package com.atlassian.jira.issue.search.parameters.lucene;

import com.atlassian.jira.issue.index.SecurityIndexingUtils;
import com.atlassian.jira.issue.security.IssueSecurityLevel;
import com.atlassian.jira.issue.security.IssueSecurityLevelManager;
import com.atlassian.jira.issue.security.IssueSecurityLevelPermission;
import com.atlassian.jira.issue.security.IssueSecuritySchemeManager;
import com.atlassian.jira.permission.PermissionSchemeEntry;
import com.atlassian.jira.permission.PermissionSchemeManager;
import com.atlassian.jira.permission.PermissionTypeManager;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.JiraAuthenticationContextImpl;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.RequestCacheKeys;
import com.atlassian.jira.security.SecurityTypeManager;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.security.type.SecurityType;
import com.atlassian.jira.user.ApplicationUser;
import com.google.common.collect.ImmutableList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.lucene.search.BooleanClause;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.MatchNoDocsQuery;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TermInSetQuery;
import org.apache.lucene.util.BytesRef;
import org.ofbiz.core.entity.GenericEntityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/issue/search/parameters/lucene/DefaultPermissionQueryFactory.class */
public class DefaultPermissionQueryFactory implements PermissionQueryFactory {
    private static final Logger log = LoggerFactory.getLogger(DefaultPermissionQueryFactory.class);
    private final IssueSecurityLevelManager issueSecurityLevelManager;
    private final PermissionManager permissionManager;
    private final PermissionSchemeManager permissionSchemeManager;
    private final PermissionTypeManager permissionTypeManager;
    private final IssueSecuritySchemeManager issueSecuritySchemeManager;
    private final SecurityTypeManager issueSecurityTypeManager;

    public DefaultPermissionQueryFactory(IssueSecurityLevelManager issueSecurityLevelManager, PermissionManager permissionManager, PermissionSchemeManager permissionSchemeManager, PermissionTypeManager permissionTypeManager, IssueSecuritySchemeManager issueSecuritySchemeManager, SecurityTypeManager securityTypeManager) {
        this.issueSecurityLevelManager = issueSecurityLevelManager;
        this.permissionManager = permissionManager;
        this.permissionSchemeManager = permissionSchemeManager;
        this.permissionTypeManager = permissionTypeManager;
        this.issueSecuritySchemeManager = issueSecuritySchemeManager;
        this.issueSecurityTypeManager = securityTypeManager;
    }

    @Override // com.atlassian.jira.issue.search.parameters.lucene.PermissionQueryFactory
    public Query getQuery(ApplicationUser applicationUser, ProjectPermissionKey projectPermissionKey) {
        return createQuery(applicationUser, this.permissionManager.getProjects(projectPermissionKey, applicationUser), projectPermissionKey);
    }

    @Override // com.atlassian.jira.issue.search.parameters.lucene.PermissionQueryFactory
    public Query getQuery(ApplicationUser applicationUser, ProjectPermissionKey projectPermissionKey, @Nonnull Collection<Project> collection) {
        return createQuery(applicationUser, (List) collection.stream().filter(project -> {
            return this.permissionManager.hasPermission(projectPermissionKey, project, applicationUser);
        }).collect(Collectors.toList()), projectPermissionKey);
    }

    private Query createQuery(ApplicationUser applicationUser, Collection<Project> collection, ProjectPermissionKey projectPermissionKey) {
        try {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            Iterator<Project> it = collection.iterator();
            while (it.hasNext()) {
                collectProjectTerms(it.next(), applicationUser, linkedHashSet, projectPermissionKey);
            }
            if (linkedHashSet.isEmpty()) {
                return new MatchNoDocsQuery("no permissions");
            }
            BooleanQuery.Builder builder = new BooleanQuery.Builder();
            builder.add(new TermInSetQuery("project_permissions", linkedHashSet), BooleanClause.Occur.FILTER);
            HashSet hashSet = new HashSet();
            hashSet.add(SecurityIndexingUtils.generateIssueLevelPermissionContents(-1L));
            try {
                Iterator<Project> it2 = collection.iterator();
                while (it2.hasNext()) {
                    collectSecurityLevelTerms(it2.next(), applicationUser, hashSet);
                }
            } catch (GenericEntityException e) {
                log.error("Error occurred retrieving security levels for this user");
            }
            builder.add(new TermInSetQuery("issue_level_permissions", hashSet), BooleanClause.Occur.FILTER);
            return builder.build();
        } catch (GenericEntityException e2) {
            log.error("Error constructing query: " + e2, e2);
            return null;
        }
    }

    PermissionsFilterCache getCache() {
        PermissionsFilterCache permissionsFilterCache = (PermissionsFilterCache) JiraAuthenticationContextImpl.getRequestCache().get(RequestCacheKeys.PERMISSIONS_FILTER_CACHE);
        if (permissionsFilterCache == null) {
            if (log.isDebugEnabled()) {
                log.debug("Creating new PermissionsFilterCache");
            }
            permissionsFilterCache = new PermissionsFilterCache();
            JiraAuthenticationContextImpl.getRequestCache().put(RequestCacheKeys.PERMISSIONS_FILTER_CACHE, permissionsFilterCache);
        }
        return permissionsFilterCache;
    }

    void collectProjectTerms(@Nonnull Project project, ApplicationUser applicationUser, Set<BytesRef> set, ProjectPermissionKey projectPermissionKey) throws GenericEntityException {
        Map map = (Map) this.permissionSchemeManager.getPermissionSchemeEntries(this.permissionSchemeManager.getSchemeIdFor(project).longValue(), projectPermissionKey).stream().filter(permissionSchemeEntry -> {
            return this.permissionTypeManager.getSecurityType(permissionSchemeEntry.getType()) != null;
        }).collect(Collectors.partitioningBy(permissionSchemeEntry2 -> {
            return this.permissionTypeManager.getSecurityType(permissionSchemeEntry2.getType()).isTopLevelProjectPermission();
        }));
        for (PermissionSchemeEntry permissionSchemeEntry3 : ImmutableList.builder().addAll((Iterable) map.get(true)).addAll((Iterable) map.get(false)).build()) {
            SecurityType securityType = this.permissionTypeManager.getSecurityType(permissionSchemeEntry3.getType());
            try {
                if (userHasPermissionForProjectAndSecurityType(applicationUser, project, permissionSchemeEntry3.getParameter(), securityType)) {
                    Set<BytesRef> permissionFieldContents = securityType.getPermissionFieldContents(applicationUser, project, permissionSchemeEntry3.getParameter());
                    set.addAll(permissionFieldContents);
                    if (!permissionFieldContents.isEmpty() && securityType.isTopLevelProjectPermission()) {
                        return;
                    }
                } else {
                    continue;
                }
            } catch (Exception e) {
                log.debug("Could not add query for security type:" + securityType.getDisplayName(), e);
            }
        }
    }

    void collectSecurityLevelTerms(Project project, ApplicationUser applicationUser, Set<BytesRef> set) throws GenericEntityException {
        for (IssueSecurityLevel issueSecurityLevel : this.issueSecurityLevelManager.getUsersSecurityLevels(project, applicationUser)) {
            if (!set.contains(SecurityIndexingUtils.generateIssueLevelPermissionContents(issueSecurityLevel.getId()))) {
                Map map = (Map) this.issueSecuritySchemeManager.getPermissionsBySecurityLevel(issueSecurityLevel.getId()).stream().filter(issueSecurityLevelPermission -> {
                    return this.issueSecurityTypeManager.getSecurityType(issueSecurityLevelPermission.getType()) != null;
                }).collect(Collectors.partitioningBy(issueSecurityLevelPermission2 -> {
                    return this.issueSecurityTypeManager.getSecurityType(issueSecurityLevelPermission2.getType()).isTopLevelIssueSecurityPermission();
                }));
                for (IssueSecurityLevelPermission issueSecurityLevelPermission3 : ImmutableList.builder().addAll((Iterable) map.get(true)).addAll((Iterable) map.get(false)).build()) {
                    SecurityType securityType = this.issueSecurityTypeManager.getSecurityType(issueSecurityLevelPermission3.getType());
                    if (userHasPermissionForProjectAndSecurityType(applicationUser, project, issueSecurityLevelPermission3.getParameter(), securityType)) {
                        Set<BytesRef> permissionFieldContents = securityType.getPermissionFieldContents(applicationUser, project, issueSecurityLevel, issueSecurityLevelPermission3.getParameter());
                        set.addAll(permissionFieldContents);
                        if (!permissionFieldContents.isEmpty() && securityType.isTopLevelIssueSecurityPermission()) {
                            break;
                        }
                    }
                }
            }
        }
    }

    boolean userHasPermissionForProjectAndSecurityType(ApplicationUser applicationUser, Project project, String str, SecurityType securityType) {
        return applicationUser == null ? securityType.hasPermission(project, str) : securityType.hasPermission(project, str, applicationUser, false);
    }
}
