package org.sonatype.nexus.repository.rest.internal.resources;

import com.google.common.base.Preconditions;
import com.google.common.collect.Streams;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.WebApplicationException;
import org.apache.shiro.authz.Permission;
import org.sonatype.nexus.repository.Repository;
import org.sonatype.nexus.repository.http.HttpStatus;
import org.sonatype.nexus.repository.manager.RepositoryManager;
import org.sonatype.nexus.repository.security.RepositoryContentSelectorPermission;
import org.sonatype.nexus.repository.security.RepositoryViewPermission;
import org.sonatype.nexus.security.SecurityHelper;
import org.sonatype.nexus.selector.SelectorManager;

@Named
/* loaded from: input_file:org/sonatype/nexus/repository/rest/internal/resources/RepositoryManagerRESTAdapterImpl.class */
public class RepositoryManagerRESTAdapterImpl implements RepositoryManagerRESTAdapter {
    private final RepositoryManager repositoryManager;
    private final SecurityHelper securityHelper;
    private final SelectorManager selectorManager;

    @Inject
    public RepositoryManagerRESTAdapterImpl(RepositoryManager repositoryManager, SecurityHelper securityHelper, SelectorManager selectorManager) {
        this.repositoryManager = (RepositoryManager) Preconditions.checkNotNull(repositoryManager);
        this.securityHelper = (SecurityHelper) Preconditions.checkNotNull(securityHelper);
        this.selectorManager = (SelectorManager) Preconditions.checkNotNull(selectorManager);
    }

    @Override // org.sonatype.nexus.repository.rest.internal.resources.RepositoryManagerRESTAdapter
    public Repository getRepository(String str) {
        if (str == null) {
            throw new WebApplicationException("repositoryId is required.", HttpStatus.UNPROCESSABLE_ENTITY);
        }
        Repository repository = (Repository) Optional.ofNullable(this.repositoryManager.get(str)).orElseThrow(() -> {
            return new NotFoundException("Unable to locate repository with id " + str);
        });
        if (userCanBrowseRepository(repository)) {
            return repository;
        }
        if (userCanViewRepository(repository)) {
            throw new WebApplicationException(HttpStatus.FORBIDDEN);
        }
        throw new NotFoundException("Unable to locate repository with id " + str);
    }

    @Override // org.sonatype.nexus.repository.rest.internal.resources.RepositoryManagerRESTAdapter
    public List<Repository> getRepositories() {
        return (List) Streams.stream(this.repositoryManager.browse()).filter(this::userCanBrowseRepository).collect(Collectors.toList());
    }

    private boolean userCanViewRepository(Repository repository) {
        return userHasReadPermission(repository) || userHasAnyContentSelectorAccess(repository);
    }

    private boolean userCanBrowseRepository(Repository repository) {
        return userHasBrowsePermissions(repository) || userHasAnyContentSelectorAccess(repository);
    }

    private boolean userHasBrowsePermissions(Repository repository) {
        return this.securityHelper.anyPermitted(new Permission[]{new RepositoryViewPermission(repository.getFormat().getValue(), repository.getName(), "browse")});
    }

    private boolean userHasReadPermission(Repository repository) {
        return this.securityHelper.anyPermitted(new Permission[]{new RepositoryViewPermission(repository.getFormat().getValue(), repository.getName(), "read")});
    }

    private boolean userHasAnyContentSelectorAccess(Repository repository) {
        return this.selectorManager.browse().stream().anyMatch(selectorConfiguration -> {
            return this.securityHelper.anyPermitted(new Permission[]{new RepositoryContentSelectorPermission(selectorConfiguration.getName(), repository.getFormat().getValue(), repository.getName(), Collections.singletonList("browse"))});
        });
    }
}
