package com.atlassian.stash.internal.user;

import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.internal.repository.RepositoryDao;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageRequest;
import com.atlassian.stash.util.PageRequestImpl;
import com.atlassian.util.profiling.UtilTimerStack;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@Service("permissionService")
@AvailableToPlugins(PermissionService.class)
/* loaded from: input_file:com/atlassian/stash/internal/user/PermissionServiceImpl.class */
public class PermissionServiceImpl implements PermissionService {
    public static final int GROUP_PAGESIZE = 1000;
    public static final int USER_PAGESIZE = 2000;
    private static final Logger LOG = LoggerFactory.getLogger(PermissionServiceImpl.class);
    private static final Predicate<Permission> GRANTABLE_TO_ANONYMOUS = new Predicate<Permission>() { // from class: com.atlassian.stash.internal.user.PermissionServiceImpl.1
        public boolean apply(Permission permission) {
            return permission.isGrantableToAnonymous();
        }
    };
    public static final String GROUP_PERMISSION_SEARCH = "Group Permission Search";
    public static final int USER_GROUP_PAGE_LIMIT = 500;
    private final StashAuthenticationContext authenticationContext;
    private final GrantedPermissionDao grantedPermissionDao;
    private final RepositoryDao repositoryDao;
    private final UserService userService;

    @Autowired
    public PermissionServiceImpl(GrantedPermissionDao grantedPermissionDao, UserService userService, StashAuthenticationContext stashAuthenticationContext, RepositoryDao repositoryDao) {
        this.authenticationContext = stashAuthenticationContext;
        this.grantedPermissionDao = grantedPermissionDao;
        this.repositoryDao = repositoryDao;
        this.userService = userService;
    }

    public boolean hasGlobalPermission(@Nullable String str, @Nonnull Permission permission) {
        return hasGlobalPermission(str == null ? null : this.userService.getUser(str), permission);
    }

    public boolean hasGlobalPermission(@Nullable StashUser stashUser, @Nonnull Permission permission) {
        Preconditions.checkArgument(permission.isGlobal());
        return hasPermission(stashUser, null, permission);
    }

    public boolean hasGlobalPermission(@Nonnull Permission permission) {
        Preconditions.checkArgument(permission.isGlobal());
        return hasGlobalPermission(this.authenticationContext.getCurrentUser(), permission);
    }

    public boolean hasAnyUserPermission(@Nonnull StashUser stashUser, @Nonnull Permission permission) {
        return hasPermission(stashUser, -1, permission);
    }

    public boolean hasAnyUserPermission(@Nonnull Permission permission) {
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        return currentUser != null && hasAnyUserPermission(currentUser, permission);
    }

    public boolean hasProjectPermission(@Nullable StashUser stashUser, @Nonnull Project project, @Nonnull Permission permission) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasPermission(stashUser, project.getId(), permission);
    }

    public boolean hasProjectPermission(@Nonnull Project project, @Nonnull Permission permission) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasProjectPermission(this.authenticationContext.getCurrentUser(), project, permission);
    }

    public boolean hasProjectPermission(@Nonnull Integer num, @Nonnull Permission permission) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasPermission(this.authenticationContext.getCurrentUser(), num, permission);
    }

    public boolean hasProjectPermission(@Nullable StashUser stashUser, @Nonnull Integer num, @Nonnull Permission permission) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasPermission(stashUser, num, permission);
    }

    private boolean hasPermission(StashUser stashUser, Integer num, Permission permission) {
        Set inheritingPermissions = permission.getInheritingPermissions();
        if (LOG.isTraceEnabled()) {
            LOG.trace("user = " + stashUser);
            LOG.trace("projectId = " + num);
            LOG.trace("requested permission = " + permission);
        }
        if (stashUser instanceof StashUserAuthenticationToken) {
            StashUserAuthenticationToken stashUserAuthenticationToken = (StashUserAuthenticationToken) stashUser;
            Iterator it = stashUserAuthenticationToken.getRunWithPermissions().iterator();
            while (it.hasNext()) {
                if (inheritingPermissions.contains((Permission) it.next())) {
                    if (!LOG.isTraceEnabled()) {
                        return true;
                    }
                    LOG.trace(String.format("permission granted by elevated permissions (from %s)", StashAuthenticationContext.class.getSimpleName()));
                    return true;
                }
            }
            if (stashUserAuthenticationToken.getPrincipal() == null) {
                return false;
            }
        }
        return stashUser != null && (hasDirectUserPermission(stashUser, num, permission) || hasPermissionsThroughGroup(stashUser, num, permission, Collections.emptySet()));
    }

    public boolean hasDirectGlobalUserPermission(Permission permission) {
        return hasDirectUserPermission(this.authenticationContext.getCurrentUser(), null, permission);
    }

    public boolean hasDirectProjectUserPermission(Project project, Permission permission) {
        return hasDirectUserPermission(this.authenticationContext.getCurrentUser(), project.getId(), permission);
    }

    private boolean hasDirectUserPermission(StashUser stashUser, Integer num, Permission permission) {
        Integer id = stashUser.getId();
        if (id == null) {
            return false;
        }
        UserPermissionSearchCriteria userPermissionSearchCriteria = new UserPermissionSearchCriteria();
        userPermissionSearchCriteria.setPermission(permission);
        userPermissionSearchCriteria.setUser(id.intValue());
        if (num != null) {
            userPermissionSearchCriteria.setProjectId(num.intValue());
        }
        boolean isGrantedToUser = this.grantedPermissionDao.isGrantedToUser(userPermissionSearchCriteria);
        if (isGrantedToUser) {
            LOG.trace("{}: {}, or an inheriting permission, has been explicit granted", stashUser.getName(), permission);
        } else {
            LOG.trace("{}: {} has not been explicitly granted", stashUser.getName(), permission);
        }
        return isGrantedToUser;
    }

    public boolean hasGlobalGroupPermission(Permission permission, String str) {
        Preconditions.checkArgument(permission.isGlobal());
        GroupPermissionSearchCriteria groupPermissionSearchCriteria = new GroupPermissionSearchCriteria();
        groupPermissionSearchCriteria.setGroups(ImmutableSet.of(str));
        groupPermissionSearchCriteria.setPermission(permission);
        return this.grantedPermissionDao.isGrantedToGroup(groupPermissionSearchCriteria);
    }

    public Page<StashUser> getGrantedUsers(Permission permission, PageRequest pageRequest) {
        UserPermissionSearchCriteria userPermissionSearchCriteria = new UserPermissionSearchCriteria();
        userPermissionSearchCriteria.setPermission(permission);
        return this.grantedPermissionDao.searchUsers(userPermissionSearchCriteria, pageRequest);
    }

    public Page<String> getGrantedGroups(Permission permission, PageRequest pageRequest) {
        GroupPermissionSearchCriteria groupPermissionSearchCriteria = new GroupPermissionSearchCriteria();
        groupPermissionSearchCriteria.setPermission(permission);
        return this.grantedPermissionDao.searchGroups(groupPermissionSearchCriteria, pageRequest);
    }

    public boolean hasGlobalPermissionThroughGroupMembership(Permission permission, Set<String> set) {
        Preconditions.checkArgument(permission.isGlobal());
        return hasPermissionsThroughGroup(this.authenticationContext.getCurrentUser(), null, permission, set);
    }

    public boolean hasProjectPermissionThroughGroupMembership(Project project, Permission permission, Set<String> set) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasPermissionsThroughGroup(this.authenticationContext.getCurrentUser(), project.getId(), permission, set);
    }

    private boolean hasPermissionsThroughGroup(StashUser stashUser, Integer num, Permission permission, Set<String> set) {
        UtilTimerStack.push(GROUP_PERMISSION_SEARCH);
        try {
            GroupPermissionSearchCriteria groupPermissionSearchCriteria = new GroupPermissionSearchCriteria();
            groupPermissionSearchCriteria.setPermission(permission);
            if (num != null) {
                groupPermissionSearchCriteria.setProjectId(num.intValue());
            }
            Page groupsForUser = this.userService.getGroupsForUser(stashUser.getName(), new PageRequestImpl(0, 500));
            while (true) {
                HashSet newHashSet = Sets.newHashSet(groupsForUser.getValues());
                Iterables.removeAll(newHashSet, set);
                if (newHashSet.isEmpty()) {
                    LOG.trace("All groups on the page have been excluded");
                } else {
                    groupPermissionSearchCriteria.setGroups(newHashSet);
                    LOG.trace("Testing for permission against {} groups", Integer.valueOf(newHashSet.size()));
                    if (this.grantedPermissionDao.isGrantedToGroup(groupPermissionSearchCriteria)) {
                        LOG.trace("{}: Permission {} granted by group membership", stashUser.getName(), permission);
                        UtilTimerStack.pop(GROUP_PERMISSION_SEARCH);
                        return true;
                    }
                }
                if (groupsForUser.getIsLastPage()) {
                    LOG.trace("{}: All group memberships have been exhausted", stashUser.getName());
                    LOG.trace("permission not granted by any group membership");
                    UtilTimerStack.pop(GROUP_PERMISSION_SEARCH);
                    return false;
                }
                LOG.trace("{}: Loading next page of groups", stashUser.getName());
                groupsForUser = this.userService.getGroupsForUser(stashUser.getName(), groupsForUser.getNextPageRequest());
            }
        } catch (Throwable th) {
            UtilTimerStack.pop(GROUP_PERMISSION_SEARCH);
            throw th;
        }
    }

    public boolean hasRepositoryPermission(@Nullable StashUser stashUser, @Nonnull Repository repository, @Nonnull Permission permission) {
        Preconditions.checkArgument(!permission.isGlobal());
        return hasPermission(stashUser, repository.getProject().getId(), permission);
    }

    public boolean hasRepositoryPermission(@Nullable StashUser stashUser, @Nonnull Integer num, @Nonnull Permission permission) {
        return hasRepositoryPermission(stashUser, (Repository) this.repositoryDao.getById(num), permission);
    }

    public boolean hasRepositoryPermission(@Nonnull Repository repository, @Nonnull Permission permission) {
        return hasRepositoryPermission(this.authenticationContext.getCurrentUser(), repository, permission);
    }

    public boolean hasRepositoryPermission(@Nonnull Integer num, @Nonnull Permission permission) {
        return hasRepositoryPermission(this.authenticationContext.getCurrentUser(), num, permission);
    }

    public Set<String> getUsersWithPermission(Permission permission) {
        HashSet hashSet = new HashSet();
        PageRequest pageRequestImpl = new PageRequestImpl(0, USER_PAGESIZE);
        do {
            Page<StashUser> grantedUsers = getGrantedUsers(permission, pageRequestImpl);
            Iterator it = grantedUsers.getValues().iterator();
            while (it.hasNext()) {
                hashSet.add(IdentifierUtils.toLowerCase(((StashUser) it.next()).getName()));
            }
            pageRequestImpl = grantedUsers.getNextPageRequest();
        } while (pageRequestImpl != null);
        PageRequest pageRequestImpl2 = new PageRequestImpl(0, GROUP_PAGESIZE);
        do {
            Page<String> grantedGroups = getGrantedGroups(permission, pageRequestImpl2);
            Iterator it2 = grantedGroups.getValues().iterator();
            while (it2.hasNext()) {
                Iterator it3 = this.userService.getUsersInGroup((String) it2.next(), pageRequestImpl2).getValues().iterator();
                while (it3.hasNext()) {
                    hashSet.add(IdentifierUtils.toLowerCase((String) it3.next()));
                }
            }
            pageRequestImpl2 = grantedGroups.getNextPageRequest();
        } while (pageRequestImpl2 != null);
        return hashSet;
    }

    public int getCountOfUsersWithPermission(Permission permission) {
        return getUsersWithPermission(permission).size();
    }

    public Permission getHighestGlobalPermission(@Nullable StashUser stashUser) {
        if (stashUser == null) {
            return null;
        }
        for (Permission permission : getOrderedGlobalPermissions()) {
            if (hasGlobalPermission(stashUser, permission)) {
                return permission;
            }
        }
        return null;
    }

    public Permission getHighestGlobalPermission(@Nullable String str) {
        StashUser user = str != null ? this.userService.getUser(str) : null;
        if (user != null) {
            return getHighestGlobalPermission(user);
        }
        return null;
    }

    public Permission getHighestGlobalGroupPermission(@Nullable String str) {
        if (str == null) {
            return null;
        }
        for (Permission permission : getOrderedGlobalPermissions()) {
            if (hasGlobalGroupPermission(permission, str)) {
                return permission;
            }
        }
        return null;
    }

    private List<Permission> getOrderedGlobalPermissions() {
        ArrayList newArrayList = Lists.newArrayList(Permission.getGlobalPermissions());
        Collections.sort(newArrayList, new Comparator<Permission>() { // from class: com.atlassian.stash.internal.user.PermissionServiceImpl.2
            @Override // java.util.Comparator
            public int compare(Permission permission, Permission permission2) {
                if (permission == permission2) {
                    return 0;
                }
                if (permission.getWeight() < permission2.getWeight()) {
                    return 1;
                }
                return permission.getWeight() > permission2.getWeight() ? -1 : 0;
            }
        });
        return newArrayList;
    }
}
