValid()) {
            throw new XsrfCheckFailedException();
        }
        return this.avatarResourceHelper.createAvatarFromTemporary(Avatar.Type.USER, getApplicationUser(str).getKey(), avatarCroppingBean);
    }

    @Path("avatar")
    @PUT
    public Response updateProjectAvatar(@QueryParam("username") String str, AvatarBean avatarBean) {
        Long l;
        Long valueOf;
        ApplicationUser applicationUser = getApplicationUser(str);
        PropertySet propertySet = this.userPropertyManager.getPropertySet(applicationUser);
        String id = avatarBean.getId();
        if (id == null) {
            valueOf = null;
        } else {
            try {
                valueOf = Long.valueOf(id);
            } catch (NumberFormatException e) {
                l = null;
            }
        }
        l = valueOf;
        if (!this.avatarManager.hasPermissionToEdit(this.authContext.getUser(), applicationUser)) {
            throw new NotAuthorisedWebException();
        }
        propertySet.setLong(AvatarManager.USER_AVATAR_ID_KEY, l.longValue());
        this.eventPublisher.publish(new UserAvatarUpdatedEvent(applicationUser, l));
        return Response.status(Response.Status.NO_CONTENT).cacheControl(CacheControl.never()).build();
    }

    @POST
    @Path("avatar/temporary")
    @Consumes({"*/*"})
    public Response storeTemporaryAvatar(@QueryParam("username") String str, @QueryParam("filename") String str2, @QueryParam("size") Long l, @Context HttpServletRequest httpServletRequest) {
        XsrfCheckResult checkWebRequestInvocation = this.xsrfChecker.checkWebRequestInvocation(ExecutingHttpRequest.get());
        if (checkWebRequestInvocation.isRequired() && !checkWebRequestInvocation.isValid()) {
            throw new XsrfCheckFailedException();
        }
        return this.avatarResourceHelper.storeTemporaryAvatar(Avatar.Type.USER, getApplicationUser(str).getKey(), str2, l, httpServletRequest);
    }

    @Path("avatar/temporary")
    @Consumes({"multipart/form-data"})
    @POST
    @Produces({"text/html"})
    public Response storeTemporaryAvatarUsingMultiPart(@QueryParam("username") String str, @MultipartFormParam("avatar") FilePart filePart, @Context HttpServletRequest httpServletRequest) {
        XsrfCheckResult checkWebRequestInvocation = this.xsrfChecker.checkWebRequestInvocation(ExecutingHttpRequest.get());
        if (checkWebRequestInvocation.isRequired() && !checkWebRequestInvocation.isValid()) {
            throw new XsrfCheckFailedException();
        }
        return this.avatarResourceHelper.storeTemporaryAvatarUsingMultiPart(Avatar.Type.USER, getApplicationUser(str).getKey(), filePart, httpServletRequest);
    }

    @Path("avatar/{id}")
    @DELETE
    public Response deleteAvatar(@QueryParam("username") String str, @PathParam("id") Long l) {
        getApplicationUser(str);
        return this.avatarResourceHelper.deleteAvatar(l);
    }

    @GET
    @Path("columns")
    public Response defaultColumns(@QueryParam("username") String str) {
        ApplicationUser user = this.authContext.getUser();
        ServiceOutcome<ColumnLayout> columnLayout = this.columnService.getColumnLayout(user, str == null ? user : getApplicationUser(str));
        if (columnLayout.isValid()) {
            return Response.ok(ColumnOptions.toColumnOptions(columnLayout.getReturnedValue().getColumnLayoutItems())).cacheControl(CacheControl.never()).build();
        }
        throw new RESTException(com.atlassian.jira.rest.api.util.ErrorCollection.of(columnLayout.getErrorCollection()));
    }

    @Path("columns")
    @PUT
    @Consumes({"*/*"})
    public Response setColumns(@FormParam("username") String str, @FormParam("columns") List<String> list) {
        ApplicationUser user = this.authContext.getUser();
        ServiceResult columns = this.columnService.setColumns(user, str == null ? user : getApplicationUser(str), list);
        if (columns.isValid()) {
            return Response.ok().cacheControl(CacheControl.never()).build();
        }
        throw new RESTException(com.atlassian.jira.rest.api.util.ErrorCollection.of(columns.getErrorCollection()));
    }

    @Path("columns")
    @Consumes({"*/*"})
    @DELETE
    public Response resetColumns(@QueryParam("username") String str) {
        ApplicationUser user = this.authContext.getUser();
        ServiceResult resetColumns = this.columnService.resetColumns(user, str == null ? user : getApplicationUser(str));
        if (resetColumns.isValid()) {
            return Response.noContent().cacheControl(CacheControl.never()).build();
        }
        throw new RESTException(com.atlassian.jira.rest.api.util.ErrorCollection.of(resetColumns.getErrorCollection()));
    }

    @Path("application")
    @POST
    @WebSudoRequired
    @ExperimentalApi
    public Response addUserToApplication(@QueryParam("username") String str, @QueryParam("applicationKey") String str2) {
        if (this.featureManager.isOnDemand()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("application.role.rest.error.cloud"))).cacheControl(CacheControl.never()).build();
        }
        UpdateUserApplicationHelper.ApplicationUpdateResult addUserToApplication = this.updateUserApplicationHelper.addUserToApplication(str, str2);
        return !addUserToApplication.isValid() ? this.responseFactory.errorResponse(addUserToApplication.getErrorCollection()) : Response.ok().cacheControl(CacheControl.never()).build();
    }

    @Path("application")
    @DELETE
    @WebSudoRequired
    @ExperimentalApi
    public Response removeUserFromApplication(@QueryParam("username") String str, @QueryParam("applicationKey") String str2) {
        if (this.featureManager.isOnDemand()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("application.role.rest.error.cloud"))).cacheControl(CacheControl.never()).build();
        }
        UpdateUserApplicationHelper.ApplicationUpdateResult removeUserFromApplication = this.updateUserApplicationHelper.removeUserFromApplication(str, str2);
        return !removeUserFromApplication.isValid() ? this.responseFactory.errorResponse(removeUserFromApplication.getErrorCollection()) : this.responseFactory.noContent();
    }

    private UserBean buildUserBean(String str, String str2) {
        ApplicationUser userByUsernameOrKey = getUserByUsernameOrKey(str, str2);
        return new UserBeanBuilder(this.jiraBaseUrls, this.jiraAvatarSupport).user(userByUsernameOrKey).groups(new ArrayList(this.userUtil.getGroupNamesForUser(userByUsernameOrKey.getUsername()))).loggedInUser(this.authContext.getUser()).emailFormatter(this.emailFormatter).timeZone(this.timeZoneManager.getTimeZoneforUser(userByUsernameOrKey)).avatarService(this.avatarService).i18nBeanFactory(this.beanFactory).applicationRoles(this.applicationRoleManager.rolesEnabled() ? this.applicationRoleManager.getRolesForUser(userByUsernameOrKey) : null).buildFull(this.applicationRoleBeanConverter);
    }

    private ApplicationUser getUserByUsernameOrKey(String str, String str2) {
        ApplicationUser userByName;
        if (str == null) {
            if (str2 == null) {
                throw new RESTException(Response.Status.NOT_FOUND, com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.no.username.or.key.param")));
            }
            userByName = this.userUtil.getUserByKey(str2);
        } else {
            if (str2 != null) {
                throw new RESTException(Response.Status.BAD_REQUEST, com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.too.many.params")));
            }
            userByName = this.userUtil.getUserByName(str);
        }
        if (userByName != null) {
            return userByName;
        }
        if (str != null) {
            throw new NotFoundWebException(com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.not.found", str)));
        }
        throw new NotFoundWebException(com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.not.found.with.key", str2)));
    }

    private ApplicationUser getApplicationUser(String str) {
        if (str == null) {
            throw new RESTException(Response.Status.BAD_REQUEST, com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.no.username.param")));
        }
        ApplicationUser userByName = this.userUtil.getUserByName(str);
        if (userByName == null) {
            throw new NotFoundWebException(com.atlassian.jira.rest.api.util.ErrorCollection.of(this.i18n.getText("rest.user.error.not.found", str)));
        }
        return userByName;
    }

    private List<UserBean> makeUserBeans(Collection<ApplicationUser> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        for (ApplicationUser applicationUser : collection) {
            arrayList.add(new UserBeanBuilder(this.jiraBaseUrls, this.jiraAvatarSupport).user(applicationUser).loggedInUser(this.authContext.getUser()).emailFormatter(this.emailFormatter).timeZone(this.timeZoneManager.getTimeZoneforUser(applicationUser)).i18nBeanFactory(this.beanFactory).buildMid());
        }
        return arrayList;
    }

    private void throwWebException(String str, ErrorCollection.Reason reason) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        simpleErrorCollection.addErrorMessage(str, reason);
        throwWebException(simpleErrorCollection);
    }

    private void throwWebException(com.atlassian.jira.util.ErrorCollection errorCollection) {
        throw new RESTException(com.atlassian.jira.rest.api.util.ErrorCollection.of(errorCollection));
    }

    private RESTException createWebException(String str, ErrorCollection.Reason reason) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        simpleErrorCollection.addErrorMessage(str, reason);
        return new RESTException(com.atlassian.jira.rest.api.util.ErrorCollection.of(simpleErrorCollection));
    }
}
