package com.atlassian.jira.dashboard.permission;

import com.atlassian.fugue.Option;
import com.atlassian.gadgets.GadgetState;
import com.atlassian.gadgets.Vote;
import com.atlassian.gadgets.dashboard.DashboardState;
import com.atlassian.gadgets.dashboard.spi.DashboardPermissionService;
import com.atlassian.gadgets.plugins.GadgetLocationTranslator;
import com.atlassian.gadgets.plugins.PluginGadgetSpec;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.plugin.webfragment.DefaultWebFragmentContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.plugin.ModuleDescriptor;
import com.atlassian.plugin.PluginAccessor;
import com.google.common.annotations.VisibleForTesting;
import java.net.URI;
import java.util.ArrayList;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/dashboard/permission/JiraGadgetPermissionManager.class */
public class JiraGadgetPermissionManager implements GadgetPermissionManager {
    private static final String LOGIN_GADGET_KEY = "login-gadget";
    private static final String LOGIN_GADGET_PLUGIN_KEY = "com.atlassian.jira.gadgets";
    private final PermissionManager permissionManager;
    private final PluginAccessor pluginAccessor;
    private final DashboardPermissionService permissionService;
    private static final Logger log = LoggerFactory.getLogger(JiraGadgetPermissionManager.class);
    private static final Pattern PLUGIN_KEY_PATTERN = Pattern.compile(".*rest\\/gadgets\\/.*\\/g\\/([^\\/]+):([^\\/]+).*", 2);

    public JiraGadgetPermissionManager(PermissionManager permissionManager, PluginAccessor pluginAccessor, DashboardPermissionService dashboardPermissionService) {
        this.permissionManager = permissionManager;
        this.pluginAccessor = pluginAccessor;
        this.permissionService = dashboardPermissionService;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(PluginGadgetSpec pluginGadgetSpec, ApplicationUser applicationUser) {
        Assertions.notNull("pluginGadgetSpec", pluginGadgetSpec);
        if (pluginGadgetSpec.getModuleKey().equals(LOGIN_GADGET_KEY) && pluginGadgetSpec.getPluginKey().equals(LOGIN_GADGET_PLUGIN_KEY)) {
            return applicationUser == null ? Vote.ALLOW : Vote.DENY;
        }
        if (!evaluateConditions(pluginGadgetSpec)) {
            return Vote.DENY;
        }
        String parameter = pluginGadgetSpec.getParameter("roles-required");
        if (!StringUtils.isBlank(parameter) && !this.permissionManager.hasPermission(0, applicationUser)) {
            for (String str : StringUtils.split(parameter)) {
                int type = Permissions.getType(str);
                if (type == -1) {
                    log.warn("Invalid role-required specified for gadget '" + pluginGadgetSpec.getKey() + "': '" + str + "'");
                    return Vote.PASS;
                }
                if (Permissions.isGlobalPermission(type)) {
                    if (!this.permissionManager.hasPermission(type, applicationUser)) {
                        return Vote.DENY;
                    }
                } else if (!hasProjectsPermission(type, applicationUser)) {
                    return Vote.DENY;
                }
            }
            return Vote.ALLOW;
        }
        return Vote.ALLOW;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public DashboardState filterGadgets(DashboardState dashboardState, ApplicationUser applicationUser) {
        Assertions.notNull("dashboardState", dashboardState);
        if (this.permissionService.isWritableBy(dashboardState.getId(), applicationUser == null ? null : applicationUser.getName())) {
            return dashboardState;
        }
        ArrayList arrayList = new ArrayList();
        for (Iterable<GadgetState> iterable : dashboardState.getColumns()) {
            ArrayList arrayList2 = new ArrayList();
            for (GadgetState gadgetState : iterable) {
                Option<PluginGadgetSpec> pluginGadgetSpec = getPluginGadgetSpec(gadgetState.getGadgetSpecUri());
                if (pluginGadgetSpec.isEmpty() || !Vote.DENY.equals(voteOn((PluginGadgetSpec) pluginGadgetSpec.get(), applicationUser))) {
                    arrayList2.add(gadgetState);
                }
            }
            arrayList.add(arrayList2);
        }
        return DashboardState.dashboard(dashboardState).columns(arrayList).build();
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Option<PluginGadgetSpec> getPluginGadgetSpec(URI uri) {
        String extractModuleKey;
        if (uri != null && (extractModuleKey = extractModuleKey(getGadgetLocationTranslator().translate(uri).toASCIIString())) != null) {
            return getPluginGadgetSpecFromModuleKey(extractModuleKey);
        }
        return Option.none();
    }

    @VisibleForTesting
    String extractModuleKey(String str) {
        Matcher matcher = PLUGIN_KEY_PATTERN.matcher(str);
        if (matcher.matches() && matcher.groupCount() == 2) {
            return matcher.group(1) + ":" + matcher.group(2);
        }
        return null;
    }

    private Option<PluginGadgetSpec> getPluginGadgetSpecFromModuleKey(String str) {
        ModuleDescriptor enabledPluginModule = this.pluginAccessor.getEnabledPluginModule(str);
        if (enabledPluginModule == null) {
            return Option.none();
        }
        Object module = enabledPluginModule.getModule();
        return module instanceof PluginGadgetSpec ? Option.some((PluginGadgetSpec) module) : Option.none();
    }

    private boolean evaluateConditions(PluginGadgetSpec pluginGadgetSpec) {
        Map map = DefaultWebFragmentContext.get();
        return pluginGadgetSpec.getEnabledCondition().shouldDisplay(map) && pluginGadgetSpec.getLocalCondition().shouldDisplay(map);
    }

    private boolean hasProjectsPermission(int i, ApplicationUser applicationUser) {
        try {
            return this.permissionManager.hasProjects(new ProjectPermissionKey(i), applicationUser);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private GadgetLocationTranslator getGadgetLocationTranslator() {
        return (GadgetLocationTranslator) ComponentAccessor.getOSGiComponentInstanceOfType(GadgetLocationTranslator.class);
    }
}
