package com.atlassian.audit.ao.service;

import com.atlassian.audit.api.AuditEntityCursor;
import com.atlassian.audit.api.AuditQuery;
import com.atlassian.audit.api.AuditSearchService;
import com.atlassian.audit.api.util.pagination.Page;
import com.atlassian.audit.api.util.pagination.PageRequest;
import com.atlassian.audit.entity.AuditEntity;
import com.atlassian.audit.permission.PermissionChecker;
import com.atlassian.plugins.rest.common.security.AuthorisationException;
import java.util.concurrent.TimeoutException;
import java.util.function.Consumer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-audit-plugin-1.15.1.jar:com/atlassian/audit/ao/service/RestrictiveSearchService.class */
public class RestrictiveSearchService implements AuditSearchService {
    private final PermissionChecker permissionChecker;
    private final AuditSearchService origin;

    public RestrictiveSearchService(PermissionChecker permissionChecker, AuditSearchService auditSearchService) {
        this.permissionChecker = permissionChecker;
        this.origin = auditSearchService;
    }

    @Override // com.atlassian.audit.api.AuditSearchService
    @Nonnull
    public Page<AuditEntity, AuditEntityCursor> findBy(@Nonnull AuditQuery auditQuery, @Nonnull PageRequest<AuditEntityCursor> pageRequest, int i) throws TimeoutException {
        if (permitted(auditQuery)) {
            return this.origin.findBy(auditQuery, pageRequest, i);
        }
        throw new AuthorisationException("The user is not allowed to view audit events");
    }

    @Override // com.atlassian.audit.api.AuditSearchService
    public void stream(@Nonnull AuditQuery auditQuery, int i, int i2, @Nonnull Consumer<AuditEntity> consumer) throws TimeoutException {
        if (!permitted(auditQuery)) {
            throw new AuthorisationException("The user is not allowed to view audit events");
        }
        this.origin.stream(auditQuery, i, i2, consumer);
    }

    @Override // com.atlassian.audit.api.AuditSearchService
    public long count(@Nullable AuditQuery auditQuery) throws TimeoutException {
        if (permitted(auditQuery)) {
            return this.origin.count(auditQuery);
        }
        throw new AuthorisationException("The user is not allowed to view audit events");
    }

    private boolean permitted(@Nullable AuditQuery auditQuery) {
        if (this.permissionChecker.hasUnrestrictedAuditViewPermission()) {
            return true;
        }
        if (auditQuery != null && auditQuery.getResources().size() > 0) {
            return auditQuery.getResources().stream().allMatch(auditResourceIdentifier -> {
                return this.permissionChecker.hasResourceAuditViewPermission(auditResourceIdentifier.getType(), auditResourceIdentifier.getId());
            });
        }
        return false;
    }
}
