package com.atlassian.jira.web.action.admin;

import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.fugue.Option;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.GlobalPermissionType;
import com.atlassian.jira.permission.management.beans.ProjectPermissionOperationResultBean;
import com.atlassian.jira.security.GlobalPermissionEntry;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.xsrf.RequiresXsrfCheck;
import com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil;
import com.atlassian.jira.web.action.ProjectActionSupport;
import com.atlassian.jira.web.bean.BulkEditMultiSelectFieldBeanImpl;
import com.atlassian.jira.web.util.ExternalLinkUtil;
import com.atlassian.jira.workflow.function.issue.UpdateIssueFieldFunction;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.google.common.base.Supplier;
import com.google.common.collect.Maps;
import com.opensymphony.util.TextUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;

@WebSudoRequired
/* loaded from: input_file:com/atlassian/jira/web/action/admin/GlobalPermissions.class */
public class GlobalPermissions extends ProjectActionSupport {
    private static final String EXTERNAL_LINK_GLOBAL_PERMISSIONS_MANAGEMENT = "external.link.global.permissions.management";
    private Map<String, String> globalPermTypes;
    private String groupName;
    private final GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil;
    private final GlobalPermissionManager globalPermissionManager;
    private final GroupManager groupManager;
    private final ApplicationRoleManager applicationRoleManager;
    private final ExternalLinkUtil externalLinkUtil;
    private String globalPermTypeName = UpdateIssueFieldFunction.UNASSIGNED_VALUE;
    private String action = "view";
    private final Supplier<String> returnUnknownString = () -> {
        return getText("common.words.unknown");
    };

    /* loaded from: input_file:com/atlassian/jira/web/action/admin/GlobalPermissions$Actions.class */
    private static final class Actions {
        private static final String VIEW = "view";
        private static final String ADD = "add";
        private static final String DEL = "del";
        private static final String DELETE = "delete";
        private static final String CONFIRM = "confirm";

        private Actions() {
        }
    }

    public GlobalPermissions(GlobalPermissionManager globalPermissionManager, GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil, GroupManager groupManager, ApplicationRoleManager applicationRoleManager, ExternalLinkUtil externalLinkUtil) {
        this.globalPermissionGroupAssociationUtil = globalPermissionGroupAssociationUtil;
        this.globalPermissionManager = globalPermissionManager;
        this.groupManager = groupManager;
        this.applicationRoleManager = applicationRoleManager;
        this.externalLinkUtil = externalLinkUtil;
    }

    public String doDefault() throws Exception {
        return ProjectPermissionOperationResultBean.SUCCESS_TYPE;
    }

    public void doValidation() {
        if (StringUtils.isNotBlank(this.globalPermTypeName)) {
            Option globalPermission = this.globalPermissionManager.getGlobalPermission(this.globalPermTypeName);
            Group group = this.groupName == null ? null : this.groupManager.getGroup(this.groupName);
            if (globalPermission.isEmpty()) {
                addError("groupName", getText("admin.errors.permissions.inexistent.permission"));
            } else {
                if (!isAnonymous() && group == null && !"del".equals(this.action) && !"confirm".equals(this.action)) {
                    addError("groupName", getText("admin.errors.permissions.inexistent.group", "'" + this.groupName + "'"));
                }
                GlobalPermissionType globalPermissionType = (GlobalPermissionType) globalPermission.get();
                validateAdd(group, globalPermissionType);
                validateDelete(globalPermissionType);
            }
        } else if (BulkEditMultiSelectFieldBeanImpl.ADD_ID.equals(this.action)) {
            addError("groupName", getText("admin.errors.permissions.must.select.permission"));
        }
        super.doValidation();
    }

    @RequiresXsrfCheck
    protected String doExecute() throws Exception {
        if (StringUtils.isNotBlank(this.globalPermTypeName)) {
            Option globalPermission = this.globalPermissionManager.getGlobalPermission(this.globalPermTypeName);
            if (globalPermission.isDefined()) {
                GlobalPermissionType globalPermissionType = (GlobalPermissionType) globalPermission.get();
                if ("del".equals(this.action)) {
                    removePermission(globalPermissionType, this.groupName);
                    this.action = "view";
                    return getPermissionRedirect();
                }
                if ("confirm".equals(this.action)) {
                    return "confirm";
                }
                if (BulkEditMultiSelectFieldBeanImpl.ADD_ID.equals(this.action)) {
                    addPermission(globalPermissionType, this.groupName == null ? null : this.groupManager.getGroup(this.groupName));
                    return getPermissionRedirect();
                }
            }
        }
        return getResult();
    }

    private void validateDelete(GlobalPermissionType globalPermissionType) {
        if ("del".equals(this.action) || "confirm".equals(this.action)) {
            if (this.groupName != null && !this.globalPermissionManager.getGroupNamesWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(this.groupName)) {
                addErrorMessage(getText("admin.errors.permissions.delete.group.not.in.permission", this.groupName, getText(globalPermissionType.getNameI18nKey())));
            }
            if (!isManagedByJira(this.globalPermTypeName)) {
                addErrorMessage(getText("admin.errors.permissions.permission.not.managed.by.jira"));
            }
            if (this.globalPermTypeName.equals(GlobalPermissionKey.ADMINISTER.getKey())) {
                if (this.globalPermissionGroupAssociationUtil.isRemovingAllMyAdminGroups(Arrays.asList(this.groupName), getLoggedInUser()) && !this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission"));
                }
            } else if (this.globalPermTypeName.equals(GlobalPermissionKey.SYSTEM_ADMIN.getKey())) {
                if (!this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission.sys.admin.only"));
                } else if (this.globalPermissionGroupAssociationUtil.isRemovingAllMySysAdminGroups(Arrays.asList(this.groupName), getLoggedInUser())) {
                    addErrorMessage(getText("admin.errors.permissions.no.permission.sys.admin"));
                }
            }
        }
    }

    private void validateAdd(@Nullable Group group, GlobalPermissionType globalPermissionType) {
        if (BulkEditMultiSelectFieldBeanImpl.ADD_ID.equals(this.action)) {
            if (isAnonymous()) {
                if (!globalPermissionType.isAnonymousAllowed()) {
                    addError("groupName", getText("admin.errors.permissions.group.notallowed.for.permission", getText("admin.common.words.anyone"), getText(globalPermissionType.getNameI18nKey())));
                }
            } else if (group != null && this.globalPermTypeName.equals(GlobalPermissionKey.USE.getKey()) && getAdministrativeGroups().contains(group)) {
                addError("groupName", getText("admin.errors.permissions.group.notallowed.for.permission", this.groupName, getText(globalPermissionType.getNameI18nKey())));
            }
            if (!getGlobalPermTypes().containsKey(this.globalPermTypeName)) {
                addErrorMessage(getText("admin.errors.permissions.not.have.permission.to.add"));
            } else {
                if (isManagedByJira(this.globalPermTypeName)) {
                    return;
                }
                addErrorMessage(getText("admin.errors.permissions.permission.not.managed.by.jira"));
            }
        }
    }

    private boolean isAnonymous() {
        return this.groupName == null;
    }

    private String getPermissionRedirect() throws Exception {
        return getRedirect("GlobalPermissions!default.jspa");
    }

    private void addPermission(GlobalPermissionType globalPermissionType, Group group) {
        String name = group == null ? null : group.getName();
        if (this.globalPermissionManager.getGroupNamesWithPermission(globalPermissionType.getGlobalPermissionKey()).contains(name)) {
            return;
        }
        this.globalPermissionManager.addPermission(globalPermissionType, name);
    }

    private void removePermission(GlobalPermissionType globalPermissionType, String str) {
        Group group = str == null ? null : this.groupManager.getGroup(str);
        String str2 = null;
        if (group != null) {
            str2 = group.getName();
        } else if (str != null) {
            str2 = str;
        }
        this.globalPermissionManager.removePermission(globalPermissionType, str2);
    }

    public Collection<GlobalPermissionEntry> getPermissionGroups(String str) {
        return this.globalPermissionManager.getPermissions(GlobalPermissionKey.of(str));
    }

    public Collection getGroups() {
        return this.groupManager.getAllGroups();
    }

    public String getGlobalPermType() {
        return this.globalPermTypeName;
    }

    public String getPermTypeName() {
        return (String) this.globalPermissionManager.getGlobalPermission(this.globalPermTypeName).fold(this.returnUnknownString, globalPermissionType -> {
            return getText(globalPermissionType.getNameI18nKey());
        });
    }

    public void setGlobalPermType(String str) {
        this.globalPermTypeName = str;
    }

    public String getGroupName() {
        return this.groupName;
    }

    public void setGroupName(String str) {
        if (TextUtils.stringSet(str)) {
            this.groupName = str;
        } else {
            this.groupName = null;
        }
    }

    public void setAction(String str) {
        if ("del".equalsIgnoreCase(str) || "delete".equalsIgnoreCase(str)) {
            this.action = "del";
        } else if ("confirm".equalsIgnoreCase(str)) {
            this.action = "confirm";
        } else {
            this.action = BulkEditMultiSelectFieldBeanImpl.ADD_ID;
        }
    }

    public boolean isConfirm() {
        return "confirm".equalsIgnoreCase(this.action);
    }

    public Map<String, String> getGlobalPermTypes() {
        if (this.globalPermTypes == null) {
            this.globalPermTypes = new LinkedHashMap();
            if (this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, getLoggedInUser())) {
                this.globalPermTypes.put(GlobalPermissionKey.SYSTEM_ADMIN.getKey(), getText(((GlobalPermissionType) this.globalPermissionManager.getGlobalPermission(GlobalPermissionKey.SYSTEM_ADMIN).get()).getNameI18nKey()));
            }
            permissionMapHelper(GlobalPermissionKey.ADMINISTER, this.globalPermTypes);
            permissionMapHelper(GlobalPermissionKey.USE, this.globalPermTypes);
            permissionMapHelper(GlobalPermissionKey.USER_PICKER, this.globalPermTypes);
            permissionMapHelper(GlobalPermissionKey.CREATE_SHARED_OBJECTS, this.globalPermTypes);
            permissionMapHelper(GlobalPermissionKey.MANAGE_GROUP_FILTER_SUBSCRIPTIONS, this.globalPermTypes);
            permissionMapHelper(GlobalPermissionKey.BULK_CHANGE, this.globalPermTypes);
            this.globalPermissionManager.getAllGlobalPermissions().stream().filter(globalPermissionType -> {
                return (this.globalPermTypes.containsKey(globalPermissionType.getKey()) || GlobalPermissionKey.SYSTEM_ADMIN.equals(globalPermissionType.getGlobalPermissionKey())) ? false : true;
            }).forEach(globalPermissionType2 -> {
                this.globalPermTypes.put(globalPermissionType2.getKey(), getText(globalPermissionType2.getNameI18nKey()));
            });
            this.globalPermTypes.remove(GlobalPermissionKey.USE.getKey());
        }
        return this.globalPermTypes;
    }

    public Map<String, String> getManagablePermissions() {
        return Maps.filterEntries(getGlobalPermTypes(), entry -> {
            return isManagedByJira((String) entry.getKey());
        });
    }

    private void permissionMapHelper(GlobalPermissionKey globalPermissionKey, Map<String, String> map) {
        Option globalPermission = this.globalPermissionManager.getGlobalPermission(globalPermissionKey);
        if (globalPermission.isDefined()) {
            GlobalPermissionType globalPermissionType = (GlobalPermissionType) globalPermission.get();
            map.put(globalPermissionType.getKey(), getText(globalPermissionType.getNameI18nKey()));
        }
    }

    public String getDescription(String str) {
        return (String) this.globalPermissionManager.getGlobalPermission(str).fold(this.returnUnknownString, globalPermissionType -> {
            return getText(globalPermissionType.getDescriptionI18nKey());
        });
    }

    public boolean isManagedByJira(String str) {
        return this.globalPermissionManager.isPermissionManagedByJira(GlobalPermissionKey.of(str));
    }

    public String getExternalPermissionManagementUrl() {
        return this.externalLinkUtil.getProperty(EXTERNAL_LINK_GLOBAL_PERMISSIONS_MANAGEMENT);
    }

    public boolean hasExceededUserLimit() {
        return this.applicationRoleManager.isAnyRoleLimitExceeded();
    }

    private Collection<Group> getAdministrativeGroups() {
        ArrayList arrayList = new ArrayList(this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.ADMINISTER));
        arrayList.addAll(this.globalPermissionManager.getGroupsWithPermission(GlobalPermissionKey.SYSTEM_ADMIN));
        return Collections.unmodifiableCollection(arrayList);
    }
}
