package com.atlassian.stash.internal.user;

import com.atlassian.stash.internal.CommonValidations;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.StashUser;
import com.google.common.base.Predicate;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.access.expression.method.PublicMethodSecurityExpressionRoot;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:com/atlassian/stash/internal/user/ExtendedMethodSecurityExpressionRoot.class */
public class ExtendedMethodSecurityExpressionRoot extends PublicMethodSecurityExpressionRoot {
    private final ThreadLocal<Boolean> permissionLoopGuard;
    private PermissionService permissionService;
    private Object returnObject;

    public ExtendedMethodSecurityExpressionRoot(Authentication authentication, ThreadLocal<Boolean> threadLocal) {
        super(authentication);
        this.permissionLoopGuard = threadLocal;
    }

    public boolean hasAnyPermission(Permission permission) {
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.1
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasAnyUserPermission(permission2);
            }
        });
    }

    public boolean hasGlobalPermission(Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.2
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasGlobalPermission(permission2);
            }
        });
    }

    public boolean hasGlobalPermission(final StashUser stashUser, Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.3
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasGlobalPermission(stashUser, permission2);
            }
        });
    }

    public boolean hasGlobalPermission(final String str, Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.4
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasGlobalPermission(str, permission2);
            }
        });
    }

    public boolean hasProjectPermission(final Project project, Permission permission) {
        CommonValidations.validateProjectPermission(permission);
        return project == null || applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.5
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasProjectPermission(project, permission2);
            }
        });
    }

    public boolean hasProjectPermission(final int i, Permission permission) {
        CommonValidations.validateProjectPermission(permission);
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.6
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasProjectPermission(i, permission2);
            }
        });
    }

    public boolean hasRepositoryPermission(final Repository repository, Permission permission) {
        CommonValidations.validateRepositoryPermission(permission);
        return repository == null || applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.7
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasRepositoryPermission(repository, permission2);
            }
        });
    }

    public boolean hasRepositoryPermission(final int i, Permission permission) {
        CommonValidations.validateRepositoryPermission(permission);
        return applyPredicate(permission, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.8
            public boolean apply(Permission permission2) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.hasRepositoryPermission(i, permission2);
            }
        });
    }

    public boolean isCurrentUser(StashUser stashUser) {
        return stashUser != null && isCurrentUser(stashUser.getName());
    }

    public boolean isCurrentUser(String str) {
        StashUserAuthenticationToken resolveToken = resolveToken();
        return resolveToken != null && StringUtils.equals(resolveToken.getName(), str);
    }

    public boolean isProjectAccessible(final Project project) {
        return project == null || applyPredicate(null, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.9
            public boolean apply(Permission permission) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.isProjectAccessible(project);
            }
        });
    }

    public boolean isProjectAccessible(final int i) {
        return applyPredicate(null, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.10
            public boolean apply(Permission permission) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.isProjectAccessible(i);
            }
        });
    }

    public boolean isRepositoryAccessible(final Repository repository) {
        return repository == null || applyPredicate(null, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.11
            public boolean apply(Permission permission) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.isRepositoryAccessible(repository);
            }
        });
    }

    public boolean isRepositoryAccessible(final int i) {
        return applyPredicate(null, new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.ExtendedMethodSecurityExpressionRoot.12
            public boolean apply(Permission permission) {
                return ExtendedMethodSecurityExpressionRoot.this.permissionService.isRepositoryAccessible(i);
            }
        });
    }

    private boolean applyPredicate(Permission permission, Predicate<Permission> predicate) {
        enterPermissionCheck();
        try {
            boolean apply = predicate.apply(permission);
            exitPermissionCheck();
            return apply;
        } catch (Throwable th) {
            exitPermissionCheck();
            throw th;
        }
    }

    private void enterPermissionCheck() {
        if (this.permissionLoopGuard.get() != null) {
            throw new IllegalStateException("Nested method authorisation check detected. This would have led to an infinite loop!");
        }
        this.permissionLoopGuard.set(Boolean.TRUE);
    }

    private void exitPermissionCheck() {
        this.permissionLoopGuard.remove();
    }

    private StashUserAuthenticationToken resolveToken() {
        if (this.authentication instanceof StashUserAuthenticationToken) {
            return this.authentication;
        }
        return null;
    }

    public Object getReturnObject() {
        return this.returnObject;
    }

    public void setReturnObject(Object obj) {
        this.returnObject = obj;
    }

    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }
}
