package com.atlassian.jira.security;

import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.fugue.Option;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.issue.security.IssueSecuritySchemeManager;
import com.atlassian.jira.issue.status.Status;
import com.atlassian.jira.permission.LegacyProjectPermissionKeyMapping;
import com.atlassian.jira.permission.ProjectPermission;
import com.atlassian.jira.permission.ProjectPermissionCategory;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectCategory;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.plugin.ProjectPermissionOverride;
import com.atlassian.jira.security.plugin.ProjectPermissionOverrideModuleDescriptor;
import com.atlassian.jira.security.plugin.ProjectPermissionTypesManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.ozymandias.SafePluginPointAccess;
import com.google.common.base.MoreObjects;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.opensymphony.workflow.loader.ActionDescriptor;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/security/DefaultPermissionManager.class */
public class DefaultPermissionManager implements PermissionManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultPermissionManager.class);
    private final ProjectPermissionTypesManager projectPermissionTypesManager;
    private final ProjectPermissionOverrideDescriptorCache projectPermissionOverrideDescriptorCache;

    public DefaultPermissionManager(ProjectPermissionTypesManager projectPermissionTypesManager, ProjectPermissionOverrideDescriptorCache projectPermissionOverrideDescriptorCache) {
        this.projectPermissionTypesManager = projectPermissionTypesManager;
        this.projectPermissionOverrideDescriptorCache = projectPermissionOverrideDescriptorCache;
    }

    public Collection<ProjectPermission> getAllProjectPermissions() {
        return this.projectPermissionTypesManager.all();
    }

    public Collection<ProjectPermission> getProjectPermissions(@Nonnull ProjectPermissionCategory projectPermissionCategory) {
        return this.projectPermissionTypesManager.withCategory(projectPermissionCategory);
    }

    public Option<ProjectPermission> getProjectPermission(@Nonnull ProjectPermissionKey projectPermissionKey) {
        return this.projectPermissionTypesManager.withKey(projectPermissionKey);
    }

    public boolean hasPermission(int i, ApplicationUser applicationUser) {
        if (isGlobalPermission(i)) {
            return applicationUser == null ? ComponentAccessor.getGlobalPermissionManager().hasPermission(i) : applicationUser.isActive() && ComponentAccessor.getGlobalPermissionManager().hasPermission(i, applicationUser);
        }
        throw new IllegalArgumentException("Expected global permission, got " + i);
    }

    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Issue issue, @Nullable ApplicationUser applicationUser) {
        return withPermissionOverriding(doIssuePermissionCheck(projectPermissionKey, issue, applicationUser), projectPermissionKey, issue.getProjectObject(), applicationUser);
    }

    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Issue issue, @Nullable ApplicationUser applicationUser, @Nullable ActionDescriptor actionDescriptor) {
        throw new UnsupportedOperationException();
    }

    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Issue issue, @Nullable ApplicationUser applicationUser, @Nonnull Status status) {
        throw new UnsupportedOperationException();
    }

    public boolean hasPermission(int i, Issue issue, ApplicationUser applicationUser) {
        return hasPermission(getNonGlobalKey(i), issue, applicationUser);
    }

    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Project project, @Nullable ApplicationUser applicationUser) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, applicationUser, false), projectPermissionKey, project, applicationUser);
    }

    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser) {
        return hasPermission(getNonGlobalKey(i), project, applicationUser);
    }

    @Nonnull
    public ProjectWidePermission hasProjectWidePermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Project project, @Nullable ApplicationUser applicationUser) {
        return withPermissionOverriding(doProjectWidePermissionCheck(projectPermissionKey, project, applicationUser, false), projectPermissionKey, project, applicationUser);
    }

    public boolean hasPermission(int i, Project project, ApplicationUser applicationUser, boolean z) {
        return hasPermission(getNonGlobalKey(i), project, applicationUser, z);
    }

    public boolean hasPermission(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Project project, @Nullable ApplicationUser applicationUser, boolean z) {
        return withPermissionOverriding(doProjectPermissionCheck(projectPermissionKey, project, applicationUser, z), projectPermissionKey, project, applicationUser);
    }

    private boolean doIssuePermissionCheck(ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser) {
        return issue.getId() != null ? doIssuePermissionCheck(projectPermissionKey, issue, applicationUser, false) : doProjectPermissionCheck(projectPermissionKey, issue.getProjectObject(), applicationUser, true);
    }

    private boolean doIssuePermissionCheck(ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser, boolean z) {
        if (!doProjectPermissionCheck(projectPermissionKey, issue.getProjectObject(), applicationUser, false) || !doPermissionSchemeCheck(projectPermissionKey, issue, applicationUser, z)) {
            return false;
        }
        if (ProjectPermissions.BROWSE_PROJECTS.equals(projectPermissionKey)) {
            return ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).hasSecurityLevelAccess(issue, applicationUser);
        }
        return true;
    }

    private boolean doPermissionSchemeCheck(ProjectPermissionKey projectPermissionKey, Issue issue, ApplicationUser applicationUser, boolean z) {
        if (this.projectPermissionTypesManager.exists(projectPermissionKey)) {
            return applicationUser == null ? ComponentAccessor.getPermissionSchemeManager().hasSchemePermission(projectPermissionKey, issue) : applicationUser.isActive() && ComponentAccessor.getPermissionSchemeManager().hasSchemePermission(projectPermissionKey, issue, applicationUser, z);
        }
        return false;
    }

    private boolean doProjectPermissionCheck(@Nonnull ProjectPermissionKey projectPermissionKey, Project project, @Nullable ApplicationUser applicationUser, boolean z) {
        if (project == null || project.getId() == null) {
            throw new IllegalArgumentException("The Project argument and its backing generic value must not be null");
        }
        if (!doArchivedProjectCheck(projectPermissionKey, project) && this.projectPermissionTypesManager.exists(projectPermissionKey)) {
            return applicationUser == null ? ComponentAccessor.getPermissionSchemeManager().hasSchemePermission(projectPermissionKey, project) : applicationUser.isActive() && ComponentAccessor.getPermissionSchemeManager().hasSchemePermission(projectPermissionKey, project, applicationUser, z);
        }
        return false;
    }

    private boolean doArchivedProjectCheck(@Nonnull ProjectPermissionKey projectPermissionKey, @Nonnull Project project) {
        return !ProjectPermissions.BROWSE_PROJECTS.equals(projectPermissionKey) && project.isArchived();
    }

    private ProjectWidePermission doProjectWidePermissionCheck(@Nonnull ProjectPermissionKey projectPermissionKey, Project project, @Nullable ApplicationUser applicationUser, boolean z) {
        if (project == null || project.getId() == null) {
            throw new IllegalArgumentException("The Project argument and its backing generic value must not be null");
        }
        return !this.projectPermissionTypesManager.exists(projectPermissionKey) ? ProjectWidePermission.NO_ISSUES : applicationUser == null ? ComponentAccessor.getPermissionSchemeManager().hasSchemePermission(projectPermissionKey, project) ? ProjectWidePermission.ALL_ISSUES : ProjectWidePermission.NO_ISSUES : applicationUser.isActive() ? ComponentAccessor.getPermissionSchemeManager().hasProjectWidePermission(projectPermissionKey, project, applicationUser, z) : ProjectWidePermission.NO_ISSUES;
    }

    public void removeGroupPermissions(String str) throws RemoveException {
        Assertions.notNull("group", str);
        Assertions.notNull(ComponentAccessor.getGroupManager().getGroup(str));
        ComponentAccessor.getGlobalPermissionManager().removePermissions(str);
        ComponentAccessor.getPermissionSchemeManager().removeEntities("group", str);
        ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).removeEntities("group", str);
    }

    public void removeUserPermissions(ApplicationUser applicationUser) throws RemoveException {
        Assertions.notNull("user", applicationUser);
        ComponentAccessor.getPermissionSchemeManager().removeEntities("user", applicationUser.getKey());
        ((IssueSecuritySchemeManager) ComponentAccessor.getComponent(IssueSecuritySchemeManager.class)).removeEntities("user", applicationUser.getKey());
    }

    public boolean hasProjects(int i, ApplicationUser applicationUser) {
        return hasProjects(getNonGlobalKey(i), applicationUser);
    }

    public boolean hasProjects(@Nonnull ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return this.projectPermissionTypesManager.exists(projectPermissionKey) && Iterables.any(ComponentAccessor.getProjectManager().getProjectObjects(), project -> {
            return hasPermission(projectPermissionKey, project, applicationUser);
        });
    }

    public Collection<Project> getProjects(int i, ApplicationUser applicationUser) {
        return getProjectObjects(getNonGlobalKey(i), applicationUser);
    }

    public Collection<Project> getProjects(@Nonnull ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return getProjectObjects(projectPermissionKey, applicationUser);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<Project> getProjectObjects(ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return getProjectObjectsWithPermission(ComponentAccessor.getProjectManager().getProjectObjects(), projectPermissionKey, applicationUser);
    }

    public Collection<Project> getProjects(int i, ApplicationUser applicationUser, ProjectCategory projectCategory) {
        return getProjects(getNonGlobalKey(i), applicationUser, projectCategory);
    }

    public Collection<Project> getProjects(@Nonnull ProjectPermissionKey projectPermissionKey, @Nullable ApplicationUser applicationUser, @Nullable ProjectCategory projectCategory) {
        return getProjectObjectsWithPermission(projectCategory == null ? ComponentAccessor.getProjectManager().getProjectObjectsWithNoCategory() : ComponentAccessor.getProjectManager().getProjectsFromProjectCategory(projectCategory), projectPermissionKey, applicationUser);
    }

    public Collection<Project> getArchivedProjects(@Nonnull ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return getArchivedProjectObjects(projectPermissionKey, applicationUser);
    }

    protected Collection<Project> getArchivedProjectObjects(ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return getProjectObjectsWithPermission(ComponentAccessor.getProjectManager().getArchivedProjects(), projectPermissionKey, applicationUser);
    }

    public void flushCache() {
    }

    private Collection<Project> getProjectObjectsWithPermission(Collection<Project> collection, ProjectPermissionKey projectPermissionKey, ApplicationUser applicationUser) {
        return !this.projectPermissionTypesManager.exists(projectPermissionKey) ? Collections.emptyList() : Lists.newArrayList(Iterables.filter(collection, project -> {
            return hasPermission(projectPermissionKey, project, applicationUser);
        }));
    }

    private ProjectPermissionKey getNonGlobalKey(int i) {
        if (isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must NOT be a global permission, " + i + " is global");
        }
        return LegacyProjectPermissionKeyMapping.getKey(Integer.valueOf(i));
    }

    protected boolean isGlobalPermission(int i) {
        return Permissions.isGlobalPermission(i);
    }

    public Collection<Group> getAllGroups(int i, Project project) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(ComponentAccessor.getPermissionSchemeManager().getGroups(new ProjectPermissionKey(i), project));
        hashSet.addAll(ComponentAccessor.getGlobalPermissionManager().getGroupsWithPermission(i));
        return hashSet;
    }

    private ProjectWidePermission withPermissionOverriding(ProjectWidePermission projectWidePermission, final ProjectPermissionKey projectPermissionKey, final Project project, final ApplicationUser applicationUser) {
        return (projectWidePermission == ProjectWidePermission.NO_ISSUES || ProjectPermissions.BROWSE_PROJECTS.equals(projectPermissionKey)) ? projectWidePermission : Iterables.any(this.projectPermissionOverrideDescriptorCache.getProjectPermissionOverrideDescriptors(), new Predicate<ProjectPermissionOverrideModuleDescriptor>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.1
            public boolean apply(ProjectPermissionOverrideModuleDescriptor projectPermissionOverrideModuleDescriptor) {
                return SafePluginPointAccess.safe(new Predicate<ProjectPermissionOverrideModuleDescriptor>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.1.1
                    public boolean apply(ProjectPermissionOverrideModuleDescriptor projectPermissionOverrideModuleDescriptor2) {
                        ProjectPermissionOverride.Decision hasPermission = ((ProjectPermissionOverride) projectPermissionOverrideModuleDescriptor2.getModule()).hasPermission(projectPermissionKey, project, applicationUser);
                        if (DefaultPermissionManager.log.isDebugEnabled() && hasPermission == ProjectPermissionOverride.Decision.DENY) {
                            DefaultPermissionManager.log.debug("Permission check result to project " + project.getKey() + "was overriden by " + projectPermissionOverrideModuleDescriptor2.getCompleteKey());
                        }
                        return hasPermission == ProjectPermissionOverride.Decision.DENY;
                    }
                }).apply(projectPermissionOverrideModuleDescriptor);
            }
        }) ? ProjectWidePermission.NO_ISSUES : projectWidePermission;
    }

    private boolean withPermissionOverriding(boolean z, ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser) {
        return (!z || ProjectPermissions.BROWSE_PROJECTS.equals(projectPermissionKey)) ? z : !((Boolean) MoreObjects.firstNonNull(Boolean.valueOf(Iterables.any(this.projectPermissionOverrideDescriptorCache.getProjectPermissionOverrideDescriptors(), projectPermissionOverrideModuleDescriptor -> {
            return SafePluginPointAccess.safe(new Predicate<ProjectPermissionOverrideModuleDescriptor>() { // from class: com.atlassian.jira.security.DefaultPermissionManager.2
                public boolean apply(ProjectPermissionOverrideModuleDescriptor projectPermissionOverrideModuleDescriptor) {
                    ProjectPermissionOverride.Decision hasPermission = ((ProjectPermissionOverride) projectPermissionOverrideModuleDescriptor.getModule()).hasPermission(projectPermissionKey, project, applicationUser);
                    if (DefaultPermissionManager.log.isDebugEnabled() && hasPermission == ProjectPermissionOverride.Decision.DENY) {
                        DefaultPermissionManager.log.debug("Permission check result to project " + project.getKey() + "was overriden by " + projectPermissionOverrideModuleDescriptor.getCompleteKey());
                    }
                    return hasPermission == ProjectPermissionOverride.Decision.DENY;
                }
            }).apply(projectPermissionOverrideModuleDescriptor);
        })), false)).booleanValue();
    }
}
