package com.atlassian.jira.jql.permission;

import com.atlassian.jira.model.querydsl.QIssue;
import com.atlassian.jira.model.querydsl.QProject;
import com.atlassian.jira.model.querydsl.QSchemeIssueSecurities;
import com.atlassian.jira.notification.type.ProjectRoleSecurityAndNotificationType;
import com.atlassian.jira.security.type.ApplicationRoleSecurityType;
import com.atlassian.jira.security.type.CurrentAssignee;
import com.atlassian.jira.security.type.CurrentReporter;
import com.atlassian.jira.security.type.GroupCF;
import com.atlassian.jira.security.type.ProjectLead;
import com.atlassian.jira.security.type.UserCF;
import com.mysema.query.sql.SQLSubQuery;
import com.mysema.query.types.ExpressionUtils;
import com.mysema.query.types.Predicate;
import com.mysema.query.types.path.StringPath;
import com.mysema.query.types.query.ListSubQuery;

/* loaded from: input_file:com/atlassian/jira/jql/permission/QueryDslSecurityLevelPredicateBuilder.class */
public class QueryDslSecurityLevelPredicateBuilder {
    private final String userKey;

    public QueryDslSecurityLevelPredicateBuilder(String str) {
        this.userKey = str;
    }

    public Predicate buildSecurityLevelPermissionPredicate() {
        return ExpressionUtils.anyOf(new Predicate[]{issueNotInASchemePredicate(), isUserInIssueSecurityLevel(), isReporterPredicate(), isAssigneePredicate(), isProjectLeadPredicate(), isUserinUserCFPredicate(), isUserinGroupCFPredicate()});
    }

    private Predicate issueNotInASchemePredicate() {
        return QIssue.ISSUE.security.isNull();
    }

    private ListSubQuery<Long> schemeIssueSecurities(String str) {
        return new SQLSubQuery().from(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES).where(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq(str)).list(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.security);
    }

    private Predicate isUserInIssueSecurityLevel() {
        return QIssue.ISSUE.security.in(new SQLSubQuery().from(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES).where(ExpressionUtils.anyOf(new Predicate[]{isUserPredicate(), isUserInGroupPredicate(), isUserInProjectRolePredicate(), isUserInApplicationRole()})).list(QIssue.ISSUE.security));
    }

    private Predicate isUserPredicate() {
        return securityTypeAndParameterPredicate("user", this.userKey);
    }

    private Predicate isUserInGroupPredicate() {
        return ExpressionUtils.anyOf(new Predicate[]{securityTypeAndParameterInListPredicate("group", QueryDslPermissionsHelper.groupsContainingUser(this.userKey)), ExpressionUtils.allOf(new Predicate[]{QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq("group"), QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.isNull()})});
    }

    private Predicate isUserInProjectRolePredicate() {
        return securityTypeAndParameterInListPredicate(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, QueryDslPermissionsHelper.projectRoleIdsAsStringForUserKey(this.userKey));
    }

    private Predicate isUserInApplicationRole() {
        return securityTypeAndParameterInListPredicate(ApplicationRoleSecurityType.ID, QueryDslPermissionsHelper.licenseRolesContainingUser(this.userKey));
    }

    private Predicate securityTypeAndParameterInListPredicate(String str, ListSubQuery<String> listSubQuery) {
        return ExpressionUtils.allOf(new Predicate[]{QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq(str), QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.in(listSubQuery)});
    }

    private Predicate isReporterPredicate() {
        return doesIssueFieldHaveSecurityType(QIssue.ISSUE.reporter, CurrentReporter.DESC);
    }

    private Predicate isAssigneePredicate() {
        return doesIssueFieldHaveSecurityType(QIssue.ISSUE.assignee, CurrentAssignee.DESC);
    }

    private Predicate isProjectLeadPredicate() {
        return QIssue.ISSUE.project.in(new SQLSubQuery().from(QProject.PROJECT).where(ExpressionUtils.allOf(new Predicate[]{this.userKey == null ? QProject.PROJECT.lead.isNull() : QProject.PROJECT.lead.eq(this.userKey), issueHasSecurityType(ProjectLead.DESC)})).list(QProject.PROJECT.id));
    }

    private Predicate isUserinUserCFPredicate() {
        return QIssue.ISSUE.security.in(new SQLSubQuery().from(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES).where(ExpressionUtils.allOf(new Predicate[]{QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq(UserCF.TYPE), QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.in(QueryDslPermissionsHelper.customFieldIdsWhereUserCFContainsUser(this.userKey))})).list(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.security));
    }

    private Predicate isUserinGroupCFPredicate() {
        return QIssue.ISSUE.security.in(new SQLSubQuery().from(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES).where(ExpressionUtils.allOf(new Predicate[]{QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq(GroupCF.TYPE), QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.in(QueryDslPermissionsHelper.customFieldIdsWhereGroupCFContainsUser(this.userKey))})).list(QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.security));
    }

    private Predicate doesIssueFieldHaveSecurityType(StringPath stringPath, String str) {
        return ExpressionUtils.allOf(new Predicate[]{userKeyInField(stringPath), issueHasSecurityType(str)});
    }

    private Predicate issueHasSecurityType(String str) {
        return QIssue.ISSUE.security.in(schemeIssueSecurities(str));
    }

    private Predicate userKeyInField(StringPath stringPath) {
        return this.userKey == null ? stringPath.isNull() : stringPath.eq(this.userKey);
    }

    private Predicate securityTypeAndParameterPredicate(String str, String str2) {
        return ExpressionUtils.allOf(new Predicate[]{QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.type.eq(str), str2 == null ? QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.isNull() : QSchemeIssueSecurities.SCHEME_ISSUE_SECURITIES.parameter.eq(str2)});
    }
}
