package com.atlassian.stash.internal.user;

import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.web.conditions.AbstractPermissionCondition;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.plugin.connect.bitbucket.web.context.BitbucketModuleContextFilter;
import com.atlassian.stash.internal.AbstractHibernateDao;
import com.atlassian.stash.internal.ApplicationConstants;
import com.atlassian.stash.internal.hibernate.HibernatePageUtils;
import com.google.common.collect.Collections2;
import java.util.Collections;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hibernate.criterion.Subqueries;
import org.hibernate.sql.JoinType;
import org.hibernate.type.IntegerType;
import org.hibernate.type.Type;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;

@Repository("effectivePermissionDao")
/* loaded from: input_file:WEB-INF/lib/bitbucket-dao-impl-5.16.0.jar:com/atlassian/stash/internal/user/HibernateEffectivePermissionDao.class */
public class HibernateEffectivePermissionDao extends AbstractHibernateDao<Long, InternalScopedPermission> implements EffectivePermissionDao {
    @Autowired
    public HibernateEffectivePermissionDao(SessionFactory sessionFactory) {
        super(sessionFactory);
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    @Nonnull
    public Page<InternalScopedPermission> findByGroup(@Nonnull String str, @Nonnull PageRequest pageRequest) {
        return HibernatePageUtils.pageQuery(session().createQuery("select p from InternalScopedPermission p, InternalPermissionType t where p.permission = t.id and p.user is null and p.group = :groupName order by id asc", InternalScopedPermission.class).setParameter("groupName", (Object) IdentifierUtils.toLowerCase(str)), pageRequest);
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    @Nonnull
    public Page<InternalScopedPermission> findByUserId(@Nonnull Integer num, @Nonnull PageRequest pageRequest) {
        return HibernatePageUtils.pageQuery(session().createQuery("select p from InternalScopedPermission p, InternalPermissionType t where p.permission = t.id and p.user = :userId and p.group is null order by id asc", InternalScopedPermission.class).setParameter("userId", (Object) num, (Type) IntegerType.INSTANCE), pageRequest);
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    @Nonnull
    public Page<String> findGroups(@Nonnull Permission permission, @Nonnull PageRequest pageRequest) {
        return HibernatePageUtils.pageCriteria(DetachedCriteria.forClass(InternalGlobalPermission.class).add(Restrictions.in(AbstractPermissionCondition.PERMISSION, permission.getInheritingPermissions())).add(Restrictions.isNull("user")).add(Restrictions.isNotNull("group")).addOrder(Order.asc("group")).setProjection(Projections.distinct(Projections.property("group"))).getExecutableCriteria(session()).setCacheable(true).setCacheRegion(ApplicationConstants.QUERY_CACHE_PERMISSIONS), pageRequest);
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    @Nonnull
    public Page<ApplicationUser> findUsers(@Nonnull Permission permission, @Nonnull PageRequest pageRequest, @Nonnull Predicate<? super ApplicationUser> predicate) {
        return HibernatePageUtils.pageCriteria(session().createCriteria(InternalNormalUser.class).add(Subqueries.propertyIn("id", DetachedCriteria.forClass(InternalGlobalPermission.class).add(Restrictions.in(AbstractPermissionCondition.PERMISSION, permission.getInheritingPermissions())).add(Restrictions.isNotNull("user")).add(Restrictions.isNull("group")).setProjection(Projections.distinct(Projections.property("user.id"))))).addOrder(Order.asc("username")), pageRequest, predicate, session());
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    public boolean isGrantedToGroup(@Nonnull GroupPermissionCriteria groupPermissionCriteria) {
        DetachedCriteria projection = DetachedCriteria.forClass(InternalScopedPermission.class).add(Restrictions.in(AbstractPermissionCondition.PERMISSION, groupPermissionCriteria.getPermission().getInheritingPermissions())).add(Restrictions.isNull("user")).add(Restrictions.or(Restrictions.isNull("group"), Restrictions.in("group", Collections2.transform(groupPermissionCriteria.getGroups(), IdentifierUtils.TO_LOWER_CASE)))).setProjection(Projections.count("id"));
        includeResourceIds(groupPermissionCriteria, projection);
        return ((Long) projection.getExecutableCriteria(session()).setCacheable(true).setCacheRegion(ApplicationConstants.QUERY_CACHE_PERMISSIONS).uniqueResult()).longValue() > 0;
    }

    @Override // com.atlassian.stash.internal.user.EffectivePermissionDao
    public boolean isGrantedToUser(@Nonnull UserPermissionCriteria userPermissionCriteria) {
        DetachedCriteria add = DetachedCriteria.forClass(InternalScopedPermission.class).add(Restrictions.in(AbstractPermissionCondition.PERMISSION, userPermissionCriteria.getPermission().getInheritingPermissions())).add(Restrictions.or(Restrictions.isNull("user"), Restrictions.eq("user.id", Integer.valueOf(userPermissionCriteria.getUserId())))).add(Restrictions.isNull("group"));
        includeResourceIds(userPermissionCriteria, add);
        return ((Long) add.getExecutableCriteria(session()).setProjection(Projections.count("id")).uniqueResult()).longValue() > 0;
    }

    @Override // com.atlassian.stash.internal.AbstractHibernateDao
    protected Iterable<Order> getImplicitOrder() {
        return Collections.singleton(Order.asc("id"));
    }

    private void includeResourceIds(PermissionCriteria permissionCriteria, DetachedCriteria detachedCriteria) {
        Permission permission = permissionCriteria.getPermission();
        Integer projectId = permissionCriteria.getProjectId();
        Integer repositoryId = permissionCriteria.getRepositoryId();
        if (permission.isGlobal()) {
            detachedCriteria.add(Restrictions.isNull("project")).add(Restrictions.isNull("repository"));
            return;
        }
        if (permission.isResource(Project.class) && !Permission.PROJECT_VIEW.equals(permission)) {
            detachedCriteria.add(Restrictions.isNull("repository"));
            if (projectId != null) {
                detachedCriteria.add(Restrictions.or(Restrictions.isNull("project"), Restrictions.eq("project.id", projectId)));
                return;
            }
            return;
        }
        if (!permission.isResource(com.atlassian.bitbucket.repository.Repository.class) && !Permission.PROJECT_VIEW.equals(permission)) {
            throw new IllegalArgumentException("Unsupported permission: " + permission);
        }
        if (projectId == null && repositoryId == null) {
            return;
        }
        Disjunction disjunction = Restrictions.disjunction();
        disjunction.add(Restrictions.and(Restrictions.isNull("project"), Restrictions.isNull("repository")));
        if (projectId != null) {
            disjunction.add(Restrictions.eq("project.id", projectId));
        }
        if (repositoryId != null) {
            disjunction.add(Restrictions.eq(BitbucketModuleContextFilter.REPOSITORY_ID, repositoryId));
        } else if (Permission.PROJECT_VIEW.equals(permission)) {
            detachedCriteria.createAlias("repository", "joinRepository", JoinType.LEFT_OUTER_JOIN);
            disjunction.add(Restrictions.eq("joinRepository.project.id", projectId));
        }
        detachedCriteria.add(disjunction);
    }
}
