package com.atlassian.jira.dashboard.permission;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.gadgets.GadgetState;
import com.atlassian.gadgets.Vote;
import com.atlassian.gadgets.dashboard.DashboardState;
import com.atlassian.gadgets.dashboard.spi.DashboardPermissionService;
import com.atlassian.gadgets.plugins.PluginGadgetSpec;
import com.atlassian.jira.external.ExternalUtils;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.plugin.ModuleDescriptor;
import com.atlassian.plugin.PluginAccessor;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/jira/dashboard/permission/JiraGadgetPermissionManager.class */
public class JiraGadgetPermissionManager implements GadgetPermissionManager {
    private static final String LOGIN_GADGET_PLUGIN_KEY = "com.atlassian.jira.gadgets:login-gadget";
    private final PermissionManager permissionManager;
    private final PluginAccessor pluginAccessor;
    private final DashboardPermissionService permissionService;
    private static final Logger log = Logger.getLogger(JiraGadgetPermissionManager.class);
    private static final Pattern PLUGIN_KEY_PATTERN = Pattern.compile(".*rest\\/gadgets\\/.*\\/g\\/([^\\/]+):([^\\/]+).*", 2);

    public JiraGadgetPermissionManager(PermissionManager permissionManager, PluginAccessor pluginAccessor, DashboardPermissionService dashboardPermissionService) {
        this.permissionManager = permissionManager;
        this.pluginAccessor = pluginAccessor;
        this.permissionService = dashboardPermissionService;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(PluginGadgetSpec pluginGadgetSpec, User user) {
        Assertions.notNull("pluginGadgetSpec", pluginGadgetSpec);
        return voteOn(pluginGadgetSpec.getPluginKey() + ExternalUtils.TYPE_SEPERATOR + pluginGadgetSpec.getModuleKey(), user);
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(PluginGadgetSpec pluginGadgetSpec, com.opensymphony.user.User user) {
        return voteOn(pluginGadgetSpec, (User) user);
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public DashboardState filterGadgets(DashboardState dashboardState, User user) {
        Assertions.notNull("dashboardState", dashboardState);
        if (this.permissionService.isWritableBy(dashboardState.getId(), user == null ? null : user.getName())) {
            return dashboardState;
        }
        ArrayList arrayList = new ArrayList();
        for (Iterable<GadgetState> iterable : dashboardState.getColumns()) {
            ArrayList arrayList2 = new ArrayList();
            for (GadgetState gadgetState : iterable) {
                String extractModuleKey = extractModuleKey(gadgetState.getGadgetSpecUri().toASCIIString());
                if (extractModuleKey == null || !voteOn(extractModuleKey, user).equals(Vote.DENY)) {
                    arrayList2.add(gadgetState);
                }
            }
            arrayList.add(arrayList2);
        }
        return DashboardState.dashboard(dashboardState).columns(arrayList).build();
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public DashboardState filterGadgets(DashboardState dashboardState, com.opensymphony.user.User user) {
        return filterGadgets(dashboardState, (User) user);
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public String extractModuleKey(String str) {
        Matcher matcher = PLUGIN_KEY_PATTERN.matcher(str);
        if (matcher.matches() && matcher.groupCount() == 2) {
            return matcher.group(1) + ExternalUtils.TYPE_SEPERATOR + matcher.group(2);
        }
        return null;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(String str, User user) {
        if (str.equals(LOGIN_GADGET_PLUGIN_KEY)) {
            return user != null ? Vote.DENY : Vote.ALLOW;
        }
        ModuleDescriptor enabledPluginModule = this.pluginAccessor.getEnabledPluginModule(str);
        if (enabledPluginModule == null) {
            return Vote.ALLOW;
        }
        String str2 = (String) enabledPluginModule.getParams().get("roles-required");
        if (!StringUtils.isBlank(str2) && !this.permissionManager.hasPermission(0, user)) {
            for (String str3 : StringUtils.split(str2)) {
                int type = Permissions.getType(str3);
                if (type == -1) {
                    log.warn("Invalid role-required specified for gadget '" + str + "': '" + str3 + "'");
                    return Vote.PASS;
                }
                if (Permissions.isGlobalPermission(type)) {
                    if (!this.permissionManager.hasPermission(type, user)) {
                        return Vote.DENY;
                    }
                } else if (!hasProjectsPermission(type, user)) {
                    return Vote.DENY;
                }
            }
            return Vote.ALLOW;
        }
        return Vote.ALLOW;
    }

    @Override // com.atlassian.jira.dashboard.permission.GadgetPermissionManager
    public Vote voteOn(String str, com.opensymphony.user.User user) {
        return voteOn(str, (User) user);
    }

    private boolean hasProjectsPermission(int i, User user) {
        try {
            return this.permissionManager.hasProjects(i, user);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
