package com.atlassian.jira.rest.v1.users;

import com.atlassian.jira.avatar.AvatarService;
import com.atlassian.jira.avatar.AvatarsDisabledException;
import com.atlassian.jira.avatar.NoPermissionException;
import com.atlassian.jira.rest.v1.util.CacheControl;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.xsrf.XsrfCheckResult;
import com.atlassian.jira.security.xsrf.XsrfInvocationChecker;
import com.atlassian.jira.web.ExecutingHttpRequest;
import com.atlassian.plugins.rest.common.security.CorsAllowed;
import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;

@Produces({"application/json", "application/xml"})
@Path("user")
@CorsAllowed
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-rest-plugin-7.0.0-QR20150729161340.jar:com/atlassian/jira/rest/v1/users/UserResource.class */
public class UserResource {
    private final JiraAuthenticationContext authenticationContext;
    private final AvatarService avatarService;
    private final XsrfInvocationChecker xsrfChecker;

    public UserResource(JiraAuthenticationContext jiraAuthenticationContext, AvatarService avatarService, XsrfInvocationChecker xsrfInvocationChecker) {
        this.authenticationContext = jiraAuthenticationContext;
        this.avatarService = avatarService;
        this.xsrfChecker = xsrfInvocationChecker;
    }

    @POST
    @Path("{username}/avatar/{avatarid}")
    public Response updateUserAvatar(@PathParam("username") String str, @PathParam("avatarid") Long l) {
        XsrfCheckResult checkWebRequestInvocation = this.xsrfChecker.checkWebRequestInvocation(ExecutingHttpRequest.get());
        if (checkWebRequestInvocation.isRequired() && !checkWebRequestInvocation.isValid()) {
            throw new XsrfCheckFailedException();
        }
        if (StringUtils.isBlank(str) || l == null) {
            return Response.status(Response.Status.BAD_REQUEST).entity("username and avatarid are required path parameters!").cacheControl(CacheControl.NO_CACHE).build();
        }
        try {
            this.avatarService.setCustomUserAvatar(this.authenticationContext.getUser(), str, l);
            return Response.ok().cacheControl(CacheControl.NO_CACHE).build();
        } catch (AvatarsDisabledException e) {
            return Response.status(Response.Status.NOT_FOUND).cacheControl(CacheControl.NO_CACHE).build();
        } catch (NoPermissionException e2) {
            return Response.status(Response.Status.NOT_FOUND).cacheControl(CacheControl.NO_CACHE).build();
        }
    }
}
