package com.atlassian.refapp.auth.internal.rest;

import com.atlassian.refapp.auth.internal.RefappPermissions;
import com.atlassian.refapp.auth.internal.UserContextHelper;
import com.atlassian.seraph.auth.AuthenticationContext;
import com.atlassian.user.EntityException;
import com.atlassian.user.GroupManager;
import com.atlassian.user.User;
import com.atlassian.user.UserManager;
import com.atlassian.user.impl.DefaultUser;
import com.atlassian.user.search.page.PagerUtils;
import com.atlassian.user.security.password.Credential;
import com.google.common.collect.Ordering;
import com.google.common.collect.UnmodifiableIterator;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;

@Produces({"application/json"})
@Path("users")
@Consumes({"application/json"})
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-auth-plugin-6.2.0-m01.jar:com/atlassian/refapp/auth/internal/rest/UserManagementResource.class */
public class UserManagementResource {
    private final UserManager userManager;
    private final GroupManager groupManager;
    private final UserContextHelper userContextHelper;

    public UserManagementResource(AuthenticationContext authenticationContext, UserManager userManager, GroupManager groupManager) {
        this.userManager = userManager;
        this.groupManager = groupManager;
        this.userContextHelper = new UserContextHelper(authenticationContext, userManager, groupManager);
    }

    @GET
    public Response getAllUsers() throws Exception {
        checkAdminPermission();
        List<User> list = PagerUtils.toList(this.userManager.getUsers());
        ArrayList arrayList = new ArrayList(list.size());
        for (User user : list) {
            arrayList.add(createRestUser(user, getPermissionLevel(user)));
        }
        return Response.ok(arrayList).build();
    }

    @GET
    @Path("{username}")
    public Response getUser(@PathParam("username") String str) throws Exception {
        checkAdminPermission();
        checkUsername(str);
        User user = this.userManager.getUser(str);
        return user == null ? Response.status(Response.Status.NOT_FOUND).cacheControl(noCache()).entity(new RestError(null, String.format("User with username '%s' not found", str))).build() : Response.ok(createRestUser(user, getPermissionLevel(user))).build();
    }

    @Path("{username}")
    @PUT
    public Response createOrUpdateUser(@PathParam("username") String str, RestUser restUser) throws Exception {
        checkAdminPermission();
        checkUsername(str);
        String str2 = (String) Optional.ofNullable(restUser.email).orElse(str + "@example.com");
        String str3 = (String) Optional.ofNullable(restUser.fullName).orElse(StringUtils.capitalize(str));
        RefappPermissions refappPermissions = (RefappPermissions) Optional.ofNullable(restUser.permissionLevel).orElse(RefappPermissions.USER);
        User createUser = this.userManager.createUser(new DefaultUser(str, str3, str2), Credential.unencrypted(str));
        for (RefappPermissions refappPermissions2 : RefappPermissions.values()) {
            if (refappPermissions2.compareTo(refappPermissions) <= 0) {
                addMembership(refappPermissions2.groupName(), createUser);
            }
        }
        return Response.created(URI.create("")).entity(createRestUser(createUser, refappPermissions)).build();
    }

    @Path("{username}")
    @DELETE
    public Response removeUser(@PathParam("username") String str) throws Exception {
        checkAdminPermission();
        checkUsername(str);
        User user = this.userManager.getUser(str);
        if (user != null) {
            this.userManager.removeUser(user);
        }
        return Response.noContent().build();
    }

    private void checkAdminPermission() {
        if (!this.userContextHelper.isRemoteUserSystemAdministrator() && !this.userContextHelper.isRemoteUserAdministrator()) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(new RestError(null, "You need administrator permission to access this resource")).cacheControl(noCache()).build());
        }
    }

    private void checkUsername(@PathParam("username") String str) {
        if (StringUtils.isEmpty(str)) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(new RestError("username", "Username not set")).cacheControl(noCache()).build());
        }
    }

    private RestUser createRestUser(User user, RefappPermissions refappPermissions) {
        RestUser restUser = new RestUser();
        restUser.name = user.getName();
        restUser.fullName = user.getFullName();
        restUser.email = user.getEmail();
        restUser.permissionLevel = refappPermissions;
        return restUser;
    }

    private void addMembership(String str, User user) throws EntityException {
        this.groupManager.addMembership(this.groupManager.getGroup(str), user);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private RefappPermissions getPermissionLevel(User user) throws EntityException {
        UnmodifiableIterator it = Ordering.natural().reverse().immutableSortedCopy(Arrays.asList(RefappPermissions.values())).iterator();
        while (it.hasNext()) {
            RefappPermissions refappPermissions = (RefappPermissions) it.next();
            if (isMember(user, refappPermissions.groupName())) {
                return refappPermissions;
            }
        }
        return RefappPermissions.USER;
    }

    private boolean isMember(User user, String str) throws EntityException {
        return this.groupManager.hasMembership(this.groupManager.getGroup(str), user);
    }

    private static CacheControl noCache() {
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoCache(true);
        cacheControl.setNoStore(true);
        return cacheControl;
    }
}
