package com.atlassian.jira.jql.query;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.index.DocumentConstants;
import com.atlassian.jira.issue.search.constants.SystemSearchConstants;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.BooleanClause;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.MatchAllDocsQuery;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TermQuery;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/jira/jql/query/QueryProjectRoleAndGroupPermissionsDecorator.class */
public class QueryProjectRoleAndGroupPermissionsDecorator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CommentClauseQueryFactory.class);
    public static final BooleanQuery matchNoDocsQuery = new BooleanQuery();
    private final PermissionManager permissionManager;
    private final ProjectRoleManager projectRoleManager;

    public QueryProjectRoleAndGroupPermissionsDecorator(PermissionManager permissionManager, ProjectRoleManager projectRoleManager) {
        this.permissionManager = permissionManager;
        this.projectRoleManager = projectRoleManager;
    }

    public Query appendPermissionFilterQuery(Query query, QueryCreationContext queryCreationContext, String str, String str2) {
        Query createPermissionQuery = createPermissionQuery(queryCreationContext, str, str2);
        if (createPermissionQuery == matchNoDocsQuery) {
            return new BooleanQuery();
        }
        BooleanQuery booleanQuery = new BooleanQuery();
        booleanQuery.add(query, BooleanClause.Occur.MUST);
        booleanQuery.add(createPermissionQuery, BooleanClause.Occur.MUST);
        return booleanQuery;
    }

    public Query decorateWorklogQueryWithPermissionChecks(Query query, QueryCreationContext queryCreationContext) {
        return appendPermissionFilterQuery(query, queryCreationContext, DocumentConstants.WORKLOG_LEVEL, DocumentConstants.WORKLOG_LEVEL_ROLE);
    }

    public Query createPermissionQuery(QueryCreationContext queryCreationContext, String str, String str2) {
        if (queryCreationContext.isSecurityOverriden()) {
            return new MatchAllDocsQuery();
        }
        List<Long> visibleProjectIds = getVisibleProjectIds(queryCreationContext.getApplicationUser());
        if (visibleProjectIds.isEmpty()) {
            return matchNoDocsQuery;
        }
        BooleanQuery createLevelRestrictionQuery = createLevelRestrictionQuery(visibleProjectIds, queryCreationContext.getApplicationUser(), str, str2);
        BooleanQuery createProjectVisibilityQuery = createProjectVisibilityQuery(visibleProjectIds);
        BooleanQuery booleanQuery = new BooleanQuery();
        booleanQuery.add(createLevelRestrictionQuery, BooleanClause.Occur.MUST);
        booleanQuery.add(createProjectVisibilityQuery, BooleanClause.Occur.MUST);
        return booleanQuery;
    }

    TermQuery getTermQuery(String str, String str2) {
        return new TermQuery(new Term(str, str2));
    }

    BooleanQuery createProjectVisibilityQuery(List<Long> list) {
        BooleanQuery booleanQuery = new BooleanQuery();
        String indexField = SystemSearchConstants.forProject().getIndexField();
        Iterator<Long> it2 = list.iterator();
        while (it2.hasNext()) {
            booleanQuery.add(getTermQuery(indexField, it2.next().toString()), BooleanClause.Occur.SHOULD);
        }
        return booleanQuery;
    }

    BooleanQuery createLevelRestrictionQuery(List<Long> list, ApplicationUser applicationUser, String str, String str2) {
        BooleanQuery booleanQuery = new BooleanQuery();
        booleanQuery.add(createNoGroupOrProjectRoleLevelQuery(str, str2), BooleanClause.Occur.SHOULD);
        if (applicationUser != null) {
            Set<String> groups = getGroups(applicationUser);
            if (!groups.isEmpty()) {
                booleanQuery.add(createGroupLevelQuery(groups, str), BooleanClause.Occur.SHOULD);
            }
            ProjectRoleManager.ProjectIdToProjectRoleIdsMap createProjectIdToProjectRolesMap = this.projectRoleManager.createProjectIdToProjectRolesMap(applicationUser, list);
            if (!createProjectIdToProjectRolesMap.isEmpty()) {
                booleanQuery.add(createProjectRoleLevelQuery(createProjectIdToProjectRolesMap, str2), BooleanClause.Occur.SHOULD);
            }
        }
        return booleanQuery;
    }

    Set<String> getGroups(ApplicationUser applicationUser) {
        return ((UserUtil) ComponentAccessor.getComponent(UserUtil.class)).getGroupNamesForUser(applicationUser.getName());
    }

    Query createNoGroupOrProjectRoleLevelQuery(String str, String str2) {
        BooleanQuery booleanQuery = new BooleanQuery();
        booleanQuery.add(getTermQuery(str, "-1"), BooleanClause.Occur.MUST);
        booleanQuery.add(getTermQuery(str2, "-1"), BooleanClause.Occur.MUST);
        return booleanQuery;
    }

    Query createProjectRoleLevelQuery(ProjectRoleManager.ProjectIdToProjectRoleIdsMap projectIdToProjectRoleIdsMap, String str) {
        BooleanQuery booleanQuery = new BooleanQuery();
        if (projectIdToProjectRoleIdsMap == null || projectIdToProjectRoleIdsMap.isEmpty()) {
            log.debug("Groups must be specified!");
            return booleanQuery;
        }
        Iterator<ProjectRoleManager.ProjectIdToProjectRoleIdsMap.Entry> it2 = projectIdToProjectRoleIdsMap.iterator();
        while (it2.hasNext()) {
            ProjectRoleManager.ProjectIdToProjectRoleIdsMap.Entry next = it2.next();
            Long projectId = next.getProjectId();
            Iterator<Long> it3 = next.getProjectRoleIds().iterator();
            while (it3.hasNext()) {
                booleanQuery.add(createFieldInProjectAndUserInRoleQuery(projectId, it3.next(), str), BooleanClause.Occur.SHOULD);
            }
        }
        return booleanQuery;
    }

    Query createFieldInProjectAndUserInRoleQuery(Long l, Long l2, String str) {
        BooleanQuery booleanQuery = new BooleanQuery();
        if (l == null) {
            log.debug("projectId must be specified!");
            return booleanQuery;
        }
        if (l2 == null) {
            log.debug("projectRoleId must be specified!");
            return booleanQuery;
        }
        booleanQuery.add(getTermQuery(SystemSearchConstants.forProject().getIndexField(), l.toString()), BooleanClause.Occur.MUST);
        booleanQuery.add(getTermQuery(str, l2.toString()), BooleanClause.Occur.MUST);
        return booleanQuery;
    }

    Query createGroupLevelQuery(Set<String> set, String str) {
        BooleanQuery booleanQuery = new BooleanQuery();
        if (set == null || set.isEmpty()) {
            log.debug("Groups must be specified!");
            return booleanQuery;
        }
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            booleanQuery.add(getTermQuery(str, it2.next()), BooleanClause.Occur.SHOULD);
        }
        return booleanQuery;
    }

    List<Long> getVisibleProjectIds(ApplicationUser applicationUser) {
        Collection<Project> projects = this.permissionManager.getProjects(ProjectPermissions.BROWSE_PROJECTS, applicationUser);
        ArrayList arrayList = new ArrayList();
        for (Project project : projects) {
            if (project != null) {
                arrayList.add(project.getId());
            }
        }
        return arrayList;
    }
}
