package com.atlassian.jira.permission.management;

import com.atlassian.jira.bc.JiraServiceContext;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.permission.JiraPermissionHolderType;
import com.atlassian.jira.permission.PermissionGrantInput;
import com.atlassian.jira.permission.PermissionGrantValidator;
import com.atlassian.jira.permission.PermissionHolder;
import com.atlassian.jira.permission.PermissionHolderType;
import com.atlassian.jira.permission.PermissionSchemeEntry;
import com.atlassian.jira.permission.PermissionSchemeManager;
import com.atlassian.jira.permission.PermissionTypeManager;
import com.atlassian.jira.permission.ProjectPermission;
import com.atlassian.jira.permission.management.beans.GrantToPermissionInputBean;
import com.atlassian.jira.permission.management.beans.PermissionsInputBean;
import com.atlassian.jira.scheme.Scheme;
import com.atlassian.jira.scheme.SchemeEntity;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.type.SecurityType;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.UserKeyService;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Objects;
import io.atlassian.fugue.Option;
import java.util.HashMap;
import java.util.Iterator;
import org.ofbiz.core.entity.GenericEntityException;

/* loaded from: input_file:com/atlassian/jira/permission/management/ManagedPermissionSchemeEditingServiceImpl.class */
public class ManagedPermissionSchemeEditingServiceImpl implements ManagedPermissionSchemeEditingService {
    private final PermissionSchemeManager permissionSchemeManager;
    private final I18nHelper i18nHelper;
    private final PermissionGrantValidator permissionGrantValidator;
    private final PermissionTypeManager permissionTypeManager;
    private final PermissionManager permissionManager;
    private final UserKeyService userKeyService;

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/jira/permission/management/ManagedPermissionSchemeEditingServiceImpl$ErrorMessages.class */
    public enum ErrorMessages {
        MUST_SELECT_PERMISSION_ERROR("admin.permissions.errors.mustselectpermission"),
        MUST_SELECT_GRANT_TYPE_ERROR("admin.permissions.errors.mustselecttype"),
        INVALID_PERMISSION_PLUS_GRANT_COMBINATION_ERROR("admin.permissions.errors.invalid.combination"),
        NONEXISTENT_PERMISSION("admin.errors.permissions.inexistent.permission");

        private final String key;

        ErrorMessages(String str) {
            this.key = str;
        }

        public String getKey() {
            return this.key;
        }
    }

    public ManagedPermissionSchemeEditingServiceImpl(PermissionSchemeManager permissionSchemeManager, I18nHelper i18nHelper, PermissionGrantValidator permissionGrantValidator, PermissionTypeManager permissionTypeManager, PermissionManager permissionManager, UserKeyService userKeyService) {
        this.permissionSchemeManager = permissionSchemeManager;
        this.i18nHelper = i18nHelper;
        this.permissionGrantValidator = permissionGrantValidator;
        this.permissionTypeManager = permissionTypeManager;
        this.permissionManager = permissionManager;
        this.userKeyService = userKeyService;
    }

    @Override // com.atlassian.jira.permission.management.ManagedPermissionSchemeEditingService
    public ErrorCollection validateAddPermissions(ApplicationUser applicationUser, PermissionsInputBean permissionsInputBean) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (permissionsInputBean.getPermissionKeys() == null || permissionsInputBean.getPermissionKeys().isEmpty()) {
            simpleErrorCollection.addErrorMessage(this.i18nHelper.getText(ErrorMessages.MUST_SELECT_PERMISSION_ERROR.getKey()));
            return simpleErrorCollection;
        }
        if (permissionsInputBean.getGrants() == null || permissionsInputBean.getGrants().isEmpty()) {
            simpleErrorCollection.addErrorMessage(this.i18nHelper.getText(ErrorMessages.MUST_SELECT_GRANT_TYPE_ERROR.getKey()));
            return simpleErrorCollection;
        }
        JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(applicationUser, simpleErrorCollection);
        for (String str : permissionsInputBean.getPermissionKeys()) {
            Iterator<GrantToPermissionInputBean> it = permissionsInputBean.getGrants().iterator();
            while (it.hasNext()) {
                validatePermissionAndGrantCombination(simpleErrorCollection, applicationUser, new ProjectPermissionKey(str), it.next(), jiraServiceContextImpl);
            }
        }
        return simpleErrorCollection;
    }

    private void validatePermissionAndGrantCombination(SimpleErrorCollection simpleErrorCollection, ApplicationUser applicationUser, ProjectPermissionKey projectPermissionKey, final GrantToPermissionInputBean grantToPermissionInputBean, JiraServiceContext jiraServiceContext) {
        Option fromKey = JiraPermissionHolderType.fromKey(grantToPermissionInputBean.getSecurityType(), (String) grantToPermissionInputBean.getValue().getOrNull());
        if (fromKey.isDefined()) {
            simpleErrorCollection.addErrorCollection(this.permissionGrantValidator.validateGrant(applicationUser, PermissionGrantInput.newGrant(PermissionHolder.holder((PermissionHolderType) fromKey.get(), (String) grantToPermissionInputBean.getValue().getOrNull()), projectPermissionKey)));
            return;
        }
        Option option = Option.option(this.permissionTypeManager.getSchemeType(grantToPermissionInputBean.getSecurityType()));
        if (option.isEmpty()) {
            simpleErrorCollection.addErrorMessage(this.i18nHelper.getText(ErrorMessages.NONEXISTENT_PERMISSION.getKey(), grantToPermissionInputBean.getSecurityType()));
            return;
        }
        SecurityType securityType = (SecurityType) option.get();
        securityType.doValidation(grantToPermissionInputBean.getSecurityType(), new HashMap<String, String>() { // from class: com.atlassian.jira.permission.management.ManagedPermissionSchemeEditingServiceImpl.1
            {
                put(grantToPermissionInputBean.getSecurityType(), grantToPermissionInputBean.getValue().getOrNull());
            }
        }, jiraServiceContext);
        if (securityType.isValidForPermission(projectPermissionKey)) {
            return;
        }
        simpleErrorCollection.addErrorMessage(this.i18nHelper.getText(ErrorMessages.INVALID_PERMISSION_PLUS_GRANT_COMBINATION_ERROR.getKey(), this.i18nHelper.getText(((ProjectPermission) this.permissionManager.getProjectPermission(projectPermissionKey).get()).getNameI18nKey()), securityType.getDisplayName()));
    }

    @Override // com.atlassian.jira.permission.management.ManagedPermissionSchemeEditingService
    public boolean addNewSecurityTypes(Scheme scheme, PermissionsInputBean permissionsInputBean) {
        boolean z = true;
        for (String str : permissionsInputBean.getPermissionKeys()) {
            for (GrantToPermissionInputBean grantToPermissionInputBean : permissionsInputBean.getGrants()) {
                try {
                    if (!permissionExists(scheme, new ProjectPermissionKey(str), grantToPermissionInputBean.getSecurityType(), (String) grantToPermissionInputBean.getValue().getOrNull())) {
                        z = addSecurityTypeToPermission(scheme.getId(), str, grantToPermissionInputBean) && z;
                    }
                } catch (GenericEntityException e) {
                    throw new DataAccessException(e);
                }
            }
        }
        return z;
    }

    private boolean addSecurityTypeToPermission(Long l, String str, GrantToPermissionInputBean grantToPermissionInputBean) throws GenericEntityException {
        return this.permissionSchemeManager.createSchemeEntity(this.permissionSchemeManager.getScheme(l), JiraPermissionHolderType.USER.getKey().equals(grantToPermissionInputBean.getSecurityType()) ? schemeEntity(grantToPermissionInputBean.getSecurityType(), this.userKeyService.getKeyForUsername((String) grantToPermissionInputBean.getValue().getOrNull()), l, str) : schemeEntity(grantToPermissionInputBean, l, str)) != null;
    }

    private boolean permissionExists(Scheme scheme, ProjectPermissionKey projectPermissionKey, String str, String str2) throws GenericEntityException {
        for (PermissionSchemeEntry permissionSchemeEntry : this.permissionSchemeManager.getPermissionSchemeEntries(scheme, projectPermissionKey)) {
            if (permissionSchemeEntry.getType().equals(str) && Objects.equal(str2, permissionSchemeEntry.getParameter())) {
                return true;
            }
        }
        return false;
    }

    private SchemeEntity schemeEntity(GrantToPermissionInputBean grantToPermissionInputBean, Long l, String str) {
        return schemeEntity(grantToPermissionInputBean.getSecurityType(), (String) grantToPermissionInputBean.getValue().getOrNull(), l, str);
    }

    private SchemeEntity schemeEntity(String str, String str2, Long l, String str3) {
        return new SchemeEntity((Long) null, str, str2, str3, (Object) null, l);
    }
}
