package com.atlassian.jira.rest.v2.issue;

import com.atlassian.annotations.ExperimentalApi;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.ImmutableGroup;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.embedded.InvalidGroupException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.bc.group.GroupService;
import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.api.util.StringList;
import com.atlassian.jira.rest.exception.BadRequestWebException;
import com.atlassian.jira.rest.exception.ForbiddenWebException;
import com.atlassian.jira.rest.exception.NotFoundWebException;
import com.atlassian.jira.rest.exception.ServerErrorWebException;
import com.atlassian.jira.rest.util.ResponseUtils;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.EmailFormatter;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import javax.annotation.Nullable;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;

@Produces({"application/json"})
@Path("group")
@Consumes({"application/json"})
/* loaded from: input_file:com/atlassian/jira/rest/v2/issue/GroupResource.class */
public class GroupResource {
    static final int MAX_EXPANDED_USERS_COUNT = 50;
    private final PermissionManager permissionManager;
    private final JiraAuthenticationContext authContext;
    private final I18nHelper i18n;
    private final GroupManager groupManager;
    private final GroupService groupService;
    private final JiraBaseUrls jiraBaseUrls;
    private final CrowdService crowdService;
    private final EmailFormatter emailFormatter;
    private final Predicate<User> UserIsActivePredicate = new Predicate<User>() { // from class: com.atlassian.jira.rest.v2.issue.GroupResource.1
        public boolean apply(@Nullable User user) {
            return user != null && user.isActive();
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/rest/v2/issue/GroupResource$GroupUpdateCommand.class */
    public static class GroupUpdateCommand {
        private final String groupName;

        private GroupUpdateCommand(String str) {
            this.groupName = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getGroupName() {
            return this.groupName;
        }

        Response execute() throws OperationNotPermittedException, InvalidGroupException {
            throw new UnsupportedOperationException("Not implemented");
        }
    }

    public GroupResource(PermissionManager permissionManager, JiraAuthenticationContext jiraAuthenticationContext, I18nHelper i18nHelper, GroupManager groupManager, GroupService groupService, JiraBaseUrls jiraBaseUrls, CrowdService crowdService, EmailFormatter emailFormatter) {
        this.permissionManager = permissionManager;
        this.authContext = jiraAuthenticationContext;
        this.i18n = i18nHelper;
        this.groupManager = groupManager;
        this.groupService = groupService;
        this.jiraBaseUrls = jiraBaseUrls;
        this.crowdService = crowdService;
        this.emailFormatter = emailFormatter;
    }

    @GET
    public Response getGroup(@QueryParam("groupname") String str, @QueryParam("expand") StringList stringList) {
        ApplicationUser user = this.authContext.getUser();
        if (!this.permissionManager.hasPermission(0, user) && !this.permissionManager.hasPermission(44, user)) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("rest.authorization.admin.required")));
        }
        validateGroupName(str);
        Group group = this.groupManager.getGroup(str.trim());
        if (group == null) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.group.error.not.found", str)));
        }
        return Response.ok(buildGroupBean(group)).build();
    }

    @POST
    @WebSudoRequired
    @ExperimentalApi
    public Response createGroup(AddGroupBean addGroupBean) {
        final String name = addGroupBean.getName();
        return doGroupUpdate(new GroupUpdateCommand(name) { // from class: com.atlassian.jira.rest.v2.issue.GroupResource.2
            @Override // com.atlassian.jira.rest.v2.issue.GroupResource.GroupUpdateCommand
            public Response execute() throws OperationNotPermittedException, InvalidGroupException {
                GroupResource.this.validateGroupName(name);
                if (GroupResource.this.crowdService.getGroup(name) != null) {
                    throw new BadRequestWebException(ErrorCollection.of(GroupResource.this.i18n.getText("groupbrowser.error.group.exists")));
                }
                ImmutableGroup immutableGroup = new ImmutableGroup(name);
                GroupResource.this.crowdService.addGroup(immutableGroup);
                GroupBean buildGroupBean = GroupResource.this.buildGroupBean(immutableGroup);
                return Response.status(Response.Status.CREATED).location(buildGroupBean.getSelf()).entity(buildGroupBean).cacheControl(CacheControl.never()).build();
            }
        });
    }

    @WebSudoRequired
    @DELETE
    @ExperimentalApi
    public Response removeGroup(@QueryParam("groupname") final String str, @QueryParam("swapGroup") final String str2) {
        return doGroupUpdate(new GroupUpdateCommand(str) { // from class: com.atlassian.jira.rest.v2.issue.GroupResource.3
            @Override // com.atlassian.jira.rest.v2.issue.GroupResource.GroupUpdateCommand
            public Response execute() throws OperationNotPermittedException {
                GroupResource.this.ensureGroupExists(str);
                JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(GroupResource.this.authContext.getUser());
                if (!GroupResource.this.groupService.validateDelete(jiraServiceContextImpl, str, str2)) {
                    return ResponseUtils.throwEx(jiraServiceContextImpl.getErrorCollection());
                }
                JiraServiceContextImpl jiraServiceContextImpl2 = new JiraServiceContextImpl(GroupResource.this.authContext.getUser());
                return !GroupResource.this.groupService.delete(jiraServiceContextImpl2, str, str2) ? ResponseUtils.throwEx(jiraServiceContextImpl2.getErrorCollection()) : Response.ok().cacheControl(CacheControl.never()).build();
            }
        });
    }

    @Path("user")
    @POST
    @WebSudoRequired
    @ExperimentalApi
    public Response addUserToGroup(@QueryParam("groupname") final String str, final UpdateUserToGroupBean updateUserToGroupBean) {
        return doGroupUpdate(new GroupUpdateCommand(str) { // from class: com.atlassian.jira.rest.v2.issue.GroupResource.4
            @Override // com.atlassian.jira.rest.v2.issue.GroupResource.GroupUpdateCommand
            public Response execute() throws OperationNotPermittedException {
                GroupResource.this.ensureGroupExists(str);
                String name = updateUserToGroupBean.getName();
                JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(GroupResource.this.authContext.getUser());
                if (!GroupResource.this.groupService.validateAddUserToGroup(jiraServiceContextImpl, ImmutableList.of(str), name)) {
                    return ResponseUtils.throwEx(jiraServiceContextImpl.getErrorCollection());
                }
                User user = GroupResource.this.getUser(name);
                ImmutableGroup immutableGroup = new ImmutableGroup(str);
                if (!GroupResource.this.crowdService.addUserToGroup(ImmutableUser.newUser(user).toUser(), immutableGroup)) {
                    return Response.status(Response.Status.BAD_REQUEST).entity(GroupResource.this.i18n.getText("rest.group.user.already.exists.in.group", name, str)).cacheControl(CacheControl.never()).build();
                }
                GroupBean buildGroupBean = GroupResource.this.buildGroupBean(immutableGroup);
                return Response.status(Response.Status.CREATED).location(buildGroupBean.getSelf()).entity(buildGroupBean).cacheControl(CacheControl.never()).build();
            }
        });
    }

    @Path("user")
    @DELETE
    @WebSudoRequired
    @ExperimentalApi
    public Response removeUserFromGroup(@QueryParam("groupname") final String str, @QueryParam("username") final String str2) {
        return doGroupUpdate(new GroupUpdateCommand(str) { // from class: com.atlassian.jira.rest.v2.issue.GroupResource.5
            @Override // com.atlassian.jira.rest.v2.issue.GroupResource.GroupUpdateCommand
            public Response execute() throws OperationNotPermittedException {
                GroupResource.this.ensureGroupExists(str);
                User user = GroupResource.this.getUser(str2);
                JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(GroupResource.this.authContext.getUser());
                if (!GroupResource.this.groupService.validateRemoveUserFromGroups(jiraServiceContextImpl, ImmutableList.of(str), str2)) {
                    return ResponseUtils.throwEx(jiraServiceContextImpl.getErrorCollection());
                }
                ImmutableGroup immutableGroup = new ImmutableGroup(str);
                GroupResource.this.crowdService.removeUserFromGroup(ImmutableUser.newUser(user).toUser(), immutableGroup);
                return Response.ok().cacheControl(CacheControl.never()).build();
            }
        });
    }

    private Response doGroupUpdate(GroupUpdateCommand groupUpdateCommand) {
        ensureCanManageGroups();
        groupUpdateCommand.getGroupName();
        try {
            return groupUpdateCommand.execute();
        } catch (OperationFailedException e) {
            throw new ServerErrorWebException(ErrorCollection.of(this.i18n.getText("generic.error", e.getLocalizedMessage())));
        } catch (OperationNotPermittedException e2) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("generic.error", e2.getLocalizedMessage())));
        } catch (InvalidGroupException e3) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("generic.error", e3.getLocalizedMessage())));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void ensureGroupExists(String str) {
        validateGroupName(str);
        if (this.crowdService.getGroup(str) == null) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.group.error.not.found", str)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public User getUser(String str) {
        User user = null;
        if (str != null) {
            user = this.crowdService.getUser(str);
            if (user == null) {
                throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("admin.errors.user.does.not.exist", str)));
            }
        }
        return user;
    }

    private void ensureCanManageGroups() {
        ApplicationUser user = this.authContext.getUser();
        if (!this.permissionManager.hasPermission(0, user) && !this.permissionManager.hasPermission(44, user)) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("rest.authorization.admin.required")));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateGroupName(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.group.error.empty")));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroupBean buildGroupBean(Group group) {
        return new GroupBeanBuilder(this.jiraBaseUrls, group.getName()).users(new UserJsonBeanListWrapper(this.jiraBaseUrls, ImmutableList.copyOf(Collections2.filter(this.groupManager.getUsersInGroup(group), this.UserIsActivePredicate)), MAX_EXPANDED_USERS_COUNT, this.authContext.getUser(), this.emailFormatter)).build();
    }
}
