package com.atlassian.bamboo.configuration;

import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.GroupPrincipalSid;
import com.atlassian.bamboo.security.acegi.acls.HibernateAclImpl;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.ww2.aware.permissions.GlobalAdminSecurityAware;
import com.google.common.collect.Lists;
import com.opensymphony.xwork.ActionContext;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/bamboo/configuration/ConfigureGlobalPermissions.class */
public class ConfigureGlobalPermissions extends AbstractPermissionAction implements GlobalAdminSecurityAware {
    private static final Logger log = Logger.getLogger(ConfigureGlobalPermissions.class);

    @Override // com.atlassian.bamboo.ww2.BambooActionSupport
    public String execute() throws Exception {
        return (getActionErrors().isEmpty() && getFieldErrors().isEmpty()) ? ((getAddUserPrincipal() == null || !"Add".equals(getAddUserPrincipal())) && (getAddGroupPrincipal() == null || !"Add".equals(getAddGroupPrincipal()))) ? doSaveAllPermissions() : "Group".equals(getPrincipalType()) ? doAddGroupPrincipal() : doAddUserPrincipal() : "input";
    }

    public String doSaveAllPermissions() {
        Map parameters = ActionContext.getContext().getParameters();
        MutableAcl acl = getAcl();
        List buildPermissionListFromRequest = this.aclUpdateHelper.buildPermissionListFromRequest(parameters);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        this.aclUpdateHelper.buildPermissionAndUserGroupListsFromAcl(arrayList, arrayList2, arrayList3, arrayList4, getAcl(), hasGlobalAdminPermission(), getBambooPermissionManager());
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.addAll(buildPermissionListFromRequest);
        newArrayList.addAll(arrayList4);
        validateSaveAllPermissions(newArrayList);
        if (!hasActionErrors()) {
            this.aclService.updateAclAces(acl, newArrayList);
            addActionMessage("Permissions have been successfully updated.");
            return "success";
        }
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        this.aclUpdateHelper.buildUserGroupListsFromPermissions(buildPermissionListFromRequest, arrayList5, arrayList6);
        setGrantedPermissions(buildPermissionListFromRequest);
        setGrantedUsers(arrayList5);
        setGrantedGroups(arrayList6);
        return "input";
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    public void validateSaveAllPermissions(List list) {
        String determineNameFromPermission = BambooPermission.determineNameFromPermission(BambooPermission.ADMINISTRATION);
        String determineNameFromPermission2 = BambooPermission.determineNameFromPermission(BambooPermission.RESTRICTEDADMINISTRATION);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.endsWith(determineNameFromPermission) && !str.endsWith(determineNameFromPermission2)) {
                return;
            }
        }
        addActionError("There must at least be one global administrator.");
    }

    public String doAddUserPrincipal() throws Exception {
        if (getBambooUserManager().getBambooUser(getNewUser()) == null) {
            addActionError("The user you specified is not valid.");
            return "input";
        }
        if (!hasEditPermissionForUserName(getNewUser())) {
            addActionError(getText("user.admin.error.noSufficientRights"));
            return "input";
        }
        MutableAcl acl = getAcl();
        acl.insertAce((Serializable) null, BambooPermission.READ, new PrincipalSid(getNewUser()), true);
        updateAcl(acl);
        return "input";
    }

    public String doAddGroupPrincipal() throws Exception {
        if (getBambooUserManager().getGroup(getNewGroup()) == null) {
            addActionError("The group you specified is not valid");
            return "input";
        }
        if (!hasEditPermissionForGroup(getNewGroup())) {
            addActionError(getText("group.admin.error.noSufficientRights"));
            return "input";
        }
        MutableAcl acl = getAcl();
        acl.insertAce((Serializable) null, BambooPermission.READ, new GroupPrincipalSid(getNewGroup()), true);
        updateAcl(acl);
        return "input";
    }

    private void updateAcl(MutableAcl mutableAcl) {
        this.aclService.updateAcl(mutableAcl);
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    public MutableAcl getAcl() {
        if (this.acl == null) {
            HibernateObjectIdentityImpl hibernateObjectIdentityImpl = new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.INSTANCE);
            try {
                this.acl = this.aclService.readAclById(hibernateObjectIdentityImpl);
            } catch (NotFoundException e) {
                log.warn("Bamboo cannot find a access control entry for the global application. Creating a new one.");
                this.acl = this.aclService.createAcl(hibernateObjectIdentityImpl);
                PrincipalSid principalSid = new PrincipalSid(getUser().getName());
                this.acl = new HibernateAclImpl(new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.class, GlobalApplicationSecureObject.INSTANCE.getId()), (Acl) null, true, principalSid);
                this.acl.insertAce((Serializable) null, BambooPermission.ADMINISTRATION, principalSid, true);
            }
        }
        return this.acl;
    }

    @Override // com.atlassian.bamboo.ww2.actions.build.admin.BuildConfigurationSupport, com.atlassian.bamboo.ww2.BambooActionSupport, com.atlassian.bamboo.ww2.aware.permissions.DomainObjectSecurityAware
    public Object getSecuredDomainObject() {
        return GlobalApplicationSecureObject.INSTANCE;
    }
}
