package com.atlassian.jira.rest.v2.admin.permissionscheme;

import com.atlassian.annotations.ExperimentalApi;
import com.atlassian.annotations.security.LicensedOnly;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.PermissionGrant;
import com.atlassian.jira.permission.PermissionGrantInput;
import com.atlassian.jira.permission.PermissionScheme;
import com.atlassian.jira.permission.PermissionSchemeAttributeManager;
import com.atlassian.jira.permission.PermissionSchemeInput;
import com.atlassian.jira.permission.PermissionSchemeService;
import com.atlassian.jira.permission.data.PermissionGrantAsPureData;
import com.atlassian.jira.rest.api.permission.PermissionGrantBean;
import com.atlassian.jira.rest.api.permission.PermissionGrantBeanExpander;
import com.atlassian.jira.rest.api.permission.PermissionGrantsBean;
import com.atlassian.jira.rest.api.permission.PermissionSchemeAttributeBean;
import com.atlassian.jira.rest.api.permission.PermissionSchemeBean;
import com.atlassian.jira.rest.api.permission.PermissionSchemeBeansFactory;
import com.atlassian.jira.rest.api.permission.PermissionSchemeExpandParam;
import com.atlassian.jira.rest.api.permission.PermissionSchemesBean;
import com.atlassian.jira.rest.util.ResponseFactory;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.ErrorCollections;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import io.atlassian.fugue.Either;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path(PermissionSchemeResource.RESOURCE_PATH)
@Consumes({"application/json"})
@Produces({"application/json"})
@WebSudoRequired
@LicensedOnly
/* loaded from: input_file:com/atlassian/jira/rest/v2/admin/permissionscheme/PermissionSchemeResource.class */
public final class PermissionSchemeResource {
    public static final String RESOURCE_PATH = "permissionscheme";
    public static final String ENTITY_PATH = "permission";
    private static final Logger logger = LoggerFactory.getLogger(PermissionSchemeResource.class);
    private final JiraAuthenticationContext authenticationContext;
    private final PermissionSchemeBeansFactory beansFactory;
    private final PermissionGrantBeanExpander permissionGrantBeanExpander;
    private final PermissionSchemeService permissionSchemeService;
    private final I18nHelper i18n;
    private final ResponseFactory responseFactory;
    private final GlobalPermissionManager globalPermissionManager;
    private final PermissionSchemeAttributeManager permissionSchemeAttributeManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/rest/v2/admin/permissionscheme/PermissionSchemeResource$RestAction.class */
    public interface RestAction {
        Response perform();
    }

    @Inject
    public PermissionSchemeResource(JiraAuthenticationContext jiraAuthenticationContext, PermissionSchemeBeansFactory permissionSchemeBeansFactory, PermissionGrantBeanExpander permissionGrantBeanExpander, PermissionSchemeService permissionSchemeService, I18nHelper i18nHelper, ResponseFactory responseFactory, GlobalPermissionManager globalPermissionManager, @ComponentImport PermissionSchemeAttributeManager permissionSchemeAttributeManager) {
        this.authenticationContext = jiraAuthenticationContext;
        this.beansFactory = permissionSchemeBeansFactory;
        this.permissionGrantBeanExpander = permissionGrantBeanExpander;
        this.permissionSchemeService = permissionSchemeService;
        this.i18n = i18nHelper;
        this.responseFactory = responseFactory;
        this.globalPermissionManager = globalPermissionManager;
        this.permissionSchemeAttributeManager = permissionSchemeAttributeManager;
    }

    @GET
    @Operation(summary = "Get all permission schemes", description = "Returns a list of all permission schemes. By default only shortened beans are returned. If you want to include permissions of all the schemes, then specify the permissions expand parameter. Permissions will be included also if you specify any other expand parameter.", security = {@SecurityRequirement(name = "basic")})
    @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))
    @ApiResponses({@ApiResponse(description = "List of all permission schemes", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionSchemesBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to view permission schemes.", responseCode = "403"), @ApiResponse(description = "Returned if the scheme doesn't exist.", responseCode = "404")})
    public Response getPermissionSchemes(@QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionSchemes(getUser())).left().on(list -> {
                return this.responseFactory.okNoCache(new PermissionSchemesBean(ImmutableList.copyOf(Iterables.transform(list, permissionScheme -> {
                    return this.beansFactory.toBean(permissionScheme, list);
                }))));
            });
        });
    }

    @GET
    @Path("{schemeId}")
    @Operation(summary = "Get a permission scheme by ID", description = "Returns a permission scheme identified by the given id.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))})
    @ApiResponses({@ApiResponse(description = "Permission scheme", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionSchemeBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to view permission schemes.", responseCode = "403"), @ApiResponse(description = "Returned if the scheme doesn't exist.", responseCode = "404")})
    public Response getPermissionScheme(@PathParam("schemeId") Long l, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l)).left().on(permissionScheme -> {
                return this.responseFactory.okNoCache(this.beansFactory.toBean(permissionScheme, list));
            });
        });
    }

    @Path("{schemeId}")
    @DELETE
    @Operation(summary = "Delete a permission scheme by ID", description = "Deletes a permission scheme identified by the given id.", security = {@SecurityRequirement(name = "basic")})
    @Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer"))
    @ApiResponses({@ApiResponse(description = "Returned if the permission scheme is successfully deleted.", responseCode = "204"), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to delete permission schemes.", responseCode = "403")})
    public Response deletePermissionScheme(@PathParam("schemeId") Long l) {
        return this.responseFactory.serviceResultToNoContentResponse(this.permissionSchemeService.deletePermissionScheme(getUser(), l));
    }

    @Operation(summary = "Create a new permission scheme", description = "Create a new permission scheme. This method can create schemes with a defined permission set, or without.", security = {@SecurityRequirement(name = "basic")})
    @POST
    @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))
    @ApiResponses({@ApiResponse(description = "Returned if the scheme is created successfully.", responseCode = "201", content = {@Content(schema = @Schema(implementation = PermissionSchemeBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to create permission schemes.", responseCode = "403")})
    public Response createPermissionScheme(PermissionSchemeBean permissionSchemeBean, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return (Response) toResponse(this.beansFactory.fromBean(permissionSchemeBean)).left().on(permissionSchemeInput -> {
                return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.createPermissionScheme(getUser(), permissionSchemeInput)).left().on(permissionScheme -> {
                    PermissionSchemeBean bean = this.beansFactory.toBean(permissionScheme, list);
                    return this.responseFactory.created(bean.getSelf(), bean);
                });
            });
        });
    }

    @Path("{schemeId}")
    @Operation(summary = "Update a permission scheme", description = "Updates a permission scheme. If the permissions list is present then it will be set in the permission scheme, which basically means it will overwrite any permission grants that existed in the permission scheme. Sending an empty list will remove all permission grants from the permission scheme. To update just the name and description, do not send permissions list at all. To add or remove a single permission grant instead of updating the whole list at once use the {schemeId}/permission/ resource.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))})
    @PUT
    @ApiResponses({@ApiResponse(description = "Returned if the scheme is updated successfully.", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionSchemeBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to edit permission schemes.", responseCode = "403"), @ApiResponse(description = "Returned if the permission is not found.", responseCode = "404")})
    public Response updatePermissionScheme(@PathParam("schemeId") Long l, PermissionSchemeBean permissionSchemeBean, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return updatePermissionScheme(l, permissionScheme -> {
                return this.beansFactory.fromBean(permissionSchemeBean).map(permissionSchemeInput -> {
                    return permissionSchemeBean.getPermissions() == null ? PermissionSchemeInput.builder(permissionScheme).setName(permissionSchemeInput.getName()).setDescription((String) permissionSchemeInput.getDescription().getOrNull()).build() : permissionSchemeInput;
                });
            }, permissionScheme2 -> {
                return this.responseFactory.okNoCache(this.beansFactory.toBean(permissionScheme2, list));
            });
        });
    }

    @GET
    @Path("{permissionSchemeId}/attribute/{attributeKey}")
    @Operation(summary = "Get scheme attribute by key", description = "Returns the attribute for a permission scheme specified by permission scheme id and attribute key.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "permissionSchemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "attributeKey", description = "The key of the permission scheme attribute.", schema = @Schema(type = "string"))})
    @ExperimentalApi
    @ApiResponses({@ApiResponse(description = "Permission scheme attribute", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionSchemeAttributeBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if the user is not authenticated.", responseCode = "401"), @ApiResponse(description = "Returned if the user is not an admin.", responseCode = "403"), @ApiResponse(description = "Returned if there is no such attribute.", responseCode = "404")})
    public Response getSchemeAttribute(@PathParam("permissionSchemeId") Long l, @PathParam("attributeKey") String str) {
        return asAdmin(() -> {
            Either validateOutcome = this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l));
            if (validateOutcome.isLeft()) {
                return (Response) validateOutcome.left().get();
            }
            Optional attribute = this.permissionSchemeAttributeManager.getAttribute(l, str);
            return attribute.isPresent() ? this.responseFactory.okNoCache(new PermissionSchemeAttributeBean(str, (String) attribute.get())) : this.responseFactory.errorResponse(ErrorCollections.create(this.i18n.getText("rest.permissionscheme.attribute.not.found"), ErrorCollection.Reason.NOT_FOUND));
        });
    }

    @Path("{permissionSchemeId}/attribute/{key}")
    @Operation(summary = "Update or insert a scheme attribute", description = "Updates or inserts the attribute for a permission scheme specified by permission scheme id. The attribute consists of the key and the value. The value will be converted to Boolean using Boolean#valueOf.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "permissionSchemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "key", description = "The key of the permission scheme attribute.", schema = @Schema(type = "string"))})
    @ExperimentalApi
    @Consumes({"text/plain"})
    @PUT
    @ApiResponses({@ApiResponse(description = "Returned if the attribute is updated successfully.", responseCode = "204"), @ApiResponse(description = "Returned if the user is not authenticated.", responseCode = "401"), @ApiResponse(description = "Returned if the user is not an admin.", responseCode = "403"), @ApiResponse(description = "Returned if there was an error related to attribute upsert.", responseCode = "500")})
    public Response setSchemeAttribute(@PathParam("permissionSchemeId") Long l, @PathParam("key") String str, String str2) {
        return asAdmin(() -> {
            Either validateOutcome = this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l));
            if (validateOutcome.isLeft()) {
                return (Response) validateOutcome.left().get();
            }
            try {
                this.permissionSchemeAttributeManager.setAttribute(l, str, Boolean.toString(Boolean.parseBoolean(str2)));
                return this.responseFactory.noContent();
            } catch (Exception e) {
                String text = this.i18n.getText("rest.permissionscheme.attribute.update.error");
                logger.error(String.format("%s Details: '%s'", text, e.getMessage()));
                return this.responseFactory.errorResponse(ErrorCollections.create(text, ErrorCollection.Reason.SERVER_ERROR));
            }
        });
    }

    @GET
    @Path("{schemeId}/permission")
    @Operation(summary = "Get all permission grants of a scheme", description = "Returns all permission grants of the given permission scheme.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))})
    @ApiResponses({@ApiResponse(description = "Permission grants", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionGrantsBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to view permission schemes.", responseCode = "403"), @ApiResponse(description = "Returned if the scheme doesn't exist.", responseCode = "404")})
    public Response getPermissionSchemeGrants(@PathParam("schemeId") Long l, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l)).left().on(permissionScheme -> {
                return this.responseFactory.okNoCache(new PermissionGrantsBean(ImmutableList.copyOf(Iterables.transform(permissionScheme.getPermissions(), permissionGrant -> {
                    return this.beansFactory.toBean(permissionGrant, l, list);
                }))));
            });
        });
    }

    @Path("{schemeId}/permission")
    @Operation(summary = "Create a permission grant in a scheme", description = "Creates a permission grant in a permission scheme.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))})
    @POST
    @ApiResponses({@ApiResponse(description = "Returned if the scheme permission is created successfully.", responseCode = "201", content = {@Content(schema = @Schema(implementation = PermissionGrantBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to edit permission schemes.", responseCode = "403")})
    public Response createPermissionGrant(@PathParam("schemeId") Long l, PermissionGrantBean permissionGrantBean, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return asAdmin(() -> {
                return (Response) toResponse(this.beansFactory.fromBean(permissionGrantBean)).left().on(permissionGrantInput -> {
                    return updatePermissionScheme(l, permissionScheme -> {
                        return validateThatNewPermissionDoesNotAlreadyExist(permissionScheme, permissionGrantInput).map(permissionGrantInput -> {
                            return PermissionSchemeInput.builder(permissionScheme).addPermission(permissionGrantInput).build();
                        });
                    }, permissionScheme2 -> {
                        PermissionGrantBean bean = this.beansFactory.toBean((PermissionGrant) Iterables.find(permissionScheme2.getPermissions(), PermissionGrantAsPureData.equalToModuloId(permissionGrantInput)), l, list);
                        return this.responseFactory.created(bean.getSelf(), bean);
                    });
                });
            });
        });
    }

    @Path("{schemeId}/permission/{permissionId}")
    @DELETE
    @Operation(summary = "Delete a permission grant from a scheme", description = "Deletes a permission grant from a permission scheme.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "permissionId", description = "The id of the permission grant.", schema = @Schema(type = "integer"))})
    @ApiResponses({@ApiResponse(description = "Returned if the permission grant is deleted successfully.", responseCode = "204"), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to edit permission schemes.", responseCode = "403")})
    public Response deletePermissionSchemeEntity(@PathParam("schemeId") Long l, @PathParam("permissionId") Long l2) {
        return asAdmin(() -> {
            return updatePermissionScheme(l, permissionScheme -> {
                if (!findPermissionGrant(permissionScheme, l2).isPresent()) {
                    return Either.left(ErrorCollections.create(this.i18n.getText("rest.permissionscheme.permission.grant.does.not.exist", l2.toString()), ErrorCollection.Reason.VALIDATION_FAILED));
                }
                return Either.right(PermissionSchemeInput.builder(permissionScheme).setOriginalPermissions(Iterables.filter(permissionScheme.getPermissions(), permissionGrant -> {
                    return !permissionGrant.getId().equals(l2);
                })).build());
            }, permissionScheme2 -> {
                return this.responseFactory.noContent();
            });
        });
    }

    private Response updatePermissionScheme(Long l, Function<PermissionScheme, Either<ErrorCollection, PermissionSchemeInput>> function, Function<PermissionScheme, Response> function2) {
        return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l)).left().on(permissionScheme -> {
            return (Response) toResponse((Either) function.apply(permissionScheme)).left().on(permissionSchemeInput -> {
                Either.LeftProjection left = this.responseFactory.validateOutcome(this.permissionSchemeService.updatePermissionScheme(getUser(), l, permissionSchemeInput)).left();
                Objects.requireNonNull(function2);
                return (Response) left.on((v1) -> {
                    return r1.apply(v1);
                });
            });
        });
    }

    @GET
    @Path("{schemeId}/permission/{permissionId}")
    @Operation(summary = "Get a permission grant by ID", description = "Returns a permission grant identified by the given id.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "schemeId", description = "The id of the permission scheme.", schema = @Schema(type = "integer")), @Parameter(name = "permissionId", description = "The id of the permission grant.", schema = @Schema(type = "integer")), @Parameter(name = "expand", description = "Use expand to include full beans in the response. This parameter accepts a comma-separated list of expandable elements. Use 'permissions' to include permissions in the response.", schema = @Schema(type = "string", allowableValues = {"permissions"}))})
    @ApiResponses({@ApiResponse(description = "Permission grant", responseCode = "200", content = {@Content(schema = @Schema(implementation = PermissionGrantBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if user is not logged in.", responseCode = "401"), @ApiResponse(description = "Returned if user is not allowed to view permission schemes.", responseCode = "403"), @ApiResponse(description = "Returned if the scheme doesn't exist.", responseCode = "404")})
    public Response getPermissionSchemeGrant(@PathParam("schemeId") Long l, @PathParam("permissionId") Long l2, @QueryParam("expand") String str) {
        return (Response) withParsedExpandParameter(str).left().on(list -> {
            return (Response) this.responseFactory.validateOutcome(this.permissionSchemeService.getPermissionScheme(getUser(), l)).left().on(permissionScheme -> {
                com.google.common.base.Optional<PermissionGrant> findPermissionGrant = findPermissionGrant(permissionScheme, l2);
                return findPermissionGrant.isPresent() ? this.responseFactory.okNoCache(this.beansFactory.toBean((PermissionGrant) findPermissionGrant.get(), l, list)) : this.responseFactory.errorResponse(ErrorCollections.create(this.i18n.getText("rest.permissionscheme.permission.grant.does.not.exist", l2.toString()), ErrorCollection.Reason.NOT_FOUND));
            });
        });
    }

    private com.google.common.base.Optional<PermissionGrant> findPermissionGrant(PermissionScheme permissionScheme, Long l) {
        return Iterables.tryFind(permissionScheme.getPermissions(), permissionGrant -> {
            return permissionGrant.getId().equals(l);
        });
    }

    private ApplicationUser getUser() {
        return this.authenticationContext.getUser();
    }

    private Either<Response, List<PermissionSchemeExpandParam>> withParsedExpandParameter(String str) {
        return toResponse(this.permissionGrantBeanExpander.parseExpandQuery(str));
    }

    private <T> Either<Response, T> toResponse(Either<ErrorCollection, T> either) {
        return this.responseFactory.toResponse(either);
    }

    private Either<ErrorCollection, PermissionGrantInput> validateThatNewPermissionDoesNotAlreadyExist(PermissionScheme permissionScheme, PermissionGrantInput permissionGrantInput) {
        return Iterables.contains(Iterables.transform(permissionScheme.getPermissions(), PermissionGrantAsPureData.TO_PURE_DATA), PermissionGrantAsPureData.of(permissionGrantInput)) ? Either.left(ErrorCollections.create(this.i18n.getText("rest.permissionscheme.permission.already.exists", permissionGrantInput.getPermission().permissionKey(), permissionGrantInput.getHolder().getType().toString(), (String) permissionGrantInput.getHolder().getParameter().getOrNull(), permissionScheme.getId().toString()), ErrorCollection.Reason.VALIDATION_FAILED)) : Either.right(permissionGrantInput);
    }

    public Response asAdmin(RestAction restAction) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, getUser()) ? restAction.perform() : this.responseFactory.errorResponse(ErrorCollections.create(this.i18n.getText("rest.permissionscheme.forbidden"), ErrorCollection.Reason.FORBIDDEN));
    }
}
