package com.atlassian.jira.security;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.ComponentManager;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.SubTaskManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.permission.LegacyProjectPermissionKeyMapping;
import com.atlassian.jira.permission.PermissionContextFactory;
import com.atlassian.jira.permission.WorkflowPermission;
import com.atlassian.jira.permission.WorkflowPermissionFactory;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.plugin.ProjectPermissionTypesManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import java.util.List;
import org.apache.log4j.Logger;
import org.ofbiz.core.entity.GenericValue;

/* loaded from: input_file:com/atlassian/jira/security/WorkflowBasedPermissionManager.class */
public class WorkflowBasedPermissionManager extends DefaultPermissionManager {
    private static final Logger log = Logger.getLogger(WorkflowBasedPermissionManager.class);
    private final WorkflowPermissionFactory workflowPermissionFactory;
    private final PermissionContextFactory permissionContextFactory;

    public WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory, PermissionContextFactory permissionContextFactory, ProjectPermissionTypesManager projectPermissionTypesManager) {
        super(projectPermissionTypesManager);
        this.workflowPermissionFactory = workflowPermissionFactory;
        this.permissionContextFactory = permissionContextFactory;
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, GenericValue genericValue, User user) {
        return workflowPermissionCheck(super.hasPermission(i, genericValue, user), i, genericValue, user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, genericValue, user), projectPermissionKey, genericValue, user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Issue issue, User user) {
        return workflowPermissionCheck(super.hasPermission(i, issue, user), i, issue.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Issue issue, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, issue, user), projectPermissionKey, issue.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Issue issue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(i, issue, applicationUser), i, issue.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, issue, applicationUser), projectPermissionKey, issue.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, User user) {
        return workflowPermissionCheck(super.hasPermission(i, project, user), i, project.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, user), projectPermissionKey, project.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(i, project, applicationUser), i, project.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, applicationUser), projectPermissionKey, project.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, project, user, z), i, project.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, user, z), projectPermissionKey, project.getGenericValue(), user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, project, applicationUser, z), i, project.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, applicationUser, z), projectPermissionKey, project.getGenericValue(), ApplicationUsers.toDirectoryUser(applicationUser));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, GenericValue genericValue, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, genericValue, user, z), i, genericValue, user);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, genericValue, user, z), projectPermissionKey, genericValue, user);
    }

    private boolean workflowPermissionCheck(boolean z, int i, GenericValue genericValue, User user) {
        return workflowPermissionCheck(z, LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i)), genericValue, user);
    }

    private boolean workflowPermissionCheck(boolean z, ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user) {
        Integer id = LegacyProjectPermissionKeyMapping.getId(projectPermissionKey);
        if (id == null) {
            return z;
        }
        String shortName = Permissions.getShortName(id.intValue());
        if (!z) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug(shortName + " permission denied by permission scheme");
            return false;
        }
        if (genericValue == null || !"Issue".equals(genericValue.getEntityName())) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(shortName + " permission granted by permission scheme");
            return true;
        }
        Issue issue = ComponentAccessor.getIssueFactory().getIssue(genericValue);
        List<WorkflowPermission> workflowPermissions = this.workflowPermissionFactory.getWorkflowPermissions(this.permissionContextFactory.getPermissionContext(issue), id.intValue(), false);
        addParentPermissionsIfSubTask(workflowPermissions, issue, id.intValue());
        if (workflowPermissions.isEmpty()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(shortName + " granted by permission scheme");
            return true;
        }
        for (WorkflowPermission workflowPermission : workflowPermissions) {
            if (workflowPermission.allows(id.intValue(), issue, user)) {
                if (!log.isInfoEnabled()) {
                    return true;
                }
                log.info(shortName + " granted by permission scheme and " + workflowPermission);
                return true;
            }
            if (log.isInfoEnabled()) {
                log.info("\t" + shortName + " not granted by " + workflowPermission);
            }
        }
        if (!log.isInfoEnabled()) {
            return false;
        }
        log.info(shortName + " granted by permission scheme but DENIED by workflow");
        return false;
    }

    private void addParentPermissionsIfSubTask(List<WorkflowPermission> list, Issue issue, int i) {
        SubTaskManager subTaskManager = ComponentManager.getInstance().getSubTaskManager();
        Issue parentObject = issue.getParentObject();
        if (!subTaskManager.isSubTasksEnabled() || parentObject == null) {
            return;
        }
        list.addAll(this.workflowPermissionFactory.getWorkflowPermissions(this.permissionContextFactory.getPermissionContext(parentObject), i, true));
    }
}
