package com.atlassian.jira.rest.v2.issue;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.bc.issue.attachment.AttachmentService;
import com.atlassian.jira.exception.AttachmentNotFoundException;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.issue.AttachmentManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.issue.attachment.Attachment;
import com.atlassian.jira.rest.NotFoundWebException;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.v2.issue.builder.BeanBuilderFactory;
import com.atlassian.jira.rest.v2.issue.context.ContextI18n;
import com.atlassian.jira.rest.v2.issue.context.ContextUriInfo;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.log4j.Logger;
import webwork.config.Configuration;

@Path("attachment")
@Consumes({"application/json"})
@AnonymousAllowed
@Produces({"application/json"})
/* loaded from: input_file:com/atlassian/jira/rest/v2/issue/AttachmentResource.class */
public class AttachmentResource {
    private static final Logger log = Logger.getLogger(AttachmentResource.class);
    private PermissionManager permissionManager;
    private AttachmentManager attachmentManager;
    private AttachmentService attachmentService;
    private JiraAuthenticationContext authContext;
    private BeanBuilderFactory beanBuilderFactory;
    private ContextI18n i18n;
    private ContextUriInfo uriInfo;

    private AttachmentResource() {
    }

    public AttachmentResource(AttachmentService attachmentService, AttachmentManager attachmentManager, PermissionManager permissionManager, JiraAuthenticationContext jiraAuthenticationContext, BeanBuilderFactory beanBuilderFactory, ContextI18n contextI18n, ContextUriInfo contextUriInfo) {
        this.attachmentManager = attachmentManager;
        this.attachmentService = attachmentService;
        this.permissionManager = permissionManager;
        this.authContext = jiraAuthenticationContext;
        this.beanBuilderFactory = beanBuilderFactory;
        this.i18n = contextI18n;
        this.uriInfo = contextUriInfo;
    }

    @GET
    @Path("{id}")
    public Response getAttachment(@PathParam("id") String str) {
        if (!this.attachmentManager.attachmentsEnabled()) {
            return Response.status(Response.Status.NOT_FOUND).cacheControl(CacheControl.never()).build();
        }
        JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(this.authContext.getLoggedInUser());
        try {
            Attachment attachment = this.attachmentService.getAttachment(jiraServiceContextImpl, Long.valueOf(Long.parseLong(str)));
            if (jiraServiceContextImpl.getErrorCollection().hasAnyErrors()) {
                return Response.status(Response.Status.NOT_FOUND).entity(ErrorCollection.of(jiraServiceContextImpl.getErrorCollection())).cacheControl(CacheControl.never()).build();
            }
            if (hasPermissionToViewAttachment(this.authContext.getLoggedInUser(), attachment)) {
                return Response.ok(this.beanBuilderFactory.newAttachmentBeanBuilder(attachment).context(this.uriInfo).build()).cacheControl(CacheControl.never()).build();
            }
            throw new RESTException(Response.Status.FORBIDDEN, ErrorCollection.of(this.i18n.getText("attachment.service.error.view.no.permission", str)));
        } catch (NumberFormatException e) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.attachment.error.not.found", str)));
        } catch (AttachmentNotFoundException e2) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.attachment.error.not.found", str)));
        }
    }

    @Path("{id}")
    @DELETE
    public Response removeAttachment(@PathParam("id") String str) {
        if (!this.attachmentManager.attachmentsEnabled()) {
            return Response.status(Response.Status.NOT_FOUND).cacheControl(CacheControl.never()).build();
        }
        JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(this.authContext.getLoggedInUser());
        try {
            Long valueOf = Long.valueOf(Long.parseLong(str));
            this.attachmentService.getAttachment(jiraServiceContextImpl, valueOf);
            if (!this.attachmentService.canDeleteAttachment(jiraServiceContextImpl, valueOf)) {
                throw new RESTException(Response.Status.FORBIDDEN, ErrorCollection.of(this.i18n.getText("attachment.service.error.delete.no.permission", str)));
            }
            try {
                this.attachmentService.delete(jiraServiceContextImpl, valueOf);
                return Response.noContent().build();
            } catch (Exception e) {
                log.error("Error deleting attachment", e);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
            }
        } catch (NumberFormatException e2) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.attachment.error.not.found", str)));
        } catch (AttachmentNotFoundException e3) {
            throw new RESTException(Response.Status.NOT_FOUND, ErrorCollection.of(this.i18n.getText("rest.attachment.error.not.found", str)));
        }
    }

    protected boolean hasPermissionToViewAttachment(User user, Attachment attachment) throws DataAccessException {
        Issue issueObject = attachment.getIssueObject();
        return user == null ? this.permissionManager.hasPermission(10, issueObject, (User) null) : this.permissionManager.hasPermission(10, issueObject, user);
    }

    @GET
    @Path("meta")
    public Response getAttachmentMeta() {
        return Response.ok(new AttachmentMetaBean(this.attachmentManager.attachmentsEnabled(), Long.valueOf(Long.parseLong(Configuration.getString("webwork.multipart.maxSize"))))).cacheControl(CacheControl.never()).build();
    }
}
