package com.atlassian.audit.permission;

import com.atlassian.audit.plugin.configuration.PropertiesProvider;
import com.atlassian.audit.spi.permission.ResourceContextPermissionChecker;
import com.atlassian.sal.api.user.UserManager;
import javax.annotation.Nonnull;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-audit-plugin-1.15.0.jar:com/atlassian/audit/permission/SysPropBasedPermissionChecker.class */
public class SysPropBasedPermissionChecker implements PermissionChecker {

    @Deprecated
    private static final String LEGACY_SYS_ADMIN_ONLY_SYS_PROP_KEY = "audit.log.view.sysadmin.only";
    private static final String SYS_ADMIN_ONLY_SYS_PROP_KEY = "plugin.audit.log.view.sysadmin.only";
    private static final String INTERNAL_TEST_NO_PERMISSIONS_KEY = "plugin.audit.internal.testing.no.permissions";
    private final UserManager userManager;
    private final ResourceContextPermissionChecker resourcePermissionChecker;
    private final PropertiesProvider propertiesProvider;

    public SysPropBasedPermissionChecker(@Nonnull UserManager userManager, @Nonnull ResourceContextPermissionChecker resourceContextPermissionChecker, PropertiesProvider propertiesProvider) {
        this.userManager = userManager;
        this.resourcePermissionChecker = resourceContextPermissionChecker;
        this.propertiesProvider = propertiesProvider;
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasUnrestrictedAuditViewPermission() {
        return isSysAdmin() || (allowAdminToSeeLogs() && isAdmin());
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasCacheRebuildPermission() {
        return isSysAdmin();
    }

    @Override // com.atlassian.audit.spi.permission.ResourceContextPermissionChecker
    public boolean hasResourceAuditViewPermission(@Nonnull String str, @Nonnull String str2) {
        return this.resourcePermissionChecker.hasResourceAuditViewPermission(str, str2) || hasUnrestrictedAuditViewPermission() || Boolean.getBoolean(INTERNAL_TEST_NO_PERMISSIONS_KEY);
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasCoverageConfigViewPermission() {
        return isSysAdmin() || (allowAdminToSeeLogs() && isAdmin());
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasCoverageConfigUpdatePermission() {
        return isSysAdmin();
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasRetentionConfigViewPermission() {
        return isSysAdmin() || (allowAdminToSeeLogs() && isAdmin());
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasRetentionConfigUpdatePermission() {
        return isSysAdmin();
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasDenyListViewPermission() {
        return isSysAdmin() || (allowAdminToSeeLogs() && isAdmin());
    }

    @Override // com.atlassian.audit.permission.PermissionChecker
    public boolean hasDenyListUpdatePermission() {
        return isSysAdmin();
    }

    private boolean isAdmin() {
        return this.userManager.isAdmin(this.userManager.getRemoteUserKey());
    }

    private boolean isSysAdmin() {
        return this.userManager.isSystemAdmin(this.userManager.getRemoteUserKey());
    }

    private boolean allowAdminToSeeLogs() {
        return (this.propertiesProvider.getBoolean(SYS_ADMIN_ONLY_SYS_PROP_KEY) || Boolean.getBoolean(LEGACY_SYS_ADMIN_ONLY_SYS_PROP_KEY)) ? false : true;
    }
}
