package com.atlassian.stash.internal.user;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.stash.avatar.AvatarSupplier;
import com.atlassian.stash.avatar.CacheableAvatarSupplier;
import com.atlassian.stash.event.user.UserAvatarUpdatedEvent;
import com.atlassian.stash.exception.ArgumentValidationException;
import com.atlassian.stash.exception.AuthorisationException;
import com.atlassian.stash.exception.NoSuchUserException;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.AbstractService;
import com.atlassian.stash.internal.InternalConverter;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.avatar.DataUriAvatarMetaSupplier;
import com.atlassian.stash.internal.avatar.InternalAvatarService;
import com.atlassian.stash.internal.crowd.CrowdControl;
import com.atlassian.stash.internal.page.PageConstants;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.rest.data.RestStashUser;
import com.atlassian.stash.user.AuthenticationException;
import com.atlassian.stash.user.IncorrectPasswordAuthenticationException;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionRequest;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.ServiceUser;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserSearchRequest;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageProvider;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageUtils;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.xalan.templates.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@AvailableToPlugins(UserService.class)
@Service("userService")
/* loaded from: input_file:WEB-INF/lib/stash-service-impl-3.10.2.jar:com/atlassian/stash/internal/user/DefaultUserService.class */
public class DefaultUserService extends AbstractService implements InternalUserService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultUserService.class);
    private static final Function<Class<?>, String> TO_CLASS_NAME = new Function<Class<?>, String>() { // from class: com.atlassian.stash.internal.user.DefaultUserService.1
        @Override // com.google.common.base.Function
        public String apply(Class<?> cls) {
            return cls.getName();
        }
    };
    private final InternalAvatarService avatarService;
    private final InternalStashAuthenticationContext authenticationContext;
    private final CrowdControl crowdControl;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final PasswordResetHelper passwordResetHelper;
    private final StashUserDao userDao;
    private final UserHelper userHelper;

    @Value(PageConstants.MAX_USERS)
    private int maxUserPageSize;

    @Value(PageConstants.MAX_GROUPS)
    private int maxGroupPageSize;
    private PermissionService permissionService;

    @Autowired
    public DefaultUserService(InternalAvatarService internalAvatarService, InternalStashAuthenticationContext internalStashAuthenticationContext, CrowdControl crowdControl, EventPublisher eventPublisher, I18nService i18nService, PasswordResetHelper passwordResetHelper, StashUserDao stashUserDao, UserHelper userHelper) {
        this.avatarService = internalAvatarService;
        this.authenticationContext = internalStashAuthenticationContext;
        this.crowdControl = crowdControl;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.passwordResetHelper = passwordResetHelper;
        this.userDao = stashUserDao;
        this.userHelper = userHelper;
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Transactional(propagation = Propagation.SUPPORTS, noRollbackFor = {AuthenticationException.class, NoSuchUserException.class})
    @Unsecured("This needs to be available to unauthenticated contexts")
    public StashUser authenticate(@Nonnull String str, @Nonnull String str2) {
        log.debug("Authenticating user: {}", str);
        return getOrCreateMappedUser(this.crowdControl.authenticate(str, str2));
    }

    @Override // com.atlassian.stash.user.UserService
    @PreAuthorize("isCurrentUser(#user) or hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#user, 'SYS_ADMIN'))")
    public void deleteAvatar(@Nonnull StashUser stashUser) {
        this.avatarService.deleteForUser((StashUser) Preconditions.checkNotNull(stashUser, "user"));
    }

    @Override // com.atlassian.stash.user.UserService
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public boolean existsGroup(String str) {
        return this.crowdControl.findGroup(str) != null;
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroups(@Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroups(pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroupsByName(String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByName(str, pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroupsByPrefix(String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByPrefix(str, pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("Used in unauthenticated contexts by licensing, permission checks and login processing")
    public Page<String> findGroupsByUser(@Nonnull String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByUser(str, null, false, pageRequest).transform(IdentifierUtils.TO_LOWER_CASE);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<ServiceUser> findServiceUsersByName(String str, @Nonnull PageRequest pageRequest) {
        return PageUtils.asPageOf(ServiceUser.class, this.userDao.findServiceUsersByName(str, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Override // com.atlassian.stash.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts; it is used for password resets")
    public StashUser findUserByNameOrEmail(@Nonnull String str) {
        User findUserByProperty;
        return (!((String) Preconditions.checkNotNull(str, "value")).contains("@") || (findUserByProperty = this.crowdControl.findUserByProperty(UserTermKeys.EMAIL, str)) == null) ? this.userDao.findByName(str) : getOrCreateMappedUser(findUserByProperty);
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<? extends StashUser> findUsers(@Nonnull PageRequest pageRequest) {
        return this.userHelper.transformOrCreate(this.crowdControl.findUsers(pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("Used in unauthenticated contexts by licensing, permission checks and login processing")
    public Page<? extends StashUser> findUsersByGroup(@Nonnull String str, @Nonnull PageRequest pageRequest) {
        return this.userHelper.transformOrCreate(this.crowdControl.findUsersByGroup(str, null, false, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<? extends StashUser> findUsersByName(String str, @Nonnull PageRequest pageRequest) {
        return this.userHelper.transformOrCreate(this.crowdControl.findUsersByName(str, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("User avatars are not more privileged than getUserBySlug(String)")
    public CacheableAvatarSupplier getAvatar(@Nonnull StashUser stashUser, int i) {
        Preconditions.checkNotNull(stashUser, "user");
        return this.avatarService.getForUser(stashUser, i);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserByName(@Nonnull String str) {
        return getServiceUserByName(str, false);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserByName(@Nonnull String str, boolean z) {
        return this.userDao.findServiceUserByName((String) Preconditions.checkNotNull(str, "username"), z);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserBySlug(@Nonnull String str) {
        return this.userDao.findServiceUserBySlug((String) Preconditions.checkNotNull(str, RestStashUser.SLUG));
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public StashUser getUserById(int i) {
        return getUserById(i, false);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public StashUser getUserById(int i, boolean z) {
        return maybeFilterInactive(this.userDao.getById(Integer.valueOf(i)), z);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    public StashUser getUserByKey(UserKey userKey) {
        return getUserByKey(userKey, false);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    public StashUser getUserByKey(UserKey userKey, boolean z) {
        if (userKey == null) {
            return null;
        }
        try {
            return getUserById(Integer.parseInt(userKey.getStringValue()), z);
        } catch (NumberFormatException e) {
            return getUserByName(userKey.getStringValue());
        }
    }

    @Override // com.atlassian.stash.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts")
    public StashUser getUserByName(@Nonnull String str) {
        return getUserByName(str, false);
    }

    @Override // com.atlassian.stash.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts")
    public StashUser getUserByName(@Nonnull String str, boolean z) {
        return (this.authenticationContext.isAuthenticated() && IdentifierUtils.equalsInLowerCase(str, this.authenticationContext.getCurrentUser().getName())) ? this.authenticationContext.getCurrentToken().getPrincipal() : maybeFilterInactive(this.userDao.findByName((String) Preconditions.checkNotNull(str, "username")), z);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public StashUser getUserBySlug(@Nonnull String str) {
        Preconditions.checkNotNull(str, RestStashUser.SLUG);
        return (this.authenticationContext.isAuthenticated() && this.authenticationContext.getCurrentUser().getSlug().equals(str)) ? this.authenticationContext.getCurrentToken().getPrincipal() : maybeFilterInactive(this.userDao.findBySlug(str), false);
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("This needs to be available to unauthenticated contexts")
    public Set<? extends StashUser> getUsersById(@Nonnull Set<Integer> set) {
        return getUsersById(set, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Iterable] */
    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("This needs to be available in unauthenticated contexts")
    public Set<? extends StashUser> getUsersById(@Nonnull Set<Integer> set, boolean z) {
        List<InternalStashUser> byIds = this.userDao.getByIds(set);
        if (!z) {
            byIds = Iterables.filter(byIds, InternalStashUser.IS_ACTIVE);
        }
        return ImmutableSet.copyOf((Iterable) byIds);
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("Should be on the same level of permission as getUserByName(String)")
    public Set<? extends StashUser> getUsersByName(@Nonnull Set<String> set) {
        return getUsersByName(set, false);
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Unsecured("Should be on the same level of permission as getUserByName(String)")
    public Set<? extends StashUser> getUsersByName(@Nonnull Set<String> set, boolean z) {
        Set<InternalNormalUser> findByNames = this.userDao.findByNames(set);
        if (!z) {
            findByNames = ImmutableSet.copyOf((Collection) Sets.filter(findByNames, InternalStashUser.IS_ACTIVE));
        }
        return findByNames;
    }

    @Override // com.atlassian.stash.user.UserService
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public boolean isUserInGroup(@Nonnull StashUser stashUser, @Nonnull final String str) {
        Preconditions.checkNotNull(stashUser);
        Preconditions.checkNotNull(str);
        return ((Boolean) InternalConverter.convertToInternalUser(stashUser).accept(new InternalStashUserVisitor<Boolean>() { // from class: com.atlassian.stash.internal.user.DefaultUserService.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.stash.internal.user.InternalStashUserVisitor
            public Boolean visit(@Nonnull InternalNormalUser internalNormalUser) {
                User backingCrowdUser = internalNormalUser.getBackingCrowdUser();
                if (backingCrowdUser == null) {
                    backingCrowdUser = DefaultUserService.this.crowdControl.findUser(internalNormalUser.getUsername(), true);
                    if (backingCrowdUser == null) {
                        return false;
                    }
                }
                return Boolean.valueOf(DefaultUserService.this.crowdControl.isGroupMember(str, backingCrowdUser));
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.stash.internal.user.InternalStashUserVisitor
            public Boolean visit(@Nonnull InternalServiceUser internalServiceUser) {
                return false;
            }
        })).booleanValue();
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This is not restricted by permissions so that SAL tests pass. It should not be exposed via REST")
    public boolean isUserInGroup(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        StashUser userByName = getUserByName(str);
        return userByName != null && isUserInGroup(userByName, str2);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Nonnull
    @Transactional
    @Unsecured("This should not be more private than findUserByNameOrEmail")
    public Map<String, StashUser> mapUsersByEmail(@Nonnull Set<String> set) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(set.size());
        for (String str : set) {
            StashUser findUserByNameOrEmail = findUserByNameOrEmail(str);
            if (findUserByNameOrEmail != null) {
                newHashMapWithExpectedSize.put(str, findUserByNameOrEmail);
            }
        }
        return newHashMapWithExpectedSize;
    }

    @Override // com.atlassian.stash.user.UserService
    @Transactional
    @Unsecured("This needs to be available to unauthenticated contexts")
    public StashUser preauthenticate(@Nonnull String str) {
        log.debug("Authenticating user: {}", str);
        StashUser userByName = getUserByName(str);
        if (userByName != null) {
            SecurityContextHolder.getContext().setAuthentication(StashUserAuthenticationToken.forUser(userByName));
        }
        return userByName;
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<StashUser> search(@Nonnull UserSearchRequest userSearchRequest, @Nonnull PageRequest pageRequest) {
        Set<PermissionRequest> permissions = userSearchRequest.getPermissions();
        validatePermissions(permissions);
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(permissions.size());
        for (final PermissionRequest permissionRequest : permissions) {
            newArrayListWithCapacity.add(new Predicate<StashUser>() { // from class: com.atlassian.stash.internal.user.DefaultUserService.3
                @Override // com.google.common.base.Predicate
                public boolean apply(StashUser stashUser) {
                    return DefaultUserService.this.hasPermission(DefaultUserService.this.permissionService, permissionRequest, stashUser);
                }
            });
        }
        final String filter = userSearchRequest.getFilter();
        return PageUtils.filterPages(new PageProvider<StashUser>() { // from class: com.atlassian.stash.internal.user.DefaultUserService.4
            @Override // com.atlassian.stash.util.PageProvider
            public Page<StashUser> get(PageRequest pageRequest2) {
                return PageUtils.asPageOf(StashUser.class, DefaultUserService.this.findUsersByName(filter, pageRequest2));
            }
        }, Predicates.and(newArrayListWithCapacity), pageRequest);
    }

    @Override // com.atlassian.stash.user.UserService
    @Unsecured("This needs to be available to all contexts")
    public void unauthenticate() {
        SecurityContextHolder.clearContext();
    }

    @Override // com.atlassian.stash.user.UserService
    @PreAuthorize("isCurrentUser(#user) or hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#user, 'SYS_ADMIN'))")
    public void updateAvatar(@Nonnull StashUser stashUser, @Nonnull AvatarSupplier avatarSupplier) {
        Preconditions.checkNotNull(avatarSupplier, "supplier");
        doUpdateAvatar(stashUser, Suppliers.ofInstance(avatarSupplier));
    }

    @Override // com.atlassian.stash.user.UserService
    @PreAuthorize("isCurrentUser(#user) or hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#user, 'SYS_ADMIN'))")
    public void updateAvatar(@Nonnull StashUser stashUser, @Nonnull String str) {
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str, Constants.ELEMNAME_URL_STRING)).trim().isEmpty(), "A non-blank data URI is required");
        doUpdateAvatar(stashUser, new DataUriAvatarMetaSupplier(this.avatarService, str));
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Transactional
    @Unsecured("Internal service method")
    public void updateLastAuthentication(@Nonnull String str) {
        User findUser = this.crowdControl.findUser(str, false);
        if (findUser != null) {
            this.crowdControl.setUserAttribute(findUser, InternalUserService.ATTR_LAST_AUTHENTICATION_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
        }
    }

    @Override // com.atlassian.stash.user.UserService
    @Transactional
    @PreAuthorize("isAuthenticated()")
    public void updatePassword(@Nonnull String str, @Nonnull String str2) {
        try {
            this.passwordResetHelper.resetPassword(this.crowdControl.authenticate(getCurrentUserForUpdate().getName(), str), str2);
        } catch (IncorrectPasswordAuthenticationException e) {
            throw new IncorrectPasswordAuthenticationException(this.i18nService.createKeyedMessage("stash.service.user.password.invalid", new Object[0]));
        }
    }

    @Override // com.atlassian.stash.user.UserService
    @Nonnull
    @Transactional
    @PreAuthorize("isAuthenticated()")
    public StashUser updateUser(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "displayName");
        Preconditions.checkNotNull(str2, "email");
        return this.userHelper.transformOrCreate(this.crowdControl.updateUser(ImmutableUser.newUser().name(getCurrentUserForUpdate().getName()).displayName(str).emailAddress(str2).toUser()));
    }

    @Autowired
    public void setPermissionService(PermissionService permissionService) {
        this.permissionService = permissionService;
    }

    private void doUpdateAvatar(@Nonnull StashUser stashUser, @Nonnull Supplier<AvatarSupplier> supplier) {
        this.avatarService.saveForUser((StashUser) Preconditions.checkNotNull(stashUser, "user"), (AvatarSupplier) ((Supplier) Preconditions.checkNotNull(supplier, "metaSupplier")).get());
        this.eventPublisher.publish(new UserAvatarUpdatedEvent(this, stashUser));
    }

    @Nonnull
    private StashUser getCurrentUserForUpdate() {
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null) {
            throw new AuthorisationException(this.i18nService.createKeyedMessage("stash.service.user.anonymousupdate", new Object[0]));
        }
        return currentUser;
    }

    private InternalNormalUser getOrCreateMappedUser(User user) {
        return this.userHelper.transformOrCreate(user);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasPermission(PermissionService permissionService, PermissionRequest permissionRequest, StashUser stashUser) {
        Permission permission = permissionRequest.getPermission();
        Object resource2 = permissionRequest.getResource();
        if (permission.isGlobal()) {
            return permissionService.hasGlobalPermission(stashUser, permission);
        }
        if (permission.isResource(Project.class)) {
            if (resource2 instanceof Project) {
                return permissionService.hasProjectPermission(stashUser, (Project) permissionRequest.getResourceAs(Project.class), permission);
            }
            if (resource2 instanceof Integer) {
                return permissionService.hasProjectPermission(stashUser, ((Integer) permissionRequest.getResourceAs(Integer.class)).intValue(), permission);
            }
        }
        if (permission.isResource(Repository.class)) {
            if (resource2 instanceof Repository) {
                return permissionService.hasRepositoryPermission(stashUser, (Repository) permissionRequest.getResourceAs(Repository.class), permission);
            }
            if (resource2 instanceof Integer) {
                return permissionService.hasRepositoryPermission(stashUser, ((Integer) permissionRequest.getResourceAs(Integer.class)).intValue(), permission);
            }
        }
        throw new AssertionError("Unsupported resource type " + resource2.getClass().getName());
    }

    private <U extends InternalStashUser> U maybeFilterInactive(U u, boolean z) {
        if (z || (u != null && u.isActive())) {
            return u;
        }
        return null;
    }

    private void validatePermissions(Set<PermissionRequest> set) {
        Iterator<PermissionRequest> it = set.iterator();
        while (it.hasNext()) {
            validatePermissionRequest(it.next());
        }
    }

    private void validatePermissionRequest(PermissionRequest permissionRequest) {
        Permission permission = permissionRequest.getPermission();
        Object resource2 = permissionRequest.getResource();
        if (permission.isGlobal()) {
            if (resource2 != null) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("stash.service.user.permission.globalresource", permissionRequest.getResource()));
            }
        } else {
            if (resource2 == null) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("stash.service.user.permission.emptyresource", permissionRequest.getPermission()));
            }
            if (!permission.isResource(resource2.getClass())) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("stash.service.user.permission.incompatibleresource", resource2.getClass().getName(), permission, Iterables.transform(permission.getResourceTypes(), TO_CLASS_NAME)));
            }
        }
    }
}
