package com.atlassian.stash.internal.user;

import com.atlassian.bitbucket.auth.SimpleAuthentication;
import com.atlassian.bitbucket.permission.EffectivePermission;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.permission.PermissionVote;
import com.atlassian.bitbucket.permission.PermissionVoter;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.server.FeatureManager;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.util.PagedIterable;
import com.atlassian.bitbucket.util.Timer;
import com.atlassian.bitbucket.util.TimerUtils;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.internal.AbstractService;
import com.atlassian.stash.internal.CommonValidations;
import com.atlassian.stash.internal.annotation.NotProfiled;
import com.atlassian.stash.internal.page.PageConstants;
import com.atlassian.stash.internal.permission.GrantedPermissionVoterProvider;
import com.atlassian.stash.internal.permission.PermissionVoterFactory;
import com.atlassian.stash.internal.permission.SimplePermissionCheck;
import com.atlassian.stash.internal.project.InternalProject;
import com.atlassian.stash.internal.project.ProjectDao;
import com.atlassian.stash.internal.repository.InternalRepository;
import com.atlassian.stash.internal.repository.RepositoryDao;
import com.atlassian.stash.internal.user.GroupPermissionCriteria;
import com.atlassian.stash.internal.user.UserPermissionCriteria;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Collections2;
import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
import com.google.common.primitives.Ints;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@NotProfiled
@AvailableToPlugins(PermissionService.class)
@Service("permissionService")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-5.16.0.jar:com/atlassian/stash/internal/user/PermissionServiceImpl.class */
public class PermissionServiceImpl extends AbstractService implements InternalPermissionService {
    public static final int GROUP_PAGESIZE = 1000;
    public static final String GROUP_PERMISSION_SEARCH = "Group Permission Search";
    public static final int USER_GROUP_PAGE_LIMIT = 500;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PermissionServiceImpl.class);
    private final InternalAuthenticationContext authenticationContext;
    private final EffectivePermissionDao effectivePermissionDao;
    private final GrantedPermissionVoterProvider grantedPermissionVoterProvider;
    private final ProjectDao projectDao;
    private final RepositoryDao repositoryDao;
    private final RepositoryPermissionDao repositoryPermissionDao;
    private FeatureManager featureManager;
    private PermissionVoterFactory permissionVoterFactory;
    private UserService userService;

    @Value(PageConstants.MAX_USERS)
    private int maxUserPageSize;

    @Autowired
    public PermissionServiceImpl(InternalAuthenticationContext internalAuthenticationContext, EffectivePermissionDao effectivePermissionDao, GrantedPermissionVoterProvider grantedPermissionVoterProvider, ProjectDao projectDao, RepositoryDao repositoryDao, RepositoryPermissionDao repositoryPermissionDao) {
        this.authenticationContext = internalAuthenticationContext;
        this.effectivePermissionDao = effectivePermissionDao;
        this.grantedPermissionVoterProvider = grantedPermissionVoterProvider;
        this.projectDao = projectDao;
        this.repositoryDao = repositoryDao;
        this.repositoryPermissionDao = repositoryPermissionDao;
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasGlobalPermission(String str, @Nonnull Permission permission) {
        return hasGlobalPermission(str == null ? null : findUserByName(str), permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasGlobalPermission(ApplicationUser applicationUser, @Nonnull Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return hasPermission(applicationUser, (ApplicationUser) null, permission);
    }

    @Override // com.atlassian.stash.internal.user.InternalPermissionService
    public boolean hasGlobalPermission(StashUserAuthenticationToken stashUserAuthenticationToken, Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) null, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasGlobalPermission(@Nonnull Permission permission) {
        return hasGlobalPermission(this.authenticationContext.getCurrentToken(), permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasAnyUserPermission(@Nonnull ApplicationUser applicationUser, @Nonnull Permission permission) {
        Objects.requireNonNull(applicationUser, "user");
        CommonValidations.validateResourcePermission(permission);
        return hasPermission(applicationUser, (ApplicationUser) null, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasAnyUserPermission(@Nonnull Permission permission) {
        StashUserAuthenticationToken currentToken = this.authenticationContext.getCurrentToken();
        return currentToken != null && hasAnyUserPermission(currentToken, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasProjectPermission(ApplicationUser applicationUser, @Nonnull Project project, @Nonnull Permission permission) {
        Objects.requireNonNull(project, "project");
        CommonValidations.validateProjectPermission(permission);
        return hasPermission(applicationUser, (ApplicationUser) project, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasProjectPermission(@Nonnull Project project, @Nonnull Permission permission) {
        return hasProjectPermission(this.authenticationContext.getCurrentToken(), project, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasProjectPermission(int i, @Nonnull Permission permission) {
        return hasProjectPermission(this.authenticationContext.getCurrentToken(), i, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasProjectPermission(ApplicationUser applicationUser, int i, @Nonnull Permission permission) {
        CommonValidations.validateProjectPermission(permission);
        InternalProject byId = this.projectDao.getById(Integer.valueOf(i));
        return byId == null || hasPermission(applicationUser, (ApplicationUser) byId, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasDirectGlobalUserPermission(@Nonnull Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return hasDirectUserPermission(this.authenticationContext.getCurrentToken(), (Object) null, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasDirectProjectUserPermission(@Nonnull Project project, @Nonnull Permission permission) {
        Objects.requireNonNull(project, "project");
        CommonValidations.validateProjectPermission(permission);
        return hasDirectUserPermission(this.authenticationContext.getCurrentToken(), project, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasDirectRepositoryUserPermission(@Nonnull Repository repository, @Nonnull Permission permission) {
        Objects.requireNonNull(repository, "repository");
        CommonValidations.validateRepositoryPermission(permission);
        return hasDirectUserPermission(this.authenticationContext.getCurrentToken(), repository, permission);
    }

    private boolean hasDirectUserPermission(StashUserAuthenticationToken stashUserAuthenticationToken, Object obj, Permission permission) {
        return stashUserAuthenticationToken != null && hasDirectUserPermission(stashUserAuthenticationToken.getPrincipal(), obj, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasGlobalGroupPermission(@Nonnull Permission permission, @Nonnull String str) {
        CommonValidations.validateGlobalPermission(permission);
        CommonValidations.validateGroup(str);
        return this.effectivePermissionDao.isGrantedToGroup(new GroupPermissionCriteria.Builder(str).permission(permission).build());
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean isProjectAccessible(@Nonnull Project project) {
        Objects.requireNonNull(project, "project");
        return hasProjectPermission(project, Permission.PROJECT_VIEW) || isPubliclyAccessible(project);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean isProjectAccessible(int i) {
        InternalProject byId = this.projectDao.getById(Integer.valueOf(i));
        return byId != null && isProjectAccessible(byId);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean isRepositoryAccessible(@Nonnull Repository repository) {
        Objects.requireNonNull(repository, "repository");
        return hasRepositoryPermission(repository, Permission.REPO_READ) || isPubliclyAccessible(repository);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean isRepositoryAccessible(int i) {
        InternalRepository byId = this.repositoryDao.getById(Integer.valueOf(i));
        return byId != null && isRepositoryAccessible(byId);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    @Transactional(propagation = Propagation.SUPPORTS)
    public boolean isPubliclyAccessible(@Nonnull Repository repository) {
        Objects.requireNonNull(repository, "repository");
        return this.featureManager.isEnabled(StandardFeature.PUBLIC_ACCESS) && (repository.isPublic() || repository.getProject().isPublic());
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean isPubliclyAccessible(@Nonnull Project project) {
        Objects.requireNonNull(project, "project");
        return this.featureManager.isEnabled(StandardFeature.PUBLIC_ACCESS) && (project.isPublic() || this.repositoryDao.countPublicByProject(project.getId()) > 0);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    @Nonnull
    public Page<ApplicationUser> getGrantedUsers(@Nonnull Permission permission, @Nonnull PageRequest pageRequest) {
        CommonValidations.validateGlobalPermission(permission);
        Objects.requireNonNull(pageRequest, "request");
        return this.effectivePermissionDao.findUsers(permission, pageRequest, (v0) -> {
            return v0.isActive();
        });
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    @Nonnull
    public Page<String> getGrantedGroups(@Nonnull Permission permission, @Nonnull PageRequest pageRequest) {
        CommonValidations.validateGlobalPermission(permission);
        Objects.requireNonNull(pageRequest, "request");
        return this.effectivePermissionDao.findGroups(permission, pageRequest);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasGlobalPermissionThroughGroupMembership(@Nonnull Permission permission, @Nonnull Set<String> set) {
        CommonValidations.validateGlobalPermission(permission);
        CommonValidations.validateGroups(set);
        return hasPermissionsThroughGroup(this.authenticationContext.getCurrentToken(), null, permission, set);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasProjectPermissionThroughGroupMembership(@Nonnull Project project, @Nonnull Permission permission, @Nonnull Set<String> set) {
        Objects.requireNonNull(project, "project");
        CommonValidations.validateProjectPermission(permission);
        CommonValidations.validateGroups(set);
        return hasPermissionsThroughGroup(this.authenticationContext.getCurrentToken(), project, permission, set);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasRepositoryPermissionThroughGroupMembership(@Nonnull Repository repository, @Nonnull Permission permission, @Nonnull Set<String> set) {
        Objects.requireNonNull(repository, "repository");
        CommonValidations.validateRepositoryPermission(permission);
        CommonValidations.validateGroups(set);
        return hasPermissionsThroughGroup(this.authenticationContext.getCurrentToken(), repository, permission, set);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasRepositoryPermission(ApplicationUser applicationUser, @Nonnull Repository repository, @Nonnull Permission permission) {
        Objects.requireNonNull(repository, "repository");
        CommonValidations.validateRepositoryPermission(permission);
        return hasPermission(applicationUser, (ApplicationUser) repository, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasRepositoryPermission(ApplicationUser applicationUser, int i, @Nonnull Permission permission) {
        InternalRepository byId = this.repositoryDao.getById(Integer.valueOf(i));
        return byId == null || hasRepositoryPermission(applicationUser, byId, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasRepositoryPermission(@Nonnull Repository repository, @Nonnull Permission permission) {
        return hasRepositoryPermission(this.authenticationContext.getCurrentToken(), repository, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasRepositoryPermission(int i, @Nonnull Permission permission) {
        return hasRepositoryPermission(this.authenticationContext.getCurrentToken(), i, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasUserPermission(@Nonnull ApplicationUser applicationUser, @Nonnull ApplicationUser applicationUser2, @Nonnull Permission permission) {
        Objects.requireNonNull(applicationUser, "user");
        Objects.requireNonNull(applicationUser2, "targetUser");
        return hasPermission(applicationUser, applicationUser2, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasUserPermission(@Nonnull ApplicationUser applicationUser, int i, @Nonnull Permission permission) {
        Objects.requireNonNull(applicationUser, "user");
        ApplicationUser userById = this.userService.getUserById(i);
        return userById == null || hasPermission(applicationUser, userById, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasUserPermission(@Nonnull ApplicationUser applicationUser, @Nonnull Permission permission) {
        return hasUserPermission(this.authenticationContext.getCurrentToken(), applicationUser, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasUserPermission(int i, @Nonnull Permission permission) {
        return hasUserPermission(this.authenticationContext.getCurrentToken(), i, permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public boolean hasUserPermission(@Nonnull Permission permission) {
        return hasUserPermission(this.authenticationContext.getCurrentToken(), this.authenticationContext.getCurrentUser(), permission);
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    @Nonnull
    public Set<String> getUsersWithPermission(@Nonnull Permission permission) {
        CommonValidations.validateGlobalPermission(permission);
        return (Set) Stream.concat(usersWithPermission(permission), usersFromGroupsWithPermission(permission)).filter((v0) -> {
            return v0.isActive();
        }).map((v0) -> {
            return v0.getName();
        }).map(IdentifierUtils::toLowerCase).collect(Collectors.toSet());
    }

    @Override // com.atlassian.stash.internal.user.InternalPermissionService
    public int getCountOfAccessibleRepositories(@Nonnull Project project) {
        Objects.requireNonNull(project, "project");
        StashUserAuthenticationToken currentToken = this.authenticationContext.getCurrentToken();
        if (hasProjectPermission(currentToken, project, Permission.PROJECT_READ)) {
            return Ints.saturatedCast(this.repositoryDao.countByProject(((Project) Objects.requireNonNull(project, "project")).getId()));
        }
        if (currentToken == null || currentToken.getPrincipal() == null) {
            return 0;
        }
        ApplicationUser principal = currentToken.getPrincipal();
        return Ints.saturatedCast(this.repositoryPermissionDao.countWithPermission(principal.getId(), getAllGroups(principal.getName()), project.getId()));
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public Permission getHighestGlobalPermission(ApplicationUser applicationUser) {
        if (isNullOrInactive(applicationUser)) {
            return null;
        }
        for (Permission permission : getOrderedGlobalPermissions()) {
            if (hasGlobalPermission(applicationUser, permission)) {
                return permission;
            }
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public Permission getHighestGlobalPermission(String str) {
        ApplicationUser findUserByName = str != null ? findUserByName(str) : null;
        if (findUserByName != null) {
            return getHighestGlobalPermission(findUserByName);
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    public Permission getHighestGlobalGroupPermission(String str) {
        if (str == null) {
            return null;
        }
        for (Permission permission : getOrderedGlobalPermissions()) {
            if (hasGlobalGroupPermission(permission, str)) {
                return permission;
            }
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.permission.PermissionService
    @Nonnull
    public Iterable<EffectivePermission> getEffectivePermissions(@Nonnull ApplicationUser applicationUser) {
        return this.grantedPermissionVoterProvider.getEffectivePermissions(applicationUser);
    }

    @Autowired
    public void setFeatureManager(FeatureManager featureManager) {
        this.featureManager = featureManager;
    }

    @Autowired
    public void setPermissionVoterFactory(PermissionVoterFactory permissionVoterFactory) {
        this.permissionVoterFactory = permissionVoterFactory;
    }

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @VisibleForTesting
    PartitionedGroups getAllGroups(String str) {
        return partitionGroups(new PagedIterable<>(pageRequest -> {
            return this.userService.findGroupsByUser(str, pageRequest);
        }, 500), 500);
    }

    @Nonnull
    private PermissionVoter createPermissionVoter(@Nullable ApplicationUser applicationUser) {
        return this.permissionVoterFactory.create(SimpleAuthentication.builder(applicationUser).build());
    }

    private static boolean isNullOrInactive(ApplicationUser applicationUser) {
        return applicationUser == null || (!applicationUser.isActive() && applicationUser.getType() == UserType.NORMAL);
    }

    private ApplicationUser findUserByName(String str) {
        return this.userService.getUserByName(str);
    }

    private List<Permission> getOrderedGlobalPermissions() {
        ArrayList arrayList = new ArrayList(Permission.getGlobalPermissions());
        arrayList.sort((permission, permission2) -> {
            if (permission == permission2) {
                return 0;
            }
            return Integer.compare(permission2.getWeight(), permission.getWeight());
        });
        return arrayList;
    }

    private boolean hasAnyUserPermission(StashUserAuthenticationToken stashUserAuthenticationToken, Permission permission) {
        CommonValidations.validateResourcePermission(permission);
        return hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) null, permission);
    }

    private boolean hasDirectUserPermission(ApplicationUser applicationUser, Object obj, Permission permission) {
        if (isNullOrInactive(applicationUser)) {
            return false;
        }
        Integer valueOf = Integer.valueOf(applicationUser.getId());
        if (valueOf.intValue() == 0) {
            return false;
        }
        boolean isGrantedToUser = this.effectivePermissionDao.isGrantedToUser(new UserPermissionCriteria.Builder(valueOf.intValue()).permission(permission).resource(obj).build());
        if (isGrantedToUser) {
            log.trace("{}: {}, or an inheriting permission, has been explicit granted", applicationUser.getName(), permission);
        } else {
            log.trace("{}: {} has not been explicitly granted", applicationUser.getName(), permission);
        }
        return isGrantedToUser;
    }

    private <T> boolean hasPermission(@Nullable StashUserAuthenticationToken stashUserAuthenticationToken, @Nullable T t, @Nonnull Permission permission) {
        return stashUserAuthenticationToken == null ? hasPermission(null, t, permission, createPermissionVoter(null)) : hasPermission(stashUserAuthenticationToken.getPrincipal(), t, permission, stashUserAuthenticationToken.getVoter());
    }

    private <T> boolean hasPermission(@Nullable ApplicationUser applicationUser, @Nullable T t, @Nonnull Permission permission) {
        return hasPermission(applicationUser, t, permission, createPermissionVoter(applicationUser));
    }

    private <T> boolean hasPermission(@Nullable ApplicationUser applicationUser, @Nullable T t, @Nonnull Permission permission, @Nonnull PermissionVoter permissionVoter) {
        log.trace("user = {}, resource = {}, requested permission = {}", applicationUser, t, permission);
        return permissionVoter.vote(SimplePermissionCheck.builder(permission).resource(t).build()) == PermissionVote.GRANT;
    }

    private boolean hasPermissionsThroughGroup(Principal principal, Object obj, Permission permission, Set<String> set) {
        String name = principal.getName();
        Timer start = TimerUtils.start(GROUP_PERMISSION_SEARCH);
        Throwable th = null;
        try {
            Page<String> findGroupsByUser = this.userService.findGroupsByUser(name, PageUtils.newRequest(0, 500));
            while (true) {
                HashSet newHashSet = Sets.newHashSet(findGroupsByUser.getValues());
                Iterables.removeAll(newHashSet, Collections2.transform(set, IdentifierUtils.TO_LOWER_CASE));
                if (newHashSet.isEmpty()) {
                    log.trace("All groups on the page have been excluded");
                } else {
                    log.trace("Testing for permission against {} groups", Integer.valueOf(newHashSet.size()));
                    if (this.effectivePermissionDao.isGrantedToGroup(new GroupPermissionCriteria.Builder(newHashSet).permission(permission).resource(obj).build())) {
                        log.trace("{}: Permission {} granted by group membership", name, permission);
                        if (start != null) {
                            if (0 != 0) {
                                try {
                                    start.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                start.close();
                            }
                        }
                        return true;
                    }
                }
                if (findGroupsByUser.getIsLastPage()) {
                    log.trace("{}: All group memberships have been exhausted", name);
                    log.trace("permission not granted by any group membership");
                    if (start != null) {
                        if (0 != 0) {
                            try {
                                start.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            start.close();
                        }
                    }
                    return false;
                }
                log.trace("{}: Loading next page of groups", name);
                findGroupsByUser = this.userService.findGroupsByUser(name, findGroupsByUser.getNextPageRequest());
            }
        } catch (Throwable th4) {
            if (start != null) {
                if (0 != 0) {
                    try {
                        start.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    start.close();
                }
            }
            throw th4;
        }
    }

    private boolean hasProjectPermission(StashUserAuthenticationToken stashUserAuthenticationToken, Project project, Permission permission) {
        Objects.requireNonNull(project, "project");
        CommonValidations.validateProjectPermission(permission);
        return hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) project, permission);
    }

    private boolean hasProjectPermission(StashUserAuthenticationToken stashUserAuthenticationToken, int i, Permission permission) {
        CommonValidations.validateProjectPermission(permission);
        InternalProject byId = this.projectDao.getById(Integer.valueOf(i));
        return byId == null || hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) byId, permission);
    }

    private boolean hasRepositoryPermission(StashUserAuthenticationToken stashUserAuthenticationToken, Repository repository, Permission permission) {
        Objects.requireNonNull(repository, "repository");
        CommonValidations.validateRepositoryPermission(permission);
        return hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) repository, permission);
    }

    private boolean hasRepositoryPermission(StashUserAuthenticationToken stashUserAuthenticationToken, int i, Permission permission) {
        InternalRepository byId = this.repositoryDao.getById(Integer.valueOf(i));
        return byId == null || hasRepositoryPermission(stashUserAuthenticationToken, byId, permission);
    }

    private boolean hasUserPermission(StashUserAuthenticationToken stashUserAuthenticationToken, ApplicationUser applicationUser, Permission permission) {
        Objects.requireNonNull(applicationUser, "targetUser");
        CommonValidations.validateUserPermission(permission);
        return hasPermission(stashUserAuthenticationToken, (StashUserAuthenticationToken) applicationUser, permission);
    }

    private boolean hasUserPermission(StashUserAuthenticationToken stashUserAuthenticationToken, int i, Permission permission) {
        ApplicationUser userById = this.userService.getUserById(i);
        return userById == null || hasUserPermission(stashUserAuthenticationToken, userById, permission);
    }

    private PartitionedGroups partitionGroups(PagedIterable<String> pagedIterable, int i) {
        return () -> {
            Iterator it = pagedIterable.iterator();
            return it.hasNext() ? Iterators.partition(it, i) : Collections.singletonList(Collections.emptyList()).iterator();
        };
    }

    private Stream<ApplicationUser> usersFromGroupsWithPermission(@Nonnull Permission permission) {
        return PageUtils.toStream(pageRequest -> {
            return getGrantedGroups(permission, pageRequest);
        }, 1000).flatMap(str -> {
            return PageUtils.toStream(pageRequest2 -> {
                return this.userService.findUsersByGroup(str, pageRequest2);
            }, this.maxUserPageSize);
        });
    }

    private Stream<ApplicationUser> usersWithPermission(@Nonnull Permission permission) {
        return PageUtils.toStream(pageRequest -> {
            return getGrantedUsers(permission, pageRequest);
        }, this.maxUserPageSize);
    }
}
