package com.atlassian.jira.permission;

import com.atlassian.fugue.Option;
import com.atlassian.jira.bc.JiraServiceContext;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.issue.CustomFieldManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.plugin.ProjectPermissionTypesManager;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.security.type.SecurityType;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.ErrorCollections;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.lang.JiraStringUtils;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableMap;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/atlassian/jira/permission/PermissionGrantValidator.class */
public class PermissionGrantValidator {
    private final PermissionTypeManager permissionTypeManager;
    private final ProjectPermissionTypesManager projectPermissionsManager;
    private final I18nHelper i18n;
    private final GroupManager groupManager;
    private final CustomFieldManager customFieldManager;
    private final ProjectRoleManager projectRoleManager;
    private final UserManager userManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.jira.permission.PermissionGrantValidator$2, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/jira/permission/PermissionGrantValidator$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType = new int[JiraPermissionHolderType.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[JiraPermissionHolderType.GROUP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[JiraPermissionHolderType.USER_CUSTOM_FIELD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[JiraPermissionHolderType.GROUP_CUSTOM_FIELD.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[JiraPermissionHolderType.PROJECT_ROLE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[JiraPermissionHolderType.USER.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public PermissionGrantValidator(PermissionTypeManager permissionTypeManager, ProjectPermissionTypesManager projectPermissionTypesManager, I18nHelper i18nHelper, GroupManager groupManager, CustomFieldManager customFieldManager, ProjectRoleManager projectRoleManager, UserManager userManager) {
        this.permissionTypeManager = permissionTypeManager;
        this.projectPermissionsManager = projectPermissionTypesManager;
        this.i18n = i18nHelper;
        this.groupManager = groupManager;
        this.customFieldManager = customFieldManager;
        this.projectRoleManager = projectRoleManager;
        this.userManager = userManager;
    }

    public ErrorCollection validateGrants(ApplicationUser applicationUser, Iterable<PermissionGrantInput> iterable) {
        ErrorCollection empty = ErrorCollections.empty();
        Iterator<PermissionGrantInput> it = iterable.iterator();
        while (it.hasNext()) {
            empty.addErrorCollection(validateGrant(applicationUser, it.next()));
        }
        return empty;
    }

    public ErrorCollection validateGrant(ApplicationUser applicationUser, PermissionGrantInput permissionGrantInput) {
        ErrorCollection initialValidation = initialValidation(permissionGrantInput);
        return initialValidation.hasAnyErrors() ? initialValidation : validationImplementedByTypes(applicationUser, permissionGrantInput);
    }

    private ErrorCollection initialValidation(PermissionGrantInput permissionGrantInput) {
        ErrorCollection empty = ErrorCollections.empty();
        empty.addErrorCollection(validatePermission(permissionGrantInput.getPermission()));
        empty.addErrorCollection(validateHolder(permissionGrantInput.getHolder()));
        return empty;
    }

    private ErrorCollection validatePermission(ProjectPermissionKey projectPermissionKey) {
        return !this.projectPermissionsManager.exists(projectPermissionKey) ? ErrorCollections.validationError("permission", this.i18n.getText("admin.schemes.permissions.validation.permission.unrecognized", projectPermissionKey)) : ErrorCollections.empty();
    }

    private ErrorCollection validateHolder(PermissionHolder permissionHolder) {
        Option fromKey = JiraPermissionHolderType.fromKey(permissionHolder.getType().getKey(), (String) permissionHolder.getParameter().getOrNull());
        if (fromKey.isDefined()) {
            switch (AnonymousClass2.$SwitchMap$com$atlassian$jira$permission$JiraPermissionHolderType[((JiraPermissionHolderType) fromKey.get()).ordinal()]) {
                case 1:
                    if (!this.groupManager.groupExists((String) permissionHolder.getParameter().get())) {
                        return ErrorCollections.validationError("holder.parameter", this.i18n.getText("admin.schemes.permissions.validation.group.does.not.exist", (String) permissionHolder.getParameter().get()));
                    }
                    break;
                case 2:
                case 3:
                    return validateCustomField((String) permissionHolder.getParameter().get());
                case 4:
                    Option option = JiraStringUtils.toLong((String) permissionHolder.getParameter().get());
                    if (option.isEmpty()) {
                        return ErrorCollections.validationError("holder.parameter", this.i18n.getText("admin.schemes.permissions.validation.project.role.id.must.be.number"));
                    }
                    if (this.projectRoleManager.getProjectRole((Long) option.get()) == null) {
                        return ErrorCollections.validationError("holder.parameter", this.i18n.getText("admin.schemes.permissions.validation.project.role.does.not.exist", (String) permissionHolder.getParameter().get()));
                    }
                    break;
                case 5:
                    if (this.userManager.getUserByName((String) permissionHolder.getParameter().get()) == null) {
                        return ErrorCollections.validationError("holder.parameter", this.i18n.getText("admin.schemes.permissions.validation.user.does.not.exist", (String) permissionHolder.getParameter().get()));
                    }
                    break;
                default:
                    return ErrorCollections.empty();
            }
        }
        return ErrorCollections.empty();
    }

    private ErrorCollection validateCustomField(String str) {
        return !this.customFieldManager.exists(str) ? ErrorCollections.validationError("holder.parameter", this.i18n.getText("admin.schemes.permissions.validation.cf.does.not.exist", str)) : ErrorCollections.empty();
    }

    private Map<String, String> getParameters(final PermissionHolder permissionHolder) {
        return (Map) permissionHolder.getParameter().map(new Function<String, Map<String, String>>() { // from class: com.atlassian.jira.permission.PermissionGrantValidator.1
            public Map<String, String> apply(String str) {
                return ImmutableMap.of(permissionHolder.getType().getKey(), str);
            }
        }).getOrElse(Collections.emptyMap());
    }

    private ErrorCollection validationImplementedByTypes(ApplicationUser applicationUser, PermissionGrantInput permissionGrantInput) {
        JiraServiceContext jiraServiceContextImpl = new JiraServiceContextImpl(applicationUser, ErrorCollections.empty(), this.i18n);
        String key = permissionGrantInput.getHolder().getType().getKey();
        SecurityType schemeType = this.permissionTypeManager.getSchemeType(key);
        if (schemeType == null) {
            return ErrorCollections.validationError("holder.type", this.i18n.getText("admin.schemes.permissions.validation.holder.type.unrecognized", key));
        }
        if (!schemeType.isValidForPermission(permissionGrantInput.getPermission())) {
            return ErrorCollections.create(this.i18n.getText("admin.permissions.errors.invalid.combination", permissionGrantInput.getPermission().permissionKey(), key), ErrorCollection.Reason.VALIDATION_FAILED);
        }
        schemeType.doValidation(key, getParameters(permissionGrantInput.getHolder()), jiraServiceContextImpl);
        return jiraServiceContextImpl.getErrorCollection();
    }
}
