package com.atlassian.jira.user.anonymize.externalid;

import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.event.user.UserEditedEvent;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.bc.ServiceOutcomeImpl;
import com.atlassian.jira.bc.ServiceResult;
import com.atlassian.jira.bc.ServiceResultImpl;
import com.atlassian.jira.crowd.embedded.ofbiz.ExtendedUserDao;
import com.atlassian.jira.crowd.embedded.ofbiz.OfBizUser;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import java.util.Optional;
import java.util.UUID;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/user/anonymize/externalid/UserExternalIdChangeService.class */
public class UserExternalIdChangeService {
    private static final Logger log = LoggerFactory.getLogger(UserExternalIdChangeService.class);
    private final UserManager userManager;
    private final ExtendedUserDao extendedUserDao;
    private final GlobalPermissionManager globalPermissionManager;
    private final I18nHelper.BeanFactory i18nBeanFactory;
    private final EventPublisher eventPublisher;

    public UserExternalIdChangeService(UserManager userManager, ExtendedUserDao extendedUserDao, GlobalPermissionManager globalPermissionManager, I18nHelper.BeanFactory beanFactory, EventPublisher eventPublisher) {
        this.userManager = userManager;
        this.extendedUserDao = extendedUserDao;
        this.globalPermissionManager = globalPermissionManager;
        this.i18nBeanFactory = beanFactory;
        this.eventPublisher = eventPublisher;
    }

    public ServiceResult validate(ApplicationUser applicationUser, String str) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        I18nHelper beanFactory = this.i18nBeanFactory.getInstance(applicationUser);
        if (!isAdministrator(applicationUser)) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.externalId.change.no.permission"));
            return new ServiceResultImpl(simpleErrorCollection);
        }
        ApplicationUser userByKey = this.userManager.getUserByKey(str);
        if (userByKey == null) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.externalId.user.not.found", str));
            return new ServiceResultImpl(simpleErrorCollection);
        }
        if (!isSysAdmin(applicationUser) && isSysAdmin(userByKey)) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.externalId.must.be.sysadmin.to.edit.sysadmin"));
            return new ServiceResultImpl(simpleErrorCollection);
        }
        if (this.userManager.getUserState(userByKey).isInMultipleDirectories()) {
            simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.externalId.multiple.directories"));
            return new ServiceResultImpl(simpleErrorCollection);
        }
        if (!userFromExternalDirectoryNotDeletedExternally(userByKey)) {
            return new ServiceResultImpl(simpleErrorCollection);
        }
        simpleErrorCollection.addErrorMessage(beanFactory.getText("admin.errors.user.externalId.external.directory"));
        return new ServiceResultImpl(simpleErrorCollection);
    }

    public ServiceResult changeExternalId(ApplicationUser applicationUser, String str) {
        ServiceResult validate = validate(applicationUser, str);
        if (!validate.isValid()) {
            return validate;
        }
        I18nHelper beanFactory = this.i18nBeanFactory.getInstance(applicationUser);
        ApplicationUser userByKey = this.userManager.getUserByKey(str);
        if (userByKey == null) {
            return ServiceOutcomeImpl.error(beanFactory.getText("admin.errors.user.externalId.user.not.found", str));
        }
        try {
            OfBizUser findOfBizUser = this.extendedUserDao.findOfBizUser(userByKey.getDirectoryId(), userByKey.getUsername());
            User userTemplate = new UserTemplate(findOfBizUser);
            userTemplate.setExternalId(generateUniqueIdentifier());
            try {
                this.extendedUserDao.update(userTemplate, false);
                Directory directory = this.userManager.getDirectory(Long.valueOf(userByKey.getDirectoryId()));
                if (directory != null) {
                    this.eventPublisher.publish(new UserEditedEvent(this, directory, userTemplate, findOfBizUser));
                }
                return new ServiceResultImpl();
            } catch (UserNotFoundException e) {
                log.error("Error during updating external id ({})", str, e);
                return ServiceOutcomeImpl.error(beanFactory.getText("change.handler.processing.exception", e.getMessage()));
            }
        } catch (com.atlassian.jira.crowd.embedded.ofbiz.UserNotFoundException e2) {
            log.error("User not found", e2);
            return ServiceOutcomeImpl.error(beanFactory.getText("admin.errors.user.externalId.user.not.found", str));
        }
    }

    public boolean userFromExternalDirectoryNotDeletedExternally(ApplicationUser applicationUser) {
        if (applicationUser == null) {
            return false;
        }
        return (!((DirectoryType) Optional.ofNullable(this.userManager.getDirectory(Long.valueOf(applicationUser.getDirectoryId()))).map((v0) -> {
            return v0.getType();
        }).orElse(DirectoryType.UNKNOWN)).equals(DirectoryType.INTERNAL)) && !this.extendedUserDao.isDeletedExternally(applicationUser.getDirectoryId(), applicationUser.getUsername());
    }

    private static String generateUniqueIdentifier() {
        return UUID.randomUUID().toString();
    }

    protected boolean isAdministrator(@Nullable ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    protected boolean isSysAdmin(@Nullable ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, applicationUser);
    }
}
