package com.atlassian.jira.jql.permission;

import com.atlassian.jira.external.ExternalUtils;
import com.atlassian.jira.model.querydsl.QAction;
import com.atlassian.jira.model.querydsl.QCustomField;
import com.atlassian.jira.model.querydsl.QCustomFieldOption;
import com.atlassian.jira.model.querydsl.QCustomFieldValue;
import com.atlassian.jira.model.querydsl.QIssue;
import com.atlassian.jira.model.querydsl.QNodeAssociation;
import com.atlassian.jira.model.querydsl.QProject;
import com.atlassian.jira.model.querydsl.QProjectRoleActor;
import com.atlassian.jira.model.querydsl.QSchemePermissions;
import com.atlassian.jira.notification.type.ProjectRoleSecurityAndNotificationType;
import com.atlassian.jira.security.type.ApplicationRoleSecurityType;
import com.atlassian.jira.security.type.CurrentAssignee;
import com.atlassian.jira.security.type.CurrentReporter;
import com.atlassian.jira.security.type.ProjectLead;
import com.atlassian.jira.security.type.UserCF;
import com.mysema.query.sql.SQLSubQuery;
import com.mysema.query.support.Expressions;
import com.mysema.query.types.ExpressionUtils;
import com.mysema.query.types.Ops;
import com.mysema.query.types.Predicate;
import com.mysema.query.types.expr.StringOperation;
import com.mysema.query.types.path.StringPath;
import com.mysema.query.types.query.ListSubQuery;

/* loaded from: input_file:com/atlassian/jira/jql/permission/QueryDslPermissionsPredicateBuilder.class */
public class QueryDslPermissionsPredicateBuilder {
    private final String userKey;

    public QueryDslPermissionsPredicateBuilder(String str) {
        this.userKey = str;
    }

    public Predicate buildSchemePermissionPredicate() {
        return ExpressionUtils.anyOf(new Predicate[]{buildHasProjectWideBrowseProjectPermissionPredicate(), buildIsReporterPredicate(), buildIsAssigneePredicate(), buildIsProjectLeadPredicate(), buildUserCustomFieldPredicate(), buildGroupCustomFieldPredicate()});
    }

    public Predicate buildCommentPermissionPredicate() {
        return this.userKey == null ? buildIsCommentWithoutSecurityLevelPredicate() : ExpressionUtils.anyOf(new Predicate[]{buildIsRoleOrGroupMemberPredicate(), buildIsCommentWithoutSecurityLevelPredicate()});
    }

    private Predicate buildHasProjectWideBrowseProjectPermissionPredicate() {
        return QIssue.ISSUE.project.in(nodeAssociationSubQuery().list(QNodeAssociation.NODE_ASSOCIATION.sourceNodeId));
    }

    private SQLSubQuery nodeAssociationSubQuery() {
        return nodeAssociationSubQuery(schemePermissionsSubQuery());
    }

    private SQLSubQuery nodeAssociationSubQuery(SQLSubQuery sQLSubQuery) {
        return new SQLSubQuery().from(QNodeAssociation.NODE_ASSOCIATION).where(QNodeAssociation.NODE_ASSOCIATION.sourceNodeEntity.eq("Project").and(QNodeAssociation.NODE_ASSOCIATION.sinkNodeEntity.eq("PermissionScheme")).and(QNodeAssociation.NODE_ASSOCIATION.sinkNodeId.in(sQLSubQuery.list(QSchemePermissions.SCHEME_PERMISSIONS.scheme))));
    }

    private SQLSubQuery schemePermissionsSubQuery() {
        return new SQLSubQuery().from(QSchemePermissions.SCHEME_PERMISSIONS).where(QSchemePermissions.SCHEME_PERMISSIONS.permissionKey.eq("BROWSE_PROJECTS").and(ExpressionUtils.anyOf(new Predicate[]{ExpressionUtils.allOf(new Predicate[]{QSchemePermissions.SCHEME_PERMISSIONS.type.eq(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE), QSchemePermissions.SCHEME_PERMISSIONS.parameter.in(projectRoleSubQuery().list(QProjectRoleActor.PROJECT_ROLE_ACTOR.projectroleid.stringValue()))}), QSchemePermissions.SCHEME_PERMISSIONS.type.eq("user").and(QSchemePermissions.SCHEME_PERMISSIONS.parameter.eq(this.userKey)), QSchemePermissions.SCHEME_PERMISSIONS.type.eq("group").and(QSchemePermissions.SCHEME_PERMISSIONS.parameter.in(groupMembershipSubQuery()).or(QSchemePermissions.SCHEME_PERMISSIONS.parameter.isNull())), QSchemePermissions.SCHEME_PERMISSIONS.type.eq(ApplicationRoleSecurityType.ID).and(QSchemePermissions.SCHEME_PERMISSIONS.parameter.in(licenseRoleSubQuery()))})));
    }

    private SQLSubQuery projectRoleSubQuery() {
        return QueryDslPermissionsHelper.projectRolesForUserKeyQuery(this.userKey).where(QNodeAssociation.NODE_ASSOCIATION.sourceNodeId.eq(QProjectRoleActor.PROJECT_ROLE_ACTOR.pid));
    }

    private Predicate buildIsCommentWithoutSecurityLevelPredicate() {
        return ExpressionUtils.and(QAction.ACTION.rolelevel.isNull(), QAction.ACTION.level.isNull());
    }

    private Predicate buildIsRoleOrGroupMemberPredicate() {
        return ExpressionUtils.or(QAction.ACTION.rolelevel.in(projectRoleCommentSubQuery().list(QProjectRoleActor.PROJECT_ROLE_ACTOR.projectroleid.longValue())), QAction.ACTION.level.in(groupMembershipSubQuery()));
    }

    private SQLSubQuery projectRoleCommentSubQuery() {
        return new SQLSubQuery().from(QProjectRoleActor.PROJECT_ROLE_ACTOR).where(new Predicate[]{QAction.ACTION.rolelevel.eq(QProjectRoleActor.PROJECT_ROLE_ACTOR.projectroleid), buildRoleMembershipPredicate()});
    }

    private Predicate buildRoleMembershipPredicate() {
        return ExpressionUtils.or(QProjectRoleActor.PROJECT_ROLE_ACTOR.roletype.eq("atlassian-group-role-actor").and(QProjectRoleActor.PROJECT_ROLE_ACTOR.roletypeparameter.in(groupMembershipSubQuery())), QProjectRoleActor.PROJECT_ROLE_ACTOR.roletype.eq("atlassian-user-role-actor").and(QProjectRoleActor.PROJECT_ROLE_ACTOR.roletypeparameter.eq(this.userKey)));
    }

    private ListSubQuery<String> groupMembershipSubQuery() {
        return QueryDslPermissionsHelper.groupsContainingUser(this.userKey);
    }

    private ListSubQuery<String> licenseRoleSubQuery() {
        return QueryDslPermissionsHelper.licenseRolesContainingUser(this.userKey);
    }

    private Predicate buildIsReporterPredicate() {
        return ExpressionUtils.and(buildPermissionInNodeAssociationPredicate(CurrentReporter.DESC, QIssue.ISSUE.reporter), QIssue.ISSUE.reporter.eq(this.userKey));
    }

    private Predicate buildIsAssigneePredicate() {
        return ExpressionUtils.and(buildPermissionInNodeAssociationPredicate(CurrentAssignee.DESC, QIssue.ISSUE.assignee), QIssue.ISSUE.assignee.eq(this.userKey));
    }

    private Predicate buildPermissionInNodeAssociationPredicate(String str, StringPath stringPath) {
        return stringPath.eq(this.userKey).and(QIssue.ISSUE.project.in(nodeAssociationSubQuery(QueryDslPermissionsHelper.schemePermissionsForPermissionTypeAndKeyQuery(str, "BROWSE_PROJECTS")).list(QNodeAssociation.NODE_ASSOCIATION.sourceNodeId)));
    }

    private Predicate buildIsProjectLeadPredicate() {
        return QIssue.ISSUE.project.in(new SQLSubQuery().from(QProject.PROJECT).where(QProject.PROJECT.lead.eq(this.userKey).and(QProject.PROJECT.id.in(nodeAssociationSubQuery(QueryDslPermissionsHelper.schemePermissionsForPermissionTypeAndKeyQuery(ProjectLead.DESC, "BROWSE_PROJECTS")).list(QNodeAssociation.NODE_ASSOCIATION.sourceNodeId)))).list(QProject.PROJECT.id));
    }

    private Predicate buildUserCustomFieldPredicate() {
        return QIssue.ISSUE.id.in(joinQueryForCustomFieldPermissions().where(QSchemePermissions.SCHEME_PERMISSIONS.permissionKey.eq("BROWSE_PROJECTS").and(QSchemePermissions.SCHEME_PERMISSIONS.type.eq(UserCF.TYPE)).and(QCustomFieldValue.CUSTOM_FIELD_VALUE.stringvalue.eq(this.userKey))).list(QCustomFieldValue.CUSTOM_FIELD_VALUE.issue));
    }

    private Predicate buildGroupCustomFieldPredicate() {
        return QIssue.ISSUE.id.in(new SQLSubQuery().union(new ListSubQuery[]{joinQueryForCustomFieldPermissions().join(QCustomField.CUSTOM_FIELD).on(QCustomField.CUSTOM_FIELD.id.eq(QCustomFieldValue.CUSTOM_FIELD_VALUE.customfield)).where(QCustomFieldValue.CUSTOM_FIELD_VALUE.stringvalue.lower().in(groupMembershipSubQuery()).and(ExpressionUtils.anyOf(new Predicate[]{QCustomField.CUSTOM_FIELD.customfieldtypekey.eq(QueryDslPermissionsHelper.MULTI_GROUP_PICKER), QCustomField.CUSTOM_FIELD.customfieldtypekey.eq(QueryDslPermissionsHelper.GROUP_PICKER)}))).list(QCustomFieldValue.CUSTOM_FIELD_VALUE.issue), joinQueryForCustomFieldPermissions().join(QCustomField.CUSTOM_FIELD).on(QCustomField.CUSTOM_FIELD.id.eq(QCustomFieldValue.CUSTOM_FIELD_VALUE.customfield)).join(QCustomFieldOption.CUSTOM_FIELD_OPTION).on(QCustomFieldOption.CUSTOM_FIELD_OPTION.id.stringValue().eq(QCustomFieldValue.CUSTOM_FIELD_VALUE.stringvalue)).where(QCustomFieldOption.CUSTOM_FIELD_OPTION.value.in(groupMembershipSubQuery()).and(ExpressionUtils.anyOf(new Predicate[]{QCustomField.CUSTOM_FIELD.customfieldtypekey.eq(QueryDslPermissionsHelper.MULTI_SELECT), QCustomField.CUSTOM_FIELD.customfieldtypekey.eq(QueryDslPermissionsHelper.SINGLE_SELECT)}))).list(QCustomFieldValue.CUSTOM_FIELD_VALUE.issue)}));
    }

    private SQLSubQuery joinQueryForCustomFieldPermissions() {
        return new SQLSubQuery().from(QIssue.ISSUE).join(QNodeAssociation.NODE_ASSOCIATION).on(QIssue.ISSUE.project.eq(QNodeAssociation.NODE_ASSOCIATION.sourceNodeId)).join(QSchemePermissions.SCHEME_PERMISSIONS).on(QNodeAssociation.NODE_ASSOCIATION.sinkNodeId.eq(QSchemePermissions.SCHEME_PERMISSIONS.scheme)).join(QCustomFieldValue.CUSTOM_FIELD_VALUE).on(StringOperation.create(Ops.CONCAT, Expressions.constant(ExternalUtils.CF_PREFIX), QCustomFieldValue.CUSTOM_FIELD_VALUE.customfield).eq(QSchemePermissions.SCHEME_PERMISSIONS.parameter).and(QIssue.ISSUE.id.eq(QCustomFieldValue.CUSTOM_FIELD_VALUE.issue)));
    }
}
