package com.atlassian.jira.security.type;

import com.atlassian.application.api.ApplicationKey;
import com.atlassian.fugue.Option;
import com.atlassian.jira.application.ApplicationAuthorizationService;
import com.atlassian.jira.application.ApplicationRole;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.bc.JiraServiceContext;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.permission.PermissionContext;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserUtil;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/security/type/ApplicationRoleSecurityType.class */
public class ApplicationRoleSecurityType extends AbstractProjectsSecurityType {
    private static final Logger log = LoggerFactory.getLogger(ApplicationRoleSecurityType.class);
    public static final String ID = "applicationRole";
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final ApplicationAuthorizationService applicationAuthorizationService;
    private final ApplicationRoleManager applicationRoleManager;
    private final UserUtil userUtil;

    public ApplicationRoleSecurityType(JiraAuthenticationContext jiraAuthenticationContext, ApplicationAuthorizationService applicationAuthorizationService, ApplicationRoleManager applicationRoleManager, UserUtil userUtil) {
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.applicationAuthorizationService = applicationAuthorizationService;
        this.applicationRoleManager = applicationRoleManager;
        this.userUtil = userUtil;
    }

    @Override // com.atlassian.jira.scheme.SchemeType, com.atlassian.jira.notification.NotificationType
    public String getDisplayName() {
        return this.jiraAuthenticationContext.getI18nHelper().getText("admin.permission.types.application.role");
    }

    @Override // com.atlassian.jira.security.type.AbstractSecurityType, com.atlassian.jira.security.type.SecurityType, com.atlassian.jira.notification.NotificationType
    public String getArgumentDisplay(String str) {
        if (StringUtils.isBlank(str)) {
            return this.jiraAuthenticationContext.getI18nHelper().getText("admin.permission.types.application.role.any");
        }
        Option<ApplicationRole> applicationRole = toApplicationRole(str);
        return applicationRole.isDefined() ? ((ApplicationRole) applicationRole.get()).getName() : str;
    }

    @Override // com.atlassian.jira.scheme.SchemeType, com.atlassian.jira.notification.NotificationType
    public String getType() {
        return ID;
    }

    @Override // com.atlassian.jira.scheme.SchemeType
    public boolean hasPermission(Project project, String str) {
        return false;
    }

    @Override // com.atlassian.jira.scheme.SchemeType
    public boolean hasPermission(Issue issue, String str) {
        return false;
    }

    @Override // com.atlassian.jira.scheme.SchemeType
    public boolean hasPermission(Project project, String str, ApplicationUser applicationUser, boolean z) {
        return hasPermission(str, applicationUser);
    }

    @Override // com.atlassian.jira.scheme.SchemeType
    public boolean hasPermission(Issue issue, String str, ApplicationUser applicationUser, boolean z) {
        return hasPermission(str, applicationUser);
    }

    private boolean hasPermission(String str, ApplicationUser applicationUser) {
        if (applicationUser == null) {
            throw new IllegalArgumentException("User passed must not be null");
        }
        if (StringUtils.isBlank(str)) {
            return true;
        }
        Option<ApplicationKey> applicationKey = toApplicationKey(str);
        return this.applicationAuthorizationService.rolesEnabled() && applicationKey.isDefined() && this.applicationAuthorizationService.canUseApplication(applicationUser, (ApplicationKey) applicationKey.get());
    }

    @Override // com.atlassian.jira.scheme.SchemeType
    public void doValidation(String str, Map map, JiraServiceContext jiraServiceContext) {
        String str2 = (String) map.get(ID);
        if (StringUtils.isNotBlank(str2) && toApplicationRole(str2).isEmpty()) {
            jiraServiceContext.getErrorCollection().addErrorMessage(jiraServiceContext.getI18nBean().getText("admin.permissions.errors.please.select.application.role"));
        }
    }

    public Set<ApplicationRole> getApplicationRoles() {
        return this.applicationRoleManager.getRoles();
    }

    @Override // com.atlassian.jira.security.type.SecurityType
    public Set<ApplicationUser> getUsers(PermissionContext permissionContext, String str) {
        if (StringUtils.isBlank(str)) {
            return Sets.newHashSet(this.userUtil.getAllApplicationUsers());
        }
        Option<ApplicationRole> applicationRole = toApplicationRole(str);
        if (!applicationRole.isDefined()) {
            return Collections.emptySet();
        }
        return this.userUtil.getAllUsersInGroups(Sets.newHashSet(((ApplicationRole) applicationRole.get()).getGroups()));
    }

    private Option<ApplicationRole> toApplicationRole(String str) {
        Option<ApplicationKey> applicationKey = toApplicationKey(str);
        ApplicationRoleManager applicationRoleManager = this.applicationRoleManager;
        applicationRoleManager.getClass();
        return applicationKey.flatMap(applicationRoleManager::getRole);
    }

    private Option<ApplicationKey> toApplicationKey(String str) {
        try {
            return Option.option(ApplicationKey.valueOf(str));
        } catch (IllegalArgumentException e) {
            log.error("Invalid Application ID supplied: '{}'", str, e);
            return Option.none();
        }
    }
}
