package com.atlassian.jira.plugins.dvcs.rest.filter;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.plugins.dvcs.rest.security.AdminOnly;
import com.atlassian.jira.plugins.dvcs.rest.security.AuthorizationException;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
import com.google.common.base.Preconditions;
import com.sun.jersey.api.model.AbstractMethod;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import javax.ws.rs.ext.Provider;

@Provider
/* loaded from: input_file:com/atlassian/jira/plugins/dvcs/rest/filter/AdminOnlyResourceFilter.class */
public class AdminOnlyResourceFilter implements ResourceFilter, ContainerRequestFilter {
    private final AbstractMethod abstractMethod;
    private final JiraAuthenticationContext authenticationContext;
    private final PermissionManager permissionManager;

    public AdminOnlyResourceFilter(AbstractMethod abstractMethod, JiraAuthenticationContext jiraAuthenticationContext, PermissionManager permissionManager) {
        this.abstractMethod = (AbstractMethod) Preconditions.checkNotNull(abstractMethod);
        this.authenticationContext = (JiraAuthenticationContext) Preconditions.checkNotNull(jiraAuthenticationContext);
        this.permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager);
    }

    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    public ContainerResponseFilter getResponseFilter() {
        return null;
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        if (isAdminNeeded()) {
            User loggedInUser = this.authenticationContext.getLoggedInUser();
            if (loggedInUser == null) {
                throw new AuthenticationRequiredException();
            }
            if (!isAdmin(loggedInUser)) {
                throw new AuthorizationException();
            }
        }
        return containerRequest;
    }

    private boolean isAdminNeeded() {
        return ((this.abstractMethod.getMethod() == null || this.abstractMethod.getMethod().getAnnotation(AdminOnly.class) == null) && this.abstractMethod.getResource().getAnnotation(AdminOnly.class) == null) ? false : true;
    }

    private boolean isAdmin(User user) {
        return this.permissionManager.hasPermission(0, user);
    }
}
