package com.atlassian.jira.security;

import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.fugue.Either;
import com.atlassian.fugue.Option;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.issue.IssueImpl;
import com.atlassian.jira.issue.security.IssueSecuritySchemeManager;
import com.atlassian.jira.permission.LegacyProjectPermissionKeyMapping;
import com.atlassian.jira.permission.ProjectPermission;
import com.atlassian.jira.permission.ProjectPermissionCategory;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectCategory;
import com.atlassian.jira.project.ProjectImpl;
import com.atlassian.jira.scheme.SchemeEntity;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.plugin.ProjectPermissionOverride;
import com.atlassian.jira.security.plugin.ProjectPermissionOverrideModuleDescriptor;
import com.atlassian.jira.security.plugin.ProjectPermissionTypesManager;
import com.atlassian.jira.security.type.SingleUser;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.ozymandias.SafePluginPointAccess;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Objects;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import javax.annotation.Nonnull;
import org.apache.log4j.Logger;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericValue;

/* loaded from: input_file:com/atlassian/jira/security/DefaultPermissionManager.class */
public class DefaultPermissionManager implements PermissionManager {
    private static final Logger log = Logger.getLogger(DefaultPermissionManager.class);
    private ProjectPermissionTypesManager projectPermissionTypesManager;

    public DefaultPermissionManager(ProjectPermissionTypesManager projectPermissionTypesManager) {
        this.projectPermissionTypesManager = projectPermissionTypesManager;
    }

    public Collection<ProjectPermission> getAllProjectPermissions() {
        return this.projectPermissionTypesManager.all();
    }

    public Collection<ProjectPermission> getProjectPermissions(ProjectPermissionCategory projectPermissionCategory) {
        return this.projectPermissionTypesManager.withCategory(projectPermissionCategory);
    }

    public Option<ProjectPermission> getProjectPermission(@Nonnull ProjectPermissionKey projectPermissionKey) {
        return this.projectPermissionTypesManager.withKey(projectPermissionKey);
    }

    public void addPermission(int i, GenericValue genericValue, String str, String str2) throws CreateException {
        if (isGlobalPermission(i) && genericValue != null) {
            throw new IllegalArgumentException("Can not create a global permissions in a scheme");
        }
        if (genericValue == null) {
            ComponentAccessor.getGlobalPermissionManager().addPermission(i, str);
            return;
        }
        try {
            ComponentAccessor.getPermissionSchemeManager().createSchemeEntity(genericValue, new SchemeEntity(str2, str, Integer.valueOf(i)));
        } catch (GenericEntityException e) {
            throw new CreateException(e);
        }
    }

    public boolean hasPermission(int i, User user) {
        return hasPermission(i, ApplicationUsers.from(user));
    }

    public boolean hasPermission(int i, ApplicationUser applicationUser) {
        if (isGlobalPermission(i)) {
            return applicationUser == null ? ComponentAccessor.getGlobalPermissionManager().hasPermission(i) : applicationUser.isActive() && ComponentAccessor.getGlobalPermissionManager().hasPermission(i, applicationUser);
        }
        throw new IllegalArgumentException("Expected global permission, got " + i);
    }

    public boolean hasPermission(int i, GenericValue genericValue, User user) {
        return hasPermission(getNonGlobalKey(i), genericValue, user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(final ProjectPermissionKey projectPermissionKey, GenericValue genericValue, final User user) {
        return this.projectPermissionTypesManager.exists(projectPermissionKey) && ((Boolean) getProjectOrIssue(genericValue).fold(new Function<Project, Boolean>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.1
            public Boolean apply(Project project) {
                return Boolean.valueOf(DefaultPermissionManager.this.withPermissionOverriding(DefaultPermissionManager.this.doProjectPermissionCheck(projectPermissionKey, project, user, false), projectPermissionKey, project, ApplicationUsers.from(user)));
            }
        }, new Function<Issue, Boolean>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.2
            public Boolean apply(Issue issue) {
                return Boolean.valueOf(DefaultPermissionManager.this.withPermissionOverriding(DefaultPermissionManager.this.doIssuePermissionCheck(projectPermissionKey, issue, user, false), projectPermissionKey, issue.getProjectObject(), ApplicationUsers.from(user)));
            }
        })).booleanValue();
    }

    public boolean hasPermission(int i, Issue issue, User user) {
        return hasPermission(getNonGlobalKey(i), issue, user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Issue issue, User user) {
        return withPermissionOverriding(doIssuePermissionCheck(projectPermissionKey, issue, user), projectPermissionKey, issue.getProjectObject(), ApplicationUsers.from(user));
    }

    public boolean hasPermission(int i, Issue issue, ApplicationUser applicationUser) {
        return hasPermission(getNonGlobalKey(i), issue, applicationUser);
    }

    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser) {
        return withPermissionOverriding(doIssuePermissionCheck(projectPermissionKey, issue, ApplicationUsers.toDirectoryUser(applicationUser)), projectPermissionKey, issue.getProjectObject(), applicationUser);
    }

    public boolean hasPermission(int i, Project project, User user) {
        return hasPermission(getNonGlobalKey(i), project, user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, user, false), projectPermissionKey, project, ApplicationUsers.from(user));
    }

    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser) {
        return hasPermission(getNonGlobalKey(i), project, applicationUser);
    }

    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, ApplicationUsers.toDirectoryUser(applicationUser), false), projectPermissionKey, project, applicationUser);
    }

    public boolean hasPermission(int i, Project project, User user, boolean z) {
        return hasPermission(getNonGlobalKey(i), project, user, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user, boolean z) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, user, z), projectPermissionKey, project, ApplicationUsers.from(user));
    }

    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser, boolean z) {
        return hasPermission(getNonGlobalKey(i), project, applicationUser, z);
    }

    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser, boolean z) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, ApplicationUsers.toDirectoryUser(applicationUser), z), projectPermissionKey, project, applicationUser);
    }

    public boolean hasPermission(int i, GenericValue genericValue, User user, boolean z) {
        return hasPermission(getNonGlobalKey(i), genericValue, user, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasPermission(final ProjectPermissionKey projectPermissionKey, GenericValue genericValue, final User user, final boolean z) {
        return this.projectPermissionTypesManager.exists(projectPermissionKey) && ((Boolean) getProjectOrIssue(genericValue).fold(new Function<Project, Boolean>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.3
            public Boolean apply(Project project) {
                return Boolean.valueOf(DefaultPermissionManager.this.withPermissionOverriding(DefaultPermissionManager.this.doProjectPermissionCheck(projectPermissionKey, project, user, z), projectPermissionKey, project, ApplicationUsers.from(user)));
            }
        }, new Function<Issue, Boolean>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.4
            public Boolean apply(Issue issue) {
                return Boolean.valueOf(DefaultPermissionManager.this.withPermissionOverriding(DefaultPermissionManager.this.doIssuePermissionCheck(projectPermissionKey, issue, user, z), projectPermissionKey, issue.getProjectObject(), ApplicationUsers.from(user)));
            }
        })).booleanValue();
    }

    private boolean doIssuePermissionCheck(ProjectPermissionKey projectPermissionKey, Issue issue, User user) {
        return issue.getId() != null ? doIssuePermissionCheck(projectPermissionKey, issue, user, false) : doProjectPermissionCheck(projectPermissionKey, issue.getProjectObject(), user, true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean doIssuePermissionCheck(ProjectPermissionKey projectPermissionKey, Issue issue, User user, boolean z) {
        if (doProjectPermissionCheck(projectPermissionKey, issue.getProjectObject(), user, false) && doEntityPermissionCheck(projectPermissionKey, issue.getGenericValue(), user, z)) {
            return user == null ? ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).hasSchemeAuthority(issue.getSecurityLevelId(), issue.getGenericValue()) : ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).hasSchemeAuthority(issue.getSecurityLevelId(), issue.getGenericValue(), user, z);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean doProjectPermissionCheck(ProjectPermissionKey projectPermissionKey, Project project, User user, boolean z) {
        if (project == null || project.getId() == null) {
            throw new IllegalArgumentException("The Project argument and its backing generic value must not be null");
        }
        return doEntityPermissionCheck(projectPermissionKey, project.getGenericValue(), user, z);
    }

    protected boolean doEntityPermissionCheck(ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user, boolean z) {
        if (this.projectPermissionTypesManager.exists(projectPermissionKey)) {
            return user == null ? ComponentAccessor.getPermissionSchemeManager().hasSchemeAuthority(projectPermissionKey, genericValue) : user.isActive() && ComponentAccessor.getPermissionSchemeManager().hasSchemeAuthority(projectPermissionKey, genericValue, user, z);
        }
        return false;
    }

    public void removeGroupPermissions(String str) throws RemoveException {
        Assertions.notNull("group", str);
        Assertions.notNull(ComponentAccessor.getGroupManager().getGroup(str));
        ComponentAccessor.getGlobalPermissionManager().removePermissions(str);
        ComponentAccessor.getPermissionSchemeManager().removeEntities("group", str);
        ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).removeEntities("group", str);
    }

    public void removeUserPermissions(String str) throws RemoveException {
        Assertions.notNull("username", str);
        ApplicationUser userByName = ComponentAccessor.getUserManager().getUserByName(str);
        Assertions.notNull(str, userByName);
        removeUserPermissions(userByName);
    }

    public void removeUserPermissions(ApplicationUser applicationUser) throws RemoveException {
        Assertions.notNull(SingleUser.DESC, applicationUser);
        ComponentAccessor.getPermissionSchemeManager().removeEntities(SingleUser.DESC, applicationUser.getKey());
        ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).removeEntities(SingleUser.DESC, applicationUser.getKey());
    }

    public boolean hasProjects(int i, User user) {
        return hasProjects(i, ApplicationUsers.from(user));
    }

    public boolean hasProjects(int i, ApplicationUser applicationUser) {
        return hasProjects(getNonGlobalKey(i), applicationUser);
    }

    public boolean hasProjects(final ProjectPermissionKey projectPermissionKey, final ApplicationUser applicationUser) {
        return this.projectPermissionTypesManager.exists(projectPermissionKey) && Iterables.any(ComponentAccessor.getProjectManager().getProjectObjects(), new Predicate<Project>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.5
            public boolean apply(Project project) {
                return DefaultPermissionManager.this.hasPermission(projectPermissionKey, project, applicationUser);
            }
        });
    }

    public Collection<Project> getProjectObjects(int i, User user) {
        return getProjectObjects(getNonGlobalKey(i), user);
    }

    public Collection<Project> getProjects(int i, ApplicationUser applicationUser) {
        return getProjects(getNonGlobalKey(i), applicationUser);
    }

    public Collection<Project> getProjects(ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return getProjectObjects(projectPermissionKey, ApplicationUsers.toDirectoryUser(applicationUser));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<Project> getProjectObjects(ProjectPermissionKey projectPermissionKey, User user) {
        return getProjectObjectsWithPermission(ComponentAccessor.getProjectManager().getProjectObjects(), projectPermissionKey, user);
    }

    public Collection<GenericValue> getProjects(int i, User user, GenericValue genericValue) {
        if (isGlobalPermission(i)) {
            throw new IllegalArgumentException("Permission type passed must NOT be a global permission, " + i + " is global");
        }
        return getProjectsWithPermission(genericValue == null ? ComponentAccessor.getProjectManager().getProjectsWithNoCategory() : ComponentAccessor.getProjectManager().getProjectsFromProjectCategory(genericValue), i, user);
    }

    public Collection<Project> getProjects(int i, User user, ProjectCategory projectCategory) {
        return getProjects(LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i)), user, projectCategory);
    }

    public Collection<Project> getProjects(int i, ApplicationUser applicationUser, ProjectCategory projectCategory) {
        return getProjects(getNonGlobalKey(i), applicationUser, projectCategory);
    }

    public Collection<Project> getProjects(ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser, ProjectCategory projectCategory) {
        return getProjects(projectPermissionKey, ApplicationUsers.toDirectoryUser(applicationUser), projectCategory);
    }

    private Collection<Project> getProjects(ProjectPermissionKey projectPermissionKey, User user, ProjectCategory projectCategory) {
        return getProjectObjectsWithPermission(projectCategory == null ? ComponentAccessor.getProjectManager().getProjectObjectsWithNoCategory() : ComponentAccessor.getProjectManager().getProjectsFromProjectCategory(projectCategory), projectPermissionKey, user);
    }

    private Collection<GenericValue> getProjectsWithPermission(Collection<GenericValue> collection, int i, User user) {
        ArrayList arrayList = new ArrayList();
        for (GenericValue genericValue : collection) {
            if (hasPermission(i, genericValue, user)) {
                arrayList.add(genericValue);
            }
        }
        return arrayList;
    }

    private Collection<Project> getProjectObjectsWithPermission(Collection<Project> collection, final ProjectPermissionKey projectPermissionKey, final User user) {
        return !this.projectPermissionTypesManager.exists(projectPermissionKey) ? Collections.emptyList() : Lists.newArrayList(Iterables.filter(collection, new Predicate<Project>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.6
            public boolean apply(Project project) {
                return DefaultPermissionManager.this.hasPermission(projectPermissionKey, project, user);
            }
        }));
    }

    private ProjectPermissionKey getNonGlobalKey(int i) {
        if (isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must NOT be a global permission, " + i + " is global");
        }
        return LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i));
    }

    protected boolean isGlobalPermission(int i) {
        return Permissions.isGlobalPermission(i);
    }

    public Collection<Group> getAllGroups(int i, Project project) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(ComponentAccessor.getPermissionSchemeManager().getGroups(Long.valueOf(i), project));
        hashSet.addAll(ComponentAccessor.getGlobalPermissionManager().getGroupsWithPermission(i));
        return hashSet;
    }

    public Collection<GenericValue> getProjects(int i, User user) {
        if (isGlobalPermission(i)) {
            throw new IllegalArgumentException("Permission type passed must NOT be a global permission " + i + " is global");
        }
        return getProjectsWithPermission(ComponentAccessor.getProjectManager().getProjects(), i, user);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean withPermissionOverriding(boolean z, final ProjectPermissionKey projectPermissionKey, final Project project, final ApplicationUser applicationUser) {
        return (!z || ProjectPermissions.BROWSE_PROJECTS.equals(projectPermissionKey)) ? z : !((Boolean) Objects.firstNonNull(Boolean.valueOf(Iterables.any(ComponentAccessor.getPluginAccessor().getEnabledModuleDescriptorsByClass(ProjectPermissionOverrideModuleDescriptor.class), new Predicate<ProjectPermissionOverrideModuleDescriptor>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.7
            public boolean apply(ProjectPermissionOverrideModuleDescriptor projectPermissionOverrideModuleDescriptor) {
                return SafePluginPointAccess.safe(new Predicate<ProjectPermissionOverrideModuleDescriptor>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.7.1
                    public boolean apply(ProjectPermissionOverrideModuleDescriptor projectPermissionOverrideModuleDescriptor2) {
                        ProjectPermissionOverride.Decision hasPermission = ((ProjectPermissionOverride) projectPermissionOverrideModuleDescriptor2.getModule()).hasPermission(projectPermissionKey, project, applicationUser);
                        if (DefaultPermissionManager.log.isDebugEnabled() && hasPermission == ProjectPermissionOverride.Decision.DENY) {
                            DefaultPermissionManager.log.debug("Permission check result to project " + project.getKey() + "was overriden by " + projectPermissionOverrideModuleDescriptor2.getCompleteKey());
                        }
                        return hasPermission == ProjectPermissionOverride.Decision.DENY;
                    }
                }).apply(projectPermissionOverrideModuleDescriptor);
            }
        })), false)).booleanValue();
    }

    private Either<Project, Issue> getProjectOrIssue(GenericValue genericValue) {
        Assertions.notNull("entity", genericValue);
        if ("Issue".equals(genericValue.getEntityName())) {
            return Either.right(IssueImpl.getIssueObject(genericValue));
        }
        if ("Project".equals(genericValue.getEntityName())) {
            return Either.left(new ProjectImpl(genericValue));
        }
        throw new IllegalArgumentException("The entity passed must be a Project or an Issue not a " + genericValue.getEntityName());
    }

    @VisibleForTesting
    public void setProjectPermissionTypesManager(ProjectPermissionTypesManager projectPermissionTypesManager) {
        this.projectPermissionTypesManager = projectPermissionTypesManager;
    }
}
