package com.atlassian.jira.bc.user;

import com.atlassian.application.api.ApplicationKey;
import com.atlassian.collectors.CollectorsUtil;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.fugue.Option;
import com.atlassian.jira.application.ApplicationRole;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.bc.project.component.ProjectComponent;
import com.atlassian.jira.bc.user.UserService;
import com.atlassian.jira.bc.user.UserValidationHelper;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.event.user.UserEventDispatcher;
import com.atlassian.jira.event.user.UserProfileUpdatedEvent;
import com.atlassian.jira.event.user.UserRenamedEvent;
import com.atlassian.jira.exception.AddException;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.issue.search.SearchException;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.plugin.user.PreDeleteUserErrorsManager;
import com.atlassian.jira.plugin.user.WebErrorMessage;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.type.SingleUser;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.UserDeleteVeto;
import com.atlassian.jira.user.UserDetails;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.user.util.UserUtilImpl;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.jira.util.SimpleWarningCollection;
import com.atlassian.jira.util.WarningCollection;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.workflow.function.issue.UpdateIssueFieldFunction;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/bc/user/DefaultUserService.class */
public class DefaultUserService implements UserService {
    protected final Logger log = LoggerFactory.getLogger(DefaultUserService.class);
    private final UserUtil userUtil;
    private final UserDeleteVeto userDeleteVeto;
    private final UserManager userManager;
    private final PermissionManager permissionManager;
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final I18nHelper.BeanFactory i18nFactory;
    private final EventPublisher eventPublisher;
    private final PreDeleteUserErrorsManager preDeleteUserErrorsManager;
    private final CreateUserApplicationHelper applicationHelper;
    private final ApplicationRoleManager applicationRoleManager;
    private final UserValidationHelper validationsHelper;
    private final GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil;
    private final GlobalPermissionManager globalPermissionManager;

    public DefaultUserService(UserUtil userUtil, UserDeleteVeto userDeleteVeto, PermissionManager permissionManager, UserManager userManager, I18nHelper.BeanFactory beanFactory, JiraAuthenticationContext jiraAuthenticationContext, EventPublisher eventPublisher, PreDeleteUserErrorsManager preDeleteUserErrorsManager, CreateUserApplicationHelper createUserApplicationHelper, ApplicationRoleManager applicationRoleManager, UserValidationHelper userValidationHelper, GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil, GlobalPermissionManager globalPermissionManager) {
        this.userUtil = userUtil;
        this.userDeleteVeto = userDeleteVeto;
        this.permissionManager = permissionManager;
        this.userManager = userManager;
        this.i18nFactory = beanFactory;
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.eventPublisher = eventPublisher;
        this.preDeleteUserErrorsManager = preDeleteUserErrorsManager;
        this.applicationHelper = createUserApplicationHelper;
        this.applicationRoleManager = applicationRoleManager;
        this.validationsHelper = userValidationHelper;
        this.globalPermissionGroupAssociationUtil = globalPermissionGroupAssociationUtil;
        this.globalPermissionManager = globalPermissionManager;
    }

    @Nonnull
    public ApplicationUserBuilder newUserBuilder(@Nonnull ApplicationUser applicationUser) {
        return new ApplicationUserBuilderImpl(applicationUser);
    }

    public UserService.CreateUserValidationResult validateCreateUserForSignup(ApplicationUser applicationUser, String str, String str2, String str3, String str4, String str5) {
        return validateCreateUser(UserService.CreateUserRequest.withUserDetails(applicationUser, str, str2, str4, str5).confirmPassword(str3).passwordRequired().performPermissionCheck(false).sendUserSignupEvent());
    }

    public UserService.CreateUserValidationResult validateCreateUserForSetup(ApplicationUser applicationUser, String str, String str2, String str3, String str4, String str5) {
        return validateCreateUser(UserService.CreateUserRequest.withUserDetails(applicationUser, str, str2, str4, str5).confirmPassword(str3).passwordRequired().performPermissionCheck(false));
    }

    public UserService.CreateUserValidationResult validateCreateUserForSignupOrSetup(ApplicationUser applicationUser, String str, String str2, String str3, String str4, String str5) {
        return validateCreateUser(UserService.CreateUserRequest.withUserDetails(applicationUser, str, str2, str4, str5).confirmPassword(str3).passwordRequired().performPermissionCheck(false).sendUserSignupEvent());
    }

    public UserService.CreateUserValidationResult validateCreateUser(UserService.CreateUserRequest createUserRequest) {
        Set<ApplicationKey> defaultApplicationKeys = createUserRequest.requireDefaultApplicationAccess() ? this.applicationRoleManager.getDefaultApplicationKeys() : createUserRequest.getApplicationKeys();
        if (createUserRequest.shouldSkipValidation()) {
            return new UserService.CreateUserValidationResult(createUserRequest, defaultApplicationKeys, new SimpleErrorCollection(), ImmutableList.of(), new SimpleWarningCollection());
        }
        UserValidationHelper.Validations validations = this.validationsHelper.validations(createUserRequest.getLoggedInUser());
        if (createUserRequest.shouldPerformPermissionCheck() && !validations.hasCreateAccess(createUserRequest.getLoggedInUser())) {
            return new UserService.CreateUserValidationResult(validations.getErrors());
        }
        if (createUserRequest.getDirectoryId() == null) {
            if (!validations.hasWritableDefaultCreateDirectory()) {
                return new UserService.CreateUserValidationResult(validations.getErrors());
            }
        } else if (!validations.writableDirectory(createUserRequest.getDirectoryId())) {
            return new UserService.CreateUserValidationResult(validations.getErrors());
        }
        if (createUserRequest.requirePassword()) {
            validations.passwordRequired(createUserRequest.getPassword(), createUserRequest.shouldConfirmPassword());
        }
        List<WebErrorMessage> of = ImmutableList.of();
        if (createUserRequest.getPassword() != null) {
            of = validations.validatePasswordPolicy(createUserRequest.getPassword(), createUserRequest.getUsername(), createUserRequest.getDisplayName(), createUserRequest.getEmailAddress());
        }
        if (createUserRequest.shouldConfirmPassword()) {
            validations.validateConfirmPassword(createUserRequest.getPassword(), createUserRequest.getConfirmPassword());
        }
        validations.validateEmailAddress(createUserRequest.getEmailAddress());
        validations.validateDisplayName(createUserRequest.getDisplayName());
        validations.hasValidUsername(createUserRequest.getUsername(), createUserRequest.getDirectoryId());
        Collection<String> validateApplicationKeys = this.applicationHelper.validateApplicationKeys(Optional.ofNullable(createUserRequest.getDirectoryId()), defaultApplicationKeys);
        if (!validateApplicationKeys.isEmpty()) {
            WarningCollection warnings = validations.getWarnings();
            Stream<String> stream = validateApplicationKeys.stream();
            warnings.getClass();
            stream.forEach(warnings::addWarning);
        }
        return new UserService.CreateUserValidationResult(createUserRequest, defaultApplicationKeys, validations.getErrors(), of, validations.getWarnings());
    }

    public UserService.CreateUserValidationResult validateCreateUserForAdmin(ApplicationUser applicationUser, String str, String str2, String str3, String str4, String str5) {
        return validateCreateUserForAdmin(applicationUser, str, str2, str3, str4, str5, null);
    }

    public UserService.CreateUserValidationResult validateCreateUserForAdmin(ApplicationUser applicationUser, String str, String str2, String str3, String str4, String str5, @Nullable Long l) {
        return validateCreateUser(UserService.CreateUserRequest.withUserDetails(applicationUser, str, str2, str4, str5).inDirectory(l).confirmPassword(str3));
    }

    public UserService.CreateUsernameValidationResult validateCreateUsername(ApplicationUser applicationUser, String str) {
        return validateCreateUsername(applicationUser, str, null);
    }

    public UserService.CreateUsernameValidationResult validateCreateUsername(ApplicationUser applicationUser, String str, Long l) {
        UserValidationHelper.Validations validations = this.validationsHelper.validations(applicationUser);
        validations.hasValidUsername(str, l);
        return new UserService.CreateUsernameValidationResult(str, l, validations.getErrors());
    }

    public ApplicationUser createUser(@Nonnull UserService.CreateUserValidationResult createUserValidationResult) throws PermissionException, CreateException {
        Assertions.notNull("You can not create a user, validation result", createUserValidationResult);
        Assertions.is("Make sure to call validateCreateUser(CreateUserRequest) before calling createUser(CreateUserValidationResult).", createUserValidationResult.hasCreateUserRequest());
        if (!createUserValidationResult.isValid()) {
            throw new CreateException("Validation failed, user " + createUserValidationResult.getUsername() + " cannot be created");
        }
        UserService.CreateUserRequest createUserRequest = createUserValidationResult.getCreateUserRequest();
        ApplicationUser applicationUser = null;
        try {
            try {
                applicationUser = this.userManager.createUser(toApplicationUserCreationData(createUserValidationResult));
                if (this.applicationHelper.validateApplicationKeys(Optional.ofNullable(createUserRequest.getDirectoryId()), createUserValidationResult.getApplicationKeys()).isEmpty()) {
                    this.userUtil.addUserToGroups(this.applicationHelper.getDefaultGroupsForNewUser(createUserValidationResult.getApplicationKeys()), applicationUser);
                } else {
                    this.log.warn("User with name " + applicationUser.getName() + " created, but not added to any groups.");
                }
                if (applicationUser != null) {
                    dispatchUserCreatedEvent(createUserValidationResult.getUsername(), createUserValidationResult.getEmail(), createUserValidationResult.getFullname(), createUserValidationResult.getDirectoryId(), createUserRequest.getUserEventType(), applicationUser, createUserRequest.shouldSendNotification());
                }
            } catch (AddException e) {
                this.log.warn("User with name " + createUserRequest.getUsername() + " created, but not added to any groups.");
                if (0 != 0) {
                    dispatchUserCreatedEvent(createUserValidationResult.getUsername(), createUserValidationResult.getEmail(), createUserValidationResult.getFullname(), createUserValidationResult.getDirectoryId(), createUserRequest.getUserEventType(), null, createUserRequest.shouldSendNotification());
                }
            }
            return applicationUser;
        } catch (Throwable th) {
            if (0 != 0) {
                dispatchUserCreatedEvent(createUserValidationResult.getUsername(), createUserValidationResult.getEmail(), createUserValidationResult.getFullname(), createUserValidationResult.getDirectoryId(), createUserRequest.getUserEventType(), null, createUserRequest.shouldSendNotification());
            }
            throw th;
        }
    }

    private UserDetails toApplicationUserCreationData(UserService.CreateUserValidationResult createUserValidationResult) {
        return new UserDetails(createUserValidationResult.getUsername(), createUserValidationResult.getFullname()).withDirectory(createUserValidationResult.getDirectoryId()).withEmail(createUserValidationResult.getEmail()).withPassword(createUserValidationResult.getPassword());
    }

    public ApplicationUser createUserNoNotification(UserService.CreateUserValidationResult createUserValidationResult) throws PermissionException, CreateException {
        Assertions.notNull("You can not create a user with a null validation result.", createUserValidationResult);
        Assertions.stateTrue("You can not create a user with an invalid validation result.", createUserValidationResult.isValid());
        return createUser(validateCreateUser(UserService.CreateUserRequest.withUserDetails((ApplicationUser) null, createUserValidationResult.getUsername(), createUserValidationResult.getPassword(), createUserValidationResult.getEmail(), createUserValidationResult.getFullname()).inDirectory(createUserValidationResult.getDirectoryId()).sendNotification(false).withApplicationAccess(createUserValidationResult.getApplicationKeys()).skipValidation()));
    }

    public ApplicationUser createUserFromSignup(UserService.CreateUserValidationResult createUserValidationResult) throws PermissionException, CreateException {
        return createUserWithNotification(createUserValidationResult, 0);
    }

    public ApplicationUser createUserWithNotification(UserService.CreateUserValidationResult createUserValidationResult) throws PermissionException, CreateException {
        return createUserWithNotification(createUserValidationResult, 1);
    }

    private ApplicationUser createUserWithNotification(UserService.CreateUserValidationResult createUserValidationResult, int i) throws PermissionException, CreateException {
        Assertions.notNull("You can not create a user, validation result", createUserValidationResult);
        Assertions.stateTrue("You can not create a user with an invalid validation result.", createUserValidationResult.isValid());
        return createUser(validateCreateUser(UserService.CreateUserRequest.withUserDetails((ApplicationUser) null, createUserValidationResult.getUsername(), createUserValidationResult.getPassword(), createUserValidationResult.getEmail(), createUserValidationResult.getFullname()).inDirectory(createUserValidationResult.getDirectoryId()).sendNotification(true).withApplicationAccess(createUserValidationResult.getApplicationKeys()).withEventUserEvent(i).skipValidation()));
    }

    public UserService.UpdateUserValidationResult validateUpdateUser(ApplicationUser applicationUser) {
        ApplicationUser user = this.jiraAuthenticationContext.getUser();
        I18nHelper i18nBean = getI18nBean(user);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (!isAdministrator(user)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.update.no.permission"));
            return new UserService.UpdateUserValidationResult(simpleErrorCollection);
        }
        ApplicationUser userByKey = this.userManager.getUserByKey(applicationUser.getKey());
        if (userByKey == null) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.user.does.not.exist"));
            return new UserService.UpdateUserValidationResult(simpleErrorCollection);
        }
        if (!this.userManager.canUpdateUser(userByKey)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.cannot.edit.user.directory.read.only"));
            return new UserService.UpdateUserValidationResult(simpleErrorCollection);
        }
        if (!isSysAdmin(user) && isSysAdmin(userByKey)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.must.be.sysadmin.to.edit.sysadmin"));
            return new UserService.UpdateUserValidationResult(simpleErrorCollection);
        }
        if (!applicationUser.isActive()) {
            Collection<ProjectComponent> componentsUserLeads = this.userUtil.getComponentsUserLeads(userByKey);
            if (componentsUserLeads.size() > 0) {
                simpleErrorCollection.addError("active", i18nBean.getText("admin.errors.users.cannot.deactivate.due.to.component.lead", getDisplayableProjectList(getProjectsFor(componentsUserLeads))));
            }
            Collection<Project> projectsLeadBy = this.userUtil.getProjectsLeadBy(userByKey);
            if (projectsLeadBy.size() > 0) {
                simpleErrorCollection.addError("active", i18nBean.getText("admin.errors.users.cannot.deactivate.due.to.project.lead", getDisplayableProjectList(projectsLeadBy)));
            }
            if (user.getName().equalsIgnoreCase(applicationUser.getUsername())) {
                simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.cannot.deactivate.currently.logged.in"));
            }
        }
        if (!IdentifierUtils.equalsInLowerCase(userByKey.getUsername(), applicationUser.getUsername())) {
            if (this.userManager.canRenameUser(userByKey)) {
                UserValidationHelper.Validations validations = this.validationsHelper.validations(user);
                if (!validations.hasValidUsername(applicationUser.getUsername(), null)) {
                    simpleErrorCollection.addErrors(validations.getErrors().getErrors());
                }
            } else {
                simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.cannot.rename.due.to.configuration"));
            }
        }
        return simpleErrorCollection.hasAnyErrors() ? new UserService.UpdateUserValidationResult(simpleErrorCollection) : new UserService.UpdateUserValidationResult(applicationUser);
    }

    private Collection<Project> getProjectsFor(Collection<ProjectComponent> collection) {
        ProjectManager projectManager = ComponentAccessor.getProjectManager();
        HashSet hashSet = new HashSet(collection.size());
        Iterator<ProjectComponent> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(projectManager.getProjectObj(it.next().getProjectId()));
        }
        return hashSet;
    }

    private String getDisplayableProjectList(Collection<Project> collection) {
        return StringUtils.join(Iterables.transform(collection, (v0) -> {
            return v0.getKey();
        }), ", ");
    }

    public void updateUser(UserService.UpdateUserValidationResult updateUserValidationResult) {
        if (!updateUserValidationResult.isValid()) {
            throw new IllegalStateException("Invalid UpdateUserValidationResult");
        }
        ApplicationUser userByKey = this.userManager.getUserByKey(updateUserValidationResult.getApplicationUser().getKey());
        this.userManager.updateUser(updateUserValidationResult.getApplicationUser());
        if (IdentifierUtils.equalsInLowerCase(userByKey.getUsername(), updateUserValidationResult.getApplicationUser().getUsername())) {
            this.eventPublisher.publish(new UserProfileUpdatedEvent(updateUserValidationResult.getApplicationUser(), this.jiraAuthenticationContext.getUser()));
        } else {
            this.eventPublisher.publish(new UserRenamedEvent(updateUserValidationResult.getApplicationUser(), this.jiraAuthenticationContext.getUser(), userByKey.getUsername()));
        }
    }

    public UserService.DeleteUserValidationResult validateDeleteUser(ApplicationUser applicationUser, String str) {
        I18nHelper i18nBean = getI18nBean(applicationUser);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (str != null && str.length() != 0) {
            return validateDeleteUser(applicationUser, this.userManager.getUserByName(str));
        }
        simpleErrorCollection.addError("username", i18nBean.getText("admin.errors.users.cannot.delete.due.to.invalid.username"));
        return new UserService.DeleteUserValidationResult(simpleErrorCollection);
    }

    public UserService.DeleteUserValidationResult validateDeleteUser(ApplicationUser applicationUser, ApplicationUser applicationUser2) {
        I18nHelper i18nBean = getI18nBean(applicationUser);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (!this.permissionManager.hasPermission(0, applicationUser)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.delete.no.permission"));
            return new UserService.DeleteUserValidationResult(simpleErrorCollection);
        }
        if (!this.userManager.isUserExisting(applicationUser2)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.user.does.not.exist"));
            return new UserService.DeleteUserValidationResult(simpleErrorCollection);
        }
        if (applicationUser2.equals(applicationUser)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.cannot.delete.currently.logged.in"));
            return new UserService.DeleteUserValidationResult(simpleErrorCollection);
        }
        if (!this.userManager.canUpdateUser(applicationUser2)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.cannot.delete.user.read.only"));
            return new UserService.DeleteUserValidationResult(simpleErrorCollection);
        }
        if (!isSysAdmin(applicationUser) && isSysAdmin(applicationUser2)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.cannot.delete.due.to.sysadmin"));
            return new UserService.DeleteUserValidationResult(simpleErrorCollection);
        }
        try {
            if (!this.userManager.getUserState(applicationUser2).isInMultipleDirectories()) {
                validateDeleteUserReferences(applicationUser, applicationUser2, i18nBean, simpleErrorCollection);
            }
        } catch (Exception e) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.exception.occured.validating") + " " + e);
        }
        return simpleErrorCollection.hasAnyErrors() ? new UserService.DeleteUserValidationResult(simpleErrorCollection) : new UserService.DeleteUserValidationResult(applicationUser2);
    }

    private void validateDeleteUserReferences(ApplicationUser applicationUser, ApplicationUser applicationUser2, I18nHelper i18nHelper, ErrorCollection errorCollection) throws SearchException {
        String username = applicationUser2.getUsername();
        long numberOfReportedIssuesIgnoreSecurity = this.userUtil.getNumberOfReportedIssuesIgnoreSecurity(applicationUser, applicationUser2);
        if (numberOfReportedIssuesIgnoreSecurity > 0) {
            errorCollection.addErrorMessage(i18nHelper.getText("admin.errors.users.cannot.delete.due.to.reported.issues", "'" + username + "'", UpdateIssueFieldFunction.UNASSIGNED_VALUE + numberOfReportedIssuesIgnoreSecurity));
        }
        long numberOfAssignedIssuesIgnoreSecurity = this.userUtil.getNumberOfAssignedIssuesIgnoreSecurity(applicationUser, applicationUser2);
        if (numberOfAssignedIssuesIgnoreSecurity > 0) {
            errorCollection.addErrorMessage(i18nHelper.getText("admin.errors.users.cannot.delete.due.to.assigned.issues", "'" + username + "'", UpdateIssueFieldFunction.UNASSIGNED_VALUE + numberOfAssignedIssuesIgnoreSecurity));
        }
        long commentCountByAuthor = this.userDeleteVeto.getCommentCountByAuthor(applicationUser2);
        if (commentCountByAuthor > 0) {
            errorCollection.addErrorMessage(i18nHelper.getText("admin.errors.users.cannot.delete.due.to.commented.issues", "'" + username + "'", UpdateIssueFieldFunction.UNASSIGNED_VALUE + commentCountByAuthor));
        }
        long size = this.userUtil.getProjectsLeadBy(applicationUser2).size();
        if (size > 0) {
            errorCollection.addErrorMessage(i18nHelper.getText("admin.errors.users.cannot.delete.due.to.project.lead", "'" + username + "'", UpdateIssueFieldFunction.UNASSIGNED_VALUE + size));
        }
        UnmodifiableIterator it = this.preDeleteUserErrorsManager.getWarnings(applicationUser2).iterator();
        while (it.hasNext()) {
            errorCollection.addErrorMessage(((WebErrorMessage) it.next()).getDescription());
        }
    }

    private boolean isAdministrator(@Nullable ApplicationUser applicationUser) {
        return this.permissionManager.hasPermission(0, applicationUser);
    }

    private boolean isSysAdmin(@Nullable ApplicationUser applicationUser) {
        return this.permissionManager.hasPermission(44, applicationUser);
    }

    public void removeUser(ApplicationUser applicationUser, UserService.DeleteUserValidationResult deleteUserValidationResult) {
        Assertions.notNull("You can not remove a user with a null validation result.", deleteUserValidationResult);
        Assertions.stateTrue("You can not remove a user with an invalid validation result.", deleteUserValidationResult.isValid());
        this.userUtil.removeUser(applicationUser, deleteUserValidationResult.getApplicationUser());
    }

    I18nHelper getI18nBean(ApplicationUser applicationUser) {
        return this.i18nFactory.getInstance(applicationUser);
    }

    public UserService.AddUserToApplicationValidationResult validateAddUserToApplication(ApplicationUser applicationUser, ApplicationKey applicationKey) {
        ApplicationUser applicationUser2 = null;
        if (this.jiraAuthenticationContext != null) {
            applicationUser2 = this.jiraAuthenticationContext.getLoggedInUser();
        }
        return validateAddUserToApplication(applicationUser2, applicationUser, applicationKey);
    }

    public UserService.AddUserToApplicationValidationResult validateAddUserToApplication(ApplicationUser applicationUser, ApplicationUser applicationUser2, ApplicationKey applicationKey) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (applicationUser == null || !isAdministrator(applicationUser)) {
            simpleErrorCollection.addErrorMessage(getI18nBean(applicationUser).getText("admin.errors.users.add.user.to.application.no.permission"));
            return new UserService.AddUserToApplicationValidationResult(simpleErrorCollection);
        }
        simpleErrorCollection.addErrorMessages(this.applicationHelper.validateApplicationKeys(applicationUser2, (Set<ApplicationKey>) ImmutableSet.of(applicationKey)));
        return simpleErrorCollection.hasAnyErrors() ? new UserService.AddUserToApplicationValidationResult(simpleErrorCollection) : new UserService.AddUserToApplicationValidationResult(applicationUser2, this.applicationRoleManager.getDefaultGroups(applicationKey));
    }

    public void addUserToApplication(UserService.AddUserToApplicationValidationResult addUserToApplicationValidationResult) throws AddException, PermissionException {
        Assertions.notNull("You can not add a user to an application with a null validation result.", addUserToApplicationValidationResult);
        Assertions.is("You can not add a user to an application with an invalid validation result.", addUserToApplicationValidationResult.isValid());
        this.userUtil.addUserToGroups(addUserToApplicationValidationResult.getApplicationDefaultGroups(), addUserToApplicationValidationResult.getUserToAdd());
    }

    public UserService.RemoveUserFromApplicationValidationResult validateRemoveUserFromApplication(ApplicationUser applicationUser, ApplicationKey applicationKey) {
        ApplicationUser applicationUser2 = null;
        if (this.jiraAuthenticationContext != null) {
            applicationUser2 = this.jiraAuthenticationContext.getLoggedInUser();
        }
        return validateRemoveUserFromApplication(applicationUser2, applicationUser, applicationKey);
    }

    public UserService.RemoveUserFromApplicationValidationResult validateRemoveUserFromApplication(ApplicationUser applicationUser, ApplicationUser applicationUser2, ApplicationKey applicationKey) {
        Assertions.notNull(SingleUser.DESC, applicationUser2);
        Assertions.notNull("applicationKey", applicationKey);
        I18nHelper i18nBean = getI18nBean(applicationUser);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (applicationUser == null || !isAdministrator(applicationUser)) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.users.remove.user.to.application.no.permission"));
            return new UserService.RemoveUserFromApplicationValidationResult(simpleErrorCollection);
        }
        Option role = this.applicationRoleManager.getRole(applicationKey);
        Set<String> set = null;
        if (role.isEmpty()) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.application.not.defined.by.key", applicationKey));
        } else {
            set = (Set) ((ApplicationRole) role.get()).getGroups().stream().map((v0) -> {
                return v0.getName();
            }).collect(CollectorsUtil.toImmutableSet());
        }
        validateGroupsAreWritableInUserDirectory(applicationUser2, simpleErrorCollection);
        validateNotRemovingAllAdminGroups(applicationUser, applicationUser2, simpleErrorCollection, set);
        return simpleErrorCollection.hasAnyErrors() ? new UserService.RemoveUserFromApplicationValidationResult(simpleErrorCollection) : new UserService.RemoveUserFromApplicationValidationResult(applicationUser2, set);
    }

    public void removeUserFromApplication(UserService.RemoveUserFromApplicationValidationResult removeUserFromApplicationValidationResult) throws RemoveException, PermissionException {
        Assertions.notNull("You can not remove a user from an application with a null validation result.", removeUserFromApplicationValidationResult);
        Assertions.is("You can not remove a user from an application with an invalid validation result.", removeUserFromApplicationValidationResult.isValid());
        Iterator it = removeUserFromApplicationValidationResult.getApplicationGroupNames().iterator();
        while (it.hasNext()) {
            Group group = this.userUtil.getGroup((String) it.next());
            if (group != null) {
                this.userUtil.removeUserFromGroup(group, removeUserFromApplicationValidationResult.getUserToRemove());
            }
        }
    }

    private void validateGroupsAreWritableInUserDirectory(ApplicationUser applicationUser, ErrorCollection errorCollection) {
        I18nHelper i18nHelper = this.jiraAuthenticationContext.getI18nHelper();
        Directory directory = this.userManager.getDirectory(Long.valueOf(applicationUser.getDirectoryId()));
        if (directory.getAllowedOperations().contains(OperationType.CREATE_GROUP)) {
            return;
        }
        errorCollection.addErrorMessage(i18nHelper.getText("admin.errors.directory.fully.read.only", directory.getName()));
    }

    private void dispatchUserCreatedEvent(String str, String str2, String str3, @Nullable Long l, int i, @Nullable ApplicationUser applicationUser, boolean z) {
        ImmutableMap.Builder put = ImmutableMap.builder().put("username", str).put(UserUtilImpl.EMAIL, str2).put(UserUtilImpl.DISPLAY_NAME, str3);
        if (l != null) {
            put.put(UserUtilImpl.DIRECTORY_NAME, this.userManager.getDirectory(l).getName());
            put.put(UserUtilImpl.DIRECTORY_ID, l);
        }
        if (this.userManager.canUpdateUserPassword(applicationUser)) {
            UserUtil.PasswordResetToken generatePasswordResetToken = this.userUtil.generatePasswordResetToken(applicationUser);
            put.put(UserUtilImpl.PASSWORD_TOKEN, generatePasswordResetToken.getToken());
            put.put(UserUtilImpl.PASSWORD_HOURS, Integer.valueOf(generatePasswordResetToken.getExpiryHours()));
        }
        if (z) {
            put.put(UserUtilImpl.SEND_EMAIL, Boolean.valueOf(z));
        }
        UserEventDispatcher.dispatchEvent(i, applicationUser, put.build());
    }

    private void validateNotRemovingAllAdminGroups(ApplicationUser applicationUser, ApplicationUser applicationUser2, ErrorCollection errorCollection, Set<String> set) {
        I18nHelper i18nBean = getI18nBean(applicationUser);
        if (!applicationUser.equals(applicationUser2) || set == null) {
            return;
        }
        if (this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, applicationUser)) {
            if (this.globalPermissionGroupAssociationUtil.isRemovingAllMySysAdminGroups(set, applicationUser)) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.errors.application.cannot.remove.application.last.admin.group"));
            }
        } else if (this.globalPermissionGroupAssociationUtil.isRemovingAllMyAdminGroups(set, applicationUser)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.application.cannot.remove.application.last.admin.group"));
        }
    }
}
