package com.atlassian.bamboo.upgrade.tasks.v5_11;

import com.atlassian.bamboo.persistence.BambooTransactionHibernateTemplate;
import com.atlassian.bamboo.repository.RepositoryDataEntity;
import com.atlassian.bamboo.repository.RepositoryDataEntityImpl;
import com.atlassian.bamboo.repository.RepositoryDefinitionDao;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.GroupPrincipalSid;
import com.atlassian.bamboo.security.acegi.acls.HibernateMutableAclService;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTask;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUser;
import com.atlassian.bamboo.user.BambooUserManager;
import com.google.common.collect.Sets;
import java.io.Serializable;
import java.util.List;
import java.util.Set;
import java.util.stream.Stream;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_11/UpgradeTask51113GrantAdminRepositoryPermission.class */
public class UpgradeTask51113GrantAdminRepositoryPermission extends AbstractUpgradeTask {
    private static final int PAGE_SIZE = 30;
    private static final Logger log = Logger.getLogger(UpgradeTask51113GrantAdminRepositoryPermission.class);

    @Autowired
    private BambooUserManager bambooUserManager;

    @Autowired
    private HibernateMutableAclService aclService;

    @Autowired
    private RepositoryDefinitionDao repositoryDefinitionDao;

    @Autowired
    private BambooTransactionHibernateTemplate bambooTransactionHibernateTemplate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_11/UpgradeTask51113GrantAdminRepositoryPermission$EntitiesGrantedGlobalCreate.class */
    public class EntitiesGrantedGlobalCreate {
        boolean allUsersGranted;
        final Set<String> usersGranted = Sets.newHashSet();
        final Set<String> groupsGranted = Sets.newHashSet();

        public EntitiesGrantedGlobalCreate(@NotNull MutableAcl mutableAcl) {
            this.allUsersGranted = false;
            for (AccessControlEntry accessControlEntry : mutableAcl.getEntries()) {
                if (accessControlEntry.isGranting() && (accessControlEntry.getPermission().equals(BambooPermission.CREATE) || accessControlEntry.getPermission().equals(BambooPermission.ADMINISTRATION) || accessControlEntry.getPermission().equals(BambooPermission.RESTRICTEDADMINISTRATION))) {
                    PrincipalSid sid = accessControlEntry.getSid();
                    if (sid instanceof PrincipalSid) {
                        this.usersGranted.add(sid.getPrincipal());
                    } else if (sid instanceof GroupPrincipalSid) {
                        this.groupsGranted.add(((GroupPrincipalSid) sid).getPrincipal());
                    } else if (sid.equals(new GrantedAuthoritySid(Authority.USER))) {
                        this.allUsersGranted = true;
                    }
                }
            }
        }
    }

    public UpgradeTask51113GrantAdminRepositoryPermission() {
        super("Grant ADMIN permission on repository to users, groups and roles with CREATE and VIEW permission");
    }

    public void doUpgrade() throws Exception {
        EntitiesGrantedGlobalCreate entitiesGrantedGlobalCreate = (EntitiesGrantedGlobalCreate) this.bambooTransactionHibernateTemplate.execute(session -> {
            return new EntitiesGrantedGlobalCreate(this.aclService.getAclOfGlobalPermission());
        });
        List globalRepositoryDefinitions = this.repositoryDefinitionDao.getGlobalRepositoryDefinitions();
        long size = globalRepositoryDefinitions.size();
        for (int i = 0; i < size; i += PAGE_SIZE) {
            int i2 = i;
            this.bambooTransactionHibernateTemplate.doWork(connection -> {
                globalRepositoryDefinitions.stream().skip(i2).limit(30L).forEach(repositoryDataEntity -> {
                    upgradeRepositoryAcls(repositoryDataEntity, entitiesGrantedGlobalCreate);
                });
            });
        }
    }

    private void upgradeRepositoryAcls(RepositoryDataEntity repositoryDataEntity, EntitiesGrantedGlobalCreate entitiesGrantedGlobalCreate) {
        HibernateObjectIdentityImpl hibernateObjectIdentityImpl = new HibernateObjectIdentityImpl(RepositoryDataEntityImpl.class, Long.valueOf(repositoryDataEntity.getId()));
        try {
            MutableAcl readMutableAclById = this.aclService.readMutableAclById(hibernateObjectIdentityImpl);
            boolean z = false;
            for (AccessControlEntry accessControlEntry : readMutableAclById.getEntries()) {
                if (accessControlEntry.getPermission().equals(BambooPermission.READ) && accessControlEntry.isGranting() && !BambooAcegiSecurityUtils.isGranted(readMutableAclById, BambooPermission.ADMINISTRATION, accessControlEntry.getSid()) && hasGlobalCreate(accessControlEntry.getSid(), entitiesGrantedGlobalCreate)) {
                    readMutableAclById.insertAce((Serializable) null, BambooPermission.ADMINISTRATION, accessControlEntry.getSid(), accessControlEntry.isGranting());
                    z = true;
                }
            }
            if (z) {
                this.aclService.updateAcl(readMutableAclById);
            }
        } catch (NotFoundException e) {
            log.warn("No acl found for repository " + repositoryDataEntity.getId());
            this.aclService.createAcl(hibernateObjectIdentityImpl);
        }
    }

    private boolean hasGlobalCreate(@NotNull Sid sid, @NotNull EntitiesGrantedGlobalCreate entitiesGrantedGlobalCreate) {
        if (!(sid instanceof PrincipalSid)) {
            return sid instanceof GroupPrincipalSid ? entitiesGrantedGlobalCreate.allUsersGranted || entitiesGrantedGlobalCreate.groupsGranted.contains(sid) : entitiesGrantedGlobalCreate.allUsersGranted && sid.equals(new GrantedAuthoritySid(Authority.USER));
        }
        if (entitiesGrantedGlobalCreate.allUsersGranted || entitiesGrantedGlobalCreate.usersGranted.contains(((PrincipalSid) sid).getPrincipal())) {
            return true;
        }
        BambooUser bambooUser = this.bambooUserManager.getBambooUser(((PrincipalSid) sid).getPrincipal());
        if (bambooUser == null) {
            return false;
        }
        Stream stream = this.bambooUserManager.getGroupNamesAsList(bambooUser.getUser()).stream();
        Set<String> set = entitiesGrantedGlobalCreate.groupsGranted;
        set.getClass();
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }
}
