package com.atlassian.jira.web.action.admin;

import com.atlassian.core.util.collection.EasyList;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.jelly.tag.issue.AttachFile;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.xsrf.RequiresXsrfCheck;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil;
import com.atlassian.jira.web.action.ProjectActionSupport;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.opensymphony.util.TextUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import org.apache.commons.collections.map.ListOrderedMap;

@WebSudoRequired
/* loaded from: input_file:com/atlassian/jira/web/action/admin/GlobalPermissions.class */
public class GlobalPermissions extends ProjectActionSupport {
    private Map permTypes;
    private String groupName;
    private int permType = -1;
    private String action = "view";
    private final GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil;
    private final GlobalPermissionManager globalPermissionManager;
    private final UserUtil userUtil;
    private final GroupManager groupManager;

    /* loaded from: input_file:com/atlassian/jira/web/action/admin/GlobalPermissions$Actions.class */
    private static final class Actions {
        private static final String VIEW = "view";
        private static final String ADD = "add";
        private static final String DEL = "del";
        private static final String DELETE = "delete";
        private static final String CONFIRM = "confirm";

        private Actions() {
        }
    }

    public GlobalPermissions(GlobalPermissionManager globalPermissionManager, GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil, UserUtil userUtil, GroupManager groupManager) {
        this.globalPermissionGroupAssociationUtil = globalPermissionGroupAssociationUtil;
        this.globalPermissionManager = globalPermissionManager;
        this.userUtil = userUtil;
        this.groupManager = groupManager;
    }

    public String doDefault() throws Exception {
        return "success";
    }

    public void doValidation() {
        if (this.permType >= 0) {
            if (!Permissions.isGlobalPermission(this.permType)) {
                addError("permType", getText("admin.errors.permissions.inexistent.permission"));
            }
            if (this.groupName != null) {
                if (!"del".equals(this.action) && !"confirm".equals(this.action)) {
                    Group group = this.groupManager.getGroup(this.groupName);
                    if (group == null) {
                        addError("groupName", getText("admin.errors.permissions.inexistent.group", "'" + this.groupName + "'"));
                    }
                    if (this.permType == 1 && getAdministrativeGroups().contains(group)) {
                        addError("groupName", getText("admin.errors.permissions.group.notallowed.for.permission", this.groupName, getPermTypeDisplayName(this.permType)));
                    }
                } else if (!this.globalPermissionManager.getGroupNames(this.permType).contains(this.groupName)) {
                    addErrorMessage(getText("admin.errors.permissions.delete.group.not.in.permission", this.groupName, getPermTypeDisplayName(this.permType)));
                }
            } else if ((this.permType == 1 || Permissions.isAdministrativePermission(this.permType)) && AttachFile.OPTION_ADD.equals(this.action)) {
                addError("groupName", getText("admin.errors.permissions.group.notallowed.for.permission", getText("admin.common.words.anyone"), getPermTypeDisplayName(this.permType)));
            }
            validateAdd();
            validateDelete();
        } else if (AttachFile.OPTION_ADD.equals(this.action)) {
            addError("permType", getText("admin.errors.permissions.must.select.permission"));
        }
        super.doValidation();
    }

    @RequiresXsrfCheck
    protected String doExecute() throws Exception {
        if (this.permType >= 0) {
            if ("del".equals(this.action)) {
                removePermission(this.permType, this.groupName);
                this.action = "view";
                return getPermissionRedirect();
            }
            if ("confirm".equals(this.action)) {
                return "confirm";
            }
            if (AttachFile.OPTION_ADD.equals(this.action)) {
                createPermission(this.permType, this.groupName == null ? null : this.groupManager.getGroup(this.groupName));
                return getPermissionRedirect();
            }
        }
        return getResult();
    }

    protected void validateDelete() {
        if ("del".equals(this.action) || "confirm".equals(this.action)) {
            if (this.permType == 0) {
                if (this.globalPermissionGroupAssociationUtil.isRemovingAllMyAdminGroups(EasyList.build(this.groupName), getLoggedInUser()) && !this.globalPermissionManager.hasPermission(44, getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission"));
                }
            } else if (this.permType == 44) {
                if (!this.globalPermissionManager.hasPermission(44, getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission.sys.admin.only"));
                } else if (this.globalPermissionGroupAssociationUtil.isRemovingAllMySysAdminGroups(EasyList.build(this.groupName), getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission.sys.admin"));
                }
            }
        }
    }

    protected void validateAdd() {
        if (!AttachFile.OPTION_ADD.equals(this.action) || getPermTypes().containsKey(new Integer(this.permType))) {
            return;
        }
        addErrorMessage(getText("admin.errors.permissions.not.have.permission.to.add"));
    }

    protected String getPermissionRedirect() throws Exception {
        return getRedirect("GlobalPermissions!default.jspa");
    }

    protected void createPermission(int i, Group group) throws CreateException {
        String name = group == null ? null : group.getName();
        if (this.globalPermissionManager.getGroupNames(i).contains(name)) {
            return;
        }
        this.globalPermissionManager.addPermission(i, name);
    }

    private void removePermission(int i, String str) throws RemoveException {
        Group group = str == null ? null : this.groupManager.getGroup(str);
        String str2 = null;
        if (group != null) {
            str2 = group.getName();
        } else if (str != null) {
            str2 = str;
        }
        this.globalPermissionManager.removePermission(i, str2);
    }

    public Collection getPermissionGroups(Integer num) {
        return this.globalPermissionManager.getPermissions(num.intValue());
    }

    public Collection getGroups() {
        return this.groupManager.getAllGroups();
    }

    public int getPermType() {
        return this.permType;
    }

    public String getPermTypeName() {
        return getPermTypeDisplayName(this.permType);
    }

    public void setPermType(int i) {
        this.permType = i;
    }

    public String getGroupName() {
        return this.groupName;
    }

    public void setGroupName(String str) {
        if (TextUtils.stringSet(str)) {
            this.groupName = str;
        } else {
            this.groupName = null;
        }
    }

    public void setAction(String str) {
        if ("del".equalsIgnoreCase(str) || "delete".equalsIgnoreCase(str)) {
            this.action = "del";
        } else if ("confirm".equalsIgnoreCase(str)) {
            this.action = "confirm";
        } else {
            this.action = AttachFile.OPTION_ADD;
        }
    }

    public boolean isConfirm() {
        return "confirm".equalsIgnoreCase(this.action);
    }

    public String getPermTypeDisplayName(int i) {
        return getText(i == 44 ? "admin.global.permissions.system.administer" : i == 0 ? "admin.global.permissions.administer" : i == 1 ? "admin.global.permissions.use" : i == 27 ? "admin.global.permissions.user.picker" : i == 22 ? "admin.global.permissions.create.shared.filter" : i == 24 ? "admin.global.permissions.manage.group.filter.subscriptions" : i == 33 ? "admin.global.permissions.bulk.change" : "common.words.unknown");
    }

    public Map getPermTypes() {
        if (this.permTypes == null) {
            this.permTypes = new ListOrderedMap();
            if (this.globalPermissionManager.hasPermission(44, getLoggedInUser())) {
                this.permTypes.put(new Integer(44), getPermTypeDisplayName(44));
            }
            this.permTypes.put(new Integer(0), getPermTypeDisplayName(0));
            this.permTypes.put(new Integer(1), getPermTypeDisplayName(1));
            this.permTypes.put(new Integer(27), getPermTypeDisplayName(27));
            this.permTypes.put(new Integer(22), getPermTypeDisplayName(22));
            this.permTypes.put(new Integer(24), getPermTypeDisplayName(24));
            this.permTypes.put(new Integer(33), getPermTypeDisplayName(33));
        }
        return this.permTypes;
    }

    public String getDescription(Integer num) {
        return Permissions.getDescription(num.intValue());
    }

    public boolean hasExceededUserLimit() {
        return this.userUtil.hasExceededUserLimit();
    }

    private Collection<Group> getAdministrativeGroups() {
        ArrayList arrayList = new ArrayList(this.globalPermissionManager.getGroupsWithPermission(0));
        arrayList.addAll(this.globalPermissionManager.getGroupsWithPermission(44));
        return Collections.unmodifiableCollection(arrayList);
    }
}
