package com.atlassian.jira.issue.search.parameters.lucene;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.issue.search.constants.SystemSearchConstants;
import com.atlassian.jira.issue.security.IssueSecurityLevel;
import com.atlassian.jira.issue.security.IssueSecurityLevelManager;
import com.atlassian.jira.issue.security.IssueSecurityLevelPermission;
import com.atlassian.jira.issue.security.IssueSecuritySchemeManager;
import com.atlassian.jira.permission.PermissionSchemeManager;
import com.atlassian.jira.permission.PermissionTypeManager;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectFactory;
import com.atlassian.jira.security.JiraAuthenticationContextImpl;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.RequestCacheKeys;
import com.atlassian.jira.security.SecurityTypeManager;
import com.atlassian.jira.security.type.SecurityType;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.apache.log4j.Logger;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.BooleanClause;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TermQuery;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericValue;

/* loaded from: input_file:com/atlassian/jira/issue/search/parameters/lucene/DefaultPermissionQueryFactory.class */
public class DefaultPermissionQueryFactory implements PermissionQueryFactory {
    private static final Logger log = Logger.getLogger(DefaultPermissionQueryFactory.class);
    private final IssueSecurityLevelManager issueSecurityLevelManager;
    private final PermissionManager permissionManager;
    private final PermissionSchemeManager permissionSchemeManager;
    private final PermissionTypeManager permissionTypeManager;
    private final IssueSecuritySchemeManager issueSecuritySchemeManager;
    private final SecurityTypeManager issueSecurityTypeManager;

    public DefaultPermissionQueryFactory(IssueSecurityLevelManager issueSecurityLevelManager, PermissionManager permissionManager, PermissionSchemeManager permissionSchemeManager, PermissionTypeManager permissionTypeManager, IssueSecuritySchemeManager issueSecuritySchemeManager, SecurityTypeManager securityTypeManager, ProjectFactory projectFactory) {
        this.issueSecurityLevelManager = issueSecurityLevelManager;
        this.permissionManager = permissionManager;
        this.permissionSchemeManager = permissionSchemeManager;
        this.permissionTypeManager = permissionTypeManager;
        this.issueSecuritySchemeManager = issueSecuritySchemeManager;
        this.issueSecurityTypeManager = securityTypeManager;
    }

    @Override // com.atlassian.jira.issue.search.parameters.lucene.PermissionQueryFactory
    public Query getQuery(ApplicationUser applicationUser, int i) {
        try {
            BooleanQuery booleanQuery = new BooleanQuery();
            Collection projects = this.permissionManager.getProjects(i, applicationUser);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            Iterator it = projects.iterator();
            while (it.hasNext()) {
                collectProjectTerms((Project) it.next(), applicationUser, linkedHashSet, i);
            }
            BooleanQuery booleanQuery2 = new BooleanQuery();
            Iterator<Query> it2 = linkedHashSet.iterator();
            while (it2.hasNext()) {
                booleanQuery2.add(it2.next(), BooleanClause.Occur.SHOULD);
            }
            if (!booleanQuery2.clauses().isEmpty()) {
                booleanQuery.add(booleanQuery2, BooleanClause.Occur.MUST);
                LinkedHashSet linkedHashSet2 = new LinkedHashSet();
                linkedHashSet2.add(new TermQuery(new Term(SystemSearchConstants.forSecurityLevel().getIndexField(), "-1")));
                try {
                    Iterator it3 = projects.iterator();
                    while (it3.hasNext()) {
                        collectSecurityLevelTerms((Project) it3.next(), applicationUser, linkedHashSet2);
                    }
                } catch (GenericEntityException e) {
                    log.error("Error occurred retrieving security levels for this user");
                }
                BooleanQuery booleanQuery3 = new BooleanQuery();
                Iterator<Query> it4 = linkedHashSet2.iterator();
                while (it4.hasNext()) {
                    booleanQuery3.add(it4.next(), BooleanClause.Occur.SHOULD);
                }
                booleanQuery.add(booleanQuery3, BooleanClause.Occur.MUST);
            }
            return booleanQuery;
        } catch (GenericEntityException e2) {
            log.error("Error constructing query: " + e2, e2);
            return null;
        }
    }

    PermissionsFilterCache getCache() {
        PermissionsFilterCache permissionsFilterCache = (PermissionsFilterCache) JiraAuthenticationContextImpl.getRequestCache().get(RequestCacheKeys.PERMISSIONS_FILTER_CACHE);
        if (permissionsFilterCache == null) {
            if (log.isDebugEnabled()) {
                log.debug("Creating new PermissionsFilterCache");
            }
            permissionsFilterCache = new PermissionsFilterCache();
            JiraAuthenticationContextImpl.getRequestCache().put(RequestCacheKeys.PERMISSIONS_FILTER_CACHE, permissionsFilterCache);
        }
        return permissionsFilterCache;
    }

    void collectProjectTerms(Project project, ApplicationUser applicationUser, Set<Query> set, int i) throws GenericEntityException {
        Query query;
        User directoryUser = ApplicationUsers.toDirectoryUser(applicationUser);
        Iterator it = this.permissionSchemeManager.getSchemes(project.getGenericValue()).iterator();
        while (it.hasNext()) {
            for (GenericValue genericValue : this.permissionSchemeManager.getEntities((GenericValue) it.next(), Long.valueOf(i))) {
                SecurityType securityType = this.permissionTypeManager.getSecurityType(genericValue.getString("type"));
                if (securityType != null) {
                    try {
                        if (userHasPermissionForProjectAndSecurityType(applicationUser, project, genericValue.getString("parameter"), securityType) && (query = securityType.getQuery(directoryUser, project, genericValue.getString("parameter"))) != null) {
                            set.add(query);
                        }
                    } catch (Exception e) {
                        log.debug("Could not add query for security type:" + securityType.getDisplayName(), e);
                    }
                } else {
                    log.debug("Could not find security type:" + genericValue.getString("type"));
                }
            }
        }
    }

    void collectSecurityLevelTerms(Project project, ApplicationUser applicationUser, Set<Query> set) throws GenericEntityException {
        Query query;
        User directoryUser = ApplicationUsers.toDirectoryUser(applicationUser);
        for (IssueSecurityLevel issueSecurityLevel : this.issueSecurityLevelManager.getUsersSecurityLevels(project, directoryUser)) {
            for (IssueSecurityLevelPermission issueSecurityLevelPermission : this.issueSecuritySchemeManager.getPermissionsBySecurityLevel(issueSecurityLevel.getId())) {
                SecurityType securityType = this.issueSecurityTypeManager.getSecurityType(issueSecurityLevelPermission.getType());
                if (securityType != null && userHasPermissionForProjectAndSecurityType(applicationUser, project, issueSecurityLevelPermission.getParameter(), securityType) && (query = securityType.getQuery(directoryUser, project, issueSecurityLevel, issueSecurityLevelPermission.getParameter())) != null) {
                    set.add(query);
                }
            }
        }
    }

    boolean userHasPermissionForProjectAndSecurityType(ApplicationUser applicationUser, Project project, String str, SecurityType securityType) {
        return applicationUser == null ? securityType.hasPermission(project, str) : securityType.hasPermission(project, str, applicationUser.getDirectoryUser(), false);
    }
}
