package com.atlassian.jira.bc.user;

import com.atlassian.annotations.Internal;
import com.atlassian.application.api.ApplicationKey;
import com.atlassian.collectors.CollectorsUtil;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.fugue.Iterables;
import com.atlassian.fugue.Option;
import com.atlassian.jira.application.ApplicationKeys;
import com.atlassian.jira.application.ApplicationRole;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.bc.group.GroupsToApplicationsSeatingHelper;
import com.atlassian.jira.bc.user.UserApplicationHelper;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.license.JiraLicenseManager;
import com.atlassian.jira.license.LicenseCountService;
import com.atlassian.jira.license.LicenseDetails;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.auth.AuthorisationManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.BaseUrl;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.web.component.multigrouppicker.GroupLabelView;
import com.atlassian.jira.web.component.multigrouppicker.GroupLabelsService;
import com.atlassian.upm.core.ServletPaths;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Ordering;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.collections.CollectionUtils;

@Internal
/* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/bc/user/CreateUserApplicationHelper.class */
public class CreateUserApplicationHelper implements UserApplicationHelper {
    private final Map<UserApplicationHelper.ValidationScope, ValidationFunction> validationFunctions = ImmutableMap.of(UserApplicationHelper.ValidationScope.ACCESS, this::validateRoleAccess, UserApplicationHelper.ValidationScope.SEATS, this::validateRoleSeats, UserApplicationHelper.ValidationScope.EXPIRE, this::validateLicenseExpire);
    private final ApplicationRoleManager applicationRoleManager;
    private final I18nHelper i18nHelper;
    private final BaseUrl baseUrl;
    private final GlobalPermissionManager globalPermissionManager;
    private final LicenseCountService licenseCountService;
    private final FeatureManager featureManager;
    private final JiraLicenseManager jiraLicenseManager;
    private final GroupsToApplicationsSeatingHelper groupsToApplicationsSeatingHelper;
    private final UserManager userManager;
    private final CrowdService crowdService;
    private final GroupLabelsService groupLabels;
    private final AuthorisationManager authorisationManager;

    @VisibleForTesting
    static final String LINK_START = "<a href=\"%s\">";

    @VisibleForTesting
    static final String LINK_END = "</a>";

    /* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/bc/user/CreateUserApplicationHelper$ValidationFunction.class */
    public interface ValidationFunction {
        Optional<ValidationResult> validate(ApplicationRole applicationRole, ValidationParams validationParams);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/bc/user/CreateUserApplicationHelper$ValidationParams.class */
    public static class ValidationParams {
        private final Optional<Long> directoryId;
        private final Optional<ApplicationUser> user;

        private ValidationParams(Optional<ApplicationUser> optional, Optional<Long> optional2) {
            this.user = optional;
            this.directoryId = optional2;
        }

        public static ValidationParams withUser(ApplicationUser applicationUser) {
            return new ValidationParams(Optional.ofNullable(applicationUser), Optional.empty());
        }

        public static ValidationParams withDirectory(Optional<Long> optional) {
            return new ValidationParams(Optional.empty(), optional);
        }

        public static ValidationParams empty() {
            return new ValidationParams(Optional.empty(), Optional.empty());
        }

        public Optional<Long> getDirectoryId() {
            return (Optional) Stream.of((Object[]) new Optional[]{this.user.map((v0) -> {
                return v0.getDirectoryId();
            }), this.directoryId}).filter((v0) -> {
                return v0.isPresent();
            }).findFirst().orElse(Optional.empty());
        }

        public Optional<ApplicationUser> getUser() {
            return this.user;
        }

        public boolean hasUser() {
            return this.user.isPresent();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/bc/user/CreateUserApplicationHelper$ValidationResult.class */
    public static class ValidationResult {
        private final String message;
        private final String messageMarkup;

        ValidationResult(String str, String str2) {
            this.message = str;
            this.messageMarkup = str2;
        }

        public String getMessage() {
            return this.message;
        }

        public String getMessageMarkup() {
            return this.messageMarkup;
        }
    }

    public CreateUserApplicationHelper(ApplicationRoleManager applicationRoleManager, I18nHelper i18nHelper, BaseUrl baseUrl, GlobalPermissionManager globalPermissionManager, LicenseCountService licenseCountService, FeatureManager featureManager, JiraLicenseManager jiraLicenseManager, GroupsToApplicationsSeatingHelper groupsToApplicationsSeatingHelper, UserManager userManager, CrowdService crowdService, GroupLabelsService groupLabelsService, AuthorisationManager authorisationManager) {
        this.applicationRoleManager = applicationRoleManager;
        this.i18nHelper = i18nHelper;
        this.baseUrl = baseUrl;
        this.groupsToApplicationsSeatingHelper = groupsToApplicationsSeatingHelper;
        this.userManager = userManager;
        this.globalPermissionManager = globalPermissionManager;
        this.licenseCountService = licenseCountService;
        this.featureManager = featureManager;
        this.jiraLicenseManager = jiraLicenseManager;
        this.crowdService = crowdService;
        this.groupLabels = groupLabelsService;
        this.authorisationManager = authorisationManager;
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public List<UserApplicationHelper.ApplicationSelection> getApplicationsForSelection(@Nonnull Set<ApplicationKey> set, @Nonnull Optional<Long> optional) {
        Assertions.notNull("selectedApplicationKeys", set);
        if (!this.applicationRoleManager.rolesEnabled()) {
            return ImmutableList.of();
        }
        Set<Group> selectedGroups = getSelectedGroups(set);
        return getApplicationsFor(applicationRole -> {
            return set.contains(applicationRole.getKey());
        }, applicationRole2 -> {
            Set<Group> groups = applicationRole2.getGroups();
            return (groups.isEmpty() || CollectionUtils.intersection(selectedGroups, groups).isEmpty()) ? false : true;
        }, optional);
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public List<UserApplicationHelper.ApplicationSelection> getApplicationsForUser(@Nonnull ApplicationUser applicationUser) {
        Assertions.notNull("user", applicationUser);
        if (!this.applicationRoleManager.rolesEnabled()) {
            return ImmutableList.of();
        }
        Optional<Long> of = Optional.of(Long.valueOf(applicationUser.getDirectoryId()));
        Predicate predicate = group -> {
            return this.crowdService.isUserMemberOfGroup(applicationUser.getDirectoryUser(), group);
        };
        return getApplicationsFor(applicationRole -> {
            Set<Group> defaultGroups = applicationRole.getDefaultGroups();
            if (!defaultGroups.isEmpty()) {
                return defaultGroups.stream().allMatch(predicate);
            }
            Set<Group> groups = applicationRole.getGroups();
            return !groups.isEmpty() && groups.stream().allMatch(predicate);
        }, applicationRole2 -> {
            return applicationRole2.getGroups().stream().anyMatch(predicate);
        }, of);
    }

    private List<UserApplicationHelper.ApplicationSelection> getApplicationsFor(Predicate<ApplicationRole> predicate, Predicate<ApplicationRole> predicate2, Optional<Long> optional) {
        HashSet newHashSet = Sets.newHashSet();
        Set<ApplicationRole> roles = this.applicationRoleManager.getRoles();
        Option<ApplicationRole> role = this.applicationRoleManager.getRole(ApplicationKeys.CORE);
        for (ApplicationRole applicationRole : roles) {
            String text = (!role.isDefined() || applicationRole.getKey().equals(ApplicationKeys.CORE)) ? this.i18nHelper.getText("admin.adduser.application.selection.name.without.core", applicationRole.getName()) : this.i18nHelper.getText("admin.adduser.application.selection.name.includes.core", applicationRole.getName(), role.get().getName());
            Optional<ValidationResult> validateRole = validateRole(applicationRole, EnumSet.allOf(UserApplicationHelper.ValidationScope.class), ValidationParams.withDirectory(optional));
            boolean test2 = predicate.test(applicationRole);
            boolean z = !validateRole.isPresent();
            String message = validateRole.isPresent() ? validateRole.get().getMessage() : null;
            String messageMarkup = validateRole.isPresent() ? validateRole.get().getMessageMarkup() : null;
            boolean z2 = !test2 && predicate2.test(applicationRole);
            newHashSet.add(new UserApplicationHelper.ApplicationSelection(applicationRole.getKey(), applicationRole.getName(), text, message, messageMarkup, z, test2, applicationRole.isDefined(), z2, (test2 || z2) && validateRole.isPresent(), (Set) this.groupsToApplicationsSeatingHelper.findEffectiveApplications(optional, ImmutableSet.of(applicationRole)).stream().map(applicationRole2 -> {
                return new EffectiveApplication(applicationRole2.getKey(), applicationRole2.getName());
            }).collect(CollectorsUtil.toImmutableSet())));
        }
        return Ordering.natural().sortedCopy(newHashSet);
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public List<GroupView> getUserGroups(@Nonnull ApplicationUser applicationUser) {
        return (List) StreamSupport.stream(this.crowdService.search(QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(applicationUser.getName()).returningAtMost(-1)).spliterator(), false).map(group -> {
            return new GroupView(group.getName(), getGroupLabels(group, applicationUser));
        }).collect(CollectorsUtil.toImmutableList());
    }

    private List<GroupLabelView> getGroupLabels(Group group, ApplicationUser applicationUser) {
        return this.applicationRoleManager.rolesEnabled() ? this.groupLabels.getGroupLabels(group, Optional.of(Long.valueOf(applicationUser.getDirectoryId()))) : ImmutableList.of();
    }

    private Set<Group> getSelectedGroups(@Nonnull Set<ApplicationKey> set) {
        Stream<ApplicationKey> stream = set.stream();
        ApplicationRoleManager applicationRoleManager = this.applicationRoleManager;
        applicationRoleManager.getClass();
        return (Set) stream.map(applicationRoleManager::getRole).filter((v0) -> {
            return v0.isDefined();
        }).map((v0) -> {
            return v0.get();
        }).map((v0) -> {
            return v0.getDefaultGroups();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(CollectorsUtil.toImmutableSet());
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public Collection<String> validateDefaultApplications(EnumSet<UserApplicationHelper.ValidationScope> enumSet, Optional<Long> optional) {
        return validateApplicationKeys(optional, this.applicationRoleManager.getDefaultApplicationKeys(), enumSet);
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public Collection<String> validateApplicationKeys(@Nonnull Optional<Long> optional, @Nonnull Set<ApplicationKey> set) {
        return validateApplicationKeys(optional, set, EnumSet.allOf(UserApplicationHelper.ValidationScope.class));
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public Collection<String> validateApplicationKeys(@Nonnull ApplicationUser applicationUser, @Nonnull Set<ApplicationKey> set) {
        return validateApplicationKeys(ValidationParams.withUser(applicationUser), set, EnumSet.allOf(UserApplicationHelper.ValidationScope.class));
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    @Nonnull
    public Collection<String> validateApplicationKeys(@Nonnull Optional<Long> optional, @Nonnull Set<ApplicationKey> set, @Nonnull EnumSet<UserApplicationHelper.ValidationScope> enumSet) {
        return validateApplicationKeys(ValidationParams.withDirectory(optional), set, enumSet);
    }

    @Nonnull
    private Collection<String> validateApplicationKeys(@Nonnull ValidationParams validationParams, @Nonnull Set<ApplicationKey> set, @Nonnull EnumSet<UserApplicationHelper.ValidationScope> enumSet) {
        ArrayList arrayList = new ArrayList();
        if (!this.applicationRoleManager.rolesEnabled()) {
            return arrayList;
        }
        Assertions.containsNoNulls("applicationKeys", set);
        HashSet newHashSet = Sets.newHashSet();
        for (ApplicationKey applicationKey : set) {
            Option<ApplicationRole> role = this.applicationRoleManager.getRole(applicationKey);
            if (role.isEmpty()) {
                arrayList.add(this.i18nHelper.getText("admin.errors.user.add.user.application.not.licensed", applicationKey.value()));
            } else {
                newHashSet.add(role.get());
            }
        }
        Long orElseGet = validationParams.getDirectoryId().orElseGet(() -> {
            return (Long) this.userManager.getDefaultCreateDirectory().map((v0) -> {
                return v0.getId();
            }).orElse(null);
        });
        if (orElseGet == null) {
            arrayList.add(this.i18nHelper.getText("admin.errors.no.writable.directory"));
            return ImmutableList.copyOf((Collection) arrayList);
        }
        Set<ApplicationRole> findEffectiveApplications = this.groupsToApplicationsSeatingHelper.findEffectiveApplications(Optional.of(orElseGet), newHashSet);
        if (enumSet.contains(UserApplicationHelper.ValidationScope.ACCESS) && !findEffectiveApplications.containsAll(newHashSet)) {
            arrayList.add(this.i18nHelper.getText("admin.errors.user.add.user.application.access.effectively.not.granted"));
            return ImmutableList.copyOf((Collection) arrayList);
        }
        Iterator<ApplicationRole> it2 = findEffectiveApplications.iterator();
        while (it2.hasNext()) {
            Optional<ValidationResult> validateRole = validateRole(it2.next(), enumSet, validationParams);
            if (validateRole.isPresent()) {
                arrayList.add(validateRole.get().getMessage());
            }
        }
        return ImmutableList.copyOf((Collection) arrayList);
    }

    @Override // com.atlassian.jira.bc.user.UserApplicationHelper
    public boolean canUserLogin(@Nullable ApplicationUser applicationUser) {
        return applicationUser != null && this.authorisationManager.hasUserAccessToJIRA(applicationUser);
    }

    public Set<Group> getDefaultGroupsForNewUser(Set<ApplicationKey> set) {
        if (this.applicationRoleManager.rolesEnabled()) {
            return (Set) set.stream().filter(applicationKey -> {
                return this.applicationRoleManager.hasSeatsAvailable(applicationKey, 1);
            }).flatMap(applicationKey2 -> {
                return this.applicationRoleManager.getDefaultGroups(applicationKey2).stream();
            }).collect(CollectorsUtil.toImmutableSet());
        }
        if (!this.featureManager.isOnDemand()) {
            int i = this.licenseCountService.totalBillableUsers();
            int maximumNumberOfUsers = ((LicenseDetails) Iterables.first(this.jiraLicenseManager.getLicenses()).get()).getJiraLicense().getMaximumNumberOfUsers();
            if (maximumNumberOfUsers != -1 && i >= maximumNumberOfUsers) {
                return ImmutableSet.of();
            }
        }
        HashSet hashSet = new HashSet(this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.USE));
        hashSet.removeAll(this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.ADMINISTER));
        hashSet.removeAll(this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.SYSTEM_ADMIN));
        return ImmutableSet.copyOf((Collection) Collections.unmodifiableSet(hashSet));
    }

    @Nonnull
    private Optional<ValidationResult> validateRole(@Nonnull ApplicationRole applicationRole, @Nonnull EnumSet<UserApplicationHelper.ValidationScope> enumSet, ValidationParams validationParams) {
        Stream of = Stream.of((Object[]) new UserApplicationHelper.ValidationScope[]{UserApplicationHelper.ValidationScope.EXPIRE, UserApplicationHelper.ValidationScope.SEATS, UserApplicationHelper.ValidationScope.ACCESS});
        enumSet.getClass();
        Stream filter = of.filter((v1) -> {
            return r1.contains(v1);
        });
        Map<UserApplicationHelper.ValidationScope, ValidationFunction> map = this.validationFunctions;
        map.getClass();
        return (Optional) filter.map((v1) -> {
            return r1.get(v1);
        }).map(validationFunction -> {
            return validationFunction.validate(applicationRole, validationParams);
        }).filter((v0) -> {
            return v0.isPresent();
        }).findFirst().orElse(Optional.empty());
    }

    @VisibleForTesting
    Optional<ValidationResult> validateRoleSeats(@Nonnull ApplicationRole applicationRole, ValidationParams validationParams) {
        if ((!validationParams.hasUser() || !this.applicationRoleManager.getRolesForUser(validationParams.getUser().get()).contains(applicationRole)) && !this.applicationRoleManager.hasSeatsAvailable(applicationRole.getKey(), 1)) {
            return Optional.of(new ValidationResult(this.i18nHelper.getText("admin.errors.user.add.user.application.license.limit.reached", applicationRole.getName(), "", "", "", ""), this.i18nHelper.getText("admin.errors.user.add.user.application.license.limit.reached", applicationRole.getName(), String.format(LINK_START, getUserBrowserUrl()), "</a>", String.format(LINK_START, getVersionsAndLicensesUrl()), "</a>")));
        }
        return Optional.empty();
    }

    private Optional<ValidationResult> validateRoleAccess(@Nonnull ApplicationRole applicationRole, ValidationParams validationParams) {
        if (applicationRole.getDefaultGroups().isEmpty()) {
            return Optional.of(new ValidationResult(this.i18nHelper.getText("admin.errors.user.add.user.application.no.default.group", applicationRole.getName(), "", ""), this.i18nHelper.getText("admin.errors.user.add.user.application.no.default.group", applicationRole.getName(), String.format(LINK_START, getApplicationAssessUrl()), "</a>")));
        }
        if (validationParams.getDirectoryId().isPresent()) {
            Directory directory = this.userManager.getDirectory(validationParams.getDirectoryId().get());
            if (!directory.getAllowedOperations().contains(OperationType.CREATE_GROUP)) {
                String text = this.i18nHelper.getText("admin.errors.directory.fully.read.only", directory.getName());
                return Optional.of(new ValidationResult(text, text));
            }
        }
        return Optional.empty();
    }

    private Optional<ValidationResult> validateLicenseExpire(@Nonnull ApplicationRole applicationRole, ValidationParams validationParams) {
        if (!applicationRole.isDefined()) {
            return Optional.empty();
        }
        Option<LicenseDetails> license = this.jiraLicenseManager.getLicense(applicationRole.getKey());
        return (license.isEmpty() || license.get().isExpired()) ? Optional.of(new ValidationResult(this.i18nHelper.getText("admin.errors.user.add.user.application.license.expired", applicationRole.getName(), "", ""), this.i18nHelper.getText("admin.errors.user.add.user.application.license.expired", applicationRole.getName(), String.format(LINK_START, getVersionsAndLicensesUrl()), "</a>"))) : Optional.empty();
    }

    private String getApplicationAssessUrl() {
        return this.baseUrl.getBaseUrl() + "/secure/admin/ApplicationAccess.jspa";
    }

    private String getUserBrowserUrl() {
        return this.baseUrl.getBaseUrl() + "/secure/admin/user/UserBrowser.jspa";
    }

    private String getVersionsAndLicensesUrl() {
        return this.baseUrl.getBaseUrl() + ServletPaths.MANAGE_APPLICATIONS_PATH;
    }
}
