package com.atlassian.stash.internal.user;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.avatar.AvatarSupplier;
import com.atlassian.bitbucket.avatar.CacheableAvatarSupplier;
import com.atlassian.bitbucket.event.user.UserAvatarUpdatedEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionRequest;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.project.Project;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.ServiceUser;
import com.atlassian.bitbucket.user.UserSearchRequest;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheFactory;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.stash.internal.AbstractService;
import com.atlassian.stash.internal.InternalConverter;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.auth.InternalAuthenticationService;
import com.atlassian.stash.internal.avatar.DataUriAvatarMetaSupplier;
import com.atlassian.stash.internal.avatar.InternalAvatarService;
import com.atlassian.stash.internal.crowd.CrowdControl;
import com.atlassian.stash.internal.page.PageConstants;
import com.atlassian.stash.internal.util.InternalPageUtils;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.sun.istack.localization.Localizable;
import io.atlassian.fugue.Pair;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@AvailableToPlugins(UserService.class)
@Service("userService")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/user/DefaultUserService.class */
public class DefaultUserService extends AbstractService implements InternalUserService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultUserService.class);
    private final InternalAvatarService avatarService;
    private final InternalAuthenticationContext authenticationContext;
    private final InternalAuthenticationService authenticationService;
    private final boolean checkRemoteDirectory;
    private final CrowdControl crowdControl;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final Cache<Pair<Long, String>, Boolean> isUserActive;
    private final PasswordResetHelper passwordResetHelper;
    private final PermissionService permissionService;
    private final ApplicationUserDao userDao;
    private final UserHelper userHelper;

    @Value(PageConstants.MAX_GROUPS)
    private int maxGroupPageSize;

    @Value(PageConstants.MAX_USERS)
    private int maxUserPageSize;

    @Autowired
    public DefaultUserService(@Lazy InternalAvatarService internalAvatarService, InternalAuthenticationContext internalAuthenticationContext, @Lazy InternalAuthenticationService internalAuthenticationService, CacheFactory cacheFactory, CrowdControl crowdControl, EventPublisher eventPublisher, I18nService i18nService, PasswordResetHelper passwordResetHelper, @Lazy PermissionService permissionService, ApplicationUserDao applicationUserDao, UserHelper userHelper, @Value("${auth.remote.cache.cacheSize}") int i, @Value("${auth.remote.cache.ttl}") int i2, @Value("${auth.remote.enabled}") boolean z) {
        this.avatarService = internalAvatarService;
        this.authenticationContext = internalAuthenticationContext;
        this.authenticationService = internalAuthenticationService;
        this.checkRemoteDirectory = z;
        this.crowdControl = crowdControl;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.passwordResetHelper = passwordResetHelper;
        this.permissionService = permissionService;
        this.userDao = applicationUserDao;
        this.userHelper = userHelper;
        this.isUserActive = cacheFactory.getCache("bb.internal.isUserActive", new UserActiveLoader(crowdControl), new CacheSettingsBuilder().local().maxEntries(i).expireAfterWrite(i2, TimeUnit.SECONDS).build());
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @PreAuthorize("hasUserPermission(#user, 'USER_ADMIN')")
    public void deleteAvatar(@Nonnull ApplicationUser applicationUser) {
        this.avatarService.deleteForUser((ApplicationUser) Preconditions.checkNotNull(applicationUser, "user"));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public boolean existsGroup(String str) {
        return this.crowdControl.findGroup(str) != null;
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroups(@Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroups(pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroupsByName(String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByName(stripAndRemoveNulls(str), pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<String> findGroupsByPrefix(String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByPrefix(stripAndRemoveNulls(str), pageRequest.buildRestrictedPageRequest(this.maxGroupPageSize));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("Used in unauthenticated contexts by licensing, permission checks and login processing")
    public Page<String> findGroupsByUser(@Nonnull String str, @Nonnull PageRequest pageRequest) {
        return this.crowdControl.findGroupsByUser(str, null, false, pageRequest).transform(IdentifierUtils::toLowerCase);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<ServiceUser> findServiceUsersByName(String str, @Nonnull PageRequest pageRequest) {
        return PageUtils.asPageOf(ServiceUser.class, this.userDao.findServiceUsersByDisplayName(str, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser findUserByEmail(@Nonnull String str) {
        Preconditions.checkNotNull(str, "email");
        User findUserByProperty = this.crowdControl.findUserByProperty(UserTermKeys.EMAIL, str);
        if (findUserByProperty != null) {
            return getOrCreateMappedUser(findUserByProperty);
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts; it is used for password resets")
    public ApplicationUser findUserByNameOrEmail(@Nonnull String str) {
        ApplicationUser findUserByEmail;
        return (!((String) Preconditions.checkNotNull(str, "value")).contains("@") || (findUserByEmail = findUserByEmail(str)) == null) ? this.userDao.findByName(str) : findUserByEmail;
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<ApplicationUser> findUsers(@Nonnull PageRequest pageRequest) {
        return PageUtils.asPageOf(ApplicationUser.class, this.userHelper.transformOrCreate(this.crowdControl.findUsers(pageRequest.buildRestrictedPageRequest(this.maxUserPageSize))));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("Used in unauthenticated contexts by licensing, permission checks and login processing")
    public Page<ApplicationUser> findUsersByGroup(@Nonnull String str, @Nonnull PageRequest pageRequest) {
        return findUsersByGroup(str, null, pageRequest);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("isAuthenticated()")
    public Page<ApplicationUser> findUsersByName(String str, @Nonnull PageRequest pageRequest) {
        return PageUtils.asPageOf(ApplicationUser.class, this.userHelper.transformOrCreate(this.crowdControl.findUsersByName(str, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize))));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("User avatars are not more privileged than getUserBySlug(String)")
    public CacheableAvatarSupplier getAvatar(@Nonnull ApplicationUser applicationUser, int i) {
        Preconditions.checkNotNull(applicationUser, "user");
        return this.avatarService.getForUser(applicationUser, i);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserByName(@Nonnull String str) {
        return getServiceUserByName(str, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserByName(@Nonnull String str, boolean z) {
        return this.userDao.findServiceUserByName((String) Preconditions.checkNotNull(str, "username"), z);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("This needs to be available in unauthenticated contexts")
    public Set<ServiceUser> getServiceUsersByName(@Nonnull Set<String> set) {
        return getServiceUsersByName(set, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("This needs to be available in unauthenticated contexts")
    public Set<ServiceUser> getServiceUsersByName(@Nonnull Set<String> set, boolean z) {
        return maybeFilterInactive(this.userDao.findServiceUsersByName((Set) Preconditions.checkNotNull(set, "usernames")), z);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ServiceUser getServiceUserBySlug(@Nonnull String str) {
        return this.userDao.findServiceUserBySlug((String) Preconditions.checkNotNull(str, "slug"));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser getUserById(int i) {
        return getUserById(i, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser getUserById(int i, boolean z) {
        return maybeFilterInactive((DefaultUserService) this.userDao.getById(Integer.valueOf(i)), z);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    public ApplicationUser getUserByKey(UserKey userKey) {
        return getUserByKey(userKey, false);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    public ApplicationUser getUserByKey(UserKey userKey, boolean z) {
        if (userKey == null) {
            return null;
        }
        try {
            return getUserById(Integer.parseInt(userKey.getStringValue()), z);
        } catch (NumberFormatException e) {
            return getUserByName(userKey.getStringValue(), z);
        }
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser getUserByName(@Nonnull String str) {
        return getUserByName(str, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Transactional
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser getUserByName(@Nonnull String str, boolean z) {
        String lowerCase = IdentifierUtils.toLowerCase((String) Preconditions.checkNotNull(str, "username"));
        if (this.authenticationContext.isAuthenticated()) {
            ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
            if (lowerCase.equals(currentUser.getName())) {
                return currentUser;
            }
        }
        return maybeFilterInactive((DefaultUserService) this.userDao.findByName(str), z);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public ApplicationUser getUserBySlug(@Nonnull String str) {
        String lowerCase = IdentifierUtils.toLowerCase((String) Preconditions.checkNotNull(str, "slug"));
        if (this.authenticationContext.isAuthenticated()) {
            ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
            if (lowerCase.equals(currentUser.getSlug())) {
                return currentUser;
            }
        }
        return maybeFilterInactive((DefaultUserService) this.userDao.findBySlug(str), false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("This needs to be available to unauthenticated contexts")
    public Set<ApplicationUser> getUsersById(@Nonnull Set<Integer> set) {
        return getUsersById(set, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("This needs to be available in unauthenticated contexts")
    public Set<ApplicationUser> getUsersById(@Nonnull Set<Integer> set, boolean z) {
        return maybeFilterInactive(this.userDao.getByIds(set), z);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("Should be on the same level of permission as getUserByName(String)")
    public Set<ApplicationUser> getUsersByName(@Nonnull Set<String> set) {
        return getUsersByName(set, false);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Unsecured("Should be on the same level of permission as getUserByName(String)")
    public Set<ApplicationUser> getUsersByName(@Nonnull Set<String> set, boolean z) {
        Preconditions.checkNotNull(set, "usernames");
        return maybeFilterInactive(this.userDao.findByNames(set), z);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public boolean isUserActive(@Nonnull ApplicationUser applicationUser) {
        return isUserActive(applicationUser, this.checkRemoteDirectory);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This needs to be available in unauthenticated contexts")
    public boolean isUserActive(@Nonnull ApplicationUser applicationUser, boolean z) {
        Preconditions.checkNotNull(applicationUser, "user");
        InternalNormalUser orElse = InternalNormalUser.fromUser(applicationUser).orElse(null);
        if (orElse == null || !z) {
            return applicationUser.isActive();
        }
        Pair<Long, String> pair = Pair.pair(Long.valueOf(orElse.getBackingCrowdUser().getDirectoryId()), applicationUser.getName());
        if (this.isUserActive.containsKey(pair) && this.isUserActive.get(pair).booleanValue()) {
            return true;
        }
        this.isUserActive.remove(pair);
        return this.isUserActive.get(pair).booleanValue();
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public boolean isUserInGroup(@Nonnull ApplicationUser applicationUser, @Nonnull final String str) {
        Preconditions.checkNotNull(applicationUser, "user");
        Preconditions.checkNotNull(str, "groupName");
        return ((Boolean) InternalConverter.convertToInternalUser(applicationUser).accept(new InternalStashUserVisitor<Boolean>() { // from class: com.atlassian.stash.internal.user.DefaultUserService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.stash.internal.user.InternalStashUserVisitor
            public Boolean visit(@Nonnull InternalNormalUser internalNormalUser) {
                User backingCrowdUser = internalNormalUser.getBackingCrowdUser();
                if (backingCrowdUser == null) {
                    backingCrowdUser = DefaultUserService.this.crowdControl.findUser(internalNormalUser.getUsername(), true);
                    if (backingCrowdUser == null) {
                        return false;
                    }
                }
                return Boolean.valueOf(DefaultUserService.this.crowdControl.isGroupMember(str, backingCrowdUser));
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.stash.internal.user.InternalStashUserVisitor
            public Boolean visit(@Nonnull InternalServiceUser internalServiceUser) {
                return false;
            }
        })).booleanValue();
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Unsecured("This is not restricted by permissions so that SAL tests pass. It should not be exposed via REST")
    public boolean isUserInGroup(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "username");
        Preconditions.checkNotNull(str2, "groupName");
        ApplicationUser userByName = getUserByName(str);
        return userByName != null && isUserInGroup(userByName, str2);
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Nonnull
    @Transactional
    @Unsecured("This should not be more private than findUserByNameOrEmail")
    public Map<String, ApplicationUser> mapUsersByEmail(@Nonnull Set<String> set) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(set.size());
        for (String str : set) {
            ApplicationUser findUserByEmail = findUserByEmail(str);
            if (findUserByEmail != null) {
                newHashMapWithExpectedSize.put(str, findUserByEmail);
            }
        }
        return newHashMapWithExpectedSize;
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<ApplicationUser> search(@Nonnull UserSearchRequest userSearchRequest, @Nonnull PageRequest pageRequest) {
        String filter = userSearchRequest.getFilter();
        String group = userSearchRequest.getGroup();
        Set<PermissionRequest> permissions = userSearchRequest.getPermissions();
        if (permissions.isEmpty()) {
            return PageUtils.asPageOf(ApplicationUser.class, findUsersByGroup(group, filter, pageRequest));
        }
        validatePermissions(permissions);
        Predicate predicate = applicationUser -> {
            return true;
        };
        for (PermissionRequest permissionRequest : permissions) {
            predicate = predicate.and(applicationUser2 -> {
                return hasPermission(permissionRequest, applicationUser2);
            });
        }
        return InternalPageUtils.filterPages(pageRequest2 -> {
            return PageUtils.asPageOf(ApplicationUser.class, findUsersByGroup(group, filter, pageRequest2));
        }, predicate, pageRequest, this.maxUserPageSize * 2);
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @PreAuthorize("hasUserPermission(#user, 'USER_ADMIN')")
    public void updateAvatar(@Nonnull ApplicationUser applicationUser, @Nonnull AvatarSupplier avatarSupplier) {
        Preconditions.checkNotNull(avatarSupplier, "supplier");
        doUpdateAvatar(applicationUser, () -> {
            return avatarSupplier;
        });
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @PreAuthorize("hasUserPermission(#user, 'USER_ADMIN')")
    public void updateAvatar(@Nonnull ApplicationUser applicationUser, @Nonnull String str) {
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str, "uri")).trim().isEmpty(), "A non-blank data URI is required");
        doUpdateAvatar(applicationUser, new DataUriAvatarMetaSupplier(this.avatarService, str));
    }

    @Override // com.atlassian.stash.internal.user.InternalUserService
    @Transactional
    @Unsecured("Internal service method")
    public void updateLastAuthentication(@Nonnull String str) {
        User findUser = this.crowdControl.findUser(str, false);
        if (findUser != null) {
            this.crowdControl.setUserAttribute(findUser, InternalUserService.ATTR_LAST_AUTHENTICATION_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
        }
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Transactional
    @PreAuthorize("hasUserPermission('USER_ADMIN')")
    public void updatePassword(@Nonnull String str, @Nonnull String str2) {
        this.passwordResetHelper.clearToken(this.crowdControl.updatePassword(getCurrentUserForUpdate().getName(), str, str2));
    }

    @Override // com.atlassian.bitbucket.user.UserService
    @Nonnull
    @Transactional
    @PreAuthorize("hasUserPermission('USER_ADMIN')")
    public ApplicationUser updateUser(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "displayName");
        Preconditions.checkNotNull(str2, "email");
        return this.userHelper.transformOrCreate(this.crowdControl.updateUser(ImmutableUser.newUser().name(getCurrentUserForUpdate().getName()).displayName(str).emailAddress(str2).toUser()));
    }

    private static String stripAndRemoveNulls(String str) {
        return StringUtils.stripToNull(StringUtils.replace(str, Localizable.NOT_LOCALIZABLE, ""));
    }

    private void doUpdateAvatar(@Nonnull ApplicationUser applicationUser, @Nonnull Supplier<AvatarSupplier> supplier) {
        this.avatarService.saveForUser((ApplicationUser) Preconditions.checkNotNull(applicationUser, "user"), (AvatarSupplier) ((Supplier) Preconditions.checkNotNull(supplier, "metaSupplier")).get());
        this.eventPublisher.publish(new UserAvatarUpdatedEvent(this, applicationUser));
    }

    private Page<ApplicationUser> findUsersByGroup(String str, String str2, PageRequest pageRequest) {
        if (str == null) {
            return findUsersByName(str2, pageRequest);
        }
        return PageUtils.asPageOf(ApplicationUser.class, this.userHelper.transformOrCreate(this.crowdControl.findUsersByGroup(str, str2, false, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize))));
    }

    @Nonnull
    private ApplicationUser getCurrentUserForUpdate() {
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null) {
            throw new AuthorisationException(this.i18nService.createKeyedMessage("bitbucket.service.user.anonymousupdate", new Object[0]));
        }
        return currentUser;
    }

    private InternalNormalUser getOrCreateMappedUser(User user) {
        return this.userHelper.transformOrCreate(user);
    }

    private boolean hasPermission(PermissionRequest permissionRequest, ApplicationUser applicationUser) {
        Permission permission = permissionRequest.getPermission();
        Object resource = permissionRequest.getResource();
        if (permission.isGlobal()) {
            return this.permissionService.hasGlobalPermission(applicationUser, permission);
        }
        if (permission.isResource(Project.class)) {
            if (resource instanceof Project) {
                return this.permissionService.hasProjectPermission(applicationUser, (Project) permissionRequest.getResourceAs(Project.class), permission);
            }
            if (resource instanceof Integer) {
                return this.permissionService.hasProjectPermission(applicationUser, ((Integer) permissionRequest.getResourceAs(Integer.class)).intValue(), permission);
            }
        }
        if (permission.isResource(Repository.class)) {
            if (resource instanceof Repository) {
                return this.permissionService.hasRepositoryPermission(applicationUser, (Repository) permissionRequest.getResourceAs(Repository.class), permission);
            }
            if (resource instanceof Integer) {
                return this.permissionService.hasRepositoryPermission(applicationUser, ((Integer) permissionRequest.getResourceAs(Integer.class)).intValue(), permission);
            }
        }
        throw new AssertionError("Unsupported resource type " + resource.getClass().getName());
    }

    private Predicate<ApplicationUser> userFilter(boolean z) {
        Predicate<ApplicationUser> predicate = (v0) -> {
            return Objects.nonNull(v0);
        };
        return z ? predicate : predicate.and((v0) -> {
            return v0.isActive();
        });
    }

    private <U extends ApplicationUser> Set<U> maybeFilterInactive(Collection<? extends U> collection, boolean z) {
        return (Set) collection.stream().filter(userFilter(z)).collect(Collectors.toSet());
    }

    private <U extends InternalApplicationUser> U maybeFilterInactive(U u, boolean z) {
        if (userFilter(z).test(u)) {
            return u;
        }
        return null;
    }

    private void validatePermissions(Set<PermissionRequest> set) {
        set.forEach(this::validatePermissionRequest);
    }

    private void validatePermissionRequest(PermissionRequest permissionRequest) {
        Permission permission = permissionRequest.getPermission();
        Object resource = permissionRequest.getResource();
        if (permission.isGlobal()) {
            if (resource != null) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.service.user.permission.globalresource", permissionRequest.getResource()));
            }
        } else {
            if (resource == null) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.service.user.permission.emptyresource", permissionRequest.getPermission()));
            }
            if (!permission.isResource(resource.getClass())) {
                throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.service.user.permission.incompatibleresource", resource.getClass().getName(), permission, permission.getResourceTypes().stream().map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.toSet())));
            }
        }
    }
}
