package com.atlassian.jira.security;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.SubTaskManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.permission.LegacyProjectPermissionKeyMapping;
import com.atlassian.jira.permission.PermissionContextFactory;
import com.atlassian.jira.permission.WorkflowPermission;
import com.atlassian.jira.permission.WorkflowPermissionFactory;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.plugin.ProjectPermissionTypesManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.ofbiz.core.entity.GenericValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/security/WorkflowBasedPermissionManager.class */
public class WorkflowBasedPermissionManager extends DefaultPermissionManager {
    private static final Logger log = LoggerFactory.getLogger(WorkflowBasedPermissionManager.class);
    private final WorkflowPermissionFactory workflowPermissionFactory;
    private final PermissionContextFactory permissionContextFactory;

    public WorkflowBasedPermissionManager(WorkflowPermissionFactory workflowPermissionFactory, PermissionContextFactory permissionContextFactory, ProjectPermissionTypesManager projectPermissionTypesManager, ProjectPermissionOverrideDescriptorCache projectPermissionOverrideDescriptorCache) {
        super(projectPermissionTypesManager, projectPermissionOverrideDescriptorCache);
        this.workflowPermissionFactory = workflowPermissionFactory;
        this.permissionContextFactory = permissionContextFactory;
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, GenericValue genericValue, User user) {
        return workflowPermissionCheck(super.hasPermission(i, genericValue, user), i, genericValue, ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, genericValue, user), projectPermissionKey, getIssueOrNull(genericValue), ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Issue issue, User user) {
        return workflowPermissionCheck(super.hasPermission(i, issue, user), i, issue, ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Issue issue, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, issue, user), projectPermissionKey, issue, ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Issue issue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(i, issue, applicationUser), i, issue, applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Issue issue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, issue, applicationUser), projectPermissionKey, issue, applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, User user) {
        return workflowPermissionCheck(super.hasPermission(i, project, user), i, project.getGenericValue(), ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, user), projectPermissionKey, getIssueOrNull(project.getGenericValue()), ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(i, project, applicationUser), i, project.getGenericValue(), applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Project project, @Nullable ApplicationUser applicationUser) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, applicationUser), projectPermissionKey, getIssueOrNull(project.getGenericValue()), applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, project, user, z), i, project.getGenericValue(), ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, user, z), projectPermissionKey, getIssueOrNull(project.getGenericValue()), ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, project, applicationUser, z), i, project.getGenericValue(), applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, project, applicationUser, z), projectPermissionKey, getIssueOrNull(project.getGenericValue()), applicationUser);
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(int i, GenericValue genericValue, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(i, genericValue, user, z), i, genericValue, ApplicationUsers.from(user));
    }

    @Override // com.atlassian.jira.security.DefaultPermissionManager
    public boolean hasPermission(ProjectPermissionKey projectPermissionKey, GenericValue genericValue, User user, boolean z) {
        return workflowPermissionCheck(super.hasPermission(projectPermissionKey, genericValue, user, z), projectPermissionKey, getIssueOrNull(genericValue), ApplicationUsers.from(user));
    }

    private boolean workflowPermissionCheck(boolean z, int i, GenericValue genericValue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(z, LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i)), getIssueOrNull(genericValue), applicationUser);
    }

    private boolean workflowPermissionCheck(boolean z, int i, Issue issue, ApplicationUser applicationUser) {
        return workflowPermissionCheck(z, LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i)), issue, applicationUser);
    }

    private boolean workflowPermissionCheck(boolean z, ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser) {
        if (projectPermissionKey == null) {
            return z;
        }
        if (!z) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug(projectPermissionKey.permissionKey() + " permission denied by permission scheme");
            return false;
        }
        if (issue == null) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(projectPermissionKey.permissionKey() + " permission granted by permission scheme");
            return true;
        }
        List<WorkflowPermission> workflowPermissions = this.workflowPermissionFactory.getWorkflowPermissions(this.permissionContextFactory.getPermissionContext(issue), projectPermissionKey, false);
        addParentPermissionsIfSubTask(workflowPermissions, issue, projectPermissionKey);
        if (workflowPermissions.isEmpty()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(projectPermissionKey.permissionKey() + " granted by permission scheme");
            return true;
        }
        for (WorkflowPermission workflowPermission : workflowPermissions) {
            if (workflowPermission.allows(projectPermissionKey, issue, applicationUser)) {
                if (!log.isInfoEnabled()) {
                    return true;
                }
                log.info(projectPermissionKey.permissionKey() + " granted by permission scheme and " + workflowPermission);
                return true;
            }
            if (log.isInfoEnabled()) {
                log.info("\t" + projectPermissionKey.permissionKey() + " not granted by " + workflowPermission);
            }
        }
        if (!log.isInfoEnabled()) {
            return false;
        }
        log.info(projectPermissionKey.permissionKey() + " granted by permission scheme but DENIED by workflow");
        return false;
    }

    private Issue getIssueOrNull(GenericValue genericValue) {
        if (genericValue == null || !"Issue".equals(genericValue.getEntityName())) {
            return null;
        }
        return ComponentAccessor.getIssueFactory().getIssue(genericValue);
    }

    private void addParentPermissionsIfSubTask(List<WorkflowPermission> list, Issue issue, ProjectPermissionKey projectPermissionKey) {
        SubTaskManager subTaskManager = ComponentAccessor.getSubTaskManager();
        Issue parentObject = issue.getParentObject();
        if (!subTaskManager.isSubTasksEnabled() || parentObject == null) {
            return;
        }
        list.addAll(this.workflowPermissionFactory.getWorkflowPermissions(this.permissionContextFactory.getPermissionContext(parentObject), projectPermissionKey, true));
    }
}
